From c624caf65a7a43999ef48e9c9e7de6f46be293de Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Sun, 24 May 2026 11:38:42 +0000 Subject: [PATCH] nextcloud(external_storage): add per-mount enableSharing option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lets admin natively share folders from inside an external mount with internal users/groups or via public link. The two PVE pool browsers (visible to admin only) get enableSharing=true so they can act as a "share-from picker" over /srv/nfs and /srv/nfs-ssd; /anca-elements stays false so anca manages re-sharing inside her own view. - Manifest schema gains enableSharing on rootMounts + archiveMounts. - Bootstrap Job adds sync_option() and reconciles enable_sharing via occ files_external:option (idempotent — occ no-ops same-value set). --- stacks/nextcloud/external_storage.tf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/stacks/nextcloud/external_storage.tf b/stacks/nextcloud/external_storage.tf index bcb4247b..182eda5a 100644 --- a/stacks/nextcloud/external_storage.tf +++ b/stacks/nextcloud/external_storage.tf @@ -33,16 +33,23 @@ resource "kubernetes_config_map_v1" "nextcloud_external_storage_manifest" { data = { "manifest.json" = jsonencode({ + # enableSharing: lets users right-click a folder inside the mount and + # share it with another NC user/group/public link. NC defaults to false + # for local-backend mounts; we opt-in per-mount. Currently true on the + # admin pool browsers (admin uses them as a "share-from picker"); false + # on /anca-elements (anca manages her own re-sharing inside her view). rootMounts = [ { mountPoint = "/PVE NFS Pool" dataDir = "/mnt/pve-nfs" applicableGroup = "admin" + enableSharing = true }, { mountPoint = "/PVE NFS-SSD Pool" dataDir = "/mnt/pve-nfs-ssd" applicableGroup = "admin" + enableSharing = true }, ] archiveMounts = [ @@ -52,6 +59,7 @@ resource "kubernetes_config_map_v1" "nextcloud_external_storage_manifest" { # NC usernames (not display names): admin is Viktor, anca is Anca. applicableUsers = ["anca", "admin"] applicableGroups = [] + enableSharing = false }, ] }) @@ -243,14 +251,23 @@ resource "kubernetes_job_v1" "nextcloud_external_storage_bootstrap" { '($c - $d)[]') } + # sync_option + # Reconciles a single mount option. occ files_external:option is + # idempotent (no error on setting same value), so we always write. + sync_option() { + nc_occ files_external:option "$1" "$2" "$3" >/dev/null + } + # ── 6. Process root mounts (admin group only) ─────────────────── ROOT_COUNT=$(jq '.rootMounts | length' "$MANIFEST") for i in $(seq 0 $((ROOT_COUNT - 1))); do MP=$(jq -r ".rootMounts[$i].mountPoint" "$MANIFEST") DIR=$(jq -r ".rootMounts[$i].dataDir" "$MANIFEST") GROUP=$(jq -r ".rootMounts[$i].applicableGroup" "$MANIFEST") + ENABLE_SHARING=$(jq -r ".rootMounts[$i].enableSharing // false" "$MANIFEST") MID=$(ensure_mount "$MP" "$DIR") sync_applicable "$MID" '[]' "[\"$GROUP\"]" + sync_option "$MID" enable_sharing "$ENABLE_SHARING" done # ── 7. Process archive mounts (per-user / per-group) ─────────── @@ -260,8 +277,10 @@ resource "kubernetes_job_v1" "nextcloud_external_storage_bootstrap" { DIR=$(jq -r ".archiveMounts[$i].dataDir" "$MANIFEST") USERS_JSON=$(jq -c ".archiveMounts[$i].applicableUsers // []" "$MANIFEST") GROUPS_JSON=$(jq -c ".archiveMounts[$i].applicableGroups // []" "$MANIFEST") + ENABLE_SHARING=$(jq -r ".archiveMounts[$i].enableSharing // false" "$MANIFEST") MID=$(ensure_mount "$MP" "$DIR") sync_applicable "$MID" "$USERS_JSON" "$GROUPS_JSON" + sync_option "$MID" enable_sharing "$ENABLE_SHARING" done echo "[bootstrap] Bootstrap complete."