infrapuzzle/k8s/nextcloud/nextcloud.secret.yml

# phpClientHttpsFix:
#   enabled: "true" 
#   protocol: "https"


ingress:
  enabled: true
  ingressClass: nginx
  annotations:
    kubernetes.io/ingress.class: "nginx"    
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-headers: "X-Forwarded-For"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    kubernetes.io/tls-acme: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 4G
    ##################
    # alternative nginx configs
      #server_tokens off;
      #proxy_hide_header X-Powered-By;

      #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
      #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
      #location = /.well-known/carddav {
      #  return 301 $scheme://$host/remote.php/dav;
      #}
      #location = /.well-known/caldav {
      #  return 301 $scheme://$host/remote.php/dav;
      #}
      #location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
      #  deny all;
      #}
      #location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
      #  deny all;
      #}
    nginx.ingress.kubernetes.io/server-snippet: |-
      rewrite ^/\.well-known/carddav https://$server_name/remote.php/dav/ redirect;
      rewrite ^/\.well-known/caldav https://$server_name/remote.php/dav/ redirect;

      location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
      }      

  tls:
  - hosts:
    - "cloud.haumdaucher.de"
    secretName: cloud-haumdaucher-de
  
nextcloud:
  host: "cloud.haumdaucher.de"
  username: admin
  password: loKeengoo6OoZaevahZai4Hie
  configs:
    proxy.config.php: |-
      <?php
      $CONFIG = array (
        'trusted_proxies' => array(
          0 => '127.0.0.1',
          1 => '10.0.0.0/8',
          2 => '136.243.23.215',
        ),
        'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
      );      
    overwrite.config.php: |-
      <?php
      $CONFIG = array(
        /**
        * When generating URLs, Nextcloud attempts to detect whether the server is
        * accessed via ``https`` or ``http``. However, if Nextcloud is behind a proxy
        * and the proxy handles the ``https`` calls, Nextcloud would not know that
        * ``ssl`` is in use, which would result in incorrect URLs being generated.
        * Valid values are ``http`` and ``https``.
        */
        'overwritehost' => 'cloud.haumdaucher.de',
        'overwriteprotocol' => 'https',
      );      
    region.config.php: |-
     <?php 
     $CONFIG = array(
      'default_phone_region' => 'DE',
     );     
cronjob:
  enabled: true
internalDatabase:
  enabled: false
externalDatabase:
  host: nextcloud-mariadb
  user: nextcloud
  password: Uth3aecheiDouzohx4uajauyi
mariadb:
  enabled: true
  replication:
    enabled: false
  # db:
  #   name: nextcloud
  #   user: nextcloud
  #   password: Uth3aecheiDouzohx4uajauyi
  # rootUser:
  #   password: aeriukuow8shaiHoh4aimie5u
  auth: 
    rootPassword: aeriukuow8shaiHoh4aimie5u
    name: nextcloud
    user: nextcloud
    password: Uth3aecheiDouzohx4uajauyi
  primary:
    persistence:
      enabled: true
      existingClaim: data-nextcloud-mariadb-0
redis:
  enabled: true
  cluster:
    enabled: false
persistence:
  enabled: true
  size: 200Gi
  storageClass: openebs-hostpath