fix permission on ixVolumes on initial install, when acls are not enabled (part2) (#1884)

* gitea

* joplin

* listmonk

* n8n

* odoo

* paperless

* vaultwarden

* planka

* linkding

* bump

* bump joplin too

* add 2 more

library/ix-dev/community/gitea/Chart.yaml

@@ -3,7 +3,7 @@ description: Gitea - Git with a cup of tea
 annotations:
   title: Gitea
 type: application
-version: 1.1.4
+version: 1.1.5
 apiVersion: v2
 appVersion: 1.21.2
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/gitea/templates/_gitea.tpl

@@ -47,6 +47,11 @@ workload:
               path: /api/healthz
               port: {{ .Values.giteaNetwork.webPort }}
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" .Values.giteaRunAs.user
+                                                    "GID" .Values.giteaRunAs.group
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
 {{/* Service */}}
@@ -78,8 +83,11 @@ persistence:
       gitea:
         gitea:
           mountPath: /var/lib/gitea
+        {{- if and (eq .Values.giteaStorage.data.type "ixVolume")
+                  (not (.Values.giteaStorage.data.ixVolumeConfig | default dict).aclEnable) }}
         01-permissions:
           mountPath: /mnt/directories/data
+        {{- end }}
   config:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.giteaStorage.config) | nindent 4 }}
@@ -87,8 +95,11 @@ persistence:
       gitea:
         gitea:
           mountPath: /etc/gitea
+        {{- if and (eq .Values.giteaStorage.config.type "ixVolume")
+                  (not (.Values.giteaStorage.config.ixVolumeConfig | default dict).aclEnable) }}
         01-permissions:
           mountPath: /mnt/directories/config
+        {{- end }}
   gitea-temp:
     enabled: true
     type: emptyDir
@@ -105,6 +116,10 @@ persistence:
       gitea:
         gitea:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{ if .Values.giteaNetwork.certificateID }}

library/ix-dev/community/homarr/Chart.yaml

@@ -3,7 +3,7 @@ description: Homarr is a sleek, modern dashboard that puts all of your apps and
 annotations:
   title: Homarr
 type: application
-version: 2.0.2
+version: 2.0.3
 apiVersion: v2
 appVersion: 0.14.2
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/homarr/templates/_homarr.tpl

@@ -42,4 +42,10 @@ workload:
               type: http
               port: {{ .Values.homarrNetwork.webPort }}
               path: /
+      initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                        "UID" .Values.homarrRunAs.user
+                                                        "GID" .Values.homarrRunAs.group
+                                                        "mode" "check"
+                                                        "type" "install") | nindent 8 }}
 {{- end -}}

library/ix-dev/community/homarr/templates/_persistence.tpl

@@ -7,6 +7,11 @@ persistence:
       homarr:
         homarr:
           mountPath: /app/data/configs
+        {{- if and (eq .Values.homarrStorage.configs.type "ixVolume")
+                  (not (.Values.homarrStorage.configs.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/configs
+        {{- end }}
   data:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.homarrStorage.data) | nindent 4 }}
@@ -14,6 +19,11 @@ persistence:
       homarr:
         homarr:
           mountPath: /data
+        {{- if and (eq .Values.homarrStorage.data.type "ixVolume")
+                  (not (.Values.homarrStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   icons:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.homarrStorage.icons) | nindent 4 }}
@@ -21,6 +31,11 @@ persistence:
       homarr:
         homarr:
           mountPath: /app/public/icons
+        {{- if and (eq .Values.homarrStorage.icons.type "ixVolume")
+                  (not (.Values.homarrStorage.icons.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/icons
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -36,5 +51,9 @@ persistence:
       homarr:
         homarr:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 {{- end -}}

library/ix-dev/community/joplin/Chart.yaml

@@ -4,7 +4,7 @@ description: Joplin is an open source note-taking app. Capture your thoughts and
 annotations:
   title: Joplin
 type: application
-version: 1.1.4
+version: 1.1.5
 apiVersion: v2
 appVersion: 2.14.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/joplin/templates/_joplin.tpl

@@ -66,6 +66,11 @@ workload:
               httpHeaders:
                 Host: '{{ .Values.joplinConfig.baseUrl | trimPrefix "https://" | trimPrefix "http://" | trimSuffix "/" }}'
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" 1001
+                                                    "GID" 1001
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
 {{- end -}}

library/ix-dev/community/joplin/templates/_persistence.tpl

@@ -13,5 +13,9 @@ persistence:
       joplin:
         joplin:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 {{- end -}}

library/ix-dev/community/linkding/Chart.yaml

@@ -3,7 +3,7 @@ description: Linkding is a bookmark manager that you can host yourself.
 annotations:
   title: Linkding
 type: application
-version: 1.2.3
+version: 1.2.4
 apiVersion: v2
 appVersion: 1.23.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/linkding/templates/_linkding.tpl

@@ -44,6 +44,11 @@ workload:
               port: {{ .Values.linkdingNetwork.webPort }}
               path: /health
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" .Values.linkdingRunAs.user
+                                                    "GID" .Values.linkdingRunAs.group
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "01-postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
 {{- end -}}

library/ix-dev/community/linkding/templates/_persistence.tpl

@@ -2,12 +2,16 @@
 persistence:
   data:
     enabled: true
-    {{- include "linkding.storage.ci.migration" (dict "storage" .Values.linkdingStorage.data) }}
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.linkdingStorage.data) | nindent 4 }}
     targetSelector:
       linkding:
         linkding:
           mountPath: /etc/linkding/data
+        {{- if and (eq .Values.linkdingStorage.data.type "ixVolume")
+                  (not (.Values.linkdingStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   secret:
     enabled: true
     type: secret
@@ -28,28 +32,19 @@ persistence:
   {{- range $idx, $storage := .Values.linkdingStorage.additionalStorages }}
   {{ printf "linkding-%v:" (int $idx) }}
     enabled: true
-    {{- include "linkding.storage.ci.migration" (dict "storage" $storage) }}
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
     targetSelector:
       linkding:
         linkding:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
-  {{- include "linkding.storage.ci.migration" (dict "storage" .Values.linkdingStorage.pgData) }}
-  {{- include "linkding.storage.ci.migration" (dict "storage" .Values.linkdingStorage.pgBackup) }}
   {{- include "ix.v1.common.app.postgresPersistence"
       (dict "pgData" .Values.linkdingStorage.pgData
             "pgBackup" .Values.linkdingStorage.pgBackup
       ) | nindent 2 }}
 {{- end -}}
-
-{{/* TODO: Remove on the next version bump, eg 1.2.0+ */}}
-{{- define "linkding.storage.ci.migration" -}}
-  {{- $storage := .storage -}}
-
-  {{- if $storage.hostPath -}}
-    {{- $_ := set $storage "hostPathConfig" dict -}}
-    {{- $_ := set $storage.hostPathConfig "hostPath" $storage.hostPath -}}
-  {{- end -}}
-{{- end -}}

library/ix-dev/community/listmonk/Chart.yaml

@@ -3,7 +3,7 @@ description: Listmonk is a self-hosted newsletter and mailing list manager.
 annotations:
   title: Listmonk
 type: application
-version: 1.2.1
+version: 1.2.2
 apiVersion: v2
 appVersion: v2.5.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/listmonk/templates/_listmonk.tpl

@@ -41,7 +41,12 @@ workload:
               port: {{ .Values.listmonkNetwork.webPort }}
               path: /health
       initContainers:
-      {{- include "ix.v1.common.app.postgresWait" (dict "name" "01-postgres-wait"
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" .Values.listmonkRunAs.user
+                                                    "GID" .Values.listmonkRunAs.group
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
+      {{- include "ix.v1.common.app.postgresWait" (dict "name" "02-postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
         02-db:
           enabled: true

library/ix-dev/community/listmonk/templates/_persistence.tpl

@@ -7,6 +7,11 @@ persistence:
       listmonk:
         listmonk:
           mountPath: /listmonk/uploads
+        {{- if and (eq .Values.listmonkStorage.uploads.type "ixVolume")
+                  (not (.Values.listmonkStorage.uploads.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/uploads
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -22,6 +27,10 @@ persistence:
       listmonk:
         listmonk:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end -}}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/n8n/Chart.yaml

@@ -3,7 +3,7 @@ description: n8n is an extendable workflow automation tool.
 annotations:
   title: n8n
 type: application
-version: 1.2.9
+version: 1.2.10
 apiVersion: v2
 appVersion: 1.21.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/n8n/templates/_n8n.tpl

@@ -49,6 +49,11 @@ workload:
               path: /healthz
               port: {{ .Values.n8nNetwork.webPort }}
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" .Values.n8nRunAs.user
+                                                    "GID" .Values.n8nRunAs.group
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.redisWait" (dict  "name" "02-redis-wait"
                                                       "secretName" "redis-creds") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "03-postgres-wait"

library/ix-dev/community/n8n/templates/_persistence.tpl

@@ -7,6 +7,11 @@ persistence:
       n8n:
         n8n:
           mountPath: /data
+        {{- if and (eq .Values.n8nStorage.data.type "ixVolume")
+                  (not (.Values.n8nStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -22,6 +27,10 @@ persistence:
       n8n:
         n8n:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/odoo/Chart.yaml

@@ -3,7 +3,7 @@ description: Odoo is a suite of web based open source business apps.
 annotations:
   title: Odoo
 type: application
-version: 2.0.1
+version: 2.0.2
 apiVersion: v2
 appVersion: '16.0'
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/odoo/templates/_odoo.tpl

@@ -40,7 +40,12 @@ workload:
               path: /web/health
               port: {{ .Values.odooNetwork.webPort }}
       initContainers:
-      {{- include "ix.v1.common.app.postgresWait" (dict "name" "01-postgres-wait"
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" 101
+                                                    "GID" 101
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
+      {{- include "ix.v1.common.app.postgresWait" (dict "name" "02-postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
         {{- if .Release.IsInstall }} {{/* If we use type: install it will run before the postgres wait and fail */}}
         02-db-init:

library/ix-dev/community/odoo/templates/_persistence.tpl

@@ -9,6 +9,11 @@ persistence:
           mountPath: /var/lib/odoo
         02-db-init:
           mountPath: /var/lib/odoo
+        {{- if and (eq .Values.odooStorage.data.type "ixVolume")
+                  (not (.Values.odooStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   addons:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.odooStorage.addons) | nindent 4 }}
@@ -18,6 +23,11 @@ persistence:
           mountPath: /mnt/extra-addons
         02-db-init:
           mountPath: /mnt/extra-addons
+        {{- if and (eq .Values.odooStorage.addons.type "ixVolume")
+                  (not (.Values.odooStorage.addons.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/addons
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -51,6 +61,10 @@ persistence:
       odoo:
         odoo:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/paperless-ngx/Chart.yaml

@@ -4,7 +4,7 @@ description: Paperless-ngx is a document management system that transforms your
 annotations:
   title: Paperless-ngx
 type: application
-version: 1.2.8
+version: 1.2.9
 apiVersion: v2
 appVersion: 2.1.3
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/paperless-ngx/templates/_paperless.tpl

@@ -52,6 +52,11 @@ workload:
               port: {{ .Values.paperlessNetwork.webPort }}
               path: /
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                        "UID" .Values.paperlessID.user
+                                                        "GID" .Values.paperlessID.group
+                                                        "mode" "check"
+                                                        "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.redisWait" (dict  "name" "02-redis-wait"
                                                       "secretName" "redis-creds") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "03-postgres-wait"

library/ix-dev/community/paperless-ngx/templates/_persistence.tpl

@@ -7,6 +7,11 @@ persistence:
       paperless:
         paperless:
           mountPath: /usr/src/paperless/data
+        {{- if and (eq .Values.paperlessStorage.data.type "ixVolume")
+                  (not (.Values.paperlessStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   media:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.paperlessStorage.media) | nindent 4 }}
@@ -14,6 +19,11 @@ persistence:
       paperless:
         paperless:
           mountPath: /usr/src/paperless/media
+        {{- if and (eq .Values.paperlessStorage.media.type "ixVolume")
+                  (not (.Values.paperlessStorage.media.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/media
+        {{- end }}
   consume:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.paperlessStorage.consume) | nindent 4 }}
@@ -21,6 +31,11 @@ persistence:
       paperless:
         paperless:
           mountPath: /usr/src/paperless/consume
+        {{- if and (eq .Values.paperlessStorage.consume.type "ixVolume")
+                  (not (.Values.paperlessStorage.consume.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/consume
+        {{- end }}
   trash:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.paperlessStorage.trash) | nindent 4 }}
@@ -28,6 +43,11 @@ persistence:
       paperless:
         paperless:
           mountPath: /usr/src/paperless/trash
+        {{- if and (eq .Values.paperlessStorage.trash.type "ixVolume")
+                  (not (.Values.paperlessStorage.trash.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/trash
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -43,6 +63,10 @@ persistence:
       paperless:
         paperless:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/planka/Chart.yaml

@@ -3,7 +3,7 @@ description: Planka is an Elegant open source project tracking
 annotations:
   title: Planka
 type: application
-version: 1.2.3
+version: 1.2.4
 apiVersion: v2
 appVersion: 1.15.2
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/planka/templates/_persistence.tpl

@@ -7,6 +7,11 @@ persistence:
       planka:
         planka:
           mountPath: /app/public/user-avatars
+        {{- if and (eq .Values.plankaStorage.avatars.type "ixVolume")
+                  (not (.Values.plankaStorage.avatars.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/avatars
+        {{- end }}
   bg-img:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.plankaStorage.backgroundImages) | nindent 4 }}
@@ -14,6 +19,11 @@ persistence:
       planka:
         planka:
           mountPath: /app/public/project-background-images
+        {{- if and (eq .Values.plankaStorage.backgroundImages.type "ixVolume")
+                  (not (.Values.plankaStorage.backgroundImages.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/backgroundImages
+        {{- end }}
   attachments:
     enabled: true
     {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.plankaStorage.attachments) | nindent 4 }}
@@ -21,6 +31,11 @@ persistence:
       planka:
         planka:
           mountPath: /app/private/attachments
+        {{- if and (eq .Values.plankaStorage.attachments.type "ixVolume")
+                  (not (.Values.plankaStorage.attachments.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/attachments
+        {{- end }}
   tmp:
     enabled: true
     type: emptyDir
@@ -36,6 +51,10 @@ persistence:
       planka:
         planka:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/vaultwarden/Chart.yaml

@@ -3,7 +3,7 @@ description: Alternative implementation of the Bitwarden server API written in R
 annotations:
   title: Vaultwarden
 type: application
-version: 1.1.2
+version: 1.1.3
 apiVersion: v2
 appVersion: 1.30.1
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/vaultwarden/templates/_vaultwarden.tpl

@@ -55,6 +55,11 @@ workload:
               type: exec
               command: /healthcheck.sh
       initContainers:
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                    "UID" .Values.vaultwardenRunAs.user
+                                                    "GID" .Values.vaultwardenRunAs.group
+                                                    "mode" "check"
+                                                    "type" "install") | nindent 8 }}
       {{- include "ix.v1.common.app.postgresWait" (dict "name" "postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
 
@@ -87,6 +92,11 @@ persistence:
       vaultwarden:
         vaultwarden:
           mountPath: /data
+        {{- if and (eq .Values.vaultwardenStorage.data.type "ixVolume")
+                  (not (.Values.vaultwardenStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
 
   {{- range $idx, $storage := .Values.vaultwardenStorage.additionalStorages }}
   {{ printf "vaultwarden-%v:" (int $idx) }}
@@ -96,6 +106,10 @@ persistence:
       vaultwarden:
         vaultwarden:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end }}
 
   {{- if .Values.vaultwardenNetwork.certificateID }}

library/ix-dev/community/vikunja/Chart.yaml

@@ -3,7 +3,7 @@ description: Vikunja is an open-source, self-hostable to-do app.
 annotations:
   title: Vikunja
 type: application
-version: 1.0.2
+version: 1.0.3
 apiVersion: v2
 appVersion: 0.21.0
 kubeVersion: '>=1.16.0-0'

library/ix-dev/community/vikunja/templates/_persistence.tpl

@@ -28,6 +28,11 @@ persistence:
       vikunja-api:
         vikunja-api:
           mountPath: /app/vikunja/files
+        {{- if and (eq .Values.vikunjaStorage.data.type "ixVolume")
+                  (not (.Values.vikunjaStorage.data.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories/data
+        {{- end }}
   nginx:
     enabled: true
     type: configmap
@@ -48,6 +53,10 @@ persistence:
       vikunja-api:
         vikunja-api:
           mountPath: {{ $storage.mountPath }}
+        {{- if and (eq $storage.type "ixVolume") (not ($storage.ixVolumeConfig | default dict).aclEnable) }}
+        01-permissions:
+          mountPath: /mnt/directories{{ $storage.mountPath }}
+        {{- end }}
   {{- end -}}
 
   {{- include "ix.v1.common.app.postgresPersistence"

library/ix-dev/community/vikunja/templates/_vikunja_api.tpl

@@ -48,8 +48,13 @@ workload:
               port: {{ .Values.vikunjaPorts.api }}
               path: /health
       initContainers:
-      {{- include "ix.v1.common.app.redisWait" (dict  "name" "01-redis-wait"
+      {{- include "ix.v1.common.app.permissions" (dict "containerName" "01-permissions"
+                                                        "UID" .Values.vikunjaRunAs.user
+                                                        "GID" .Values.vikunjaRunAs.group
+                                                        "mode" "check"
+                                                        "type" "install") | nindent 8 }}
+      {{- include "ix.v1.common.app.redisWait" (dict  "name" "02-redis-wait"
                                                       "secretName" "redis-creds") | nindent 8 }}
-      {{- include "ix.v1.common.app.postgresWait" (dict "name" "02-postgres-wait"
+      {{- include "ix.v1.common.app.postgresWait" (dict "name" "03-postgres-wait"
                                                         "secretName" "postgres-creds") | nindent 8 }}
 {{- end -}}