fix(helmfile): Support PostgreSQL as alternative database backend for Nextcloud and XWiki. **Note:** PostgreSQL is likely to become the preferred option/default in the future and MariaDB might be deprecated at a later point.

helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl

@@ -51,6 +51,13 @@ configuration:
     # internalWopiUrl: ""
     wopiAllowlist: {{ join ", " ( concat .Values.cluster.networking.cidr .Values.cluster.networking.incomingCIDR ) | quote }}
   database:
+    {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+    type: "mysql"
+    {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+    type: "pgsql"
+    {{ else }}
+    {{ .Values.databases.nextcloud.type | quote }}
+    {{ end }}
     host: {{ .Values.databases.nextcloud.host | quote }}
     port: {{ .Values.databases.nextcloud.port | quote }}
     name: {{ .Values.databases.nextcloud.name | quote }}
@@ -58,7 +65,13 @@ configuration:
       username:
         value: {{ .Values.databases.nextcloud.username | quote }}
       password:
+        {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
         value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+        {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+        {{- else }}
+        value: {{ .Values.databases.nextcloud.password | quote }}
+        {{- end }}
   ldap:
     host: {{ .Values.ldap.host | quote }}
     password:

helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl

@@ -63,6 +63,13 @@ aio:
       port: {{ .Values.cache.nextcloud.port | quote }}
       tls: {{ .Values.cache.nextcloud.tls }}
     database:
+      {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+      type: "mysql"
+      {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+      type: "pgsql"
+      {{ else }}
+      {{ .Values.databases.nextcloud.type | quote }}
+      {{ end }}
       host: {{ .Values.databases.nextcloud.host | quote }}
       port: {{ .Values.databases.nextcloud.port | quote }}
       name: {{ .Values.databases.nextcloud.name | quote }}
@@ -70,7 +77,13 @@ aio:
         username:
           value: {{ .Values.databases.nextcloud.username | quote }}
         password:
+          {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
           value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+          {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+          value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+          {{- else }}
+          value: {{ .Values.databases.nextcloud.password | quote }}
+          {{- end }}
     trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
   containerSecurityContext:
     allowPrivilegeEscalation: false

helmfile/apps/services-external/values-mariadb.yaml.gotmpl

@@ -39,32 +39,32 @@ job:
   retries: 10
   wait: 30
   users:
+    - username: "openxchange_user"
+      password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
+      connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
     - username: {{ .Values.databases.nextcloud.username | quote }}
       password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
       connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
-    # OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated
-    # users for the moment.
-    - username: "openxchange_user"
-    # - username: {{ .Values.databases.xwiki.username | quote }}
-      password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
-      connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "mariadb" }}
     - username: "xwiki_user"
-    # - username: {{ .Values.databases.oxAppSuite.username | quote }}
       password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
       connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
   databases:
+    # OX uses root user and auto automanages the database, we add a dummy user and create a dummy/empty database.
+    - name: "openxchange_dummy"
+      user: "openxchange_user"
+{{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
     - name: {{ .Values.databases.nextcloud.name | quote }}
       user: {{ .Values.databases.nextcloud.username | quote }}
-    # OX and XWiki are using the db's `root` users (see `database.yaml.gotmpl`). So we are statically referencing their dedicated
-    # users for the moment.
-    - name: "openxchange"
-      user: "openxchange_user"
-    # - name: {{ .Values.databases.oxAppSuite.name | quote }}
-    #   user: {{ .Values.databases.oxAppSuite.username | quote }}
-    - name: "xwiki"
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "mariadb" }}
+    # XWiki uses root user to create new subwiki databases, we add a dummy user.
+    - name: {{ .Values.databases.xwiki.name | quote }}
       user: "xwiki_user"
-    # - name: {{ .Values.databases.xwiki.name | quote }}
-    #   user: {{ .Values.databases.xwiki.username | quote }}
+{{ end }}
 
 mariadb:
   rootPassword:

helmfile/apps/services-external/values-postgresql.yaml.gotmpl

@@ -69,6 +69,16 @@ job:
     - username: {{ .Values.databases.umsSelfservice.username | quote }}
       password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
       connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+    - username: {{ .Values.databases.nextcloud.username | quote }}
+      password: {{ .Values.secrets.postgresql.nextcloudUser | quote }}
+      connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "postgresql" }}
+    - username: {{ .Values.databases.xwiki.username | quote }}
+      password: {{ .Values.secrets.postgresql.xwikiUser | quote }}
+      connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+{{ end }}
   databases:
     - name: {{ .Values.databases.keycloak.name | quote }}
       user: {{ .Values.databases.keycloak.username | quote }}
@@ -87,6 +97,15 @@ job:
       user: {{ .Values.databases.umsNotificationsApi.username | quote }}
     - name: {{ .Values.databases.umsSelfservice.name | quote }}
       user: {{ .Values.databases.umsSelfservice.username | quote }}
+{{ if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+    - name: {{ .Values.databases.nextcloud.name | quote }}
+      user: {{ .Values.databases.nextcloud.username | quote }}
+{{ end }}
+{{ if eq .Values.databases.xwiki.type "postgresql" }}
+    - name: {{ .Values.databases.xwiki.name | quote }}
+      user: {{ .Values.databases.xwiki.username | quote }}
+      additionalParams: "ENCODING 'UNICODE' template=template0"
+{{ end }}
 
 persistence:
   size: {{ .Values.persistence.storages.postgresql.size | quote }}

helmfile/apps/xwiki/values.yaml.gotmpl

@@ -5,10 +5,16 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 image:
-  name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwiki.registry }}/{{ .Values.images.xwiki.repository }}"
-  tag: {{ .Values.images.xwiki.tag | quote }}
+  {{- if eq .Values.databases.xwiki.type "mariadb" }}
+  name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiMariadb.registry }}/{{ .Values.images.xwikiMariadb.repository }}"
+  tag: {{ .Values.images.xwikiMariadb.tag | quote }}
+  {{- else if eq .Values.databases.xwiki.type "postgresql" }}
+  name: "{{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.xwikiPostgres.registry }}/{{ .Values.images.xwikiPostgres.repository }}"
+  tag: {{ .Values.images.xwikiPostgres.tag | quote }}
+  {{- else }}
+  {{- fail "Unsupported value for .Values.databases.xwiki.type, supported values are 'mariadb' or 'postgresql'" }}
+  {{- end }}
   pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-
 imagePullSecrets: {{ .Values.global.imagePullSecrets }}
 
 {{- if .Values.certificate.selfSigned }}
@@ -19,7 +25,11 @@ javaOpts:
 {{- end }}
 
 externalDB:
+  {{- if eq .Values.databases.xwiki.type "mariadb" }}
   password: {{ .Values.databases.xwiki.password | default .Values.secrets.mariadb.rootPassword | quote }}
+  {{- else }}
+  password: {{ .Values.databases.xwiki.password | default .Values.secrets.postgresql.xwikiUser | quote }}
+  {{- end }}
   database: {{ .Values.databases.xwiki.name | quote }}
   user: {{ .Values.databases.xwiki.username | quote }}
   host: {{ printf "%s:%d" .Values.databases.xwiki.host .Values.databases.xwiki.port | quote }}