Add nextcloud config

2023-03-27 16:41:43 +02:00 · 2023-03-27 16:41:43 +02:00 · 0d5dfd31b6
parent 82bda1443d
commit 0d5dfd31b6
7 changed files with 244 additions and 8 deletions
--- a/customers/base/kustomization.yaml
+++ b/customers/base/kustomization.yaml
@ -4,4 +4,6 @@ resources:
  - nextcloud-namespace.yml
  - nextcloud-pvc.yml
  - nextcloud-service.yml
+  - redis-deployment.yml
+  - redis-service.yml
  - s3-service.yml
--- a/customers/base/nextcloud-configmap.yml
+++ b/customers/base/nextcloud-configmap.yml
@ -0,0 +1,111 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nextcloud-configmap
+  namespace: customer
+data: 
+  config.php: |
+    <?php
+    $CONFIG = array (
+      'memcache.local' => '\\OC\\Memcache\\APCu',
+      'appstoreenabled' => false,
+      'apps_paths' =>
+      array (
+        0 =>
+        array (
+          'path' => '/var/www/html/apps',
+          'url' => '/apps',
+          'writable' => false,
+        ),
+        1 =>
+        array (
+          'path' => '/var/www/html/custom_apps',
+          'url' => '/custom_apps',
+          'writable' => true,
+        ),
+      ),
+      'memcache.distributed' => '\\OC\\Memcache\\Redis',
+      'memcache.locking' => '\\OC\\Memcache\\Redis',
+      'redis' =>
+      array (
+        'host' => '{{REDIS_HOST}}',
+        'password' => '{{REDIS_PASSWORD}}',
+        'port' => 6379,
+      ),
+      'forcessl' => true,
+      'overwriteprotocol' => 'https',
+      'objectstore' =>
+      array (
+        'class' => '\\OC\\Files\\ObjectStore\\S3',
+        'arguments' =>
+        array (
+          'bucket' => '{{OBJECTSTORE_S3_BUCKET}}',
+          'key' => '{{OBJECTSTORE_S3_KEY}}',
+          'secret' => '{{OBJECTSTORE_S3_SECRET}}',
+          'region' => '{{OBJECTSTORE_S3_REGION}}',
+          'hostname' => '{{OBJECTSTORE_S3_HOST}}',
+          'port' => '',
+          'objectPrefix' => 'urn:oid:',
+          'autocreate' => false,
+          'use_ssl' => true,
+          'use_path_style' => true,
+          'legacy_auth' => false,
+        ),
+      ),
+      'csrf.disabled' => true,
+      'passwordsalt' => '{{NEXTCLOUD_PASSWORDSALT}}',
+      'secret' => '{{NEXTCLOUD_SECRET}}',
+      'trusted_domains' =>
+      array (
+        0 => '{{NEXTCLOUD_TRUSTED_DOMAINS}}'
+      ),
+      'config_is_read_only' => true,
+      'datadirectory' => '/var/www/html/data',
+      'dbhost' => '{{MYSQL_HOST}}',
+      'dbname' => '{{MYSQL_DATABASE}}',
+      'dbpassword' => '{{MYSQL_PASSWORD}}',
+      'dbport' => '{{MYSQL_PORT}}',
+      'dbtableprefix' => 'oc_',
+      'dbtype' => 'mysql',
+      'dbuser' => '{{MYSQL_USER}}',
+      'gs.enabled' => 'true',
+      'gs.federation' => 'global',
+      'gs.trustedHosts' => ['*.sunet.se'],
+      'gss.jwt.key' => '{{GSS_JWT_KEY}}',
+      'gss.master.url' => '{{GSS_MASTER_URL}}',
+      'gss.mode' => 'slave',
+      'gss.user.discovery.module' => '\\OCA\\GlobalSiteSelector\\UserDiscoveryModules\\ManualUserMapping',
+      'installed' => true,
+      'instanceid' => '{{NEXTCLOUD_INSTANCEID}}',
+      'log_type' => 'file',
+      'loglevel' => 0,
+      'lookup_server' => '{{LOOKUP_SERVER}}',
+      'mail_domain' => '{{MAIL_DOMAIN}}',
+      'mail_from_address' => '{{MAIL_FROM_ADDRESS}}',
+      'mail_sendmailmode' => 'smtp',
+      'mail_smtpauth' => 1,
+      'mail_smtpauthtype' => 'LOGIN',
+      'mail_smtphost' => '{{MAIL_SMTPHOST}}',
+      'mail_smtpmode' => 'smtp',
+      'mail_smtpname' => '{{MAIL_SMTPNAME}}',
+      'mail_smtppassword' => '{{MAIL_SMTPPASSWORD}}',
+      'mail_smtpport' => '587',
+      'mail_smtpsecure' => 'tls',
+      'mail_template_class' => 'OCA\DriveEmailTemplate\EMailTemplate',
+      'mysql.utf8mb4' => true,
+      'overwritehost' => '{{SITE_NAME}}',
+      'overwrite.cli.url' => 'https://{{SITE_NAME}}',
+      'templatedirectory' => '',
+      'skeletondirectory' => '',
+      'twofactor_enforced' => 'true',
+      'twofactor_enforced_groups' =>
+      array (
+        0 => 'admin',
+      ),
+      'version' => '{{NEXTCLOUD_VERSION_STRING}}',
+      'app_install_overwrite' =>
+      array (
+        0 => 'globalsiteselector',
+      ),
+
+    );
--- a/customers/base/nextcloud-deployment.yml
+++ b/customers/base/nextcloud-deployment.yml
@ -23,16 +23,38 @@ spec:
            claimName: customer-shared-storage-claim
      containers:
      - name: customer 
-        image: customer 
+        image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 
        volumeMounts:
          - name: server-storage
            mountPath: /var/www/html
            subPath: server-data
        env:
+          - name: GSS_MASTER_URL
+            value: "https://drive.test.sunet.se"
+          - name: GSS_JWT_KEY
+            valueFrom:
+              secretKeyRef:
+                name: gss-secret
+                key: "jwt_key"
+          - name: LOOKUP_SERVER
+            value: "https://lookup.drive.test.sunet.se"
+          - name: MAIL_DOMAIN
+            value: "drive.test.sunet.se"
+          - name: MAIL_FROM_ADDRESS
+            value: "noreply"
+          - name: MAIL_SMTPHOST
+            value: "smtp.sunet.se"
+          - name: MAIL_SMTPNAME
+            value: "noreply@drive.test.sunet.se"
+          - name: MAIL_SMTPPASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: mail-secret
+                key: "smtp_password"
          - name: MYSQL_DATABASE
-            value: "customer_customer"
+            value: "customer_nextcloud"
          - name: MYSQL_USER
-            value: "customer"
+            value: "customer_nextcloud"
          - name: MYSQL_HOST
            value: "proxysql.proxysql"
          - name: MYSQL_PASSWORD
@ -45,12 +67,29 @@ spec:
          - name: NEXTCLOUD_TRUSTED_DOMAINS
            value: "customer.drive.test.sunet.se"
          - name: NEXTCLOUD_ADMIN_USER
-            value: _customer
+            value: admin
+          - name: NEXTCLOUD_VERSION_STRING
+            value: "25.0.3.3"
          - name: NEXTCLOUD_ADMIN_PASSWORD
            valueFrom:
              secretKeyRef:
                name: nc-secret
                key: "nc_admin_password"
+          - name: NEXTCLOUD_PASSWORDSALT
+            valueFrom:
+              secretKeyRef:
+                name: nc-secret
+                key: "nc_passwordsalt"
+          - name: NEXTCLOUD_INSTANCEID
+            valueFrom:
+              secretKeyRef:
+                name: nc-secret
+                key: "nc_instanceid"
+          - name: NEXTCLOUD_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: nc-secret
+                key: "nc_secret"
          - name: OBJECTSTORE_S3_REGION
            value: "us-east-1"
          - name: OBJECTSTORE_S3_HOST
@ -75,6 +114,13 @@ spec:
            value: "true"
          - name: REDIS_HOST
            value: "redis.redis"
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: redis-secret
+                key: "redis_password"
+          - name: SITE_NAME
+            value: "customer.drive.test.sunet.se"
        resources: {}
  strategy: {}
 status: {}
--- a/customers/base/redis-deployment.yml
+++ b/customers/base/redis-deployment.yml
@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+  namespace: customer
+  labels:
+    app.kubernetes.io/name: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: redis
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: redis
+    spec:
+      containers:
+      - name: default
+        image: redis:latest
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 6379
+        args:
+        - "--save"
+        - ""
+        - "--appendonly"
+        - "no"
+
--- a/customers/base/redis-service.yml
+++ b/customers/base/redis-service.yml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+  labels:
+    app: redis
+  name: redis
+  namespace: customer
+spec:
+  ports:
+  - name: redis
+    nodePort: 30379
+    port: 6379
+    targetPort: redis
+  selector:
+    app: redis
+    app.kubernetes.io/name: redis
+  type: NodePort
--- a/customers/overlays/vr/prod/nextcloud-deployment.yml
+++ b/customers/overlays/vr/prod/nextcloud-deployment.yml
@ -23,17 +23,32 @@ spec:
            claimName: vr-shared-storage-claim
      containers:
      - name: vr 
+        image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 
+        volumeMounts:
+          - name: server-storage
+            mountPath: /var/www/html
+            subPath: server-data
        env:
+          - name: GSS_MASTER_URL
+            value: "https://drive.sunet.se"
+          - name: LOOKUP_SERVER
+            value: "https://lookup.drive.sunet.se"
+          - name: MAIL_DOMAIN
+            value: "drive.sunet.se"
+          - name: MAIL_SMTPNAME
+            value: "noreply@drive.sunet.se"
          - name: MYSQL_DATABASE
            value: "vr_nextcloud"
          - name: MYSQL_USER
            value: "vr_nextcloud"
          - name: NEXTCLOUD_TRUSTED_DOMAINS
            value: "vr.drive.sunet.se"
-          - name: OBJECTSTORE_S3_HOST
-            value: "s3.sto4.safedc.net"
+          - name: NEXTCLOUD_VERSION_STRING
+            value: "25.0.3.3"
          - name: OBJECTSTORE_S3_BUCKET
            value: "primary-vr-drive.sunet.se"
+          - name: SITE_NAME
+            value: "vr.drive.sunet.se"
        resources: {}
  strategy: {}
 status: {}
--- a/customers/overlays/vr/test/nextcloud-deployment.yml
+++ b/customers/overlays/vr/test/nextcloud-deployment.yml
@ -23,17 +23,32 @@ spec:
            claimName: vr-shared-storage-claim
      containers:
      - name: vr 
+        image: docker.sunet.se/drive/nextcloud-custom:25.0.3.3-4 
+        volumeMounts:
+          - name: server-storage
+            mountPath: /var/www/html
+            subPath: server-data
        env:
+          - name: GSS_MASTER_URL
+            value: "https://drive.test.sunet.se"
+          - name: LOOKUP_SERVER
+            value: "https://lookup.drive.test.sunet.se"
+          - name: MAIL_DOMAIN
+            value: "drive.test.sunet.se"
+          - name: MAIL_SMTPNAME
+            value: "noreply@drive.test.sunet.se"
          - name: MYSQL_DATABASE
            value: "vr_nextcloud"
          - name: MYSQL_USER
            value: "vr_nextcloud"
          - name: NEXTCLOUD_TRUSTED_DOMAINS
            value: "vr.drive.test.sunet.se"
-          - name: OBJECTSTORE_S3_HOST
-            value: "s3.sto4.safedc.net"
+          - name: NEXTCLOUD_VERSION_STRING
+            value: "25.0.3.3"
          - name: OBJECTSTORE_S3_BUCKET
            value: "primary-vr-drive-test.sunet.se"
+          - name: SITE_NAME
+            value: "vr.drive.test.sunet.se"
        resources: {}
  strategy: {}
 status: {}