vynil/domain
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
Sébastien Huss
2023-09-20 14:12:55 +02:00
parent 2b93be7324
commit 287b4b8caa
6 changed files with 453 additions and 423 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
apps/nextcloud/application.tf
View File

@@ -1,12 +1,13 @@
locals {
app-name = var.component == var.instance ? var.instance : format("%s-%s", var.component, var.instance)
main-group = format("app-%s", local.app-name)
}
data "authentik_group" "akadmin" {
name = "authentik Admins"
}
resource "authentik_group" "groups" {
name = "nextcloud-users"
}
data "authentik_group" "readed_groups" {
depends_on = [ authentik_group.groups ]
name = "nextcloud-users"
name = local.main-group
attributes = jsonencode({"${local.app-name}" = true})
}
resource "authentik_application" "prj_app" {
@@ -17,9 +18,17 @@ resource "authentik_application" "prj_app" {
meta_icon = format("https://%s.%s/%s", var.sub-domain, var.domain-name, "apps/theming/favicon")
}
resource "authentik_policy_expression" "policy" {
name = local.main-group
expression = <<-EOF
attr = request.user.group_attributes()
return attr['${local.app-name}'] if '${local.app-name}' in attr else False
EOF
}
resource "authentik_policy_binding" "prj_access_users" {
target = authentik_application.prj_app.uuid
group = authentik_group.groups.id
policy = authentik_policy_expression.policy.id
order = 0
}
resource "authentik_policy_binding" "prj_access_vynil" {

524
apps/nextcloud/index.yaml
View File

@@ -6,36 +6,207 @@ metadata:
name: nextcloud
description: null
options:
apps:
default:
audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
examples:
- audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
properties:
audioplayer:
default: false
type: boolean
bookmarks:
default: false
type: boolean
bpm:
default: false
type: boolean
calendar:
default: false
type: boolean
collabora:
default: false
type: boolean
contacts:
default: false
type: boolean
deck:
default: false
type: boolean
groupfolders:
default: true
type: boolean
mindmap:
default: false
type: boolean
music:
default: false
type: boolean
notes:
default: false
type: boolean
onlyoffice:
default: false
type: boolean
passman:
default: false
type: boolean
spreed:
default: false
type: boolean
tables:
default: false
type: boolean
tasks:
default: false
type: boolean
texteditor:
default: true
type: boolean
type: object
openid-name:
default: vynil
examples:
- vynil
type: string
postgres:
backups:
default:
replicas: 1
storage: 5Gi
version: '14'
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
examples:
- replicas: 1
storage: 5Gi
version: '14'
- enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
version:
default: '14'
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
default:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties:
db:
default: 30d
type: string
keepDaily:
default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
use-barman:
default: false
type: boolean
type: object
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
images:
default:
collabora:
@@ -199,111 +370,6 @@ options:
type: string
type: object
type: object
domain:
default: your-company
examples:
- your-company
type: string
domain-name:
default: your_company.com
examples:
- your_company.com
type: string
ingress-class:
default: traefik
examples:
- traefik
type: string
apps:
default:
audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
examples:
- audioplayer: false
bookmarks: false
bpm: false
calendar: false
collabora: false
contacts: false
deck: false
groupfolders: true
mindmap: false
music: false
notes: false
onlyoffice: false
passman: false
spreed: false
tables: false
tasks: false
texteditor: true
properties:
audioplayer:
default: false
type: boolean
bookmarks:
default: false
type: boolean
bpm:
default: false
type: boolean
calendar:
default: false
type: boolean
collabora:
default: false
type: boolean
contacts:
default: false
type: boolean
deck:
default: false
type: boolean
groupfolders:
default: true
type: boolean
mindmap:
default: false
type: boolean
music:
default: false
type: boolean
notes:
default: false
type: boolean
onlyoffice:
default: false
type: boolean
passman:
default: false
type: boolean
spreed:
default: false
type: boolean
tables:
default: false
type: boolean
tasks:
default: false
type: boolean
texteditor:
default: true
type: boolean
type: object
hpa:
default:
avg-cpu: 50
@@ -324,145 +390,10 @@ options:
default: 1
type: integer
type: object
backups:
default:
enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
domain-name:
default: your_company.com
examples:
- enable: false
endpoint: ''
key-id-key: s3-id
restic-key: bck-password
retention:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
schedule:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
secret-key: s3-secret
secret-name: backup-settings
use-barman: false
properties:
enable:
default: false
type: boolean
endpoint:
default: ''
type: string
key-id-key:
default: s3-id
type: string
restic-key:
default: bck-password
type: string
retention:
default:
db: 30d
keepDaily: 14
keepMonthly: 12
keepWeekly: 6
keepYearly: 12
properties:
db:
default: 30d
type: string
keepDaily:
default: 14
type: integer
keepMonthly:
default: 12
type: integer
keepWeekly:
default: 6
type: integer
keepYearly:
default: 12
type: integer
type: object
schedule:
default:
backup: 30 3 * * *
check: 30 5 * * 1
db: 30 3 * * *
prune: 30 1 * * 0
properties:
backup:
default: 30 3 * * *
type: string
check:
default: 30 5 * * 1
type: string
db:
default: 30 3 * * *
type: string
prune:
default: 30 1 * * 0
type: string
type: object
secret-key:
default: s3-secret
type: string
secret-name:
default: backup-settings
type: string
use-barman:
default: false
type: boolean
type: object
admin:
default:
name: nextcloud_admin
examples:
- name: nextcloud_admin
properties:
name:
default: nextcloud_admin
type: string
type: object
storage:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
sub-domain:
default: files
examples:
- files
- your_company.com
type: string
redis:
default:
@@ -497,6 +428,75 @@ options:
default: 2Gi
type: string
type: object
ingress-class:
default: traefik
examples:
- traefik
type: string
sub-domain:
default: files
examples:
- files
type: string
domain:
default: your-company
examples:
- your-company
type: string
issuer:
default: letsencrypt-prod
examples:
- letsencrypt-prod
type: string
postgres:
default:
replicas: 1
storage: 5Gi
version: '14'
examples:
- replicas: 1
storage: 5Gi
version: '14'
properties:
replicas:
default: 1
type: integer
storage:
default: 5Gi
type: string
version:
default: '14'
type: string
type: object
storage:
default:
accessMode: ReadWriteOnce
size: 10Gi
examples:
- accessMode: ReadWriteOnce
size: 10Gi
properties:
accessMode:
default: ReadWriteOnce
enum:
- ReadWriteOnce
- ReadOnlyMany
- ReadWriteMany
type: string
size:
default: 10Gi
type: string
type: object
admin:
default:
name: nextcloud_admin
examples:
- name: nextcloud_admin
properties:
name:
default: nextcloud_admin
type: string
type: object
dependencies:
- dist: null
category: share