titan-iac/services/nextcloud/maintenance-cronjob.yaml

# services/nextcloud/maintenance-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
  name: nextcloud-maintenance
  namespace: nextcloud
spec:
  schedule: "30 4 * * *"
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      template:
        metadata:
          annotations:
            vault.hashicorp.com/agent-inject: "true"
            vault.hashicorp.com/agent-pre-populate-only: "true"
            vault.hashicorp.com/role: "nextcloud"
            vault.hashicorp.com/agent-inject-secret-nextcloud-env.sh: "kv/data/atlas/nextcloud/nextcloud-db"
            vault.hashicorp.com/agent-inject-template-nextcloud-env.sh: |
              {{ with secret "kv/data/atlas/nextcloud/nextcloud-db" }}
              export POSTGRES_DB="{{ .Data.data.database }}"
              export POSTGRES_USER="{{ index .Data.data "db-username" }}"
              export POSTGRES_PASSWORD="{{ index .Data.data "db-password" }}"
              {{ end }}
              {{ with secret "kv/data/atlas/nextcloud/nextcloud-admin" }}
              export NEXTCLOUD_ADMIN_USER="{{ index .Data.data "admin-user" }}"
              export NEXTCLOUD_ADMIN_PASSWORD="{{ index .Data.data "admin-password" }}"
              {{ end }}
              export ADMIN_USER="${NEXTCLOUD_ADMIN_USER}"
              export ADMIN_PASS="${NEXTCLOUD_ADMIN_PASSWORD}"
              {{ with secret "kv/data/atlas/nextcloud/nextcloud-oidc" }}
              export OIDC_CLIENT_ID="{{ index .Data.data "client-id" }}"
              export OIDC_CLIENT_SECRET="{{ index .Data.data "client-secret" }}"
              {{ end }}
              {{ with secret "kv/data/atlas/shared/postmark-relay" }}
              export SMTP_NAME="{{ index .Data.data "apikey" }}"
              export SMTP_PASSWORD="{{ index .Data.data "apikey" }}"
              {{ end }}
              {{ with secret "kv/data/atlas/shared/keycloak-admin" }}
              export KC_ADMIN_USER="{{ .Data.data.username }}"
              export KC_ADMIN_PASS="{{ .Data.data.password }}"
              {{ end }}
        spec:
          restartPolicy: OnFailure
          securityContext:
            runAsUser: 0
            runAsGroup: 0
          serviceAccountName: nextcloud-vault
          containers:
            - name: maintenance
              image: nextcloud:29-apache
              imagePullPolicy: IfNotPresent
              command: ["/bin/sh", "-c"]
              args:
                - |
                  set -eu
                  . /vault/secrets/nextcloud-env.sh
                  exec /maintenance/maintenance.sh
              env:
                - name: NC_URL
                  value: https://cloud.bstein.dev
              volumeMounts:
                - name: nextcloud-web
                  mountPath: /var/www/html
                - name: nextcloud-config-pvc
                  mountPath: /var/www/html/config
                - name: nextcloud-custom-apps
                  mountPath: /var/www/html/custom_apps
                - name: nextcloud-user-data
                  mountPath: /var/www/html/data
                - name: maintenance-script
                  mountPath: /maintenance/maintenance.sh
                  subPath: maintenance.sh
              resources:
                requests:
                  cpu: 100m
                  memory: 256Mi
                limits:
                  cpu: 500m
                  memory: 512Mi
          volumes:
            - name: nextcloud-config-pvc
              persistentVolumeClaim:
                claimName: nextcloud-config-v2
            - name: nextcloud-custom-apps
              persistentVolumeClaim:
                claimName: nextcloud-custom-apps-v2
            - name: nextcloud-user-data
              persistentVolumeClaim:
                claimName: nextcloud-user-data-v2
            - name: nextcloud-web
              persistentVolumeClaim:
                claimName: nextcloud-web-v2
            - name: maintenance-script
              configMap:
                name: nextcloud-maintenance-script
                defaultMode: 0755
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`# services/nextcloud/maintenance-cronjob.yaml`
			`apiVersion: batch/v1`
			`kind: CronJob`
			`metadata:`
			`name: nextcloud-maintenance`
			`namespace: nextcloud`
			`spec:`
			`schedule: "30 4 * * *"`
			`concurrencyPolicy: Forbid`
			`jobTemplate:`
			`spec:`
			`template:`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`metadata:`
			`annotations:`
			`vault.hashicorp.com/agent-inject: "true"`
vault: prepopulate injector for jobs 2026-01-14 14:29:29 -03:00			`vault.hashicorp.com/agent-pre-populate-only: "true"`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`vault.hashicorp.com/role: "nextcloud"`
			`vault.hashicorp.com/agent-inject-secret-nextcloud-env.sh: "kv/data/atlas/nextcloud/nextcloud-db"`
			`vault.hashicorp.com/agent-inject-template-nextcloud-env.sh: \|`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ with secret "kv/data/atlas/nextcloud/nextcloud-db" }}`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`export POSTGRES_DB="{{ .Data.data.database }}"`
nextcloud: fix vault template keys 2026-01-14 13:00:21 -03:00			`export POSTGRES_USER="{{ index .Data.data "db-username" }}"`
			`export POSTGRES_PASSWORD="{{ index .Data.data "db-password" }}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ end }}`
			`{{ with secret "kv/data/atlas/nextcloud/nextcloud-admin" }}`
nextcloud: fix vault template keys 2026-01-14 13:00:21 -03:00			`export NEXTCLOUD_ADMIN_USER="{{ index .Data.data "admin-user" }}"`
			`export NEXTCLOUD_ADMIN_PASSWORD="{{ index .Data.data "admin-password" }}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ end }}`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`export ADMIN_USER="${NEXTCLOUD_ADMIN_USER}"`
			`export ADMIN_PASS="${NEXTCLOUD_ADMIN_PASSWORD}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ with secret "kv/data/atlas/nextcloud/nextcloud-oidc" }}`
nextcloud: fix vault template keys 2026-01-14 13:00:21 -03:00			`export OIDC_CLIENT_ID="{{ index .Data.data "client-id" }}"`
			`export OIDC_CLIENT_SECRET="{{ index .Data.data "client-secret" }}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ end }}`
			`{{ with secret "kv/data/atlas/shared/postmark-relay" }}`
monitoring: add testing dashboard and switch postmark apikey 2026-01-18 09:21:33 -03:00			`export SMTP_NAME="{{ index .Data.data "apikey" }}"`
			`export SMTP_PASSWORD="{{ index .Data.data "apikey" }}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ end }}`
			`{{ with secret "kv/data/atlas/shared/keycloak-admin" }}`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`export KC_ADMIN_USER="{{ .Data.data.username }}"`
			`export KC_ADMIN_PASS="{{ .Data.data.password }}"`
vault: stabilize injector templates and add health apps 2026-01-14 13:40:29 -03:00			`{{ end }}`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`spec:`
			`restartPolicy: OnFailure`
			`securityContext:`
			`runAsUser: 0`
			`runAsGroup: 0`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`serviceAccountName: nextcloud-vault`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`containers:`
			`- name: maintenance`
			`image: nextcloud:29-apache`
			`imagePullPolicy: IfNotPresent`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`command: ["/bin/sh", "-c"]`
			`args:`
			`- \|`
nextcloud: fix cronjob shell flags 2026-01-15 03:08:01 -03:00			`set -eu`
vault: move core apps to injector 2026-01-14 12:28:10 -03:00			`. /vault/secrets/nextcloud-env.sh`
vault(consumption): sync secrets via CSI 2026-01-14 05:07:23 -03:00			`exec /maintenance/maintenance.sh`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`env:`
			`- name: NC_URL`
			`value: https://cloud.bstein.dev`
			`volumeMounts:`
nextcloud: persist web root in pvc 2026-01-07 09:40:25 -03:00			`- name: nextcloud-web`
			`mountPath: /var/www/html`
nextcloud: reset storage mounts and restore office 2026-01-07 08:43:45 -03:00			`- name: nextcloud-config-pvc`
			`mountPath: /var/www/html/config`
			`- name: nextcloud-custom-apps`
			`mountPath: /var/www/html/custom_apps`
nextcloud: align app/data mounts 2026-01-07 04:41:00 -03:00			`- name: nextcloud-user-data`
			`mountPath: /var/www/html/data`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`- name: maintenance-script`
			`mountPath: /maintenance/maintenance.sh`
			`subPath: maintenance.sh`
			`resources:`
			`requests:`
			`cpu: 100m`
			`memory: 256Mi`
			`limits:`
			`cpu: 500m`
			`memory: 512Mi`
			`volumes:`
nextcloud: reset storage mounts and restore office 2026-01-07 08:43:45 -03:00			`- name: nextcloud-config-pvc`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`persistentVolumeClaim:`
nextcloud: reset storage claims 2026-01-07 10:13:09 -03:00			`claimName: nextcloud-config-v2`
nextcloud: reset storage mounts and restore office 2026-01-07 08:43:45 -03:00			`- name: nextcloud-custom-apps`
			`persistentVolumeClaim:`
nextcloud: reset storage claims 2026-01-07 10:13:09 -03:00			`claimName: nextcloud-custom-apps-v2`
nextcloud: align app/data mounts 2026-01-07 04:41:00 -03:00			`- name: nextcloud-user-data`
			`persistentVolumeClaim:`
nextcloud: reset storage claims 2026-01-07 10:13:09 -03:00			`claimName: nextcloud-user-data-v2`
nextcloud: persist web root in pvc 2026-01-07 09:40:25 -03:00			`- name: nextcloud-web`
			`persistentVolumeClaim:`
nextcloud: reset storage claims 2026-01-07 10:13:09 -03:00			`claimName: nextcloud-web-v2`
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`- name: maintenance-script`
			`configMap:`
			`name: nextcloud-maintenance-script`
nextcloud: fix cronjob shell flags 2026-01-15 03:08:01 -03:00			`defaultMode: 0755`