titan-iac/services/nextcloud/deployment.yaml

# services/nextcloud/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud
  namespace: nextcloud
  labels:
    app: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nextcloud
  template:
    metadata:
      labels:
        app: nextcloud
    spec:
      nodeSelector:
        hardware: rpi5
      securityContext:
        fsGroup: 33
        runAsUser: 33
        runAsGroup: 33
      initContainers:
        - name: fix-perms
          image: alpine:3.20
          command: ["/bin/sh", "-c"]
          args:
            - |
              chown -R 33:33 /var/www/html/config || true
              chown -R 33:33 /var/www/html/data || true
          securityContext:
            runAsUser: 0
            runAsGroup: 0
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
            - name: nextcloud-config
              mountPath: /var/www/html/config/extra.config.php
              subPath: extra.config.php
      containers:
        - name: nextcloud
          image: nextcloud:29-apache
          imagePullPolicy: IfNotPresent
          env:
            # DB (external secret required: nextcloud-db with keys username,password,database)
            - name: POSTGRES_HOST
              value: postgres-service.postgres.svc.cluster.local
            - name: POSTGRES_DB
              valueFrom:
                secretKeyRef:
                  name: nextcloud-db
                  key: database
            - name: POSTGRES_USER
              valueFrom:
                secretKeyRef:
                  name: nextcloud-db
                  key: db-username
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-db
                  key: db-password
            # Admin bootstrap (external secret: nextcloud-admin with keys admin-user, admin-password)
            - name: NEXTCLOUD_ADMIN_USER
              valueFrom:
                secretKeyRef:
                  name: nextcloud-admin
                  key: admin-user
            - name: NEXTCLOUD_ADMIN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-admin
                  key: admin-password
            - name: NEXTCLOUD_TRUSTED_DOMAINS
              value: cloud.bstein.dev
            - name: OVERWRITEHOST
              value: cloud.bstein.dev
            - name: OVERWRITEPROTOCOL
              value: https
            - name: OVERWRITECLIURL
              value: https://cloud.bstein.dev
            # SMTP (external secret: nextcloud-smtp with keys username, password)
            - name: SMTP_HOST
              value: mail.bstein.dev
            - name: SMTP_PORT
              value: "587"
            - name: SMTP_SECURE
              value: tls
            - name: SMTP_NAME
              valueFrom:
                secretKeyRef:
                  name: nextcloud-smtp
                  key: smtp-username
            - name: SMTP_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-smtp
                  key: smtp-password
            - name: MAIL_FROM_ADDRESS
              value: no-reply
            - name: MAIL_DOMAIN
              value: bstein.dev
            # OIDC (external secret: nextcloud-oidc with keys client-id, client-secret)
            - name: OIDC_CLIENT_ID
              valueFrom:
                secretKeyRef:
                  name: nextcloud-oidc
                  key: client-id
            - name: OIDC_CLIENT_SECRET
              valueFrom:
                secretKeyRef:
                  name: nextcloud-oidc
                  key: client-secret
            - name: NEXTCLOUD_UPDATE
              value: "1"
            - name: APP_INSTALL
              value: "mail,oidc_login,external"
          ports:
            - containerPort: 80
              name: http
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
            - name: nextcloud-config
              mountPath: /var/www/html/config/extra.config.php
              subPath: extra.config.php
          resources:
            requests:
              cpu: 250m
              memory: 1Gi
            limits:
              cpu: 1
              memory: 3Gi
      volumes:
        - name: nextcloud-data
          persistentVolumeClaim:
            claimName: nextcloud-data
        - name: nextcloud-config
          configMap:
            name: nextcloud-config
            defaultMode: 0444
Extract nextcloud scripts to files 2025-12-14 13:59:16 -03:00			`# services/nextcloud/deployment.yaml`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: nextcloud`
			`namespace: nextcloud`
			`labels:`
			`app: nextcloud`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: nextcloud`
			`template:`
			`metadata:`
			`labels:`
			`app: nextcloud`
			`spec:`
			`nodeSelector:`
			`hardware: rpi5`
			`securityContext:`
			`fsGroup: 33`
			`runAsUser: 33`
			`runAsGroup: 33`
			`initContainers:`
			`- name: fix-perms`
			`image: alpine:3.20`
			`command: ["/bin/sh", "-c"]`
			`args:`
			`- \|`
			`chown -R 33:33 /var/www/html/config \|\| true`
			`chown -R 33:33 /var/www/html/data \|\| true`
			`securityContext:`
			`runAsUser: 0`
			`runAsGroup: 0`
			`volumeMounts:`
			`- name: nextcloud-data`
			`mountPath: /var/www/html`
			`- name: nextcloud-config`
			`mountPath: /var/www/html/config/extra.config.php`
			`subPath: extra.config.php`
			`containers:`
			`- name: nextcloud`
			`image: nextcloud:29-apache`
			`imagePullPolicy: IfNotPresent`
			`env:`
			`# DB (external secret required: nextcloud-db with keys username,password,database)`
			`- name: POSTGRES_HOST`
			`value: postgres-service.postgres.svc.cluster.local`
			`- name: POSTGRES_DB`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-db`
			`key: database`
			`- name: POSTGRES_USER`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-db`
			`key: db-username`
			`- name: POSTGRES_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-db`
			`key: db-password`
			`# Admin bootstrap (external secret: nextcloud-admin with keys admin-user, admin-password)`
			`- name: NEXTCLOUD_ADMIN_USER`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-admin`
			`key: admin-user`
			`- name: NEXTCLOUD_ADMIN_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-admin`
			`key: admin-password`
			`- name: NEXTCLOUD_TRUSTED_DOMAINS`
			`value: cloud.bstein.dev`
			`- name: OVERWRITEHOST`
			`value: cloud.bstein.dev`
			`- name: OVERWRITEPROTOCOL`
			`value: https`
			`- name: OVERWRITECLIURL`
			`value: https://cloud.bstein.dev`
			`# SMTP (external secret: nextcloud-smtp with keys username, password)`
			`- name: SMTP_HOST`
			`value: mail.bstein.dev`
			`- name: SMTP_PORT`
			`value: "587"`
			`- name: SMTP_SECURE`
			`value: tls`
			`- name: SMTP_NAME`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-smtp`
			`key: smtp-username`
			`- name: SMTP_PASSWORD`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-smtp`
			`key: smtp-password`
			`- name: MAIL_FROM_ADDRESS`
			`value: no-reply`
			`- name: MAIL_DOMAIN`
			`value: bstein.dev`
			`# OIDC (external secret: nextcloud-oidc with keys client-id, client-secret)`
			`- name: OIDC_CLIENT_ID`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-oidc`
			`key: client-id`
			`- name: OIDC_CLIENT_SECRET`
			`valueFrom:`
			`secretKeyRef:`
			`name: nextcloud-oidc`
			`key: client-secret`
			`- name: NEXTCLOUD_UPDATE`
			`value: "1"`
			`- name: APP_INSTALL`
			`value: "mail,oidc_login,external"`
			`ports:`
			`- containerPort: 80`
			`name: http`
			`volumeMounts:`
			`- name: nextcloud-data`
			`mountPath: /var/www/html`
			`- name: nextcloud-config`
			`mountPath: /var/www/html/config/extra.config.php`
			`subPath: extra.config.php`
			`resources:`
			`requests:`
			`cpu: 250m`
			`memory: 1Gi`
			`limits:`
			`cpu: 1`
			`memory: 3Gi`
			`volumes:`
			`- name: nextcloud-data`
			`persistentVolumeClaim:`
			`claimName: nextcloud-data`
			`- name: nextcloud-config`
			`configMap:`
			`name: nextcloud-config`
			`defaultMode: 0444`