diff --git a/apps/nextcloud/configs.tf b/apps/nextcloud/configs.tf index a7c51ac..24cd61c 100644 --- a/apps/nextcloud/configs.tf +++ b/apps/nextcloud/configs.tf @@ -1,4 +1,10 @@ locals { + script-wrap = <<-EOF + #!/bin/bash + cp /etc/local-ca/ca.crt /usr/local/share/ca-certificates/ + update-ca-certificate + exec /entrypoint.sh "$@" + EOF script-head = <<-EOF #!/bin/bash export user=www-data @@ -9,8 +15,6 @@ locals { sh -c "$*" fi } - cp /etc/local-ca/ca.crt /usr/local/share/ca-certificates/ - update-ca-certificate run_as ./occ app:install user_oidc ||: run_as ./occ user_oidc:provider "$${OAUTH2_CONNECTOR_NAME}" --clientid="$${OAUTH2_CLIENT_ID}" \ --clientsecret="$${OAUTH2_CLIENT_SECRET}" \ @@ -24,6 +28,10 @@ locals { var.apps.notes?["run_as ./occ app:install notes ||:"]:[], var.apps.tasks?["run_as ./occ app:install tasks ||:"]:[], var.apps.spreed?["run_as ./occ app:install spreed ||:"]:[]) + data-config-init = { + "autostart.sh" = join("\n", concat([local.script-head],local.script-apps)) + "wrapper" = local.script-wrap + } } resource "kubectl_manifest" "nextcloud-config" { @@ -34,6 +42,6 @@ resource "kubectl_manifest" "nextcloud-config" { name: "${var.component}-${var.instance}-init" namespace: "${var.namespace}" labels: ${jsonencode(local.common-labels)} - data: ${jsonencode({ "autostart.sh" = join("\n", concat([local.script-head],local.script-apps))})} + data: ${jsonencode(local.data-config-init)} EOF } diff --git a/apps/nextcloud/datas.tf b/apps/nextcloud/datas.tf index 7402095..2909e90 100644 --- a/apps/nextcloud/datas.tf +++ b/apps/nextcloud/datas.tf @@ -51,14 +51,16 @@ data "kustomization_overlay" "data" { - name: certs secret: secretName: "${var.instance}-cert" + defaultMode: 0444 - name: config configMap: name: "${var.component}-${var.instance}-init" - defaultMode: 504 + defaultMode: 0777 containers: - name: nextcloud image: "${var.images.nextcloud.registry}/${var.images.nextcloud.repository}:${var.images.nextcloud.tag}" imagePullPolicy: "${var.images.nextcloud.pullPolicy}" + command: ["/usr/local/bin/wrapper"] env: - name: POSTGRES_HOST value: "${var.instance}-${var.component}" @@ -102,6 +104,9 @@ data "kustomization_overlay" "data" { - name: config mountPath: "/docker-entrypoint-hooks.d/before-starting/autostart.sh" subPath: "autostart.sh" + - name: config + mountPath: "/usr/local/bin/wrapper" + subPath: "wrapper" - name: nextcloud-nginx image: "${var.images.nginx.registry}/${var.images.nginx.repository}:${var.images.nginx.tag}" imagePullPolicy: "${var.images.nginx.pullPolicy}" diff --git a/apps/nextcloud/index.yaml b/apps/nextcloud/index.yaml index b3a5883..a41c517 100644 --- a/apps/nextcloud/index.yaml +++ b/apps/nextcloud/index.yaml @@ -6,6 +6,11 @@ metadata: name: nextcloud description: null options: + issuer: + default: letsencrypt-prod + examples: + - letsencrypt-prod + type: string redis: default: exporter: @@ -39,6 +44,105 @@ options: default: 2Gi type: string type: object + postgres: + default: + replicas: 1 + storage: 5Gi + version: '14' + examples: + - replicas: 1 + storage: 5Gi + version: '14' + properties: + replicas: + default: 1 + type: integer + storage: + default: 5Gi + type: string + version: + default: '14' + type: string + type: object + storage: + default: + accessMode: ReadWriteOnce + size: 10Gi + examples: + - accessMode: ReadWriteOnce + size: 10Gi + properties: + accessMode: + default: ReadWriteOnce + enum: + - ReadWriteOnce + - ReadOnlyMany + - ReadWriteMany + type: string + size: + default: 10Gi + type: string + type: object + hpa: + default: + avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + examples: + - avg-cpu: 50 + max-replicas: 5 + min-replicas: 1 + properties: + avg-cpu: + default: 50 + type: integer + max-replicas: + default: 5 + type: integer + min-replicas: + default: 1 + type: integer + type: object + apps: + default: + calendar: false + contacts: false + deck: false + groupfolders: true + notes: false + spreed: false + tasks: false + examples: + - calendar: false + contacts: false + deck: false + groupfolders: true + notes: false + spreed: false + tasks: false + properties: + calendar: + default: false + type: boolean + contacts: + default: false + type: boolean + deck: + default: false + type: boolean + groupfolders: + default: true + type: boolean + notes: + default: false + type: boolean + spreed: + default: false + type: boolean + tasks: + default: false + type: boolean + type: object admin: default: name: nextcloud_admin @@ -54,16 +158,26 @@ options: examples: - vynil type: string + domain-name: + default: your_company.com + examples: + - your_company.com + type: string + domain: + default: your-company + examples: + - your-company + type: string + ingress-class: + default: traefik + examples: + - traefik + type: string sub-domain: default: cloud examples: - cloud type: string - issuer: - default: letsencrypt-prod - examples: - - letsencrypt-prod - type: string images: default: exporter: @@ -167,120 +281,6 @@ options: type: string type: object type: object - domain: - default: your-company - examples: - - your-company - type: string - postgres: - default: - replicas: 1 - storage: 5Gi - version: '14' - examples: - - replicas: 1 - storage: 5Gi - version: '14' - properties: - replicas: - default: 1 - type: integer - storage: - default: 5Gi - type: string - version: - default: '14' - type: string - type: object - domain-name: - default: your_company.com - examples: - - your_company.com - type: string - ingress-class: - default: traefik - examples: - - traefik - type: string - apps: - default: - calendar: false - contacts: false - deck: false - groupfolders: true - notes: false - spreed: false - tasks: false - examples: - - calendar: false - contacts: false - deck: false - groupfolders: true - notes: false - spreed: false - tasks: false - properties: - calendar: - default: false - type: boolean - contacts: - default: false - type: boolean - deck: - default: false - type: boolean - groupfolders: - default: true - type: boolean - notes: - default: false - type: boolean - spreed: - default: false - type: boolean - tasks: - default: false - type: boolean - type: object - storage: - default: - accessMode: ReadWriteOnce - size: 10Gi - examples: - - accessMode: ReadWriteOnce - size: 10Gi - properties: - accessMode: - default: ReadWriteOnce - enum: - - ReadWriteOnce - - ReadOnlyMany - - ReadWriteMany - type: string - size: - default: 10Gi - type: string - type: object - hpa: - default: - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - examples: - - avg-cpu: 50 - max-replicas: 5 - min-replicas: 1 - properties: - avg-cpu: - default: 50 - type: integer - max-replicas: - default: 5 - type: integer - min-replicas: - default: 1 - type: integer - type: object dependencies: [] providers: kubernetes: true