Temp and works?
This commit is contained in:
Aner Zakobar
+10
@@ -90,3 +90,13 @@ https://dev.to/ruanbekker/self-hosted-cicd-with-gitea-and-drone-ci-200l
|
||||
https://gitlab.com/davical-project/davical/-/blob/master/config/example-config.php
|
||||
|
||||
Line 800 ish for auth from reverse proxy
|
||||
|
||||
* NEXTCLOUD
|
||||
|
||||
I ran THIS command inside
|
||||
su www-data -s /bin/bash -c php occ ldap:promote-group "admins"
|
||||
|
||||
* I UNDERSTAND
|
||||
|
||||
I need to backup Chen's stuff
|
||||
And... I need to Jellyfin
|
||||
|
||||
+97
-354
@@ -1,4 +1,4 @@
|
||||
---
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
@@ -341,467 +341,210 @@ spec:
|
||||
port:
|
||||
number: 3000
|
||||
---
|
||||
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: davical-postgres-pvc
|
||||
name: nextcloud-postgres-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
storage: 5Gi
|
||||
storageClassName: longhorn
|
||||
|
||||
---
|
||||
{{- $_ := set $ "homey_davical_postgres_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-postgres-pass") $))}}
|
||||
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-postgres-pass" "secretval" .homey_davical_postgres_pass) $) }}
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: nextcloud-data-pvc
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Ti
|
||||
storageClassName: longhorn
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: nextcloud-postgres-pass
|
||||
annotations:
|
||||
"helm.sh/resource-policy": "keep"
|
||||
type: Opaque
|
||||
data:
|
||||
{{- $secretObj := (lookup "v1" "Secret" .Release.Namespace "nextcloud-postgres-pass") | default dict }}
|
||||
{{- $secretData := (get $secretObj "data") | default dict }}
|
||||
{{- $pass := (get $secretData "password") | default (randAlphaNum 32 | b64enc) }}
|
||||
password: {{ $pass | quote }}
|
||||
---
|
||||
{{- $_ := set $ "homey_nextcloud_postgres_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "nextcloud-postgres-pass") $))}}
|
||||
{{ include "homey.randomsecret" (merge (dict "secretname" "nextcloud-postgres-pass" "secretval" .homey_nextcloud_postgres_pass) $) }}
|
||||
---
|
||||
{{- $_ := set $ "homey_nextcloud_admin_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "nextcloud-admin-pass") $))}}
|
||||
{{ include "homey.randomsecret" (merge (dict "secretname" "nextcloud-admin-pass" "secretval" .homey_nextcloud_admin_pass) $) }}
|
||||
---
|
||||
# apiVersion: extensions/v1beta1
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: davical-postgres-config
|
||||
name: nextcloud-postgres-config
|
||||
labels:
|
||||
app: davical-postgres
|
||||
app: nextcloud-postgres
|
||||
data:
|
||||
POSTGRES_DB: postgres
|
||||
POSTGRES_DB: nextcloud_db
|
||||
POSTGRES_USER: postgres
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: davical-postgres
|
||||
name: nextcloud-postgres
|
||||
labels:
|
||||
app: davical-postgres
|
||||
app: nextcloud-postgres
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: davical-postgres
|
||||
app: nextcloud-postgres
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: davical-postgres
|
||||
name: davical-postgres
|
||||
app: nextcloud-postgres
|
||||
name: nextcloud-postgres
|
||||
spec:
|
||||
containers:
|
||||
- name: davical-postgres
|
||||
image: postgres:10.4
|
||||
- name: nextcloud-postgres
|
||||
image: postgres
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: davical-postgres-config
|
||||
name: nextcloud-postgres-config
|
||||
env:
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: davical-postgres-pass
|
||||
name: nextcloud-postgres-pass
|
||||
key: password
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/postgresql/data
|
||||
subPath: data
|
||||
name: davical-postgredb
|
||||
subPath: nextcloud/db
|
||||
name: nextcloud-postgredb
|
||||
volumes:
|
||||
- name: davical-postgredb
|
||||
- name: nextcloud-postgredb
|
||||
persistentVolumeClaim:
|
||||
claimName: davical-postgres-pvc
|
||||
claimName: nextcloud-postgres-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: davical-postgres
|
||||
name: nextcloud-postgres
|
||||
labels:
|
||||
app: davical-postgres
|
||||
app: nextcloud-postgres
|
||||
spec:
|
||||
ports:
|
||||
- port: 5432
|
||||
selector:
|
||||
app: davical-postgres
|
||||
---
|
||||
{{- $_ := set $ "homey_davical_admin_pass" (include "homey.lookuporgensecret" (merge (dict "secretname" "davical-admin-pass") $))}}
|
||||
{{ include "homey.randomsecret" (merge (dict "secretname" "davical-admin-pass" "secretval" .homey_davical_admin_pass) $) }}
|
||||
app: nextcloud-postgres
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: davical-conf
|
||||
name: nextcloud-configmap
|
||||
labels:
|
||||
app: nextcloud
|
||||
data:
|
||||
config.php: |-
|
||||
{{ tpl (.Files.Get "files/davical-config.php" | indent 4) . }}
|
||||
POSTGRES_HOST: nextcloud-postgres
|
||||
OVERWRITEPROTOCOL: https
|
||||
NEXTCLOUD_ADMIN_USER: admin
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: nextcloud.{{ .Values.homey.url }} nextcloud.admin.home
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: davical
|
||||
name: nextcloud
|
||||
labels:
|
||||
app: davical
|
||||
app: nextcloud
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: davical
|
||||
app: nextcloud
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: davical
|
||||
app: nextcloud
|
||||
name: nextcloud
|
||||
spec:
|
||||
containers:
|
||||
- name: davical
|
||||
image: anerisgreat/davical-multiarch-docker:latest
|
||||
imagePullPolicy: "Always"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: dav
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: "davical-postgres"
|
||||
- name: PGUSER
|
||||
value: "postgres"
|
||||
- name: PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: davical-postgres-pass
|
||||
key: password
|
||||
- name: PGDATABASE
|
||||
value: "davical"
|
||||
- name: PGPORT
|
||||
value: "5432"
|
||||
- name: HOST_NAME
|
||||
value:
|
||||
"dav.{{ .Values.homey.url }}"
|
||||
- name: DAVICAL_ADMIN_PASS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: davical-admin-pass
|
||||
key: password
|
||||
- name: ROOT_PGUSER
|
||||
value: "postgres"
|
||||
- name: ROOT_PGPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: davical-postgres-pass
|
||||
key: password
|
||||
- name: RUN_MIGRATIONS_AT_STARTUP
|
||||
value: "true"
|
||||
- name: nextcloud
|
||||
image: nextcloud
|
||||
imagePullPolicy: Always
|
||||
volumeMounts:
|
||||
- name: davical-conf
|
||||
mountPath: /etc/davical/config.php
|
||||
subPath: config.php
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: davical-conf
|
||||
configMap:
|
||||
name: davical-conf
|
||||
items:
|
||||
- key: config.php
|
||||
path: config.php
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: davical
|
||||
spec:
|
||||
selector:
|
||||
app: davical
|
||||
ports:
|
||||
- name: dav
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 80
|
||||
selector:
|
||||
app: davical
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: davical
|
||||
annotations:
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/auth-method: GET
|
||||
nginx.ingress.kubernetes.io/auth-url: http://authelia.{{ .Release.Namespace }}.svc.cluster.local:9091/api/verify
|
||||
nginx.ingress.kubernetes.io/auth-signin: https://auth.{{ .Values.homey.url }}?rm=$request_method
|
||||
nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email
|
||||
nginx.ingress.kubernetes.io/auth-snippet: |
|
||||
proxy_set_header X-Forwarded-Method $request_method;
|
||||
auth_request_set $user $upstream_http_remote_user;
|
||||
auth_request_set $groups $upstream_http_remote_groups;
|
||||
auth_request_set $name $upstream_http_remote_name;
|
||||
auth_request_set $email $upstream_http_remote_email;
|
||||
proxy_set_header Remote-User $user;
|
||||
proxy_set_header Remote-Fullname $name;
|
||||
proxy_set_header Remote-Email $email;
|
||||
proxy_set_header Redirect-Remote-User $user;
|
||||
proxy_set_header Redirect-Remote-Fullname $name;
|
||||
proxy_set_header Redirect-Remote-Email $email;
|
||||
spec:
|
||||
ingressClassName: {{ .Values.homey.ingress_class }}
|
||||
tls:
|
||||
- hosts:
|
||||
- dav.{{ .Values.homey.url }}
|
||||
secretName: {{ .Values.homey.certname }}
|
||||
rules:
|
||||
- host: dav.{{ .Values.homey.url }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: davical
|
||||
port:
|
||||
number: 80
|
||||
---
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: sogo-db-pass
|
||||
type: Opaque
|
||||
data:
|
||||
password: "sogo"
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sogo-postgres-config
|
||||
labels:
|
||||
app: sogo-postgres
|
||||
data:
|
||||
POSTGRES_DB: sogo
|
||||
POSTGRES_USER: sogo
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: sogo-postgres
|
||||
labels:
|
||||
app: sogo-postgres
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: sogo-postgres
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: sogo-postgres
|
||||
name: sogo-postgres
|
||||
spec:
|
||||
containers:
|
||||
- name: postgres
|
||||
image: postgres:10.4
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
ports:
|
||||
- containerPort: 5432
|
||||
- name: nextcloud-volume
|
||||
mountPath: "/var/www/html"
|
||||
subPath: html
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: sogo-postgres-config
|
||||
name: nextcloud-postgres-config
|
||||
- configMapRef:
|
||||
name: nextcloud-configmap
|
||||
env:
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: sogo-db-pass
|
||||
name: nextcloud-postgres-pass
|
||||
key: password
|
||||
- name: NEXTCLOUD_ADMIN_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: nextcloud-admin-pass
|
||||
key: password
|
||||
volumeMounts:
|
||||
- mountPath: /var/lib/postgresql/data
|
||||
subPath: sogo/db/data
|
||||
name: sogo-postgresdb
|
||||
volumes:
|
||||
- name: sogo-postgresdb
|
||||
- name: nextcloud-volume
|
||||
persistentVolumeClaim:
|
||||
claimName: homey-pvc-longhorn
|
||||
claimName: nextcloud-data-pvc
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: sogo-postgres
|
||||
labels:
|
||||
app: sogo-postgres
|
||||
name: nextcloud
|
||||
spec:
|
||||
ports:
|
||||
- port: 5432
|
||||
selector:
|
||||
app: sogo-postgres
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: sogo-conf
|
||||
data:
|
||||
sogo.conf: |-
|
||||
{
|
||||
/* ********************* Main SOGo configuration file **********************
|
||||
* *
|
||||
* Since the content of this file is a dictionary in OpenStep plist format, *
|
||||
* the curly braces enclosing the body of the configuration are mandatory. *
|
||||
* See the Installation Guide for details on the format. *
|
||||
* *
|
||||
* C and C++ style comments are supported. *
|
||||
* *
|
||||
* This example configuration contains only a subset of all available *
|
||||
* configuration parameters. Please see the installation guide more details. *
|
||||
* *
|
||||
* ~sogo/GNUstep/Defaults/.GNUstepDefaults has precedence over this file, *
|
||||
* make sure to move it away to avoid unwanted parameter overrides. *
|
||||
* *
|
||||
* **************************************************************************/
|
||||
|
||||
/* Database configuration (mysql:// or postgresql://) */
|
||||
SOGoProfileURL = "postgresql://sogo:sogo@sogo-postgres:5432/sogo/sogo_user_profile";
|
||||
OCSFolderInfoURL = "postgresql://sogo:sogo@sogo-postgres:5432/sogo/sogo_folder_info";
|
||||
OCSSessionsFolderURL = "postgresql://sogo:sogo@sogo-postgres:5432/sogo/sogo_sessions_folder";
|
||||
|
||||
/* Mail */
|
||||
SOGoDraftsFolderName = Drafts;
|
||||
SOGoSentFolderName = Sent;
|
||||
SOGoTrashFolderName = Trash;
|
||||
//SOGoIMAPServer = localhost;
|
||||
//SOGoSieveServer = sieve://127.0.0.1:4190;
|
||||
//SOGoSMTPServer = smtp://domain:port/?tls=YES;
|
||||
//SOGoMailDomain = acme.com;
|
||||
SOGoMailingMechanism = smtp;
|
||||
//SOGoForceExternalLoginWithEmail = NO;
|
||||
//SOGoMailSpoolPath = /var/spool/sogo;
|
||||
//NGImap4ConnectionStringSeparator = "/";
|
||||
|
||||
/* Notifications */
|
||||
//SOGoAppointmentSendEMailNotifications = NO;
|
||||
//SOGoACLsSendEMailNotifications = NO;
|
||||
//SOGoFoldersSendEMailNotifications = NO;
|
||||
|
||||
/* Authentication */
|
||||
SOGoPasswordChangeEnabled = YES;
|
||||
|
||||
SOGoUserSources = (
|
||||
{
|
||||
type = ldap;
|
||||
CNFieldName = cn;
|
||||
UIDFieldName = uid;
|
||||
IDFieldName = uid; // first field of the DN for direct binds
|
||||
bindFields = (uid, mail); // array of fields to use for indirect binds
|
||||
baseDN = "ou=users,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
|
||||
bindDN = "cn=readonly,{{ .Values.homey.url | replace "." ",dc=" | printf "dc=%s " | trim }}";
|
||||
bindPassword = {{ include "homey.lookuprandomsecret" (merge (dict "secretname" "openldap-ro") $) }};
|
||||
canAuthenticate = YES;
|
||||
displayName = "Shared Addresses";
|
||||
hostname = ldap://openldap:389;
|
||||
id = public;
|
||||
isAddressBook = YES;
|
||||
}
|
||||
);
|
||||
|
||||
/* Web Interface */
|
||||
//SOGoPageTitle = SOGo;
|
||||
SOGoVacationEnabled = YES;
|
||||
SOGoForwardEnabled = YES;
|
||||
SOGoSieveScriptsEnabled = YES;
|
||||
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
|
||||
//SOGoTrustProxyAuthentication = NO;
|
||||
SOGoXSRFValidationEnabled = YES;
|
||||
|
||||
/* General - SOGoTimeZone *MUST* be defined */
|
||||
SOGoLanguage = English;
|
||||
SOGoTimeZone = Asia/Jerusalem;
|
||||
//SOGoCalendarDefaultRoles = (
|
||||
// PublicDAndTViewer,
|
||||
// ConfidentialDAndTViewer
|
||||
//);
|
||||
//SOGoSuperUsernames = (sogo1, sogo2); // This is an array - keep the parens!
|
||||
SxVMemLimit = 384;
|
||||
//WOPidFile = "/var/run/sogo/sogo.pid";
|
||||
SOGoMemcachedHost = "/var/run/memcached/memcached.sock";
|
||||
|
||||
/* Debug */
|
||||
//SOGoDebugRequests = YES;
|
||||
//SoDebugBaseURL = YES;
|
||||
//ImapDebugEnabled = YES;
|
||||
//LDAPDebugEnabled = YES;
|
||||
//PGDebugEnabled = YES;
|
||||
//MySQL4DebugEnabled = YES;
|
||||
//SOGoUIxDebugEnabled = YES;
|
||||
//WODontZipResponse = YES;
|
||||
//WOLogFile = /var/log/sogo/sogo.log;
|
||||
}
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: sogo
|
||||
labels:
|
||||
app: sogo
|
||||
spec:
|
||||
app: nextcloud
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 80
|
||||
selector:
|
||||
app: sogo
|
||||
---
|
||||
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: sogo
|
||||
spec:
|
||||
# Stop old container before starting new one.
|
||||
# No known upgrade policy know. Save to stop and start a new one.
|
||||
strategy:
|
||||
type: Recreate
|
||||
rollingUpdate: null
|
||||
selector:
|
||||
matchLabels:
|
||||
app: sogo
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: sogo
|
||||
spec:
|
||||
containers:
|
||||
- name: sogo
|
||||
image: effitient/sogo:5.1.0_7
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 400Mi
|
||||
ports:
|
||||
- containerPort: 80
|
||||
volumeMounts:
|
||||
- mountPath: /etc/sogo/sogo.conf
|
||||
name: sogo-conf
|
||||
subPath: sogo.conf
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: sogo-conf
|
||||
configMap:
|
||||
name: sogo-conf
|
||||
optional: false
|
||||
name: nextcloud
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: sogo-ingress
|
||||
name: nextcloud-ingress
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: 5g
|
||||
nginx.ingress.kubernetes.io/server-snippet: |
|
||||
# Make a regex exception for `/.well-known` so that clients can still
|
||||
# access it despite the existence of the regex rule
|
||||
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
|
||||
# for `/.well-known`.
|
||||
location = /.well-known/carddav { return 301 https://nextcloud.{{ .Values.homey.url }}/remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 https://nextcloud.{{ .Values.homey.url }}/remote.php/dav/; }
|
||||
spec:
|
||||
ingressClassName: {{ .Values.homey.ingress_class }}
|
||||
tls:
|
||||
- hosts:
|
||||
- git.{{ .Values.homey.url }}
|
||||
- nextcloud.{{ .Values.homey.url }}
|
||||
secretName: {{ .Values.homey.certname }}
|
||||
rules:
|
||||
- host: sogo.{{ .Values.homey.url }}
|
||||
- host: nextcloud.{{ .Values.homey.url }}
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: soo
|
||||
name: nextcloud
|
||||
port:
|
||||
number: 80
|
||||
|
||||
---
|
||||
|
||||
Reference in New Issue
Block a user