apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  name: nextcloud
  namespace: nextcloud
spec:
  chart: nextcloud
  targetNamespace: nextcloud
  repo: https://nextcloud.github.io/helm/
  # https://artifacthub.io/packages/helm/nextcloud/nextcloud
  version: 7.0.2
  valuesContent: |-
    # resources:
    #   requests:
    #     cpu: 200m
    #     memory: 200Mi
    #   limits:
    #     cpu: 200m
    #     memory: 200Mi
    lifecycle:
      postStartCommand: ["/bin/bash", "-c", "apt update -y && apt install ffmpeg fuse libfuse2 libc6 iproute2 -y"]
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
        labels:
          release: prometheus
    ingress:
      enabled: true
      className: nginx
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
        nginx.ingress.kubernetes.io/affinity: "cookie"
        nginx.ingress.kubernetes.io/enable-cors: "true"
        nginx.ingress.kubernetes.io/cors-allow-methods: "GET HEAD POST OPTIONS PUT PATCH DELETE PROPFIND MKCOL REPORT"
        nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,X-Forwarded-For"
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        nginx.ingress.kubernetes.io/server-snippet: |-
          server_tokens off;
          proxy_hide_header X-Powered-By;
          rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last;
          rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last;
          rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
          rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
          location = /.well-known/carddav {
            return 301 $scheme://$host/remote.php/dav;
          }
          location = /.well-known/caldav {
            return 301 $scheme://$host/remote.php/dav;
          }
          location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
          }
          location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
          }
          location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
            deny all;
          }
      tls:
        - secretName: nextcloud-tls
          hosts:
            - cloud.keligrubb.com
    nextcloud:
      host: cloud.keligrubb.com
      password: "east_task_law_fastened"
      configs:
        proxy.config.php: |-
          <?php
          $CONFIG = array (
            'trusted_proxies' => array(
              0 => '127.0.0.1',
              1 => '10.0.0.0/8',
            ),
            'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'),
            'allow_local_remote_servers' => true,
          );
    internalDatabase:
      enabled: false
    postgresql:
      enabled: true
      global:
        postgresql:
          auth:
            password: "east_task_law_fastened"
      primary:
        persistence:
          enabled: true
        resources:
          requests:
            memory: 256Mi
            cpu: 200m
          limits:
            memory: 384Mi
            cpu: 300m
    externalDatabase:
      enabled: true
      host: nextcloud-postgresql.nextcloud.svc.cluster.local
    persistence:
      enabled: true
      storageClass: longhorn
      size: 256Gi
      nextcloudData.size: 256Gi
    cronjob:
      enabled: true
    nodeSelector:
      ai-capable: "true"