gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

refactor: Migrate Nextcloud configs to environment variables

Browse source 
Moves various Nextcloud settings, previously managed through individual PHP files in a ConfigMap, to environment variables. This streamlines the configuration process and aligns with Nextcloud's native environment variable support for common settings.

The `nextcloud-config` ConfigMap is no longer needed and has been removed.
This commit is contained in:
Felix Wolf 2026-04-04 19:18:01 +02:00
parent 5524b24dcb
commit 1bd779030b
3 changed files with 46 additions and 370 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
prototypes/nextcloud/helm/nextcloud.yaml
View file

@ -32,16 +32,31 @@ nextcloud:
accessKey: ACCESS_KEY_ID accessKey: ACCESS_KEY_ID
secretKey: SECRET_ACCESS_KEY secretKey: SECRET_ACCESS_KEY
configs: defaultConfigs:
proxy.config.php: |- .htaccess: false
<?php apache-pretty-urls.config.php: false
$CONFIG = array( apcu.config.php: false
'trusted_proxies' => ['10.0.0.0/8'], apps.config.php: false
'overwriteprotocol' => 'https', autoconfig.php: false
'overwritehost' => 'nextcloud.tr1ceracop.de', redis.config.php: false
'overwrite.cli.url' => 'https://nextcloud.tr1ceracop.de', reverse-proxy.config.php: false
'default_phone_region' => 'DE', s3.config.php: false
); smtp.config.php: false
swift.config.php: false
upgrade-disable-web.config.php: false
helm-metrics.config.php: false
extraEnv:
- name: TRUSTED_PROXIES
value: "10.0.0.0/8"
- name: OVERWRITEPROTOCOL
value: "https"
- name: OVERWRITEHOST
value: *hostname
- name: OVERWRITECLIURL
value: "https://nextcloud.tr1ceracop.de"
- name: NC_default_phone_region
value: "DE"
phpConfigs: phpConfigs:
uploadLimit.ini: | uploadLimit.ini: |

278
rendered/envs/production/nextcloud/configmap-nextcloud-config.yaml
View file

@ -1,278 +0,0 @@
apiVersion: v1
data:
.htaccess: |-
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>
apache-pretty-urls.config.php: |-
<?php
$CONFIG = array (
'htaccess.RewriteBase' => '/',
);
apcu.config.php: |-
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);
apps.config.php: |-
<?php
$CONFIG = array (
'apps_paths' => array (
0 => array (
'path' => OC::$SERVERROOT.'/apps',
'url' => '/apps',
'writable' => false,
),
1 => array (
'path' => OC::$SERVERROOT.'/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
);
autoconfig.php: |-
<?php
$autoconfig_enabled = false;
if (getenv('SQLITE_DATABASE')) {
$AUTOCONFIG['dbtype'] = 'sqlite';
$AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
$AUTOCONFIG['dbtype'] = 'mysql';
$AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
$AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
$AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
$AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
$AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
} elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
$AUTOCONFIG['dbtype'] = 'pgsql';
$AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
$AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
$AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
$AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
$autoconfig_enabled = true;
}
if ($autoconfig_enabled) {
$AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
}
helm-metrics.config.php: |-
<?php
$openmetricsAllowedClients = getenv('OPENMETRICS_ALLOWED_CLIENTS');
if ($openmetricsAllowedClients) {
$CONFIG['openmetrics_allowed_clients'] = array_filter(array_map('trim', explode(',', $openmetricsAllowedClients)));
}
proxy.config.php: |-
<?php
$CONFIG = array(
'trusted_proxies' => ['10.0.0.0/8'],
'overwriteprotocol' => 'https',
'overwritehost' => 'nextcloud.tr1ceracop.de',
'overwrite.cli.url' => 'https://nextcloud.tr1ceracop.de',
'default_phone_region' => 'DE',
);
redis.config.php: |-
<?php
if (getenv('REDIS_HOST')) {
$CONFIG = array(
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => array(
'host' => getenv('REDIS_HOST'),
'password' => getenv('REDIS_HOST_PASSWORD_FILE') ? trim(file_get_contents(getenv('REDIS_HOST_PASSWORD_FILE'))) : (string) getenv('REDIS_HOST_PASSWORD'),
),
);
if (getenv('REDIS_HOST_PORT') !== false) {
$CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
} elseif (getenv('REDIS_HOST')[0] != '/') {
$CONFIG['redis']['port'] = 6379;
}
if (getenv('REDIS_HOST_USER') !== false) {
$CONFIG['redis']['user'] = (string) getenv('REDIS_HOST_USER');
}
}
reverse-proxy.config.php: |-
<?php
$overwriteHost = getenv('OVERWRITEHOST');
if ($overwriteHost) {
$CONFIG['overwritehost'] = $overwriteHost;
}
$overwriteProtocol = getenv('OVERWRITEPROTOCOL');
if ($overwriteProtocol) {
$CONFIG['overwriteprotocol'] = $overwriteProtocol;
}
$overwriteCliUrl = getenv('OVERWRITECLIURL');
if ($overwriteCliUrl) {
$CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
}
$overwriteWebRoot = getenv('OVERWRITEWEBROOT');
if ($overwriteWebRoot) {
$CONFIG['overwritewebroot'] = $overwriteWebRoot;
}
$overwriteCondAddr = getenv('OVERWRITECONDADDR');
if ($overwriteCondAddr) {
$CONFIG['overwritecondaddr'] = $overwriteCondAddr;
}
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
}
$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
if ($forwardedForHeaders) {
$CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
}
s3.config.php: |-
<?php
if (getenv('OBJECTSTORE_S3_BUCKET')) {
$use_ssl = getenv('OBJECTSTORE_S3_SSL');
$use_path = getenv('OBJECTSTORE_S3_USEPATH_STYLE');
$use_legacyauth = getenv('OBJECTSTORE_S3_LEGACYAUTH');
$autocreate = getenv('OBJECTSTORE_S3_AUTOCREATE');
$CONFIG = array(
'objectstore' => array(
'class' => '\OC\Files\ObjectStore\S3',
'arguments' => array(
'bucket' => getenv('OBJECTSTORE_S3_BUCKET'),
'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
'autocreate' => strtolower($autocreate) !== 'false',
'use_ssl' => strtolower($use_ssl) !== 'false',
// required for some non Amazon S3 implementations
'use_path_style' => $use_path == true && strtolower($use_path) !== 'false',
// required for older protocol versions
'legacy_auth' => $use_legacyauth == true && strtolower($use_legacyauth) !== 'false'
)
)
);
if (getenv('OBJECTSTORE_S3_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_KEY')) {
$CONFIG['objectstore']['arguments']['key'] = getenv('OBJECTSTORE_S3_KEY');
} else {
$CONFIG['objectstore']['arguments']['key'] = '';
}
if (getenv('OBJECTSTORE_S3_SECRET_FILE')) {
$CONFIG['objectstore']['arguments']['secret'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SECRET_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SECRET')) {
$CONFIG['objectstore']['arguments']['secret'] = getenv('OBJECTSTORE_S3_SECRET');
} else {
$CONFIG['objectstore']['arguments']['secret'] = '';
}
if (getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = trim(file_get_contents(getenv('OBJECTSTORE_S3_SSE_C_KEY_FILE')));
} elseif (getenv('OBJECTSTORE_S3_SSE_C_KEY')) {
$CONFIG['objectstore']['arguments']['sse_c_key'] = getenv('OBJECTSTORE_S3_SSE_C_KEY');
}
}
smtp.config.php: |-
<?php
if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
$CONFIG = array (
'mail_smtpmode' => 'smtp',
'mail_smtphost' => getenv('SMTP_HOST'),
'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
'mail_smtpauth' => getenv('SMTP_NAME') && (getenv('SMTP_PASSWORD') || getenv('SMTP_PASSWORD_FILE')),
'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
'mail_smtpname' => getenv('SMTP_NAME') ?: '',
'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
'mail_domain' => getenv('MAIL_DOMAIN'),
);
if (getenv('SMTP_PASSWORD_FILE')) {
$CONFIG['mail_smtppassword'] = trim(file_get_contents(getenv('SMTP_PASSWORD_FILE')));
} elseif (getenv('SMTP_PASSWORD')) {
$CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
} else {
$CONFIG['mail_smtppassword'] = '';
}
}
swift.config.php: |-
<?php
if (getenv('OBJECTSTORE_SWIFT_URL')) {
$autocreate = getenv('OBJECTSTORE_SWIFT_AUTOCREATE');
$CONFIG = array(
'objectstore' => [
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => [
'autocreate' => $autocreate == true && strtolower($autocreate) !== 'false',
'user' => [
'name' => getenv('OBJECTSTORE_SWIFT_USER_NAME'),
'password' => getenv('OBJECTSTORE_SWIFT_USER_PASSWORD'),
'domain' => [
'name' => (getenv('OBJECTSTORE_SWIFT_USER_DOMAIN')) ?: 'Default',
],
],
'scope' => [
'project' => [
'name' => getenv('OBJECTSTORE_SWIFT_PROJECT_NAME'),
'domain' => [
'name' => (getenv('OBJECTSTORE_SWIFT_PROJECT_DOMAIN')) ?: 'Default',
],
],
],
'serviceName' => (getenv('OBJECTSTORE_SWIFT_SERVICE_NAME')) ?: 'swift',
'region' => getenv('OBJECTSTORE_SWIFT_REGION'),
'url' => getenv('OBJECTSTORE_SWIFT_URL'),
'bucket' => getenv('OBJECTSTORE_SWIFT_CONTAINER_NAME'),
]
]
);
}
upgrade-disable-web.config.php: |-
<?php
$CONFIG = array (
'upgrade.disable-web' => true,
);
kind: ConfigMap
metadata:
annotations:
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
labels:
app.kubernetes.io/instance: nextcloud
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: nextcloud
app.kubernetes.io/version: 33.0.0
helm.sh/chart: nextcloud-9.0.4
name: nextcloud-config
namespace: nextcloud

103
rendered/envs/production/nextcloud/deployment-nextcloud.yaml
View file

@ -25,7 +25,7 @@ spec:
metadata: metadata:
annotations: annotations:
hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204 hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
nextcloud-config-hash: ec89ea6d9676ed525984771aab8f4536c9f4f62736b2c9898e883f5d0a7f90f8 nextcloud-config-hash: 97fd373864ae7c5da0eb066761ee479483364e3957160cacca360fc6a66c03f7
php-config-hash: b638f66fd8d65de8364dbad6efc59a6524c7b2e2377b5623cf5e921e4d3d2400 php-config-hash: b638f66fd8d65de8364dbad6efc59a6524c7b2e2377b5623cf5e921e4d3d2400
labels: labels:
app.kubernetes.io/component: app app.kubernetes.io/component: app
@ -101,6 +101,16 @@ spec:
name: nextcloud-s3-credentials name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SSE_C_KEY - name: OBJECTSTORE_S3_SSE_C_KEY
value: "" value: ""
- name: TRUSTED_PROXIES
value: 10.0.0.0/8
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITEHOST
value: nextcloud.tr1ceracop.de
- name: OVERWRITECLIURL
value: https://nextcloud.tr1ceracop.de
- name: NC_default_phone_region
value: DE
image: docker.io/library/nextcloud:33.0.0-fpm-alpine image: docker.io/library/nextcloud:33.0.0-fpm-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
@ -160,45 +170,6 @@ spec:
- mountPath: /var/www/html/themes - mountPath: /var/www/html/themes
name: nextcloud-main name: nextcloud-main
subPath: themes subPath: themes
- mountPath: /var/www/html/config/proxy.config.php
name: nextcloud-config
subPath: proxy.config.php
- mountPath: /var/www/html/config/.htaccess
name: nextcloud-config
subPath: .htaccess
- mountPath: /var/www/html/config/apache-pretty-urls.config.php
name: nextcloud-config
subPath: apache-pretty-urls.config.php
- mountPath: /var/www/html/config/apcu.config.php
name: nextcloud-config
subPath: apcu.config.php
- mountPath: /var/www/html/config/apps.config.php
name: nextcloud-config
subPath: apps.config.php
- mountPath: /var/www/html/config/autoconfig.php
name: nextcloud-config
subPath: autoconfig.php
- mountPath: /var/www/html/config/helm-metrics.config.php
name: nextcloud-config
subPath: helm-metrics.config.php
- mountPath: /var/www/html/config/redis.config.php
name: nextcloud-config
subPath: redis.config.php
- mountPath: /var/www/html/config/reverse-proxy.config.php
name: nextcloud-config
subPath: reverse-proxy.config.php
- mountPath: /var/www/html/config/s3.config.php
name: nextcloud-config
subPath: s3.config.php
- mountPath: /var/www/html/config/smtp.config.php
name: nextcloud-config
subPath: smtp.config.php
- mountPath: /var/www/html/config/swift.config.php
name: nextcloud-config
subPath: swift.config.php
- mountPath: /var/www/html/config/upgrade-disable-web.config.php
name: nextcloud-config
subPath: upgrade-disable-web.config.php
- mountPath: /usr/local/etc/php/conf.d/opcache.ini - mountPath: /usr/local/etc/php/conf.d/opcache.ini
name: nextcloud-phpconfig name: nextcloud-phpconfig
subPath: opcache.ini subPath: opcache.ini
@ -275,6 +246,16 @@ spec:
name: nextcloud-s3-credentials name: nextcloud-s3-credentials
- name: OBJECTSTORE_S3_SSE_C_KEY - name: OBJECTSTORE_S3_SSE_C_KEY
value: "" value: ""
- name: TRUSTED_PROXIES
value: 10.0.0.0/8
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITEHOST
value: nextcloud.tr1ceracop.de
- name: OVERWRITECLIURL
value: https://nextcloud.tr1ceracop.de
- name: NC_default_phone_region
value: DE
image: docker.io/library/nextcloud:33.0.0-fpm-alpine image: docker.io/library/nextcloud:33.0.0-fpm-alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: nextcloud-cron name: nextcloud-cron
@ -301,45 +282,6 @@ spec:
- mountPath: /var/www/html/themes - mountPath: /var/www/html/themes
name: nextcloud-main name: nextcloud-main
subPath: themes subPath: themes
- mountPath: /var/www/html/config/proxy.config.php
name: nextcloud-config
subPath: proxy.config.php
- mountPath: /var/www/html/config/.htaccess
name: nextcloud-config
subPath: .htaccess
- mountPath: /var/www/html/config/apache-pretty-urls.config.php
name: nextcloud-config
subPath: apache-pretty-urls.config.php
- mountPath: /var/www/html/config/apcu.config.php
name: nextcloud-config
subPath: apcu.config.php
- mountPath: /var/www/html/config/apps.config.php
name: nextcloud-config
subPath: apps.config.php
- mountPath: /var/www/html/config/autoconfig.php
name: nextcloud-config
subPath: autoconfig.php
- mountPath: /var/www/html/config/helm-metrics.config.php
name: nextcloud-config
subPath: helm-metrics.config.php
- mountPath: /var/www/html/config/redis.config.php
name: nextcloud-config
subPath: redis.config.php
- mountPath: /var/www/html/config/reverse-proxy.config.php
name: nextcloud-config
subPath: reverse-proxy.config.php
- mountPath: /var/www/html/config/s3.config.php
name: nextcloud-config
subPath: s3.config.php
- mountPath: /var/www/html/config/smtp.config.php
name: nextcloud-config
subPath: smtp.config.php
- mountPath: /var/www/html/config/swift.config.php
name: nextcloud-config
subPath: swift.config.php
- mountPath: /var/www/html/config/upgrade-disable-web.config.php
name: nextcloud-config
subPath: upgrade-disable-web.config.php
- mountPath: /usr/local/etc/php/conf.d/opcache.ini - mountPath: /usr/local/etc/php/conf.d/opcache.ini
name: nextcloud-phpconfig name: nextcloud-phpconfig
subPath: opcache.ini subPath: opcache.ini
@ -408,9 +350,6 @@ spec:
- name: nextcloud-main - name: nextcloud-main
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-nextcloud claimName: nextcloud-nextcloud
- configMap:
name: nextcloud-config
name: nextcloud-config
- configMap: - configMap:
name: nextcloud-phpconfig name: nextcloud-phpconfig
name: nextcloud-phpconfig name: nextcloud-phpconfig