From d0e39cbff2c8cf7dfbac87da4ba8a96603e7d4c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Huss?= Date: Wed, 26 Jul 2023 19:58:25 +0200 Subject: [PATCH] fix --- apps/nextcloud/application.tf | 28 ++++ apps/nextcloud/index.yaml | 244 +++++++++++++++++----------------- apps/nextcloud/ingress.tf | 2 +- 3 files changed, 151 insertions(+), 123 deletions(-) create mode 100644 apps/nextcloud/application.tf diff --git a/apps/nextcloud/application.tf b/apps/nextcloud/application.tf new file mode 100644 index 0000000..a84e67a --- /dev/null +++ b/apps/nextcloud/application.tf @@ -0,0 +1,28 @@ +data "authentik_group" "akadmin" { + name = "authentik Admins" +} +resource "authentik_group" "groups" { + name = "nextcloud-users" +} +data "authentik_group" "readed_groups" { + depends_on = [ authentik_group.groups ] + name = "nextcloud-users" +} + +resource "authentik_application" "prj_app" { + name = "${var.component}" + slug = "${var.component}-${var.instance}" + meta_launch_url = format("https://%s.%s", var.sub-domain, var.domain-name) + meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "apps/theming/favicon") +} + +resource "authentik_policy_binding" "prj_access_users" { + target = authentik_application.prj_app.uuid + group = authentik_group.groups.id + order = 0 +} +resource "authentik_policy_binding" "prj_access_vynil" { + target = authentik_application.prj_app.uuid + group = data.authentik_group.akadmin.id + order = 1 +} diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index 372d99a..3953e8f 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,80 +6,44 @@ metadata: name: nextcloud description: null options: - storage: + domain: + default: your-company + examples: + - your-company + type: string + redis: default: - accessMode: ReadWriteOnce - size: 10Gi + exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi examples: - - accessMode: ReadWriteOnce - size: 10Gi + - exporter: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + image: quay.io/opstree/redis:v7.0.5 + storage: 2Gi properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany + exporter: + default: + enabled: true + image: quay.io/opstree/redis-exporter:v1.44.0 + properties: + enabled: + default: true + type: boolean + image: + default: quay.io/opstree/redis-exporter:v1.44.0 + type: string + type: object + image: + default: quay.io/opstree/redis:v7.0.5 type: string - size: - default: 10Gi + storage: + default: 2Gi type: string type: object - sub-domain: - default: cloud - examples: - - cloud - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - openid-name: - default: vynil - examples: - - vynil - type: string - apps: - default: - calendar: false - contacts: false - deck: false - groupfolders: true - notes: false - spreed: false - tasks: false - examples: - - calendar: false - contacts: false - deck: false - groupfolders: true - notes: false - spreed: false - tasks: false - properties: - calendar: - default: false - type: boolean - contacts: - default: false - type: boolean - deck: - default: false - type: boolean - groupfolders: - default: true - type: boolean - notes: - default: false - type: boolean - spreed: - default: false - type: boolean - tasks: - default: false - type: boolean - type: object images: default: exporter: @@ -183,44 +147,6 @@ options: type: string type: object type: object - redis: - default: - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - examples: - - exporter: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - image: quay.io/opstree/redis:v7.0.5 - storage: 2Gi - properties: - exporter: - default: - enabled: true - image: quay.io/opstree/redis-exporter:v1.44.0 - properties: - enabled: - default: true - type: boolean - image: - default: quay.io/opstree/redis-exporter:v1.44.0 - type: string - type: object - image: - default: quay.io/opstree/redis:v7.0.5 - type: string - storage: - default: 2Gi - type: string - type: object - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string postgres: default: replicas: 1 @@ -241,6 +167,60 @@ options: default: '14' type: string type: object + sub-domain: + default: files + examples: + - files + type: string + admin: + default: + name: nextcloud_admin + examples: + - name: nextcloud_admin + properties: + name: + default: nextcloud_admin + type: string + type: object + ingress-class: + default: traefik + examples: + - traefik + type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string + openid-name: + default: vynil + examples: + - vynil + type: string + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object hpa: default: avg-cpu: 50 @@ -261,25 +241,45 @@ options: default: 1 type: integer type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - domain: - default: your-company - examples: - - your-company - type: string - admin: + apps: default: - name: nextcloud_admin + calendar: false + contacts: false + deck: false + groupfolders: true + notes: false + spreed: false + tasks: false examples: - - name: nextcloud_admin + - calendar: false + contacts: false + deck: false + groupfolders: true + notes: false + spreed: false + tasks: false properties: - name: - default: nextcloud_admin - type: string + calendar: + default: false + type: boolean + contacts: + default: false + type: boolean + deck: + default: false + type: boolean + groupfolders: + default: true + type: boolean + notes: + default: false + type: boolean + spreed: + default: false + type: boolean + tasks: + default: false + type: boolean type: object dependencies: [] providers: diff --git a/apps/nextcloud/ingress.tf b/apps/nextcloud/ingress.tf index 7ab4b32..730ef47 100644 --- a/apps/nextcloud/ingress.tf +++ b/apps/nextcloud/ingress.tf @@ -1,6 +1,6 @@ locals { dns-names = [local.dns-name] - middlewares = ["${var.instance}-https"] + middlewares = ["${var.instance}-https","${var.instance}-redirectregex"] service = { "name" = "${var.component}" "port" = {