bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud: reset storage mounts and restore office

Browse Source
This commit is contained in:
Brad Stein 2026-01-07 08:43:45 -03:00
parent cb7429a6a1
commit 3db0661a48
7 changed files with 199 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
services/nextcloud-mail-sync/cronjob.yaml
View File

@ -66,17 +66,22 @@ spec:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
- name: sync-script
mountPath: /sync/sync.sh
subPath: sync.sh
volumes:
- name: nextcloud-app
- name: nextcloud-config-pvc
persistentVolumeClaim:
claimName: nextcloud-app
claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data
persistentVolumeClaim:
claimName: nextcloud-user-data

79
services/nextcloud/collabora.yaml Normal file
View File

@ -0,0 +1,79 @@
# services/nextcloud/collabora.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: collabora
namespace: nextcloud
labels:
app: collabora
spec:
replicas: 1
selector:
matchLabels:
app: collabora
template:
metadata:
labels:
app: collabora
spec:
nodeSelector:
hardware: rpi5
containers:
- name: collabora
image: collabora/code:latest
imagePullPolicy: IfNotPresent
env:
- name: domain
value: cloud\\.bstein\\.dev
- name: DONT_GEN_SSL_CERT
value: "true"
- name: extra_params
value: --o:ssl.enable=false --o:ssl.termination=true
ports:
- containerPort: 9980
name: http
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: collabora
namespace: nextcloud
spec:
selector:
app: collabora
ports:
- name: http
port: 9980
targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: collabora
namespace: nextcloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- office.bstein.dev
secretName: collabora-tls
rules:
- host: office.bstein.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: collabora
port:
number: 9980

13
services/nextcloud/cronjob.yaml
View File

@ -24,14 +24,19 @@ spec:
args:
- "cd /var/www/html && php -f cron.php"
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
volumes:
- name: nextcloud-app
- name: nextcloud-config-pvc
persistentVolumeClaim:
claimName: nextcloud-app
claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data
persistentVolumeClaim:
claimName: nextcloud-user-data

98
services/nextcloud/deployment.yaml
View File

@ -23,6 +23,44 @@ spec:
runAsUser: 33
runAsGroup: 33
initContainers:
- name: db-reset
image: postgres:16-alpine
command: ["/bin/sh", "-c"]
args:
- |
set -e
mkdir -p /var/www/html/config
if [ ! -f /var/www/html/config/.db_initialized ]; then
rm -f /var/www/html/config/config.php || true
psql "host=${POSTGRES_HOST} user=${POSTGRES_USER} password=${POSTGRES_PASSWORD} dbname=${POSTGRES_DB}" -v ON_ERROR_STOP=1 <<'SQL'
DROP SCHEMA IF EXISTS public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO PUBLIC;
SQL
touch /var/www/html/config/.db_initialized
chown 33:33 /var/www/html/config/.db_initialized || true
fi
env:
- name: POSTGRES_HOST
value: postgres-service.postgres.svc.cluster.local
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: nextcloud-db
key: database
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-password
volumeMounts:
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: fix-perms
image: alpine:3.20
command: ["/bin/sh", "-c"]
@ -31,28 +69,28 @@ spec:
if [ ! -s /var/www/html/config/config.php ]; then
rm -f /var/www/html/config/config.php || true
fi
mkdir -p /var/www/html/data || true
if [ ! -f /var/www/html/data/.ocdata ]; then
mkdir -p /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true
if [ ! -s /var/www/html/config/config.php ]; then
rm -f /var/www/html/data/.ocdata || true
fi
if [ -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then
touch /var/www/html/data/.ocdata
fi
if [ -s /var/www/html/config/config.php ] && ! grep -q "'installed'" /var/www/html/config/config.php; then
sed -i "/^);/i\\ 'installed' => true," /var/www/html/config/config.php
fi
chown 33:33 /var/www/html || true
chmod 775 /var/www/html || true
chown 33:33 /var/www/html/config || true
chown 33:33 /var/www/html/config/config.php || true
chown -R 33:33 /var/www/html/data || true
chown -R 33:33 /var/www/html/apps /var/www/html/custom_apps || true
chown -R 33:33 /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true
securityContext:
runAsUser: 0
runAsGroup: 0
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
- name: nextcloud-config
- name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php
- name: install-nextcloud
@ -64,7 +102,7 @@ spec:
args:
- |
installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)"
if [ ! -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then
if [ ! -s /var/www/html/config/config.php ]; then
su -s /bin/sh www-data -c "php /var/www/html/occ maintenance:install --database pgsql --database-host \"${POSTGRES_HOST}\" --database-name \"${POSTGRES_DB}\" --database-user \"${POSTGRES_USER}\" --database-pass \"${POSTGRES_PASSWORD}\" --admin-user \"${NEXTCLOUD_ADMIN_USER}\" --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --data-dir /var/www/html/data"
chown 33:33 /var/www/html/config/config.php || true
chown -R 33:33 /var/www/html/data || true
@ -79,6 +117,10 @@ spec:
su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_hide_password_form --type=boolean --value=true"
su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_disable_registration --type=boolean --value=false"
}
configure_office() {
su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments wopi_url --value='https://office.bstein.dev'"
su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments public_wopi_url --value='https://office.bstein.dev'"
}
ensure_mime_defaults() {
cfg_dir="/var/www/html/resources/config"
mkdir -p "${cfg_dir}"
@ -102,10 +144,17 @@ spec:
chown -R 33:33 "${target}"
su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true
}
ensure_app() {
app="$1"
su -s /bin/sh www-data -c "php /var/www/html/occ app:install --force ${app}" || true
su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true
}
ensure_mime_defaults
install_app oidc_login https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.2/oidc_login.tar.gz
install_app external https://github.com/nextcloud-releases/external/releases/download/v5.4.1/external-v5.4.1.tar.gz
install_app mail https://github.com/nextcloud-releases/mail/releases/download/v3.7.24/mail-stable3.7.tar.gz
ensure_app richdocuments
configure_office
configure_oidc
fi
env:
@ -147,11 +196,13 @@ spec:
name: nextcloud-oidc
key: client-secret
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
- name: nextcloud-config
- name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php
containers:
@ -236,11 +287,13 @@ spec:
- containerPort: 80
name: http
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
- name: nextcloud-config
- name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php
resources:
@ -251,13 +304,16 @@ spec:
cpu: 1
memory: 3Gi
volumes:
- name: nextcloud-app
- name: nextcloud-config-pvc
persistentVolumeClaim:
claimName: nextcloud-app
claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data
persistentVolumeClaim:
claimName: nextcloud-user-data
- name: nextcloud-config
- name: nextcloud-config-extra
configMap:
name: nextcloud-config
defaultMode: 0444

1
services/nextcloud/kustomization.yaml
View File

@ -7,6 +7,7 @@ resources:
- configmap.yaml
- pvc.yaml
- deployment.yaml
- collabora.yaml
- cronjob.yaml
- maintenance-cronjob.yaml
- service.yaml

13
services/nextcloud/maintenance-cronjob.yaml
View File

@ -34,8 +34,10 @@ spec:
name: nextcloud-admin
key: admin-password
volumeMounts:
- name: nextcloud-app
mountPath: /var/www/html
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data
mountPath: /var/www/html/data
- name: maintenance-script
@ -49,9 +51,12 @@ spec:
cpu: 500m
memory: 512Mi
volumes:
- name: nextcloud-app
- name: nextcloud-config-pvc
persistentVolumeClaim:
claimName: nextcloud-app
claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data
persistentVolumeClaim:
claimName: nextcloud-user-data

32
services/nextcloud/pvc.yaml
View File

@ -2,16 +2,28 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-app
name: nextcloud-config
namespace: nextcloud
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
storage: 5Gi
storageClassName: astreae
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-custom-apps
namespace: nextcloud
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: astreae
volumeName: pvc-9cf910d9-ae30-48e6-8d90-a6cbbf3cd2cf
---
apiVersion: v1
kind: PersistentVolumeClaim
@ -26,17 +38,3 @@ spec:
storage: 2Ti
storageClassName: asteria
volumeName: pvc-d918158d-422f-4928-beaa-27862611fbe5
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-data
namespace: nextcloud
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi
storageClassName: astreae
volumeName: pvc-061a70fd-1dc5-4c37-8f3e-2c7156c26ae6