Properly initialise nextcloud with postgres

test/nextcloud/2.3.2/templates/deployment.yaml

@@ -57,6 +57,7 @@ spec:
             secretKeyRef:
               name: db-details
               key: db-password
+        {{- end }}
         - name: NEXTCLOUD_ADMIN_USER
           valueFrom:
             secretKeyRef:

test/nextcloud/2.3.2/templates/nginx-config.yaml

-{{- if .Values.nginx.enabled -}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "nextcloud.fullname" . }}-nginxconfig
-  labels:
-    app.kubernetes.io/name: {{ include "nextcloud.name" . }}
-    helm.sh/chart: {{ include "nextcloud.chart" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/managed-by: {{ .Release.Service }}
-data:
-  nginx.conf: |-
-{{- if .Values.nginx.config.default }}
-    worker_processes auto;
-
-    error_log  /var/log/nginx/error.log warn;
-    pid        /var/run/nginx.pid;
-
-
-    events {
-        worker_connections  1024;
-    }
-
-
-    http {
-        include       /etc/nginx/mime.types;
-        default_type  application/octet-stream;
-
-        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                          '$status $body_bytes_sent "$http_referer" '
-                          '"$http_user_agent" "$http_x_forwarded_for"';
-
-        access_log  /var/log/nginx/access.log  main;
-
-        sendfile        on;
-        #tcp_nopush     on;
-
-        keepalive_timeout  65;
-
-        #gzip  on;
-
-        upstream php-handler {
-            server 127.0.0.1:9000;
-        }
-
-        server {
-            listen 80;
-
-            # Add headers to serve security related headers
-            # Before enabling Strict-Transport-Security headers please read into this
-            # topic first.
-            #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-            #
-            # WARNING: Only add the preload option once you read about
-            # the consequences in https://hstspreload.org/. This option
-            # will add the domain to a hardcoded list that is shipped
-            # in all major browsers and getting removed from this list
-            # could take several months.
-            add_header Referrer-Policy "no-referrer" always;
-            add_header X-Content-Type-Options "nosniff" always;
-            add_header X-Download-Options "noopen" always;
-            add_header X-Frame-Options "SAMEORIGIN" always;
-            add_header X-Permitted-Cross-Domain-Policies "none" always;
-            add_header X-Robots-Tag "none" always;
-            add_header X-XSS-Protection "1; mode=block" always;
-
-            # Remove X-Powered-By, which is an information leak
-            fastcgi_hide_header X-Powered-By;
-
-            # Path to the root of your installation
-            root /var/www/html;
-
-            location = /robots.txt {
-                allow all;
-                log_not_found off;
-                access_log off;
-            }
-
-            # The following 2 rules are only needed for the user_webfinger app.
-            # Uncomment it if you're planning to use this app.
-            #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-            #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-
-            # The following rule is only needed for the Social app.
-            # Uncomment it if you're planning to use this app.
-            #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-
-            location = /.well-known/carddav {
-                return 301 $scheme://$host:$server_port/remote.php/dav;
-            }
-
-            location = /.well-known/caldav {
-                return 301 $scheme://$host:$server_port/remote.php/dav;
-            }
-
-            # set max upload size
-            client_max_body_size 10G;
-            fastcgi_buffers 64 4K;
-
-            # Enable gzip but do not remove ETag headers
-            gzip on;
-            gzip_vary on;
-            gzip_comp_level 4;
-            gzip_min_length 256;
-            gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-            gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-
-            # Uncomment if your server is build with the ngx_pagespeed module
-            # This module is currently not supported.
-            #pagespeed off;
-
-            location / {
-                rewrite ^ /index.php;
-            }
-
-            location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
-                deny all;
-            }
-            location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
-                deny all;
-            }
-
-            location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-                fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
-                set $path_info $fastcgi_path_info;
-                try_files $fastcgi_script_name =404;
-                include fastcgi_params;
-                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-                fastcgi_param PATH_INFO $path_info;
-                # fastcgi_param HTTPS on;
-
-                # Avoid sending the security headers twice
-                fastcgi_param modHeadersAvailable true;
-
-                # Enable pretty urls
-                fastcgi_param front_controller_active true;
-                fastcgi_pass php-handler;
-                fastcgi_intercept_errors on;
-                fastcgi_request_buffering off;
-            }
-
-            location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
-                try_files $uri/ =404;
-                index index.php;
-            }
-
-            # Adding the cache control header for js, css and map files
-            # Make sure it is BELOW the PHP block
-            location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-                try_files $uri /index.php$request_uri;
-                add_header Cache-Control "public, max-age=15778463";
-                # Add headers to serve security related headers (It is intended to
-                # have those duplicated to the ones above)
-                # Before enabling Strict-Transport-Security headers please read into
-                # this topic first.
-                #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-                #
-                # WARNING: Only add the preload option once you read about
-                # the consequences in https://hstspreload.org/. This option
-                # will add the domain to a hardcoded list that is shipped
-                # in all major browsers and getting removed from this list
-                # could take several months.
-                add_header Referrer-Policy "no-referrer" always;
-                add_header X-Content-Type-Options "nosniff" always;
-                add_header X-Download-Options "noopen" always;
-                add_header X-Frame-Options "SAMEORIGIN" always;
-                add_header X-Permitted-Cross-Domain-Policies "none" always;
-                add_header X-Robots-Tag "none" always;
-                add_header X-XSS-Protection "1; mode=block" always;
-
-                # Optional: Don't log access to assets
-                access_log off;
-            }
-
-            location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
-                try_files $uri /index.php$request_uri;
-                # Optional: Don't log access to other assets
-                access_log off;
-            }
-        }
-    }
-{{- else }}
-{{ .Values.nginx.config.custom | indent 4 }}
-{{- end }}
-{{- end }}

test/nextcloud/2.3.2/templates/postgres-deployment.yaml

@@ -50,7 +50,7 @@ spec:
       volumes:
       - name: postgres-data
         hostPath:
-          path: {{ template "configuredPostgresHostPath" . }}
+          path: "/mnt/evo/ix-applications/releases/nextcloud/volumes/ix_volumes/ix-postgres_data"
       - name: postgres-backup
         hostPath:
-          path: {{ template "configuredBackupPostgresHostPath" . }}
+          path: "/mnt/evo/ix-applications/releases/nextcloud/volumes/ix_volumes/ix-postgres_backups"

test/nextcloud/2.3.2/templates/postgres-secret.yaml

@@ -3,11 +3,11 @@ kind: Secret
 metadata:
   name: db-details
 data:
+  db-user: postgres
   {{- if .Release.IsInstall }}
   db-password: {{ randAlphaNum 15 | b64enc | quote }}
   {{ else }}
   # `index` function is necessary because the property name contains a dash.
   # Otherwise (...).data.db_password would have worked too.
   db-password:  {{ index (lookup "v1" "Secret" .Release.Namespace "db-details").data "db-password" }}
-  db-user: postgres
   {{ end }}

test/nextcloud/2.3.2/templates/secrets.yaml

@@ -15,7 +15,3 @@ data:
   {{ else }}
   nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
   {{ end }}
-  {{- if .Values.nextcloud.mail.enabled }}
-  smtp-username: {{ default "" .Values.nextcloud.mail.smtp.name | b64enc | quote }}
-  smtp-password: {{ default "" .Values.nextcloud.mail.smtp.password | b64enc | quote }}
-  {{- end }}

test/nextcloud/2.3.2/values.yaml

@@ -122,7 +122,6 @@ externalDatabase:
     # passwordKey: password
 
 postgresql:
-  host:
 
 ## Cronjob to execute Nextcloud background tasks
 ## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#webcron