From 83c68da0a0d6e377054a62a25beb9cbf084c5be6 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 28 Jan 2023 22:08:43 +0100
Subject: [PATCH] fix permissions?

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 helm-chart/templates/nextcloud-aio-apache-deployment.yaml      | 3 +++
 helm-chart/templates/nextcloud-aio-clamav-deployment.yaml      | 3 +++
 helm-chart/templates/nextcloud-aio-collabora-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-database-deployment.yaml    | 3 +++
 .../templates/nextcloud-aio-fulltextsearch-deployment.yaml     | 3 +++
 helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml   | 3 +++
 helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml  | 3 +++
 helm-chart/templates/nextcloud-aio-redis-deployment.yaml       | 3 +++
 helm-chart/templates/nextcloud-aio-talk-deployment.yaml        | 3 +++
 helm-chart/update-helm.sh                                      | 2 ++
 11 files changed, 32 insertions(+)

diff --git a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
index 33a7839b..6f0b560a 100755
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-apache
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: APACHE_MAX_SIZE
diff --git a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
index d4606e2d..cf24fe5c 100755
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-clamav
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: CLAMD_STARTUP_TIMEOUT
diff --git a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
index c30b0afd..9068033b 100755
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-collabora
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-database-deployment.yaml b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
index 36c7a981..d1eb3c4e 100755
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-database
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: PGTZ
diff --git a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
index 63e475cf..64ff5e48 100755
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: ES_JAVA_OPTS
diff --git a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
index 2eabe094..ea558eba 100755
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-imaginary
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: TZ
diff --git a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
index 025ae24a..fc6a0313 100755
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: ADDITIONAL_APKS
diff --git a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
index c7de97a4..d4c9eef3 100755
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: JWT_ENABLED
diff --git a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
index 7d9dd504..3525d150 100755
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -21,6 +21,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-redis
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: REDIS_HOST_PASSWORD
diff --git a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
index 06ac7f2d..9e25b9fb 100755
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -22,6 +22,9 @@ spec:
         io.kompose.network/nextcloud-aio: "true"
         io.kompose.service: nextcloud-aio-talk
     spec:
+      securityContext:
+        fsGroup: 65534
+        fsGroupChangePolicy: "OnRootMismatch"
       containers:
         - env:
             - name: JANUS_API_KEY
diff --git a/helm-chart/update-helm.sh b/helm-chart/update-helm.sh
index cf3ad294..74d0e2a2 100755
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -46,6 +46,8 @@ find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/^    spec:/a\ \ \ \ \ \ securityContext:\n\ \ \ \ \ \ \ \ fsGroup: 65534\n\ \ \ \ \ \ \ \ fsGroupChangePolicy: \"OnRootMismatch\"" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|storage: 100Mi|storage: 1Gi|" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;