From 813d7e0e5bc97b604019557086a4e5d78caabe10 Mon Sep 17 00:00:00 2001
From: ducoterra <ducoterra@gmail.com>
Date: Wed, 3 May 2023 09:23:48 -0400
Subject: [PATCH] nextcloud working with volumes/php upload limits

---
 helm/nextcloud/templates/nextcloud.yaml | 85 +++++++++++++++++++++++--
 helm/nextcloud/values.yaml              |  2 +-
 2 files changed, 81 insertions(+), 6 deletions(-)

diff --git a/helm/nextcloud/templates/nextcloud.yaml b/helm/nextcloud/templates/nextcloud.yaml
index 496cb93..901815e 100644
--- a/helm/nextcloud/templates/nextcloud.yaml
+++ b/helm/nextcloud/templates/nextcloud.yaml
@@ -95,12 +95,22 @@ metadata:
 data:
   NEXTCLOUD_TRUSTED_DOMAINS: {{ .Values.nextcloud.domain }}
   OVERWRITEPROTOCOL: https
-  OVERWRITECLIURL: {{ .Values.nextcloud.domain }}
+  OVERWRITECLIURL: https://{{ .Values.nextcloud.domain }}
   NEXTCLOUD_ADMIN_USER: admin
   POSTGRES_USER: nextcloud
   POSTGRES_HOST: {{ .Release.Name }}
   POSTGRES_DB: nextcloud
   REDIS_HOST: {{ .Release.Name }}
+  PHP_UPLOAD_LIMIT: 1000000M
+  PHP_MEMORY_LIMIT: 2048M
+  TRUSTED_PROXIES: 10.42.0.1/24
+  SMTP_HOST: email-smtp.us-east-2.amazonaws.com
+  SMTP_SECURE: tls
+  SMTP_PORT: "587"
+  SMTP_AUTHTYPE: LOGIN
+  SMTP_NAME: AKIA47PLXC3AOBYQITO2
+  MAIL_FROM_ADDRESS: server@nextcloud.reeseapps.com
+  MAIL_DOMAIN: nextcloud.reeseapps.com
 
 ---
 
@@ -115,6 +125,7 @@ data:
   NEXTCLOUD_ADMIN_PASSWORD: {{ $NEXTCLOUD_ADMIN_PASSWORD | quote }}
   POSTGRES_PASSWORD: {{ $POSTGRES_PASSWORD | quote }}
   REDIS_HOST_PASSWORD: {{ $REDIS_PASSWORD | quote }}
+  SMTP_PASSWORD: {{ .Values.SMTP_PASSWORD | b64enc | quote }}
 
 ---
 
@@ -206,7 +217,7 @@ spec:
       volumes:
       - name: html
         persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-html
+          claimName: {{ .Release.Name }}-html-iops
         # emptyDir:
         #   sizeLimit: 1Gi
       - name: data
@@ -216,12 +227,12 @@ spec:
         #   sizeLimit: 1Gi
       - name: postgres
         persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-postgres
+          claimName: {{ .Release.Name }}-postgres-iops
         # emptyDir:
         #   sizeLimit: 1Gi
       - name: redis
         persistentVolumeClaim:
-          claimName: {{ .Release.Name }}-redis
+          claimName: {{ .Release.Name }}-redis-iops
         # emptyDir:
         #   sizeLimit: 1Gi
       - name: postgres-init
@@ -272,7 +283,7 @@ spec:
           volumes:
           - name: html
             persistentVolumeClaim:
-              claimName: {{ .Release.Name }}-html
+              claimName: {{ .Release.Name }}-html-iops
             # emptyDir:
             #   sizeLimit: 1Gi
           - name: data
@@ -348,6 +359,54 @@ spec:
 
 ---
 
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-html-iops
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  storageClassName: zfs-iscsi-enc1
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 16Gi
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-postgres-iops
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  storageClassName: zfs-iscsi-enc1
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 32Gi
+
+---
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-redis-iops
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  storageClassName: zfs-iscsi-enc1
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 32Gi
+
+---
+
 apiVersion: v1
 kind: Service
 metadata:
@@ -381,6 +440,22 @@ metadata:
     kubernetes.io/ingress.class: nginx
     nginx.ingress.kubernetes.io/proxy-body-size: "0"
     nginx.org/client-max-body-size: "0"
+    nginx.org/server-snippets: |
+      location ^~ /.well-known {
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
+      }
+
 spec:
   rules:
   - host: {{ .Values.nextcloud.domain }}
diff --git a/helm/nextcloud/values.yaml b/helm/nextcloud/values.yaml
index ded144b..78f179c 100755
--- a/helm/nextcloud/values.yaml
+++ b/helm/nextcloud/values.yaml
@@ -1,3 +1,3 @@
 nextcloud:
-  image: nextcloud:26
+  image: nextcloud:26.0.1
   domain: nextcloud.reeseapps.com