feat(nextcloud): Support for Notify_Push

2025-12-07 16:01:37 +01:00 · 2025-05-07 07:40:17 +00:00
12 changed files with 187 additions and 7 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -696,6 +696,7 @@ import-default-accounts:
        --admin_enable_knowledgemanagement True \
        --admin_enable_projectmanagement True \
        --create_admin_accounts True \
+        --create_maildomains True \
        --verify_certificate False

 run-tests:
--- a/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl
@@ -24,9 +24,9 @@ releases:
    chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
    version: "{{ .Values.charts.nextcloudManagement.version }}"
    values:
-      - "values-nextcloud-mgmt.yaml.gotmpl"
+      - "values-nextcloud-management.yaml.gotmpl"
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
-      - "values-nextcloud-mgmt-enterprise.yaml.gotmpl"
+      - "values-nextcloud-management-ee.yaml.gotmpl"
      {{- end }}
      {{- range .Values.customization.release.opendeskNextcloudManagement }}
      - {{ . }}
@@ -41,7 +41,7 @@ releases:
    values:
      - "values-nextcloud.yaml.gotmpl"
      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
-      - "values-nextcloud-enterprise.yaml.gotmpl"
+      - "values-nextcloud-ee.yaml.gotmpl"
      {{- end }}
      {{- range .Values.customization.release.opendeskNextcloud }}
      - {{ . }}
@@ -49,6 +49,19 @@ releases:
    needs:
      - "opendesk-nextcloud-management"
    installed: {{ .Values.apps.nextcloud.enabled }}
+  - name: "opendesk-nextcloud-notifypush"
+    chart: "nextcloud-repo/{{ .Values.charts.nextcloudNotifyPush.name }}"
+    version: "{{ .Values.charts.nextcloudNotifyPush.version }}"
+    values:
+      - "values-nextcloud-notifypush.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskNextcloudNotifyPush }}
+      - {{ . }}
+      {{- end }}
+    wait: true
+    needs:
+      - "opendesk-nextcloud"
+    installed: {{ and .Values.apps.nextcloud.enabled (gt .Values.replicas.nextcloudNotifyPush 0) }}
+    timeout: 900

 commonLabels:
  deployStage: "050-components"
--- a/helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-enterprise.yaml.gotmpl
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt-enterprise.yaml.gotmpl
--- a/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl
@@ -67,6 +67,8 @@ configuration:
        enabled: true
      integrationOpenproject:
        enabled: {{ .Values.apps.openproject.enabled }}
+      notifyPush:
+        enabled: {{ gt .Values.replicas.nextcloudNotifyPush 0 }}
      spreed:
        enabled: true
    circles:
--- a/helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl
@@ -0,0 +1,135 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+additionalAnnotations:
+  intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
+  {{- with .Values.annotations.nextcloudNotifyPush.additional }}
+  {{ . | toYaml | nindent 4 }}
+  {{- end }}
+
+configuration:
+  cache:
+    auth:
+      enabled: true
+      username:
+        value: {{ .Values.cache.nextcloud.username }}
+      password:
+        value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
+    host: {{ .Values.cache.nextcloud.host | quote }}
+    port: {{ .Values.cache.nextcloud.port | quote }}
+    tls: {{ .Values.cache.nextcloud.tls }}
+  database:
+    {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+    type: "mysql"
+    {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+    type: "postgres"
+    {{ else }}
+    {{ .Values.databases.nextcloud.type | quote }}
+    {{ end }}
+    host: {{ .Values.databases.nextcloud.host | quote }}
+    port: {{ .Values.databases.nextcloud.port | quote }}
+    name: {{ .Values.databases.nextcloud.name | quote }}
+    auth:
+      username:
+        value: {{ .Values.databases.nextcloud.username | quote }}
+      password:
+        {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
+        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+        {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+        {{- else }}
+        value: {{ .Values.databases.nextcloud.password | quote }}
+        {{- end }}
+  trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  runAsUser: 101
+  runAsGroup: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
+# debug:
+#   loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
+# {{- if .Values.certificate.selfSigned }}
+# extraEnvVars:
+#   - name: "FS_IMPORT_CA_CERTIFICATES"
+#     value: "true"
+# {{- end }}
+# {{- if .Values.certificate.selfSigned }}
+# extraVolumes:
+#   - name: "trusted-cert-secret-volume"
+#     secret:
+#       secretName: "opendesk-certificates-ca-tls"
+#       items:
+#         - key: "ca.crt"
+#           path: "ca-certificates.crt"
+# extraVolumeMounts:
+#   - name: "trusted-cert-secret-volume"
+#     mountPath: "/etc/ssl/certs/ca-certificates.crt"
+#     subPath: "ca-certificates.crt"
+# {{- end }}
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
+  repository: {{ .Values.images.nextcloud.repository | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  tag: {{ .Values.images.nextcloud.tag | quote }}
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  annotations:
+    {{- with .Values.annotations.nextcloudNotifyPush.ingress }}
+      {{ . | toYaml | nindent 6 }}
+    {{- end }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
+  tls:
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+metrics:
+  enabled: true
+  service:
+    annotations:
+      {{ .Values.annotations.nextcloudNotifyPush.serviceMetrics | toYaml | nindent 6 }}
+
+podAnnotations:
+  {{ .Values.annotations.nextcloudNotifyPush.pod | toYaml | nindent 4 }}
+podSecurityContext:
+  fsGroup: 101
+# prometheus:
+#   serviceMonitor:
+#     enabled: { .Values.monitoring.prometheus.serviceMonitors.enabled }}
+#     labels:
+#       { .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
+#   prometheusRule:
+#     enabled: { .Values.monitoring.prometheus.prometheusRules.enabled }}
+#     additionalLabels:
+#       { .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
+replicaCount: {{ .Values.replicas.nextcloudNotifyPush }}
+resources:
+  {{ .Values.resources.nextcloudNotifyPush | toYaml | nindent 4 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.nextcloudNotifyPush.service | toYaml | nindent 6 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.nextcloudNotifyPush.serviceAccount | toYaml | nindent 6 }}
+
+...
--- a/helmfile/environments/default/annotations.yaml.gotmpl
+++ b/helmfile/environments/default/annotations.yaml.gotmpl
@@ -116,7 +116,16 @@ annotations:
    serviceAccount: ~
  nextcloudNextcloudMgmt:
    additional: ~
+    ingress: ~
    pod: ~
+    service: ~
+    serviceAccount: ~
+  nextcloudNotifyPush:
+    additional: ~
+    ingress: ~
+    pod: ~
+    service: ~
+    serviceMetrics: ~
    serviceAccount: ~
  notes:
    ingressAdmin: ~
--- a/helmfile/environments/default/charts.yaml.gotmpl
+++ b/helmfile/environments/default/charts.yaml.gotmpl
@@ -251,7 +251,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud"
-    version: "4.1.0"
+    version: "4.2.0-trossner-pn"
    verify: true
  nextcloudManagement:
    # providerCategory: "Platform"
@@ -261,7 +261,17 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-management"
-    version: "4.1.0"
+    version: "4.2.0-trossner-pn"
+    verify: true
+  nextcloudNotifyPush:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # packageName=bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud-notifypush
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
+    name: "opendesk-nextcloud-notifypush"
+    version: "4.2.0-trossner-pn"
    verify: true
  nginx:
    # providerCategory: "Community"
--- a/helmfile/environments/default/customization.yaml.gotmpl
+++ b/helmfile/environments/default/customization.yaml.gotmpl
@@ -46,8 +46,9 @@ customization:
    # migrations-pre
    migrationsPre: {}
    # nextcloud
-    opendeskNextcloudManagement: {}
    opendeskNextcloud: {}
+    opendeskNextcloudManagement: {}
+    opendeskNextcloudNotifyPush: {}
    # notes
    notes: {}
    # nubus
--- a/helmfile/environments/default/images.yaml.gotmpl
+++ b/helmfile/environments/default/images.yaml.gotmpl
@@ -327,7 +327,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.5.0@sha256:9457bc2116620e52dcd1f5f12f042090aa4cca2a3e4d5f64b7c84c232ca6bb63"
+    tag: "2.5.0-trossner-pn@sha256:078f9ab0ab7c60ebd6d378f2c8a471a396a125eb164c411241b80a4a5f6a6761"
  nextcloudExporter:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/replicas.yaml.gotmpl
+++ b/helmfile/environments/default/replicas.yaml.gotmpl
@@ -163,6 +163,8 @@ replicas:
  # -- component: Filestore (Nextcloud)
  # -- scalable: true
  nextcloud: 1
+  # -- scalable: tbd
+  nextcloudNotifyPush: 1
  # -- scalable: true
  nextcloudExporter: 1

--- a/helmfile/environments/default/resources.yaml.gotmpl
+++ b/helmfile/environments/default/resources.yaml.gotmpl
@@ -276,6 +276,13 @@ resources:
    requests:
      cpu: 0.1
      memory: "32Mi"
+  nextcloudNotifyPush:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "512Mi"
  nginxS3Gateway:
    limits:
      cpu: 99