2022-12-22 12:29:31 +00:00
#!/bin/bash
2024-10-24 12:03:53 +02:00
[ -z " $1 " ] && { echo "Error: Docker tag is not specified. Usage: ./nextcloud-aio-helm-chart/update-helm.sh <Docker tag>" ; exit 2; }
2022-12-22 12:29:31 +00:00
DOCKER_TAG = " $1 "
2023-03-30 10:16:24 +02:00
# The logic needs the files in ./helm-chart
2024-10-24 12:03:53 +02:00
cp -r ./nextcloud-aio-helm-chart ./helm-chart
2023-03-30 10:16:24 +02:00
2022-12-22 12:29:31 +00:00
# Clean
rm -f ./helm-chart/values.yaml
rm -rf ./helm-chart/templates
# Install kompose
2023-09-26 15:03:09 +02:00
curl -L https://github.com/kubernetes/kompose/releases/latest/download/kompose-linux-amd64 -o kompose
2022-12-22 12:29:31 +00:00
chmod +x kompose
sudo mv ./kompose /usr/local/bin/kompose
2023-07-18 16:50:18 +02:00
# Install yq
2024-10-24 12:03:53 +02:00
sudo snap install yq
2023-07-18 16:50:18 +02:00
2022-12-22 12:29:31 +00:00
set -ex
# Conversion of docker-compose
cd manual-install
cp latest.yml latest.yml.backup
2024-10-24 12:03:53 +02:00
2024-12-03 14:00:46 +01:00
# Additional config
# shellcheck disable=SC1083
2025-10-16 10:59:17 +02:00
sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN|SYS_CHROOT|FOWNER|MAC_OVERRIDE|BLOCK_SUSPEND|AUDIT_READ)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
2022-12-22 12:29:31 +00:00
cp sample.conf /tmp/
sed -i 's|^|export |' /tmp/sample.conf
# shellcheck disable=SC1091
source /tmp/sample.conf
rm /tmp/sample.conf
2024-02-01 13:25:22 +01:00
sed -i '/OVERWRITEHOST/d' latest.yml
2024-07-17 17:21:54 +02:00
sed -i " s|:latest $|: $DOCKER_TAG | " latest.yml
2023-02-03 15:50:15 +01:00
sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
2023-10-27 10:39:01 +02:00
sed -i '/APACHE_IP_BINDING/d' latest.yml
2022-12-22 12:29:31 +00:00
sed -i " s|\${APACHE_PORT}:\${APACHE_PORT}/| $APACHE_PORT : $APACHE_PORT /| " latest.yml
sed -i " s|\${TALK_PORT}:\${TALK_PORT}/| $TALK_PORT : $TALK_PORT /|g " latest.yml
2023-02-02 15:22:36 +01:00
sed -i " s|- \${APACHE_PORT}|- $APACHE_PORT | " latest.yml
sed -i " s|- \${TALK_PORT}|- $TALK_PORT | " latest.yml
2022-12-22 12:29:31 +00:00
sed -i " s|\${NEXTCLOUD_DATADIR}| $NEXTCLOUD_DATADIR | " latest.yml
2025-02-26 14:30:55 +01:00
sed -i "s|\${ADDITIONAL_COLLABORA_OPTIONS}|ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER|" latest.yml
2023-05-11 10:57:19 +02:00
sed -i " /name: nextcloud-aio/, $ d " latest.yml
2022-12-22 12:29:31 +00:00
sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
2023-01-29 00:02:18 +01:00
sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
2023-01-28 16:23:46 +01:00
sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
2022-12-22 12:29:31 +00:00
sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
2024-10-24 12:03:53 +02:00
sed -i 's/\${/{{ .Values./g; s/}/ }}/g' latest.yml
2023-07-18 16:50:18 +02:00
yq -i 'del(.services.[].profiles)' latest.yml
2023-09-28 10:52:59 +02:00
# Delete read_only and tmpfs setting while https://github.com/kubernetes/kubernetes/issues/48912 is not fixed
yq -i 'del(.services.[].read_only)' latest.yml
yq -i 'del(.services.[].tmpfs)' latest.yml
2024-11-15 16:52:55 +01:00
# Remove cap_drop in order to add it later again easier
yq -i 'del(.services.[].cap_drop)' latest.yml
# Remove SYS_NICE for imaginary as it is not supported with RPSS
2025-01-06 14:00:35 +01:00
yq -i 'del(.services."nextcloud-aio-imaginary".cap_add)' latest.yml
2024-11-21 22:58:47 +01:00
# cap SYS_ADMIN is called CAP_SYS_ADMIN in k8s
sed -i " s|- SYS_ADMIN $|- CAP_SYS_ADMIN| " latest.yml
2024-11-15 16:52:55 +01:00
2022-12-22 12:29:31 +00:00
cat latest.yml
2023-07-18 16:50:18 +02:00
kompose convert -c -f latest.yml --namespace nextcloud-aio-namespace
2022-12-22 12:29:31 +00:00
cd latest
2023-07-18 16:50:18 +02:00
if [ -f ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ] ; then
mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
fi
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2023-01-28 16:23:46 +01:00
find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{ } \;
2023-02-01 16:00:52 +01:00
cat << EOL > /tmp/initcontainers
initContainers:
- name: init-volumes
2025-04-08 10:30:33 +02:00
image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
2023-02-01 16:00:52 +01:00
command:
- chmod
2023-02-01 18:51:40 +01:00
- "777"
2023-02-01 16:00:52 +01:00
volumeMountsInitContainer:
EOL
2023-02-02 13:06:26 +01:00
cat << EOL > /tmp/initcontainers.database
2023-02-02 17:37:19 +01:00
initContainers:
2023-05-11 11:47:36 +02:00
- name: init-subpath
2025-04-08 10:30:33 +02:00
image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
2023-02-02 13:06:26 +01:00
command:
2023-05-03 12:21:46 +02:00
- mkdir
- "-p"
2023-05-03 17:22:55 +02:00
- /nextcloud-aio-database/data
2024-11-15 16:52:55 +01:00
volumeMounts:
- name: nextcloud-aio-database
mountPath: /nextcloud-aio-database
securityContext:
2023-02-02 13:06:26 +01:00
EOL
2023-11-21 12:00:51 +01:00
cat << EOL > /tmp/initcontainers.clamav
initContainers:
- name: init-subpath
2025-04-08 10:30:33 +02:00
image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
2023-11-21 12:00:51 +01:00
command:
- mkdir
- "-p"
- /nextcloud-aio-clamav/data
2024-11-15 16:52:55 +01:00
volumeMounts:
- name: nextcloud-aio-clamav
mountPath: /nextcloud-aio-clamav
securityContext:
2023-11-21 12:00:51 +01:00
EOL
2023-11-21 16:49:51 +01:00
cat << EOL > /tmp/initcontainers.nextcloud
2024-11-15 16:52:55 +01:00
# AIO settings start # Do not remove or change this line!
2023-11-21 16:49:51 +01:00
initContainers:
- name: init-volumes
2025-04-08 10:30:33 +02:00
image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
2023-11-21 16:49:51 +01:00
command:
- chmod
- "777"
volumeMountsInitContainer:
2024-11-15 16:52:55 +01:00
# AIO settings end # Do not remove or change this line!
2023-11-21 16:49:51 +01:00
EOL
2024-11-15 16:52:55 +01:00
2023-02-01 16:00:52 +01:00
# shellcheck disable=SC1083
DEPLOYMENTS = " $( find ./ -name '*deployment.yaml' ) "
mapfile -t DEPLOYMENTS <<< " $DEPLOYMENTS "
for variable in " ${ DEPLOYMENTS [@] } " ; do
2024-12-03 14:00:46 +01:00
if grep -q livenessProbe " $variable " ; then
sed -n "/.*livenessProbe/,/timeoutSeconds.*/p" " $variable " > /tmp/liveness.probe
cat /tmp/liveness.probe
sed -i "s|livenessProbe|readinessProbe|" /tmp/liveness.probe
sed -i "/^ image:/r /tmp/liveness.probe" " $variable "
fi
2023-02-01 16:00:52 +01:00
if grep -q volumeMounts " $variable " ; then
2023-11-21 12:00:51 +01:00
if echo " $variable " | grep -q database; then
2023-02-02 13:06:26 +01:00
sed -i "/^ spec:/r /tmp/initcontainers.database" " $variable "
2023-11-21 12:00:51 +01:00
elif echo " $variable " | grep -q clamav; then
sed -i "/^ spec:/r /tmp/initcontainers.clamav" " $variable "
2023-11-21 16:49:51 +01:00
elif echo " $variable " | grep -q "nextcloud-deployment.yaml" ; then
sed -i "/^ spec:/r /tmp/initcontainers.nextcloud" " $variable "
2024-11-15 16:52:55 +01:00
elif echo " $variable " | grep -q "fulltextsearch" || echo " $variable " | grep -q "onlyoffice" || echo " $variable " | grep -q "collabora" ; then
2023-11-21 12:00:51 +01:00
sed -i "/^ spec:/r /tmp/initcontainers" " $variable "
2023-02-02 13:06:26 +01:00
fi
2023-02-01 16:00:52 +01:00
volumeNames = " $( grep -A1 mountPath " $variable " | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d' ) "
mapfile -t volumeNames <<< " $volumeNames "
for volumeName in " ${ volumeNames [@] } " ; do
2023-02-04 17:03:42 +01:00
# The Nextcloud container runs as root user and sets the correct permissions automatically for the data-dir if the www-data user cannot write to it
if [ " $volumeName " != "nextcloud-aio-nextcloud-data" ] ; then
sed -i " /^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - / $volumeName " " $variable "
sed -i " /volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName \n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: / $volumeName " " $variable "
2023-05-02 20:12:57 +02:00
# Workaround for the database volume
if [ " $volumeName " = nextcloud-aio-database ] ; then
sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" " $variable "
2023-11-21 12:00:51 +01:00
elif [ " $volumeName " = nextcloud-aio-clamav ] ; then
sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" " $variable "
2023-05-02 20:12:57 +02:00
fi
2023-02-04 17:03:42 +01:00
fi
2023-02-01 16:00:52 +01:00
done
2023-11-21 16:49:51 +01:00
sed -i "s|volumeMountsInitContainer:|volumeMounts:|" " $variable "
2023-02-02 12:49:26 +01:00
if grep -q claimName " $variable " ; then
claimNames = " $( grep claimName " $variable " ) "
mapfile -t claimNames <<< " $claimNames "
for claimName in " ${ claimNames [@] } " ; do
if grep -A1 " ^ $claimName $" " $variable " | grep -q "readOnly: true" ; then
sed -i " /^ $claimName $/{n;d} " " $variable "
fi
done
fi
2023-02-01 16:00:52 +01:00
fi
2024-11-15 16:52:55 +01:00
if grep -q runAsUser " $variable " || echo " $variable " | grep -q "nextcloud-deployment.yaml" ; then
if echo " $variable " | grep -q "nextcloud-deployment.yaml" ; then
USER = 33
GROUP = 33
2024-11-26 11:14:52 +01:00
echo ' {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!' > /tmp/pod.securityContext
2024-11-15 16:52:55 +01:00
else
USER = " $( grep runAsUser " $variable " | grep -oP '[0-9]+' ) "
GROUP = " $USER "
rm -f /tmp/pod.securityContext
fi
sed -i "/runAsUser:/d" " $variable "
sed -i "/capabilities:/d" " $variable "
if [ -n " $USER " ] ; then
cat << EOL >> /tmp/pod.securityContext
securityContext:
# The items below only work in pod context
fsGroup: $USER
fsGroupChangePolicy: "OnRootMismatch"
# The items below work in both contexts
runAsUser: $USER
runAsGroup: $GROUP
runAsNonRoot: true
2024-11-26 11:14:52 +01:00
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } }
2024-11-15 16:52:55 +01:00
seccompProfile:
type: RuntimeDefault
{ { - end } }
EOL
if echo " $variable " | grep -q "nextcloud-deployment.yaml" ; then
echo " {{- end }} # AIO-config - do not change this comment!" >> /tmp/pod.securityContext
fi
sed -i " /^ spec: $/r /tmp/pod.securityContext " " $variable "
fi
fi
2023-02-01 16:00:52 +01:00
done
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2024-02-28 12:01:30 +01:00
find ./ -name '*.yaml' -exec sed -i 's|nextcloud-aio-namespace|"\{\{ .Values.NAMESPACE \}\}"|' \{ } \;
2023-07-18 16:50:18 +02:00
# shellcheck disable=SC1083
2023-01-28 16:23:46 +01:00
find ./ -name '*service.yaml' -exec sed -i " /^status:/, $ d " \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2023-01-28 16:23:46 +01:00
find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{ } \;
# shellcheck disable=SC1083
2023-06-18 02:46:42 +02:00
find ./ -name '*deployment.yaml' -exec sed -i "/medium: Memory/d" \{ } \;
# shellcheck disable=SC1083
2024-12-03 14:00:46 +01:00
find ./ -name '*.yaml' -exec sed -i "/kompose.cmd/d" \{ } \;
# shellcheck disable=SC1083
2023-06-19 17:49:08 +02:00
find ./ -name '*deployment.yaml' -exec sed -i "s|emptyDir:|emptyDir: \{\}|" \{ } \;
2023-06-18 02:46:42 +02:00
# shellcheck disable=SC1083
2023-09-29 11:30:33 +02:00
find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{ } \;
# shellcheck disable=SC1083
2023-01-28 16:23:46 +01:00
find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{ } \;
2023-11-06 21:47:31 +01:00
# shellcheck disable=SC1083
find ./ -name 'nextcloud-aio-nextcloud-persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|" \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{ } \;
# shellcheck disable=SC1083
find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ storageClassName: {{ .Values.STORAGE_CLASS }}" \{ } \;
# shellcheck disable=SC1083
find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{ } \;
# shellcheck disable=SC1083
2025-06-15 23:51:53 +02:00
find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "/{{- if .Values.STORAGE_CLASS }}/i\ {{- if .Values.STORAGE_CLASS_DATA }}\n storageClassName: {{ .Values.STORAGE_CLASS_DATA }}" \{ } \;
# shellcheck disable=SC1083
find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s/{{- if .Values.STORAGE_CLASS }}/{{- else if .Values.STORAGE_CLASS }}/" \{ } \;
# shellcheck disable=SC1083
2023-02-03 15:50:15 +01:00
find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2023-02-03 15:50:15 +01:00
find ./ -name '*apache*' -exec sed -i " s| $APACHE_PORT |{{ .Values.APACHE_PORT }}| " \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2023-02-03 15:50:15 +01:00
find ./ -name '*talk*' -exec sed -i " s| $TALK_PORT |{{ .Values.TALK_PORT }}| " \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2023-02-03 15:50:15 +01:00
find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{ } \;
# shellcheck disable=SC1083
find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{ } \;
2023-02-04 15:23:44 +01:00
echo '---' > /tmp/talk-service.copy
# shellcheck disable=SC1083
find ./ -name '*talk-service.yaml' -exec cat \{ } \; >> /tmp/talk-service.copy
sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
# shellcheck disable=SC1083
INTERNAL_TALK_PORTS = " $( find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{ } \; ) "
mapfile -t INTERNAL_TALK_PORTS <<< " $INTERNAL_TALK_PORTS "
for port in " ${ INTERNAL_TALK_PORTS [@] } " ; do
port = " $( echo " $port " | grep -oP '[0-9]+' ) "
sed -i " / $port /d " /tmp/talk-service.copy
done
echo '---' >> /tmp/talk-service.copy
# shellcheck disable=SC1083
2023-08-17 09:14:39 +02:00
find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol: UDP\|type: LoadBalancer' \{ } \; >> /tmp/talk-service.copy
2023-02-04 15:23:44 +01:00
# shellcheck disable=SC1083
find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{ } \;
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
2025-10-29 14:54:36 +01:00
find ./ -name '*apache-service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{ } \;
2023-11-13 14:09:36 +01:00
# shellcheck disable=SC1083
2023-11-13 14:24:13 +01:00
find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{ } \;
# shellcheck disable=SC1083
2022-12-22 12:29:31 +00:00
find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{ } \;
# shellcheck disable=SC1083
find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{ } \;
# shellcheck disable=SC1083
find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{ } \;
# shellcheck disable=SC1083
2024-07-15 13:45:53 +02:00
find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{ } \;
2025-05-02 15:47:58 +02:00
# Additional config
cat << EOL > /tmp/additional-namespace.config
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } }
labels:
pod-security.kubernetes.io/enforce: restricted
{ { - end } }
EOL
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config" \{ } \;
2024-03-04 10:24:22 +01:00
# shellcheck disable=SC1083
find ./ -name "*namespace.yaml" -exec sed -i " $ a {{- end }} " \{ } \;
# shellcheck disable=SC1083
2022-12-22 12:29:31 +00:00
find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{ } \;
2023-02-23 15:36:05 +01:00
VOLUMES = " $( find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g' | sort) "
2023-02-01 12:35:40 +01:00
mapfile -t VOLUMES <<< " $VOLUMES "
for variable in " ${ VOLUMES [@] } " ; do
name = " $( echo " $variable " | sed 's|-|_|g' | tr '[:lower:]' '[:upper:]' ) _STORAGE_SIZE "
VOLUME_VARIABLE += ( " $name " )
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $variable -persistentvolumeclaim.yaml " -exec sed -i " s|storage: 100Mi|storage: {{ .Values. $name }}| " \{ } \;
done
2022-12-22 12:29:31 +00:00
2023-11-16 13:58:06 +01:00
# Additional config
cat << EOL > /tmp/additional.config
- name: SMTP_HOST
value: "{{ .Values.SMTP_HOST }}"
- name: SMTP_SECURE
value: "{{ .Values.SMTP_SECURE }}"
- name: SMTP_PORT
value: "{{ .Values.SMTP_PORT }}"
- name: SMTP_AUTHTYPE
value: "{{ .Values.SMTP_AUTHTYPE }}"
- name: SMTP_NAME
value: "{{ .Values.SMTP_NAME }}"
- name: SMTP_PASSWORD
value: "{{ .Values.SMTP_PASSWORD }}"
- name: MAIL_FROM_ADDRESS
value: "{{ .Values.MAIL_FROM_ADDRESS }}"
- name: MAIL_DOMAIN
value: "{{ .Values.MAIL_DOMAIN }}"
- name: SUBSCRIPTION_KEY
value: "{{ .Values.SUBSCRIPTION_KEY }}"
- name: APPS_ALLOWLIST
value: "{{ .Values.APPS_ALLOWLIST }}"
2023-11-21 17:34:37 +01:00
- name: ADDITIONAL_TRUSTED_PROXY
value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
2024-02-01 13:25:22 +01:00
- name: ADDITIONAL_TRUSTED_DOMAIN
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
2023-12-07 12:32:08 +01:00
- name: SERVERINFO_TOKEN
value: "{{ .Values.SERVERINFO_TOKEN }}"
2024-05-28 11:15:13 +02:00
- name: NEXTCLOUD_DEFAULT_QUOTA
value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
2025-03-20 16:36:21 +01:00
- name: NEXTCLOUD_SKELETON_DIRECTORY
2025-04-16 13:43:21 +02:00
value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
2024-07-26 12:57:40 +02:00
- name: NEXTCLOUD_MAINTENANCE_WINDOW
value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
2023-11-16 13:58:06 +01:00
EOL
# shellcheck disable=SC1083
find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config" \{ } \;
2025-02-04 18:05:09 +01:00
# shellcheck disable=SC1083
find ./ -name '*fulltextsearch-deployment.yaml' -exec sed -i 's/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS }}/{{ .Values.FULLTEXTSEARCH_JAVA_OPTIONS | default "-Xms512M -Xmx512M" }}/' \{ } \;
2023-11-16 13:58:06 +01:00
2024-02-01 13:25:22 +01:00
# Additional config
cat << EOL > /tmp/additional-apache.config
- name: ADDITIONAL_TRUSTED_DOMAIN
value: "{{ .Values.ADDITIONAL_TRUSTED_DOMAIN }}"
EOL
# shellcheck disable=SC1083
find ./ -name '*apache-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-apache.config" \{ } \;
2024-04-04 11:03:02 +02:00
# Additional config
cat << EOL > /tmp/additional-talk.config
- name: TALK_MAX_STREAM_BITRATE
value: "{{ .Values.TALK_MAX_STREAM_BITRATE }}"
2024-04-11 14:06:58 +02:00
- name: TALK_MAX_SCREEN_BITRATE
value: "{{ .Values.TALK_MAX_SCREEN_BITRATE }}"
2024-04-04 11:03:02 +02:00
EOL
# shellcheck disable=SC1083
find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config" \{ } \;
2024-07-22 15:43:04 +02:00
cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
{ { - if eq .Values.NETWORK_POLICY_ENABLED "yes" } }
# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-deny-from-other-namespaces
spec:
podSelector:
matchLabels:
2024-07-25 15:27:50 +02:00
policyTypes:
- Ingress
- Egress
2024-07-22 15:43:04 +02:00
ingress:
- from:
- podSelector: { }
2024-07-25 15:27:50 +02:00
egress:
2024-11-05 11:40:43 +01:00
- { } # Allows all egress traffic
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
namespace: "{{ .Values.NAMESPACE }}"
name: nextcloud-aio-webserver-allow
spec:
podSelector:
matchExpressions:
- key: io.kompose.service
operator: In
values:
- nextcloud-aio-apache
policyTypes:
- Ingress
ingress:
- { } # Allows all ingress traffic
2024-07-22 15:43:04 +02:00
{ { - end } }
EOL
2022-12-22 12:29:31 +00:00
cd ../
mkdir -p ../helm-chart/
rm latest/Chart.yaml
rm latest/README.md
mv latest/* ../helm-chart/
rm -r latest
rm latest.yml
mv latest.yml.backup latest.yml
# Get version of AIO
AIO_VERSION = " $( grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+' ) "
sed -i " s|^version:.*|version: $AIO_VERSION | " ../helm-chart/Chart.yaml
# Conversion of sample.conf
cp sample.conf /tmp/
sed -i 's|"||g' /tmp/sample.conf
sed -i 's|=|: |' /tmp/sample.conf
sed -i 's|= |: |' /tmp/sample.conf
sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
2023-02-03 15:50:15 +01:00
sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
2023-01-29 00:02:18 +01:00
sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
2023-02-02 12:05:09 +01:00
sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
2023-02-10 13:58:23 +01:00
sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
2022-12-22 12:29:31 +00:00
sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR: # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
2024-11-19 16:03:42 +01:00
sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
2023-07-18 16:50:18 +02:00
# shellcheck disable=SC2129
2023-06-16 23:55:43 +02:00
echo "" >> /tmp/sample.conf
2023-01-29 00:02:18 +01:00
# shellcheck disable=SC2129
2025-06-19 10:15:28 +02:00
echo 'STORAGE_CLASS: # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf
echo 'STORAGE_CLASS_DATA: # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
2023-02-01 12:35:40 +01:00
for variable in " ${ VOLUME_VARIABLE [@] } " ; do
echo " $variable : 1Gi # You can change the size of the $( echo " $variable " | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]' ) volume that default to 1Gi with this value " >> /tmp/sample.conf
done
2023-11-06 16:00:49 +01:00
sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
2023-11-16 13:58:06 +01:00
# Additional config
cat << ADDITIONA L_CONFIG >> /tmp/sample.conf
2023-11-21 19:10:06 +01:00
NAMESPACE: default # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
2024-07-15 13:45:53 +02:00
NAMESPACE_DISABLED: "no" # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
2024-11-05 11:40:43 +01:00
NETWORK_POLICY_ENABLED: "no" # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. Except the Web server service which is reachable from all endpoints.
2023-11-16 13:58:06 +01:00
SUBSCRIPTION_KEY: # This allows to set the Nextcloud Enterprise key via ENV
2023-12-07 12:32:08 +01:00
SERVERINFO_TOKEN: # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
2023-11-16 13:58:06 +01:00
APPS_ALLOWLIST: # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
2023-11-21 17:34:37 +01:00
ADDITIONAL_TRUSTED_PROXY: # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
2024-02-01 13:25:22 +01:00
ADDITIONAL_TRUSTED_DOMAIN: # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
2024-05-28 11:15:13 +02:00
NEXTCLOUD_DEFAULT_QUOTA: "10 GB" # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
2025-03-20 16:36:21 +01:00
NEXTCLOUD_SKELETON_DIRECTORY: # Allows to adjust the sekeleton dir for Nextcloud. Setting it to "empty" will set the value to an empty string "" which will turn off the setting for new users in Nextcloud.
2024-07-26 12:57:40 +02:00
NEXTCLOUD_MAINTENANCE_WINDOW: # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
2023-11-16 13:58:06 +01:00
SMTP_HOST: # (empty by default): The hostname of the SMTP server.
SMTP_SECURE: # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
SMTP_PORT: # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
SMTP_AUTHTYPE: # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
SMTP_NAME: # (empty by default): The username for the authentication.
SMTP_PASSWORD: # (empty by default): The password for the authentication.
MAIL_FROM_ADDRESS: # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
MAIL_DOMAIN: # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
2024-04-04 11:03:02 +02:00
TALK_MAX_STREAM_BITRATE: "1048576" # This allows to adjust the max stream bitrate of the talk hpb
2024-04-11 14:06:58 +02:00
TALK_MAX_SCREEN_BITRATE: "2097152" # This allows to adjust the max stream bitrate of the talk hpb
2023-11-16 13:58:06 +01:00
ADDITIONAL_CONFIG
2022-12-22 12:29:31 +00:00
mv /tmp/sample.conf ../helm-chart/values.yaml
2023-06-13 10:16:09 +02:00
ENABLED_VARIABLES = " $( grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml) "
2022-12-22 12:29:31 +00:00
mapfile -t ENABLED_VARIABLES <<< " $ENABLED_VARIABLES "
cd ../helm-chart/
for variable in " ${ ENABLED_VARIABLES [@] } " ; do
2023-06-13 10:16:09 +02:00
name = " $( echo " $variable " | sed 's|_ENABLED||g;s|_|-|g' | tr '[:upper:]' '[:lower:]' ) "
2022-12-22 12:29:31 +00:00
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -deployment.yaml " -exec sed -i " 1i\\{{- if eq .Values. $variable \"yes\" }} " \{ } \;
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -deployment.yaml " -exec sed -i " $ a {{- end }} " \{ } \;
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -service.yaml " -exec sed -i " 1i\\{{- if eq .Values. $variable \"yes\" }} " \{ } \;
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -service.yaml " -exec sed -i " $ a {{- end }} " \{ } \;
2023-11-23 11:34:57 +01:00
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -persistentvolumeclaim.yaml " -exec sed -i " 1i\\{{- if eq .Values. $variable \"yes\" }} " \{ } \;
# shellcheck disable=SC1083
find ./ -name " *nextcloud-aio- $name -persistentvolumeclaim.yaml " -exec sed -i " $ a {{- end }} " \{ } \;
2022-12-22 12:29:31 +00:00
done
2024-02-23 16:19:27 +01:00
# Additional case for FTS volume
# shellcheck disable=SC1083
find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.FULLTEXTSEARCH_ENABLED \"yes\" }}" \{ } \;
# shellcheck disable=SC1083
find ./ -name "*nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml" -exec sed -i " $ a {{- end }} " \{ } \;
2024-11-15 16:52:55 +01:00
cat << EOL > /tmp/security.conf
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
2024-11-26 11:14:52 +01:00
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } }
2024-11-15 16:52:55 +01:00
drop: [ "ALL" ]
{ { - else } }
drop: [ "NET_RAW" ]
{ { - end } }
EOL
# shellcheck disable=SC1083
2025-01-06 14:00:35 +01:00
find ./ \( -not -name '*collabora-deployment.yaml*' -not -name '*apache-deployment.yaml*' -not -name '*onlyoffice-deployment.yaml*' -name "*deployment.yaml" \) -exec sed -i " /^ securityContext: $/r /tmp/security.conf " \{ } \;
2024-11-15 16:52:55 +01:00
2025-02-26 14:30:55 +01:00
# shellcheck disable=SC1083
find ./ -name '*collabora-deployment.yaml*' -exec sed -i "/ADDITIONAL_COLLABORA_OPTIONS_PLACEHOLDER/d" \{ } \;
# shellcheck disable=SC1083
2025-02-27 11:42:44 +01:00
find ./ -name '*collabora-deployment.yaml*' -exec sed -i "s/- args:/- args: \{\{ .Values.ADDITIONAL_COLLABORA_OPTIONS | default list | toJson \}\}/" \{ } \;
2025-02-26 14:30:55 +01:00
2024-11-15 16:52:55 +01:00
cat << EOL > /tmp/security.conf
# The items below only work in container context
allowPrivilegeEscalation: false
capabilities:
2024-11-26 11:14:52 +01:00
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } }
2024-11-15 16:52:55 +01:00
drop: [ "ALL" ]
{ { - else } }
drop: [ "NET_RAW" ]
{ { - end } }
2025-01-06 14:00:35 +01:00
add: [ "NET_BIND_SERVICE" ]
2024-11-15 16:52:55 +01:00
EOL
2025-01-06 14:00:35 +01:00
2024-11-15 16:52:55 +01:00
# shellcheck disable=SC1083
2025-01-06 14:00:35 +01:00
find ./ -name '*apache-deployment.yaml*' -exec sed -i " /^ securityContext: $/r /tmp/security.conf " \{ } \;
2024-11-15 16:52:55 +01:00
cat << EOL > /tmp/security.conf
2024-11-26 11:14:52 +01:00
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } } # AIO-config - do not change this comment!
2024-11-15 16:52:55 +01:00
securityContext:
# The items below only work in container context
2024-11-05 16:05:22 +01:00
allowPrivilegeEscalation: false
2024-11-15 16:52:55 +01:00
capabilities:
2024-11-26 11:14:52 +01:00
{ { - if eq ( .Values.RPSS_ENABLED | default "no" ) "yes" } }
2024-11-15 16:52:55 +01:00
drop: [ "ALL" ]
{ { - else } }
drop: [ "NET_RAW" ]
{ { - end } }
{ { - end } } # AIO-config - do not change this comment!
2024-11-05 16:05:22 +01:00
EOL
# shellcheck disable=SC1083
2025-03-31 10:45:29 +02:00
find ./ -name '*nextcloud-deployment.yaml*' -exec sed -i "/image: .*nextcloud.*aio-nextcloud:.*/r /tmp/security.conf" \{ } \;
2024-11-05 16:05:22 +01:00
2022-12-22 12:29:31 +00:00
chmod 777 -R ./
2023-03-30 10:16:24 +02:00
# Seems like the dir needs to match the name of the chart
cd ../
rm -rf ./nextcloud-aio-helm-chart
mv ./helm-chart ./nextcloud-aio-helm-chart
2022-12-22 12:29:31 +00:00
set +ex
