diff --git a/ix-dev/stable/nextcloud/app.yaml b/ix-dev/stable/nextcloud/app.yaml index 0c95b68a1ff..6a5d0e9042f 100644 --- a/ix-dev/stable/nextcloud/app.yaml +++ b/ix-dev/stable/nextcloud/app.yaml @@ -2,20 +2,23 @@ annotations: min_scale_version: 24.10.2.2 app_version: 33.0.2 capabilities: -- description: Cron, Nextcloud, Nginx are able to change file ownership arbitrarily +- description: Cron, Harp, Nextcloud, Nginx are able to change file ownership arbitrarily name: CHOWN -- description: Cron, Nextcloud, Nginx are able to bypass file permission checks +- description: Cron, Harp, Nextcloud, Nginx are able to bypass file permission checks name: DAC_OVERRIDE -- description: Cron, Nextcloud, Nginx are able to bypass permission checks for file - operations +- description: Cron, Harp, Nextcloud, Nginx are able to bypass permission checks for + file operations name: FOWNER -- description: Cron, Nextcloud, Nginx are able to bind to privileged ports (< 1024) +- description: Harp is able to send signals to any process + name: KILL +- description: Cron, Harp, Nextcloud, Nginx are able to bind to privileged ports (< + 1024) name: NET_BIND_SERVICE - description: Cron, Nextcloud, Nginx are able to use raw and packet sockets name: NET_RAW -- description: Cron, Nextcloud, Nginx are able to change group ID of processes +- description: Cron, Harp, Nextcloud, Nginx are able to change group ID of processes name: SETGID -- description: Cron, Nextcloud, Nginx are able to change user ID of processes +- description: Cron, Harp, Nextcloud, Nginx are able to change user ID of processes name: SETUID - description: Imaginary is able to modify process scheduling priority name: SYS_NICE @@ -48,6 +51,11 @@ run_as_context: group_name: Host group is [root] uid: 0 user_name: Host user is [root] +- description: Container [harp] runs as root user and group. + gid: 0 + group_name: Host group is [root] + uid: 0 + user_name: Host user is [root] - description: Container [imaginary] can run as any non-root user and group. gid: 568 group_name: Host group is [apps] @@ -81,4 +89,4 @@ sources: - https://github.com/nextcloud/docker title: Nextcloud train: stable -version: 2.3.16 +version: 2.4.0 diff --git a/ix-dev/stable/nextcloud/ix_values.yaml b/ix-dev/stable/nextcloud/ix_values.yaml index 78529ca2a12..876416d6208 100644 --- a/ix-dev/stable/nextcloud/ix_values.yaml +++ b/ix-dev/stable/nextcloud/ix_values.yaml @@ -23,6 +23,9 @@ images: postgres_upgrade_image: repository: ixsystems/postgres-upgrade tag: 1.2.4 + harp_image: + repository: ghcr.io/nextcloud/nextcloud-appapi-harp + tag: v0.3.2 consts: nextcloud_container_name: nextcloud @@ -33,6 +36,8 @@ consts: nginx_container_name: nginx imaginary_container_name: imaginary imaginary_port: 9000 + harp_container_name: harp + harp_port: 8780 db_name: nextcloud ssl_key_path: /etc/nginx-certs/private.key ssl_cert_path: /etc/nginx-certs/public.crt diff --git a/ix-dev/stable/nextcloud/questions.yaml b/ix-dev/stable/nextcloud/questions.yaml index 259ec6b54ab..d94e281c3cc 100644 --- a/ix-dev/stable/nextcloud/questions.yaml +++ b/ix-dev/stable/nextcloud/questions.yaml @@ -118,6 +118,63 @@ questions: schema: type: boolean default: false + - variable: harp + label: HaRP (AppAPI) + description: | + HaRP (HAProxy Reverse Proxy) enables Nextcloud AppAPI for External Apps (ExApps).
+ Requires Docker socket access (/var/run/docker.sock).
+ See https://github.com/nextcloud/HaRP for more information.
+ schema: + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable HaRP for Nextcloud AppAPI + schema: + type: boolean + default: false + - variable: shared_key + label: Shared Key + description: | + Secret key shared between HaRP and Nextcloud AppAPI.
+ Set the same value in Nextcloud Admin > AppAPI > Deploy Daemons.
+ schema: + type: string + private: true + required: true + show_if: [["enabled", "=", true]] + - variable: port + label: HaRP Port + description: The port HaRP exposes for ExApps. + schema: + type: dict + show_if: [["enabled", "=", true]] + attrs: + - variable: bind_mode + label: Port Bind Mode + description: | + The port bind mode.
+ - Publish: The port will be published on the host for external access.
+ - Expose: The port will be exposed for inter-container communication.
+ - None: The port will not be exposed or published. + schema: + type: string + default: "published" + enum: + - value: "published" + description: Publish port on the host for external access + - value: "exposed" + description: Expose port for inter-container communication + - value: "" + description: None + - variable: port_number + label: Port Number + schema: + type: int + default: 8780 + min: 1 + max: 65535 + required: true - variable: host label: Host description: | @@ -429,6 +486,8 @@ questions: description: postgres - value: redis description: redis + - value: harp + description: harp - variable: config label: Container Network Configuration schema: @@ -927,6 +986,8 @@ questions: description: postgres - value: redis description: redis + - value: harp + description: harp - variable: resources label: "" diff --git a/ix-dev/stable/nextcloud/templates/docker-compose.yaml b/ix-dev/stable/nextcloud/templates/docker-compose.yaml index aad55d19019..6edf84358f9 100644 --- a/ix-dev/stable/nextcloud/templates/docker-compose.yaml +++ b/ix-dev/stable/nextcloud/templates/docker-compose.yaml @@ -1,4 +1,4 @@ -{% from "macros/nc.jinja.sh" import occ, hosts_update, trusted_domains_update, imaginary_url %} +{% from "macros/nc.jinja.sh" import occ, hosts_update, trusted_domains_update, imaginary_url, harp_daemon_register %} {% from "macros/nc.jinja.conf" import opcache, php, limit_request_body, use_x_real_ip_in_logs, nginx_conf %} {% set tpl = ix_lib.base.render.Render(values) %} @@ -162,6 +162,17 @@ "/docker-entrypoint-hooks.d/before-starting/ix-imaginary-url.sh", "0755", ) %} {% endif %} +{% if values.nextcloud.harp.enabled %} + {% set nc_scheme = "https" if values.network.certificate_id else "http" %} + {% set nc_url = "%s://%s"|format(nc_scheme, host.x) if host.x else "%s://localhost:%d"|format(nc_scheme, values.network.web_port.port_number) %} + {% set app_name = values.get("ix_context", {}).get("app_name", "") or "nextcloud" %} + {% set docker_network = "%s_%s"|format(app_name, nc_net) %} + {% do nc_container.configs.add( + "ix-harp-daemon.sh", + harp_daemon_register(values, nc_url, docker_network), + "/docker-entrypoint-hooks.d/before-starting/ix-harp-daemon.sh", "0755", + ) %} +{% endif %} {% do nc_container.environment.add_user_envs(values.nextcloud.additional_envs) %} @@ -199,6 +210,25 @@ {% do imaginary_container.healthcheck.set_test("wget", {"port": 9000, "path": "/health"}) %} {% endif %} +{% if values.nextcloud.harp.enabled %} + {% do tpl.notes.add_warning("HaRP requires access to /var/run/docker.sock, which gives it full control over the Docker daemon. Enable only if you trust the implications.") %} + {% set nc_scheme = "https" if values.network.certificate_id else "http" %} + {% set nc_url = "%s://%s"|format(nc_scheme, host.x) if host.x else "%s://localhost:%d"|format(nc_scheme, values.network.web_port.port_number) %} + + {% set harp_container = tpl.add_container(values.consts.harp_container_name, "harp_image") %} + {% do harp_container.add_network(nc_net) %} + {% do harp_container.set_user(0, 0) %} + {% do harp_container.add_caps(["CHOWN", "DAC_OVERRIDE", "FOWNER", "KILL", "SETGID", "SETUID", "NET_BIND_SERVICE"]) %} + {% do harp_container.healthcheck.disable() %} + {% do harp_container.add_docker_socket(read_only=true) %} + {% do harp_container.environment.add_env("HP_SHARED_KEY", values.nextcloud.harp.shared_key) %} + {% do harp_container.environment.add_env("NC_INSTANCE_URL", nc_url) %} + {% do harp_container.add_port(values.nextcloud.harp.port) %} + {% if not values.network.certificate_id %} + {% do tpl.notes.add_info("HaRP is enabled but nginx is not. You must configure your external reverse proxy to route /exapps/* to HaRP on port %d."|format(values.nextcloud.harp.port.port_number)) %} + {% endif %} +{% endif %} + {% if values.network.certificate_id %} {% set nginx_container = tpl.add_container(values.consts.nginx_container_name, "nginx_image") %} {% do nginx_container.add_network(nc_net) %} diff --git a/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf b/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf index 70fabbbde6d..b1274bcdf49 100644 --- a/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf +++ b/ix-dev/stable/nextcloud/templates/macros/nc.jinja.conf @@ -59,6 +59,30 @@ http { return 301 /index.php$request_uri; } + {%- if values.nextcloud.harp.enabled %} + location /exapps/ { + proxy_pass http://{{ values.consts.harp_container_name }}:{{ values.consts.harp_port }}/; + proxy_http_version 1.1; + proxy_cache_bypass $http_upgrade; + proxy_request_buffering off; + + # Proxy headers + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port {{ port.x | default("443", true) | replace(":", "") }}; + + # Proxy timeouts + proxy_connect_timeout {{ values.network.nginx.proxy_timeout }}s; + proxy_send_timeout {{ values.network.nginx.proxy_timeout }}s; + proxy_read_timeout {{ values.network.nginx.proxy_timeout }}s; + } + {%- endif %} + location / { proxy_pass http://{{ values.consts.nextcloud_container_name }}:80; proxy_http_version 1.1; diff --git a/ix-dev/stable/nextcloud/templates/macros/nc.jinja.sh b/ix-dev/stable/nextcloud/templates/macros/nc.jinja.sh index 52e9007d922..a09acc1299e 100644 --- a/ix-dev/stable/nextcloud/templates/macros/nc.jinja.sh +++ b/ix-dev/stable/nextcloud/templates/macros/nc.jinja.sh @@ -75,3 +75,29 @@ set_list "trusted_domains" "${NEXTCLOUD_TRUSTED_DOMAINS}" || { echo "Failed to u echo '## Configuring Imaginary...' occ config:system:set preview_imaginary_url --value={{ "http://%s:%d"|format(host, port) }} {%- endmacro -%} + +{% macro harp_daemon_register(values, nc_url, docker_network) -%} +#!/bin/bash +echo '## Configuring HaRP (AppAPI)...' + +echo 'Installing and enabling app_api...' +occ app:install app_api 2>/dev/null || true +occ app:enable app_api 2>/dev/null || true + +echo 'Registering HaRP deploy daemon...' +occ app_api:daemon:register \ + harp \ + "HaRP (TrueNAS)" \ + "docker-install" \ + "http" \ + "{{ values.consts.harp_container_name }}:{{ values.consts.harp_port }}" \ + "{{ nc_url }}" \ + --net "{{ docker_network }}" \ + --harp \ + --harp_frp_address "{{ values.consts.harp_container_name }}:8782" \ + --harp_shared_key "{{ values.nextcloud.harp.shared_key }}" \ + --set-default \ + || echo 'Daemon already registered or registration failed. You can register manually via Nextcloud Admin > AppAPI.' + +echo 'HaRP daemon registration complete.' +{%- endmacro -%} diff --git a/ix-dev/stable/nextcloud/templates/test_values/basic-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/basic-values.yaml index e2699f8f814..5fb7e0461f8 100644 --- a/ix-dev/stable/nextcloud/templates/test_values/basic-values.yaml +++ b/ix-dev/stable/nextcloud/templates/test_values/basic-values.yaml @@ -27,6 +27,8 @@ nextcloud: max_execution_time: 30 imaginary: enabled: false + harp: + enabled: false cron: enabled: true schedule: "*/5 * * * *" diff --git a/ix-dev/stable/nextcloud/templates/test_values/harp-https-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/harp-https-values.yaml new file mode 100644 index 00000000000..291b4ba75de --- /dev/null +++ b/ix-dev/stable/nextcloud/templates/test_values/harp-https-values.yaml @@ -0,0 +1,150 @@ +resources: + limits: + cpus: 2.0 + memory: 4096 + +nextcloud: + postgres_image_selector: postgres_18_image + admin_user: admin + admin_password: password + apt_packages: [] + tesseract_languages: [] + host: nextcloud.example.com:8443 + data_dir_path: /var/www/html/data + redis_password: password + db_user: nextcloud + db_password: password + php_upload_limit: 3 + php_memory_limit: 512 + op_cache_interned_strings_buffer: 32 + op_cache_memory_consumption: 128 + max_execution_time: 30 + imaginary: + enabled: false + harp: + enabled: true + shared_key: testharpsharedkey + port: + bind_mode: published + port_number: 30028 + cron: + enabled: false + additional_envs: [] +network: + web_port: + bind_mode: published + port_number: 8080 + certificate_id: "2" + nginx: + proxy_timeout: 60 + use_different_port: true + external_port: 8443 + +ix_volumes: + postgres_data: /opt/tests/mnt/postgres_data + nextcloud-data: /opt/tests/mnt/nextcloud-data + nextcloud-html: /opt/tests/mnt/nextcloud-html + +storage: + data: + type: ix_volume + ix_volume_config: + dataset_name: nextcloud-data + create_host_path: true + html: + type: ix_volume + ix_volume_config: + dataset_name: nextcloud-html + create_host_path: true + postgres_data: + type: ix_volume + ix_volume_config: + dataset_name: postgres_data + create_host_path: true + additional_storage: [] + +ix_certificates: + "2": + certificate: | + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + privatekey: | + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- diff --git a/ix-dev/stable/nextcloud/templates/test_values/harp-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/harp-values.yaml new file mode 100644 index 00000000000..7351a6da698 --- /dev/null +++ b/ix-dev/stable/nextcloud/templates/test_values/harp-values.yaml @@ -0,0 +1,63 @@ +resources: + limits: + cpus: 2.0 + memory: 4096 + +nextcloud: + postgres_image_selector: postgres_18_image + admin_user: admin + admin_password: password + apt_packages: [] + tesseract_languages: [] + imaginary: + enabled: false + harp: + enabled: true + shared_key: testharpsharedkey + port: + bind_mode: published + port_number: 30028 + host: localhost:8080 + data_dir_path: /var/www/html/data + redis_password: password + db_user: nextcloud + db_password: password + php_upload_limit: 3 + php_memory_limit: 512 + op_cache_interned_strings_buffer: 32 + op_cache_memory_consumption: 128 + max_execution_time: 30 + cron: + enabled: false + additional_envs: [] +network: + web_port: + bind_mode: published + port_number: 8080 + certificate_id: + nginx: + proxy_timeout: 60 + use_different_port: false + +ix_volumes: + postgres_data: /opt/tests/mnt/postgres_data + nextcloud-data: /opt/tests/mnt/nextcloud-data + nextcloud-html: /opt/tests/mnt/nextcloud-html + +storage: + data: + type: ix_volume + ix_volume_config: + dataset_name: nextcloud-data + create_host_path: true + html: + type: ix_volume + ix_volume_config: + dataset_name: nextcloud-html + create_host_path: true + postgres_data: + type: ix_volume + ix_volume_config: + dataset_name: postgres_data + create_host_path: true + additional_storage: [] diff --git a/ix-dev/stable/nextcloud/templates/test_values/https-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/https-values.yaml index 94735c83957..726a4e5941b 100644 --- a/ix-dev/stable/nextcloud/templates/test_values/https-values.yaml +++ b/ix-dev/stable/nextcloud/templates/test_values/https-values.yaml @@ -24,6 +24,8 @@ nextcloud: max_execution_time: 30 imaginary: enabled: false + harp: + enabled: false cron: enabled: true schedule: "*/5 * * * *" diff --git a/ix-dev/stable/nextcloud/templates/test_values/imaginary-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/imaginary-values.yaml index a72e65d5c93..7a2a10f2478 100644 --- a/ix-dev/stable/nextcloud/templates/test_values/imaginary-values.yaml +++ b/ix-dev/stable/nextcloud/templates/test_values/imaginary-values.yaml @@ -16,6 +16,8 @@ nextcloud: - chi-sim imaginary: enabled: true + harp: + enabled: false host: localhost:8080 data_dir_path: /var/www/html/data redis_password: YFtYK25GBfr!UsX5mu2Dnd5L5W diff --git a/ix-dev/stable/nextcloud/templates/test_values/no-cron-values.yaml b/ix-dev/stable/nextcloud/templates/test_values/no-cron-values.yaml index c23d85f1932..40e8dac69a7 100644 --- a/ix-dev/stable/nextcloud/templates/test_values/no-cron-values.yaml +++ b/ix-dev/stable/nextcloud/templates/test_values/no-cron-values.yaml @@ -26,6 +26,8 @@ nextcloud: max_execution_time: 30 imaginary: enabled: false + harp: + enabled: false cron: enabled: true schedule: "*/5 * * * *"