opencloud-eu
diff --git a/‎README.md‎
Lines changed: 5 additions & 2 deletions b/‎README.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 54 additions & 12 deletions b/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 54 additions & 12 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/README.md‎
Lines changed: 12 additions & 2 deletions b/‎charts/opencloud-microservices/deployments/timoni/README.md‎
Lines changed: 12 additions & 2 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/README.md‎
Lines changed: 5 additions & 0 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue‎
Lines changed: 91 additions & 0 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue‎
Lines changed: 91 additions & 0 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/clamav/configmap.yaml‎
Lines changed: 46 additions & 0 deletions b/‎charts/opencloud-microservices/deployments/timoni/clamav/configmap.yaml‎
Lines changed: 46 additions & 0 deletions
@@ -95,7 +95,10 @@ The complete OpenCloud deployment with all components for production use:
 - NATS service discovery required
 - Keycloak for authentication
 - MinIO for object storage
-- Integrated LDAP 
+- Integrated OpenLDAP 
+- Integrated ClamAV
+- Posix support
+- Helm and Timoni Chart for FluxCD
 - Document editing with Collabora and/or OnlyOffice
 - Slightly higher resource usage due to microservices pod overhead
 - See [architectural warnings](./charts/opencloud-microservices/README.md#architectural-considerations)
@@ -112,6 +115,6 @@ A lightweight single-container deployment for development and testing:
 
 ## 📜 License
 
-This project is licensed under the **AGPLv3** licence. See the [LICENSE](LICENSE) file for more details.
+This project is licensed under the **AGPLv3** license. See the [LICENSE](LICENSE) file for more details.
 
 
@@ -12,9 +12,9 @@ maintainers:
     email: info@opencloud.eu
     url: https://opencloud.eu
 type: application
-version: 0.1.0
+version: 0.3.8
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
-appVersion: 3.2.0
+appVersion: 4.0.0
 kubeVersion: ""
 sources:
   - https://github.com/opencloud-eu/helm
 
@@ -21,22 +21,29 @@ releases:
       - logging:
           level: debug # Set logging level for OpenCloud components.
       - externalDomain: cloud.opencloud.test # Main domain for OpenCloud access.
-
+      - image:  
+          tag: "4.0.0-rc.1"
       # --- Core Components Configuration ---
       - keycloak:
           enabled: true # Enable Keycloak for authentication.
           domain: keycloak.opencloud.test # Domain for Keycloak.
       - minio:
-          enabled: true # Enable MinIO for object storage.
+          enabled: false # Enable MinIO for object storage.
           domain: minio.opencloud.test # Domain for MinIO.
           config:
             persistence:
               size: "40Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
       - onlyoffice:
           enabled: false
           domain: onlyoffice.opencloud.test # Domain for OnlyOffice.
           persistence:
-            size: "2Gi" # Added
+            size: "2Gi"
+            accessModes:
+              - ReadWriteOnce
+            storageClassName: 
 
       - collabora:
           enabled: true
@@ -83,6 +90,17 @@ releases:
               group:
                 schema:
                   id: openCloudUUID
+          quotas:
+            roles:
+              # User Role set to 2GB
+              'd7beeea8-8ff4-406b-8fb6-ab2dd81e6b11': 0
+              # Space Administrator Role set to 100GB
+              '2aadd357-682c-406b-8874-293091995fdd': 0
+          virusscan:
+            enabled: true
+            infectedFileHandling: "abort"
+            scannerType: "clamav"
+            clamavSocket: "tcp://clamav.clamav.svc.cluster.local:3310"
           appsIntegration:
             enabled: true
             wopiIntegration:
@@ -118,31 +136,49 @@ releases:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           search:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             extractor:
               type: tika
           storagesystem:
             persistence:
               enabled: true
               size: "5Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           storageusers:
             persistence:
               enabled: true
-              size: "50Gi"
+              size: "60Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             storageBackend:
-              driver: decomposeds3
- 
+              driver: posix
+
           thumbnails:
             persistence:
               enabled: true
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           web:
             persistence:
               enabled: true
               size: "1Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
             config:
               oidc:
                 webClientID: web
@@ -158,7 +194,7 @@ releases:
                         priority: 50
             additionalInitContainers:
               - name: external-sites
-                image: opencloudeu/web-extensions:external-sites-latest
+                image: opencloudeu/web-extensions:external-sites-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -167,7 +203,7 @@ releases:
                   - name: apps
                     mountPath: /apps
               - name: drawio
-                image: opencloudeu/web-extensions:draw-io-latest
+                image: opencloudeu/web-extensions:draw-io-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -176,7 +212,7 @@ releases:
                   - name: apps
                     mountPath: /apps
               - name: importer
-                image: opencloudeu/web-extensions:importer-latest
+                image: opencloudeu/web-extensions:importer-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -185,7 +221,7 @@ releases:
                   - name: apps
                     mountPath: /apps
               - name: jsonviewer
-                image: opencloudeu/web-extensions:json-viewer-latest
+                image: opencloudeu/web-extensions:json-viewer-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -194,7 +230,7 @@ releases:
                   - name: apps
                     mountPath: /apps
               - name: progressbars
-                image: opencloudeu/web-extensions:progress-bars-latest
+                image: opencloudeu/web-extensions:progress-bars-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -203,7 +239,7 @@ releases:
                   - name: apps
                     mountPath: /apps
               - name: unzip
-                image: opencloudeu/web-extensions:unzip-latest
+                image: opencloudeu/web-extensions:unzip-1.0.0
                 command:
                   - /bin/sh
                   - -c
@@ -215,10 +251,16 @@ releases:
             persistence:
               enabled: false
               size: "10Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
           ocm:
             persistence:
               enabled: false
               size: "1Gi"
+              accessModes:
+                - ReadWriteOnce
+              storageClassName: 
       - extraResources:
           - |
             apiVersion: v1
 
@@ -1,5 +1,15 @@
 # Install/Upgrade
-kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/ && \
-timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/runtime.cue
+This are the cli commands to install with timoni (fluxcd) the opencloud, openldap and clamav
 
+## Install openldap
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/openldap && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue --runtime ./charts/opencloud-microservices/deployments/timoni/openldap/runtime.cue
+
+## Install clamav
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/clamav && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue --runtime ./charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue
+
+## Install opencloud
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/opencloud/runtime.cue
 
@@ -0,0 +1,5 @@
+# Install/Upgrade
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/clamav && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue --runtime ./charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue
+
+
@@ -0,0 +1,91 @@
+bundle: {
+    apiVersion: "v1alpha1"
+    name:       "clamav"
+    instances: {
+        "service-account": {
+            module: url: "oci://ghcr.io/stefanprodan/modules/flux-tenant"
+            namespace: "clamav"
+            values: {
+                role: "namespace-admin"
+                resourceQuota: {
+                    kustomizations: 100
+                    helmreleases:   100
+                }
+            }
+        },
+       
+        "clamav": {
+            module: {
+                url: "oci://ghcr.io/stefanprodan/modules/flux-helm-release"
+                version: "latest"
+            }
+            namespace: "clamav"
+            values: {
+                repository: {
+                    url: "https://wiremind.github.io/wiremind-helm-charts"
+                }
+                chart: {
+                    name:    "clamav"
+                    version: "3.7.1"
+                }
+                sync: {
+                    timeout: 5
+                    createNamespace: true
+                }
+                helmValues: {
+                    _persistenceStorageClassName: string @timoni(runtime:string:CLAMAV_PERSISTENCE_STORAGE_CLASS)
+                    _persistenceAccessModes:     string @timoni(runtime:string:CLAMAV_PERSISTENCE_ACCESS_MODES)
+
+                    replicaCount: int @timoni(runtime:number:CLAMAV_REPLICA_COUNT)
+                    
+                    updateStrategy: {
+                        type: string @timoni(runtime:string:CLAMAV_UPDATE_STRATEGY_TYPE)
+                        rollingUpdate: {
+                            partition: int @timoni(runtime:number:CLAMAV_UPDATE_STRATEGY_PARTITION)
+                        }
+                    }
+                    
+                    hpa: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_HPA_ENABLED)
+                    }
+                    
+                    podDisruptionBudget: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_PDB_ENABLED)
+                        minAvailable: int @timoni(runtime:number:CLAMAV_PDB_MIN_AVAILABLE)
+                    }
+                    
+                    topologySpreadConstraints: [
+                        {
+                            maxSkew: int @timoni(runtime:number:CLAMAV_TOPOLOGY_MAX_SKEW)
+                            topologyKey: string @timoni(runtime:string:CLAMAV_TOPOLOGY_KEY)
+                            whenUnsatisfiable: string @timoni(runtime:string:CLAMAV_TOPOLOGY_UNSATISFIABLE)
+                            labelSelector: {
+                                matchLabels: {
+                                    "app.kubernetes.io/name": "clamav"
+                                }
+                            }
+                        }
+                    ]
+                    
+                    persistentVolume: {
+                        enabled: bool @timoni(runtime:bool:CLAMAV_PERSISTENCE_ENABLED)
+                        size: string @timoni(runtime:string:CLAMAV_PERSISTENCE_SIZE)
+                        storageClass: "\(_persistenceStorageClassName)"
+                        accessModes: [ "\(_persistenceAccessModes)" ]
+                    }
+                    
+                    resources: {
+                        limits: {
+                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_CPU)
+                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_LIMITS_MEMORY)
+                        }
+                        requests: {
+                            cpu: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_CPU)
+                            memory: string @timoni(runtime:string:CLAMAV_RESOURCES_REQUESTS_MEMORY)
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: clamav
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: opencloud-config
+  namespace: clamav
+data:
+  ###############################################################################
+  # High Availability Configuration
+  ###############################################################################
+  CLAMAV_REPLICA_COUNT: "2"
+  CLAMAV_UPDATE_STRATEGY_TYPE: "RollingUpdate"
+  CLAMAV_UPDATE_STRATEGY_PARTITION: "1"
+  CLAMAV_HPA_ENABLED: "false"
+  CLAMAV_PDB_ENABLED: "false"
+  CLAMAV_PDB_MIN_AVAILABLE: "1"
+  CLAMAV_TOPOLOGY_MAX_SKEW: "1"
+  CLAMAV_TOPOLOGY_KEY: "kubernetes.io/hostname"
+  CLAMAV_TOPOLOGY_UNSATISFIABLE: "ScheduleAnyway"
+
+  ###############################################################################
+  # Persistence Configuration
+  ###############################################################################
+  CLAMAV_PERSISTENCE_ENABLED: "false"
+  CLAMAV_PERSISTENCE_SIZE: "5000Mi"
+  # For ReadWriteMany deployment, change to: ReadWriteMany
+  CLAMAV_PERSISTENCE_ACCESS_MODES: "ReadWriteOnce"
+  CLAMAV_PERSISTENCE_STORAGE_CLASS: ""
+
+  ###############################################################################
+  # Resource Configuration
+  ###############################################################################
+  CLAMAV_RESOURCES_LIMITS_CPU: "6000m"
+  CLAMAV_RESOURCES_LIMITS_MEMORY: "8Gi"
+  CLAMAV_RESOURCES_REQUESTS_CPU: "500m"
+  CLAMAV_RESOURCES_REQUESTS_MEMORY: "1Gi"
+
+  ###############################################################################
+  # Image Configuration
+  ###############################################################################
+  # Leave empty to use default image tag from helm chart
+  CLAMAV_IMAGE_TAG: ""