No introduction found. Create it?
Install with:
helm repo add nextcloud oci://ghcr.io/bjw-s-labs/helm/app-template
helm install nextcloud nextcloud/nextcloud -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| nextcloud | haraldkoch/kochhaus-home | 165 | 8.9.1 | 7 days ago |
| nextcloud | drag0n141/home-ops | 52 | 8.9.1 | a month ago |
| nextcloud | budimanjojo/home-cluster | 241 | 8.7.0 | 2 months ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
| boolean | |
| boolean | |
externalDatabase.existingSecret.passwordKey (16) INIT_POSTGRES_PASS | string |
externalDatabase.existingSecret.secretName (16) nextcloud-secret | string |
externalDatabase.existingSecret.usernameKey (16) INIT_POSTGRES_USER | string |
| string | |
externalDatabase.existingSecret.hostKey (2) POSTGRES_HOST | string |
externalDatabase.type (16) postgresql | string |
externalDatabase.database (14) nextcloud | string |
externalDatabase.host (14) postgres-nextcloud-rw.databases.svc.cluster.local. | string |
| boolean | |
| boolean | |
nextcloud.existingSecret.secretName (16) nextcloud-secret | string |
| string | |
nextcloud.existingSecret.smtpPasswordKey (10) smtp-password | string |
nextcloud.existingSecret.smtpUsernameKey (10) smtp-username | string |
nextcloud.existingSecret.passwordKey (8) NEXTCLOUD_PASSWORD | string |
nextcloud.existingSecret.usernameKey (8) NEXTCLOUD_USERNAME | string |
nextcloud.host (16) cloud.${SECRET_DOMAIN} | string |
nextcloud.extraEnv[].name (15) REDIS_HOST | string |
nextcloud.extraEnv[].value (14) dragonfly.databases.svc.cluster.local. | string |
nextcloud.extraEnv[].valueFrom.secretKeyRef.key (6) redis-password | string |
nextcloud.extraEnv[].valueFrom.secretKeyRef.name (6) nextcloud-secret | string |
nextcloud.mail.domain (14) ${SECRET_DOMAIN} | string |
| boolean | |
| string | |
| number, string | |
| string | |
| string | |
nextcloud.mail.smtp.host (8) smtp-relay.${SECRET_DOMAIN} | string |
| string | |
| string | |
nextcloud.extraInitContainers[].envFrom[].secretRef.name (13) nextcloud-secret | string |
nextcloud.extraInitContainers[].image (13) ghcr.io/home-operations/postgres-init:18 | string |
| string | |
nextcloud.extraInitContainers[].command[] (3) - sh | string |
nextcloud.extraInitContainers[].volumeMounts[].mountPath (3) /usr/local/etc/php/conf.d/ | string |
| string | |
nextcloud.configs."misc.config.php" (9) <?php
$CONFIG = array (
'default_phone_region' => 'PL',
'maintenance_window_start' => 2,
); ?> | string |
nextcloud.configs."proxy.config.php" (9) <?php
$CONFIG = array (
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.43.0.0/16',
1 => '10.0.0.0/16',
),
'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
); ?> | string |
nextcloud.configs."local.config.php" (6) <?php
$CONFIG = array (
'trusted_proxies' =>
array (
0 => 'cloud.thesteamedcrab.com',
1 => '127.0.0.1',
2 => '192.168.1.0/24',
),
'overwriteprotocol' => 'https',
'allow_local_remote_servers' => true,
'forwarded_for_headers' =>
array (
0 => 'HTTP_X_FORWARDED_FOR',
),
'default_phone_region' => 'CL',
'trashbin_retention_obligation' => 'auto, 30',
'auth.bruteforce.protection.enabled' => true,
'check_data_directory_permissions' => false,
'overwrite.cli.url' => 'https://cloud.thesteamedcrab.com',
); | string |
nextcloud.configs."logging.config.php" (6) <?php
$CONFIG = array (
'log_type' => 'file',
'logfile' => 'nextcloud.log',
'loglevel' => 0,
'logdateformat' => 'F d, Y H:i:s'
); | string |
nextcloud.configs."ingress.config.php" (4) <?php
$CONFIG = array (
'overwrite.cli.url' => 'https://cloud.${SECRET_DOMAIN}',
'overwriteprotocol' => 'https',
); | string |
nextcloud.configs."oidc.config.php" (3) <?php
$CONFIG = array (
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
'oidc_login_provider_url' => 'https://auth.${SECRET_DOMAIN_0}',
'oidc_login_client_id' => 'nextcloud',
'oidc_login_client_secret' => getenv('OIDC_CLIENT_SECRET'),
'oidc_login_auto_redirect' => false,
'oidc_login_button_text' => 'Log in with Authelia',
'oidc_login_hide_password_form' => false,
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array(
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'groups' => 'groups',
'is_admin' => 'is_nextcloud_admin',
),
'oidc_login_default_group' => 'oidc',
'oidc_login_use_external_storage' => false,
'oidc_login_scope' => 'openid profile email groups nextcloud_userinfo',
'oidc_login_proxy_ldap' => false,
'oidc_login_disable_registration' => true,
'oidc_login_redir_fallback' => false,
'oidc_login_tls_verify' => true,
'oidc_create_groups' => false,
'oidc_login_webdav_enabled' => false,
'oidc_login_password_authentication' => false,
'oidc_login_public_key_caching_time' => 86400,
'oidc_login_min_time_between_jwks_requests' => 10,
'oidc_login_well_known_caching_time' => 86400,
'oidc_login_update_avatar' => false,
'oidc_login_code_challenge_method' => 'S256',
); | string |
nextcloud.configs."sso.config.php" (3) <?php
$CONFIG = array (
'allow_user_to_change_display_name' => false,
'lost_password_link' => 'disabled',
'oidc_login_client_id' => getenv('OIDC_CLIENT_ID'),
'oidc_login_client_secret' => getenv('OIDC_CLIENT_SECRET'),
'oidc_login_provider_url' => 'https://id.${SECRET_DOMAIN}',
'oidc_login_auto_redirect' => true, //login?noredir=1
'oidc_login_end_session_redirect' => true,
'oidc_login_button_text' => 'Log in with Pocket ID',
'oidc_login_hide_password_form' => true,
'oidc_login_use_id_token' => false,
'oidc_login_attributes' => array (
'id' => 'preferred_username',
'name' => 'name',
'mail' => 'email',
'groups' => 'groups',
'login_filter' => 'groups',
'photoURL' => 'picture',
'is_admin' => 'groups_ID-Admin',
),
'oidc_login_filter_allowed_values' => array('ID-Nextcloud'),
'oidc_login_use_external_storage' => false,
'oidc_login_scope' => 'openid profile email groups',
'oidc_login_proxy_ldap' => false,
'oidc_login_disable_registration' => false,
'oidc_login_redir_fallback' => false,
'oidc_login_tls_verify' => true,
'oidc_create_groups' => false,
'oidc_login_webdav_enabled' => false,
'oidc_login_password_authentication' => false,
'oidc_login_public_key_caching_time' => 86400,
'oidc_login_min_time_between_jwks_requests' => 10,
'oidc_login_well_known_caching_time' => 86400,
'oidc_login_update_avatar' => false,
); | string |
nextcloud.configs."caching.config.php" (2) <?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => true,
'redis' => array(
'host' => 'dragonfly.database.svc.cluster.local',
'port' => 6379,
'timeout' => 0.0,
'password' => '',
),
); | string |
nextcloud.configs."redis.config.php" (2) <?php
$CONFIG = array (
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array (
'host' => getenv('REDIS_HOST'),
'port' => 6379,
'dbindex' => 4,
'password' => '',
),
); | string |
nextcloud.configs."timezone.config.php" (2) <?php
$CONFIG = array (
'default_timezone' => 'America/Los_Angeles',
); | string |
nextcloud.configs."bulkupload.config.php" (1) <?php
$CONFIG = array (
'bulkupload.enabled' => false,
); | string |
nextcloud.configs."collabora.config.php" (1) <?php
$CONFIG = array (
'richdocuments' => array(
'wopi_url' => 'https://collabora.vzkn.eu',
),
); | string |
nextcloud.configs."custom.config.php" (1) <?php
$CONFIG = array (
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://cloud.${SECRET_DOMAIN}',
'overewritehost' => 'cloud.${SECRET_DOMAIN}',
'filelocking.enabled' => 'true',
'default_phone_region' => 'DE',
'loglevel' => '2',
'enable_previews' => true,
'log_type' => 'syslog',
'maintenance_window_start' => 1,
'trusted_proxies' =>
array (
0 => '127.0.0.1',
1 => '10.42.0.0/16',
2 => '10.43.0.0/16',
),
); | string |
nextcloud.configs."gitops.config.php" (1) <?php
$CONFIG = array (
'appstoreenabled' => true,
'mail_domain' => '${SECRET_DOMAIN}',
); | string |
nextcloud.configs."minio.config.php" (1) <?php
$CONFIG = array (
'objectstore' => array(
'class' => '\\OC\\Files\\ObjectStore\\S3',
'arguments' => array(
'hostname' => 's3.hoohoot.org',
'port' => 443,
'use_path_style' => true,
'bucket' => 'nextcloud-data',
'autocreate' => false,
'key' => getenv('S3_ACCESS_KEY'),
'secret' => getenv('S3_SECRET_KEY'),
'use_ssl' => true,
),
),
); | string |
nextcloud.configs."notify_push.config.php" (1) <?php
$CONFIG = array (
'notify_push' => array(
'base_endpoint' => 'https://cloud.vzkn.eu/push',
),
); | string |
nextcloud.configs."performance.config.php" (1) <?php
$CONFIG = array (
'enable_previews' => true,
'enabledPreviewProviders' => array(
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\TXT',
'OC\Preview\MarkDown',
'OC\Preview\OpenDocument',
'OC\Preview\Krita',
'OC\Preview\HEIC',
'OC\Preview\PDF',
'OC\Preview\TIFF',
'OC\Preview\SVG',
'OC\Preview\MP4',
'OC\Preview\Movie',
),
'preview_max_x' => 2048,
'preview_max_y' => 2048,
'preview_max_scale_factor' => 1,
'preview_concurrency_new' => 4,
'preview_concurrency_all' => 4,
'jpeg_quality' => 60,
); | string |
nextcloud.configs."preview.config.php" (1) <?php
$CONFIG = array (
'enabledPreviewProviders' => array(
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\TXT',
'OC\Preview\MarkDown',
'OC\Preview\OpenDocument',
'OC\Preview\Krita',
'OC\Preview\HEIC',
),
); | string |
nextcloud.configs."talk.config.php" (1) <?php
$CONFIG = array (
'spreed' => array(
'external_signaling' => array(
'signaling_servers' => array(
array(
'url' => 'https://talk.vzkn.eu/',
'verify' => true,
),
),
),
'stun_servers' => array(
'turn.vzkn.eu:3478',
'turn.vzkn.eu:5349',
),
'turn_servers' => array(
array(
'server' => 'turn.vzkn.eu',
'secret' => '', # Managed by signaling server
'protocols' => 'udp,tcp',
),
),
),
); | string |
nextcloud.datadir (9) /var/www/data | string |
nextcloud.extraVolumeMounts[].mountPath (9) /usr/local/etc/php/conf.d/redis-session.ini | string |
nextcloud.extraVolumeMounts[].name (9) php-confd | string |
nextcloud.extraVolumeMounts[].subPath (3) redis-session.ini | string |
| boolean | |
nextcloud.extraVolumes[].name (9) php-confd | string |
| number | |
nextcloud.extraVolumes[].configMap.name (2) nextcloud-scripts | string |
nextcloud.extraVolumes[].nfs.path (2) /mnt/data/home | string |
nextcloud.extraVolumes[].nfs.server (2) nas01.${SECRET_DOMAIN_INT} | string |
nextcloud.extraVolumes[].persistentVolumeClaim.claimName (2) nextcloud-media-nfs | string |
| number | |
| number | |
| boolean | |
| number | |
nextcloud.securityContext.fsGroupChangePolicy (2) OnRootMismatch | string |
| boolean | |
nextcloud.phpConfigs."uploadLimit.ini" (6) upload_max_filesize = 16G
post_max_size = 16G
max_input_time = 3600
max_execution_time = 3600
| string |
nextcloud.phpConfigs."www.conf" (6) [www]
user = www-data
group = www-data
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 57
pm.start_servers = 14
pm.min_spare_servers = 14
pm.max_spare_servers = 42
pm.max_requests = 500
pm.process_idle_timeout = 10s
| string |
nextcloud.phpConfigs."php.ini" (1) max_execution_time = 600
default_socket_timeout = 300
curl.cainfo = /etc/ssl/certs/ca-certificates.crt
extension=imagick
extension=exif
extension=intl
extension=gd
memory_limit = 8G
opcache.memory_consumption = 512
opcache.max_accelerated_files = 20000
opcache.revalidate_freq = 60
| string |
nextcloud.lifecycle.postStartCommand[] (4) - /bin/sh | string |
| number | |
| boolean | |
| boolean | |
| boolean | |
nextcloud.extraSidecarContainers[].args[] (1) - --port | string |
nextcloud.extraSidecarContainers[].command[] (1) - /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push | string |
nextcloud.extraSidecarContainers[].env[].name (1) NEXTCLOUD_URL | string |
nextcloud.extraSidecarContainers[].env[].value (1) http://localhost:8080 | string |
nextcloud.extraSidecarContainers[].image (1) nextcloud:32.0.5-fpm-alpine | string |
nextcloud.extraSidecarContainers[].name (1) notify-push | string |
| number | |
| string | |
| string | |
| string | |
| string | |
| string | |
nextcloud.extraSidecarContainers[].volumeMounts[].mountPath (1) /var/www/html | string |
nextcloud.extraSidecarContainers[].volumeMounts[].name (1) nextcloud-main | string |
| boolean | |
nextcloud.hooks.before-starting (1) # disable unneceserry apps
for appname in activity circles systemtags federation privacy \
nextcloud_announcements announcementcenter support survey_client \
user_status weather_status dashboard
do
php occ app:disable "$appname"
done | string |
nextcloud.hooks.post-installation (1) printf "Add missing DB indices\n"
php occ db:add-missing-indices | string |
nextcloud.hooks.post-upgrade (1) # based on https://github.com/nextcloud/all-in-one/blob/25c580bca370eaead5f1fad9d3842a9c49562dff/Containers/nextcloud/entrypoint.sh#L451-L457
php occ maintenance:repair --include-expensive
php occ db:add-missing-indices
php occ db:add-missing-columns
php occ db:add-missing-primary-keys | string |
| boolean | |
| string | |
| boolean | |
nextcloud.objectStorage.s3.existingSecret (1) nextcloud-secrets | string |
nextcloud.objectStorage.s3.host (1) minio.storage.svc.cluster.local | string |
| number | |
nextcloud.objectStorage.s3.secretKeys.accessKey (1) MINIO_ACCESS_KEY | string |
nextcloud.objectStorage.s3.secretKeys.secretKey (1) MINIO_SECRET_KEY | string |
| boolean | |
| boolean | |
nextcloud.objectstore.s3.bucket (1) nextcloud-data | string |
| boolean | |
nextcloud.objectstore.s3.existingSecret (1) nextcloud-secret | string |
nextcloud.objectstore.s3.host (1) 192.168.20.5:3900 | string |
nextcloud.objectstore.s3.region (1) us-east-1 | string |
nextcloud.objectstore.s3.secretKeys.accessKey (1) S3_ACCESS_KEY | string |
nextcloud.objectstore.s3.secretKeys.secretKey (1) S3_SECRET_KEY | string |
| boolean | |
| boolean | |
nextcloud.podSecurityContext.capabilities.add[] (1) - NET_BIND_SERVICE | string |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
| string | |
nextcloud.strategy.type (1) Recreate | string |
| boolean | |
persistence.existingClaim (16) nextcloud | string |
| boolean | |
persistence.nextcloudData.existingClaim (7) nextcloud-nfs | string |
persistence.nextcloudData.accessMode (6) ReadWriteMany | string |
persistence.data.existingClaim (2) nextcloud-data-pvc | string |
persistence.data.globalMounts[].path (2) /var/www/html/data | string |
| boolean | |
| string | |
| string | |
| boolean | |
| string | |
persistence.data.path (1) /mnt/apps/kubernetes/nextcloud | string |
persistence.data.server (1) ${SECRET_NFS_SERVER:=temp} | string |
persistence.alex-nfs.globalMounts[].path (1) /var/www/html/data/alex/files | string |
persistence.alex-nfs.path (1) /mnt/Fast/Alex | string |
persistence.alex-nfs.server (1) 192.168.42.20 | string |
| string | |
| string | |
| boolean | |
| string | |
| string | |
| boolean | |
| string | |
| string | |
| boolean | |
| string | |
persistence.app-config.existingClaim (1) nextcloud-app-pvc | string |
persistence.app-config.type (1) persistentVolumeClaim | string |
persistence.config-file.globalMounts[].path (1) /var/www/html/config/custom.config.php | string |
persistence.config-file.globalMounts[].subPath (1) custom.config.php | string |
| string | |
persistence.config-file.type (1) configMap | string |
persistence.config.existingClaim (1) nextcloud | string |
persistence.config.globalMounts[].path (1) /var/www/html | string |
persistence.nextcloud-config.advancedMounts.main.nextcloud[].path (1) /var/www/html/config/extra.config.php | string |
| boolean | |
| string | |
persistence.nextcloud-config.name (1) nextcloud-nextcloud-config | string |
| string | |
persistence.nginx-config.advancedMounts.main.nginx[].path (1) /etc/nginx/nginx.conf | string |
| boolean | |
| string | |
persistence.nginx-config.name (1) nextcloud-nginx-config | string |
persistence.nginx-config.type (1) configMap | string |
persistence.opcache-recommended-ini.advancedMounts.main.nextcloud[].path (1) /usr/local/etc/php/conf.d/opcache-recommended.ini | string |
| boolean | |
persistence.opcache-recommended-ini.advancedMounts.main.nextcloud[].subPath (1) opcache-recommended-ini | string |
persistence.opcache-recommended-ini.name (1) nextcloud-nextcloud-config | string |
| string | |
persistence.redis-session-ini.advancedMounts.main.nextcloud[].path (1) /usr/local/etc/php/conf.d/redis-session.ini | string |
| boolean | |
| string | |
persistence.redis-session-ini.name (1) nextcloud-nextcloud-config | string |
| string | |
persistence.tmpfs.globalMounts[].path (1) /tmp | string |
persistence.tmpfs.globalMounts[].subPath (1) tmp | string |
persistence.tmpfs.type (1) emptyDir | string |
persistence.upload-limit-ini.advancedMounts.main.nextcloud[].path (1) /usr/local/etc/php-fpm.d/uploadLimit.ini | string |
| boolean | |
| string | |
persistence.upload-limit-ini.name (1) nextcloud-nextcloud-config | string |
| string | |
persistence.www-conf.advancedMounts.main.nextcloud[].path (1) /usr/local/etc/php-fpm.d/zz-www.conf | string |
| boolean | |
| string | |
persistence.www-conf.name (1) nextcloud-nextcloud-config | string |
persistence.www-conf.type (1) configMap | string |
| boolean | |
| number | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
nginx.config.headers.Strict-Transport-Security (2) max-age=15552000; includeSubDomains | string |
| boolean | |
nginx.config.serverBlockCustom (1) client_max_body_size 10G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
fastcgi_read_timeout 3600s;
# Handle forwarded headers for proper protocol detection
real_ip_header X-Forwarded-For;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
| string |
| string | |
nginx.image.tag (1) 1.29.5 | string |
ingress.enabled (13) false | boolean |
| string | |
ingress.annotations."nginx.ingress.kubernetes.io/server-snippet" (3) server_tokens off;
proxy_hide_header X-Powered-By;
more_set_headers "Strict-Transport-Security: max-age=31536000; includeSubDomains; preload";
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
deny all;
} | string |
| string | |
| string | |
ingress.annotations."cert-manager.io/cluster-issuer" (1) letsencrypt-production | string |
| string | |
| string | |
| string | |
| string | |
ingress.annotations."hajimari.io/icon" (1) simple-icons:nextcloud | string |
ingress.annotations."hajimari.io/info" (1) File and Calendar server | string |
| string | |
ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-headers" (1) X-Forwarded-For, X-Real-IP, X-Frame-Options, X-Content-Type-Options, X-Forwarded-Proto | string |
| string | |
ingress.annotations."nginx.org/rewrites" (1) /.well-known/webfinger /index.php/.well-known/webfinger;
/.well-known/nodeinfo /index.php/.well-known/nodeinfo;
/.well-known/host-meta /public.php?service=host-meta;
/.well-known/host-meta.json /public.php?service=host-meta-json;
/.well-known/carddav $scheme://$host/remote.php/dav redirect=301;
/.well-known/caldav $scheme://$host/remote.php/dav redirect=301;
| string |
| string | |
ingress.className (3) external | string |
| string | |
ingress.pathType (2) Prefix | string |
ingress.tls[].hosts[] (1) - nc.${SECRET_DOMAIN} | string |
ingress.tls[].secretName (1) tls.nextcloud | string |
| boolean | |
| boolean | |
| number | |
| number | |
| string | |
| string | |
| string | |
| string | |
cronjob.cronjob.command[] (1) - /bin/sh | string |
cronjob.cronjob.env[].name (1) MAIL_FROM_ADDRESS | string |
cronjob.cronjob.env[].value (1) ${FROM_ADDRESS} | string |
| string | |
| string | |
| boolean | |
| number | |
cronjob.cronjob.extraVolumes[].configMap.name (1) nextcloud-scripts | string |
| string | |
| number | |
cronjob.cronjob.schedule (1) */5 * * * * | string |
| number | |
| boolean | |
| number | |
| number | |
| number | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
| string | |
cronjob.type (1) cronjob | string |
image.flavor (12) fpm-alpine | string |
image.tag (5) 32.0.6-fpm-alpine | string |
image.repository (2) nextcloud | string |
image.pullPolicy (1) IfNotPresent | string |
| string | |
| string | |
| string | |
| number | |
| string | |
deploymentAnnotations."secret.reloader.stakater.com/reload" (2) nextcloud-secret | string |
| boolean | |
| number | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| number | |
| number | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
redis.enabled (3) false | boolean |
| boolean | |
redis.auth.existingSecret (1) nextcloud-secret | string |
redis.auth.existingSecretPasswordKey (1) REDIS_PASSWORD | string |
redis.host (1) nextcloud-valkey.selfhosted.svc.cluster.local | string |
redis.port (1) 6379 | number |
| string | |
controllers.nextcloud.containers.app.env.NEXTCLOUD_TRUSTED_DOMAINS (2) nextcloud.${SECRET_DOMAIN} | string |
controllers.nextcloud.containers.app.env.NEXTCLOUD_ADMIN_PASSWORD.valueFrom.secretKeyRef.key (1) NEXTCLOUD_ADMIN_PASSWORD | string |
| string | |
| string | |
| string | |
controllers.nextcloud.containers.app.env.NEXTCLOUD_DATA_DIR (1) /var/www/html/data | string |
controllers.nextcloud.containers.app.env.OVERWRITECLIURL (1) https://nextcloud.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.nextcloud.containers.app.env.REDIS_HOST (1) dragonfly.database.svc.cluster.local | string |
| string | |
| string | |
controllers.nextcloud.containers.app.image.tag (2) 32.0.6-apache | string |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| string | |
| string | |
| number | |
| number | |
| number | |
| boolean | |
| boolean | |
| number | |
| string | |
| number | |
| string | |
| string | |
| number | |
| number | |
| number | |
| boolean | |
| number | |
| number | |
| string | |
| number | |
| number | |
| number | |
| boolean | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.nextcloud.containers.app.envFrom[].secretRef.name (1) {{ .Release.Name }}-secret | string |
controllers.nextcloud.initContainers.copy-config.command[] (1) - sh | string |
controllers.nextcloud.initContainers.copy-config.image.repository (1) docker.io/library/nextcloud | string |
controllers.nextcloud.initContainers.copy-config.image.tag (1) 32.0.6@sha256:0e1084cc59df77bec7d6bb29d9ac6939da8372512237a9c51f74ff0a970524f2 | string |
| boolean | |
| string | |
| boolean | |
| string | |
controllers.nextcloud.initContainers.init-db.image.repository (1) ghcr.io/home-operations/postgres-init | string |
| string | |
controllers.nextcloud.type (1) deployment | string |
| string | |
| boolean | |
| boolean | |
| boolean | |
| number | |
| string | |
controllers.main.containers.clamav.image.tag (1) 1.5.1-25@sha256:bb4f25aad81c7a430ed49ee24ee8c69caa56d81d59884901e31a407aaaa19b4d | string |
| boolean | |
| boolean | |
| number | |
| number | |
| number | |
controllers.main.containers.collabora.env[].name (1) username | string |
controllers.main.containers.collabora.env[].value (1) --o:ssl.termination=true --o:ssl.enable=false --o:welcome.enable=false --o:languagetool.enabled=true --o:languagetool.base_url=http://nextcloud-languagetool.default.svc.cluster.local:8010/v2 --o:net.proxy_allowed_hosts=192.168.0.0/16,10.0.0.0/8,cloud.${SECRET_DOMAIN} --o:admin_console.enable=false | string |
controllers.main.containers.collabora.env[].valueFrom.secretKeyRef.key (1) COLLABORA_USERNAME | string |
controllers.main.containers.collabora.env[].valueFrom.secretKeyRef.name (1) nextcloud-secret | string |
| string | |
controllers.main.containers.collabora.image.tag (1) 25.04.8.3.1@sha256:fa876e9fc1fdeb9aabac545e9fced19360e3a0492879432d857c17be4e4ea025 | string |
| number | |
| number | |
| number | |
controllers.main.containers.languagetool.image.repository (1) collabora/languagetool | string |
controllers.main.containers.languagetool.image.tag (1) 6.6@sha256:a93a2470a49c28e36b0e3b73f4562dab21a532ad10819ddc50bf69f80e98240d | string |
controllers.main.containers.nextcloud.env[].name (1) TZ | string |
controllers.main.containers.nextcloud.env[].value (1) ${TIMEZONE} | string |
controllers.main.containers.nextcloud.env[].valueFrom.secretKeyRef.key (1) NEXTCLOUD_ADMIN_USER | string |
controllers.main.containers.nextcloud.env[].valueFrom.secretKeyRef.name (1) nextcloud-secret | string |
controllers.main.containers.nextcloud.image.repository (1) docker.io/library/nextcloud | string |
controllers.main.containers.nextcloud.image.tag (1) 32.0.6-fpm-alpine@sha256:b3c3e09c11bf4b70ca1a48bbb60ba30ecc5a91cbb775834f253f414d8ec5d634 | string |
| number | |
| number | |
| number | |
controllers.main.containers.nginx.image.repository (1) nginxinc/nginx-unprivileged | string |
controllers.main.containers.nginx.image.tag (1) 1.29-alpine@sha256:bae24904860527735a08e04722a92add40784b91e61389b710367c7d0e6d3b25 | string |
controllers.main.containers.whiteboard.env[].name (1) NEXTCLOUD_URL | string |
controllers.main.containers.whiteboard.env[].value (1) https://cloud.${SECRET_DOMAIN} | string |
controllers.main.containers.whiteboard.env[].valueFrom.secretKeyRef.key (1) WHITEBOARD_JWT_SECRET_KEY | string |
| string | |
controllers.main.containers.whiteboard.image.repository (1) ghcr.io/nextcloud-releases/whiteboard | string |
controllers.main.containers.whiteboard.image.tag (1) v1.5.6@sha256:0a261558fa6d5d5cfea5da6b24ff2aeee691d46a7ced943edb478751919a4649 | string |
| number | |
| number | |
| number | |
controllers.main.initContainers.init-chmod-pvc.args[] (1) - -c | string |
| string | |
controllers.main.initContainers.init-chmod-pvc.image.repository (1) docker.io/library/alpine | string |
controllers.main.initContainers.init-chmod-pvc.image.tag (1) 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659 | string |
| number | |
| number | |
| number | |
controllers.main.strategy (1) RollingUpdate | string |
| number | |
| string | |
| number | |
| boolean | |
| number | |
| string | |
| string | |
| boolean | |
| boolean | |
route.app.annotations."gatus.home-operations.com/endpoint" (2) group: productivity
| string |
| string | |
route.app.annotations."gethomepage.dev/description" (1) File Sync & Collaboration | string |
| string | |
| string | |
route.app.annotations."gethomepage.dev/icon" (1) nextcloud.png | string |
| string | |
route.app.annotations."gethomepage.dev/widget.password" (1) {{`{{HOMEPAGE_VAR_NEXTCLOUD_PASSWORD}}`}} | string |
| string | |
route.app.annotations."gethomepage.dev/widget.url" (1) http://nextcloud.productivity.svc.cluster.local:80 | string |
route.app.annotations."gethomepage.dev/widget.username" (1) {{`{{HOMEPAGE_VAR_NEXTCLOUD_USERNAME}}`}} | string |
route.app.hostnames[] (2) - nextcloud.${SECRET_DOMAIN} | string |
route.app.parentRefs[].name (2) internal | string |
| string | |
| string | |
| string | |
| number | |
route.app.rules[].filters[].responseHeaderModifier.add[].name (1) Strict-Transport-Security | string |
route.app.rules[].filters[].responseHeaderModifier.add[].value (1) max-age=31536000; includeSubDomains; preload | string |
route.app.rules[].filters[].type (1) ResponseHeaderModifier | string |
route.collabora.hostnames[] (1) - office.${SECRET_DOMAIN} | string |
| string | |
route.collabora.parentRefs[].namespace (1) kube-system | string |
| string | |
route.collabora.rules[].backendRefs[].name (1) nextcloud-collabora | string |
| number | |
route.nextcloud.hostnames[] (1) - cloud.${SECRET_DOMAIN} | string |
| string | |
route.nextcloud.parentRefs[].namespace (1) kube-system | string |
| string | |
route.nextcloud.rules[].backendRefs[].name (1) nextcloud-nginx | string |
| number | |
securityContext.fsGroupChangePolicy (2) OnRootMismatch | string |
| number | |
service.app.controller (1) nextcloud | string |
| string | |
| number | |
| string | |
| number | |
| string | |
| number | |
| string | |
| number | |
| string | |
| number | |
| string | |
| string | |
| string | |
| number | |
configMaps.config.data."custom.config.php" (1) <?php
$CONFIG = array(
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://storage.hyde.services',
'overwritehost' => 'storage.hyde.services',
'check_data_directory_permissions' => false,
'default_phone_region' => 'AU',
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.42.0.0/16',
),
'trusted_domains' => array(
0 => '127.0.0.1',
1 => 'storage.hyde.services',
),
'simpleSignUpLink.shown' => false,
'cache_path' => '/cache',
'forwarded_for_headers' => array('X-Forwarded-For'),
'maintenance_window_start' => 100,
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'dragonfly.databases.svc.cluster.local',
'port' => 6379,
'dbindex' => 1,
),
); | string |
configMaps.config.data."php.ini" (1) session.save_handler = redis
session.save_path = "tcp://dragonfly.databases.svc.cluster.local:6379/1"
redis.session.locking_enabled = 1
redis.session.lock_retries = -1
redis.session.lock_wait_time = 10000
upload_max_filesize = 16G
post_max_size = 16G
memory_limit = 512M
max_execution_time = 3600 | string |
configMaps.config.data."remoteip.conf" (1) RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 10.42.0.0/16 | string |
configMaps.config.data."www.conf" (1) [www]
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 12
pm.min_spare_servers = 6
pm.max_spare_servers = 18 | string |
configMaps.nextcloud-config.data."extra.config.php" (1) <?php
$CONFIG = array(
'backgroundjobs_mode' => 'cron',
'activity_expire_days' => 14,
'allow_local_remote_servers' => true,
'auth.bruteforce.protection.enabled' => true,
'overwriteprotocol' => 'https',
'overwrite.cli.url' => 'https://cloud.${SECRET_DOMAIN}',
'trusted_domains' => array(
0 => 'localhost',
1 => 'cloud.${SECRET_DOMAIN}',
2 => 'id.${SECRET_DOMAIN}',
3 => 'nextcloud-collabora.default.svc.cluster.local',
),
'trusted_proxies' => array(
0 => '127.0.0.1',
1 => '10.0.0.0/8',
2 => '172.16.0.0/12',
3 => '192.168.0.0/16',
),
'forwarded_for_headers' => array(
0 => 'HTTP_X_FORWARDED_FOR',
),
'forbidden_filenames' =>
array (
0 => '.htaccess',
1 => 'Thumbs.db',
2 => 'thumbs.db',
),
'appstoreenabled' => true,
'knowledgebaseenabled' => false,
'quota_include_external_storage' => false,
'share_folder' => '/Freigaben',
'skeletondirectory' => '',
'trashbin_retention_obligation' => 'auto, 7',
'log_type' => 'file',
'logfile' => '/var/log/nextcloud.log',
'loglevel' => 0,
'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'port' => getenv('REDIS_HOST_PORT') ?: 6379,
'password' => getenv('REDIS_HOST_PASSWORD'),
'dbindex' => 8,
'timeout' => 1.5,
'read_timeout' => 1.5,
),
'apps_paths' => array(
0 => array (
'path' => OC::$SERVERROOT.'/apps',
'url' => '/apps',
'writable' => false,
),
1 => array (
'path' => OC::$SERVERROOT.'/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'htaccess.RewriteBase' => '/',
'mail_smtpmode' => 'smtp',
'mail_smtptimeout' => 30,
'mail_sendmailmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => 25,
'mail_smtpsecure' => '',
'mail_smtpauth' => false,
'mail_smtpauthtype' => '',
'mail_smtppassword' => getenv('SMTP_PASSWORD'),
'mail_smtpname' => getenv('SMTP_NAME'),
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
"mail_smtptimeout" => 30,
'mail_smtpstreamoptions' => array (
'ssl' => array (
'allow_self_signed' => true,
'verify_peer' => false,
'verify_peer_name' => false
),
),
'enable_previews' => true,
'enabledPreviewProviders' =>
array (
0 => 'OC\\Preview\\PNG',
1 => 'OC\\Preview\\JPEG',
2 => 'OC\\Preview\\GIF',
3 => 'OC\\Preview\\BMP',
4 => 'OC\\Preview\\XBitmap',
5 => 'OC\\Preview\\Movie',
6 => 'OC\\Preview\\PDF',
7 => 'OC\\Preview\\MP3',
8 => 'OC\\Preview\\TXT',
9 => 'OC\\Preview\\MarkDown',
10 => 'OC\\Preview\\HEIC',
11 => 'OC\\Preview\\MKV',
12 => 'OC\\Preview\\MP4',
13 => 'OC\\Preview\\AVI',
),
'preview_max_x' => 1024,
'preview_max_y' => 768,
'preview_max_scale_factor' => 1,
// Circumvention for client freezes - https://github.com/nextcloud/desktop/issues/5094
'bulkupload.enabled' => false,
'backgroundjobs_mode' => 'webcron',
'default_language' => 'de',
'default_locale' => 'de_DE',
'default_phone_region' => 'DE',
'default_timezone' => 'Europe/Berlin',
'maintenance_window_start' => 1,
);
| string |
configMaps.nextcloud-config.data.opcache-recommended-ini (1) opcache.enable=1
opcache.interned_strings_buffer=64
opcache.max_accelerated_files=20000
opcache.memory_consumption=256
opcache.save_comments=1
opcache.revalidate_freq=60
opcache.validate_timestamps=0
opcache.jit=1255
opcache.jit_buffer_size=128M
| string |
configMaps.nextcloud-config.data."redis-session.ini" (1) session.save_handler = redis
session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT}?auth=${REDIS_HOST_PASSWORD}"
redis.session.locking_enabled = 1
redis.session.lock_retries = -1
redis.session.lock_wait_time = 10000
| string |
configMaps.nextcloud-config.data."uploadLimit.ini" (1) upload_max_filesize = 16G
post_max_size = 16G
max_input_time = 3600
max_execution_time = 3600
| string |
configMaps.nextcloud-config.data."www.conf" (1) [www]
pm = dynamic
pm.max_children = 256
pm.start_servers = 14
pm.min_spare_servers = 14
pm.max_spare_servers = 236
pm.max_requests = 500
pm.process_idle_timeout = 10s
| string |
| boolean | |
configMaps.nginx-config.data."nginx.conf" (1) worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /tmp/nginx.pid;
events {
worker_connections 2048;
multi_accept on;
use epoll;
}
http {
proxy_temp_path /tmp/proxy_temp;
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
reset_timedout_connection on;
server_tokens off;
resolver 176.9.93.198 176.9.1.117 valid=30s;
resolver_timeout 5s;
limit_req_zone $binary_remote_addr zone=NextcloudRateLimit:10m rate=2r/s;
upstream php-handler {
server 127.0.0.1:9000;
}
types {
text/javascript mjs;
}
server {
listen 8080;
root /var/www/html;
index index.php index.html /index.php$request_uri;
# Security Headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload;" always;
add_header Permissions-Policy "interest-cohort=()";
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Download-Options "noopen" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
fastcgi_hide_header X-Powered-By;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
client_max_body_size 10G;
client_body_timeout 3600s;
client_body_buffer_size 512k;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types
application/atom+xml
text/javascript
application/javascript
application/json
application/ld+json
application/manifest+json
application/rss+xml
application/vnd.geo+json
application/vnd.ms-fontobject
application/wasm
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/bmp
image/svg+xml
image/x-icon
text/cache-manifest
text/css
text/plain
text/vcard
text/vnd.rim.location.xloc
text/vtt
text/x-component
text/x-cross-domain-policy;
location = / {
if ($http_user_agent ~ ^DavClnt) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Well-known URLs
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
return 301 /index.php$request_uri;
}
# Block unsafe paths
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# PHP Handling
location ~ \.php(?:$|/) {
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
fastcgi_max_temp_file_size 0;
}
# Static files
location ~ \.(?:css|js|mjs|svg|gif|ico|jpg|png|webp|wasm|tflite|map|ogg|flac)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15768000, immutable";
expires 6M;
access_log off;
}
# Fonts
location ~ \.(otf|woff2?)$ {
try_files $uri /index.php$request_uri;
expires 7d;
access_log off;
}
# Remote redirect
location /remote {
return 301 /remote.php$request_uri;
}
# Login rate limiting
location = /login {
limit_req zone=NextcloudRateLimit burst=5 nodelay;
limit_req_status 429;
try_files $uri $uri/ /index.php$request_uri;
}
# Whiteboard reverse proxy
location /whiteboard/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://nextcloud-whiteboard.default.svc.cluster.local:3002/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
# Fallback
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}
| string |
| boolean | |
| string | |
| string | |
extraManifests[] (1) - apiVersion: v1
kind: Service
metadata:
name: nextcloud-push
labels:
app.kubernetes.io/name: {{ include "nextcloud.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
type: ClusterIP
ports:
- name: push
port: 7867
targetPort: 7867
protocol: TCP
selector:
app.kubernetes.io/name: {{ include "nextcloud.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
| string |
fullnameOverride (1) nextcloud | string |
hpa.enabled (1) false | boolean |
| string | |
httpRoute.apiVersion (1) gateway.networking.k8s.io/v1 | string |
| boolean | |
httpRoute.hostnames[] (1) - nextcloud.${SECRET_DOMAIN} | string |
httpRoute.kind (1) HTTPRoute | string |
httpRoute.parentRefs[].name (1) envoy-external | string |
| string | |
httpRoute.rules[].backendRefs[].name (1) notify-push | string |
httpRoute.rules[].backendRefs[].port (1) 7867 | number |
httpRoute.rules[].filters[].type (1) URLRewrite | string |
httpRoute.rules[].filters[].urlRewrite.path.replaceFullPath (1) /public.php?service=host-meta | string |
httpRoute.rules[].filters[].urlRewrite.path.replacePrefixMatch (1) /index.php/.well-known/webfinger | string |
httpRoute.rules[].filters[].urlRewrite.path.type (1) ReplacePrefixMatch | string |
httpRoute.rules[].matches[].path.type (1) PathPrefix | string |
httpRoute.rules[].matches[].path.value (1) /push/ | string |
lifecycle.postStartCommand[] (1) - /bin/bash | string |
| string |