From 6243db3cba39352461df53c7477507e8448b63ee Mon Sep 17 00:00:00 2001 From: GigiaJ Date: Thu, 4 Dec 2025 03:02:01 -0600 Subject: [PATCH] Swap to using externalDb because Nextcloud chart absolutely sucks with defining custom values for the login info of the DB... --- src/main/k8s/services/nextcloud/service.cljs | 35 ++++++++++++++++---- 1 file changed, 28 insertions(+), 7 deletions(-) diff --git a/src/main/k8s/services/nextcloud/service.cljs b/src/main/k8s/services/nextcloud/service.cljs index a826227..4afe853 100644 --- a/src/main/k8s/services/nextcloud/service.cljs +++ b/src/main/k8s/services/nextcloud/service.cljs @@ -1,7 +1,7 @@ (ns k8s.services.nextcloud.service) (def config - {:stack [:vault:prepare :k8s:chart :k8s:httproute] + {:stack [:vault:prepare [:k8s :httproute :chart]] :app-namespace "nextcloud" :app-name "nextcloud" :image-port 80 @@ -9,15 +9,28 @@ :k8s:chart-opts {:repositoryOpts {:repo "https://nextcloud.github.io/helm/"} :values {:podAnnotations {"backup.velero.io/backup-volumes" "data"} - :nextcloud {:host 'host + :trustedDomains ['host 'app-name] + :nextcloud {:username 'username + :password 'password + :host 'host :containerPort 80 - :trustedDomains ['host 'app-name] :persistence {:enabled true :storageClass "juicefs-sc" :accessMode "ReadWriteMany" :size "1Ti"}} :service {:port 80} - :mariadb {:enabled true + :redis {:auth {:password 'redis-password}} + :externalDatabase {:enabled true + :type "mysql" + :host "nextcloud-db.nextcloud.svc.cluster.local" + :database "nextcloud" + :user 'username + :password 'mariadb-password} + :internalDatabase {:enabled false} + :mariadb {:enabled false + :auth {:username 'username + :password 'mariadb-password + :rootPassword 'mariadb-root-password} :architecture "standalone" :primary {:podAnnotations {"backup.velero.io/backup-volumes" "data"} :persistence {:enabled true @@ -28,8 +41,7 @@ :image {:registry "docker.io" :repository "bitnami/os-shell" :tag "latest" - :pullPolicy "Always"}} - } + :pullPolicy "Always"}}} :transformations (fn [args _opts] (let [kind (get-in args [:resource :kind])] @@ -37,4 +49,13 @@ (update-in args [:resource :metadata :annotations] #(assoc (or % {}) "pulumi.com/skipAwait" "true")) args)))}} - :k8s:httproute-opts {:spec {::hostnames ['host]}}}) \ No newline at end of file + :k8s:httproute-opts {:spec {::hostnames ['host] + :rules [{:matches [{:path {:type "PathPrefix" :value "/"}}] + :filters [{:type "ResponseHeaderModifier" + :responseHeaderModifier + {:set [{:name "Content-Security-Policy" + :value "frame-src 'self' https://cinny.hampter.quest https://productive.chickensalad.quest https://gitea.chickensalad.quest;"}] + :remove ["X-Content-Security-Policy"]}}] + + :backendRefs [{:name "nextcloud" + :port 80}]}]}}}) \ No newline at end of file