From 3db0661a48ee54c2184fd7229ee8b4d5dbbdb081 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Wed, 7 Jan 2026 08:43:45 -0300 Subject: [PATCH] nextcloud: reset storage mounts and restore office --- services/nextcloud-mail-sync/cronjob.yaml | 13 ++- services/nextcloud/collabora.yaml | 79 +++++++++++++++++ services/nextcloud/cronjob.yaml | 13 ++- services/nextcloud/deployment.yaml | 98 ++++++++++++++++----- services/nextcloud/kustomization.yaml | 1 + services/nextcloud/maintenance-cronjob.yaml | 13 ++- services/nextcloud/pvc.yaml | 32 ++++--- 7 files changed, 199 insertions(+), 50 deletions(-) create mode 100644 services/nextcloud/collabora.yaml diff --git a/services/nextcloud-mail-sync/cronjob.yaml b/services/nextcloud-mail-sync/cronjob.yaml index efce1ad..9973ab0 100644 --- a/services/nextcloud-mail-sync/cronjob.yaml +++ b/services/nextcloud-mail-sync/cronjob.yaml @@ -66,17 +66,22 @@ spec: cpu: 500m memory: 512Mi volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - name: sync-script mountPath: /sync/sync.sh subPath: sync.sh volumes: - - name: nextcloud-app + - name: nextcloud-config-pvc persistentVolumeClaim: - claimName: nextcloud-app + claimName: nextcloud-config + - name: nextcloud-custom-apps + persistentVolumeClaim: + claimName: nextcloud-custom-apps - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data diff --git a/services/nextcloud/collabora.yaml b/services/nextcloud/collabora.yaml new file mode 100644 index 0000000..1cda2ea --- /dev/null +++ b/services/nextcloud/collabora.yaml @@ -0,0 +1,79 @@ +# services/nextcloud/collabora.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: collabora + namespace: nextcloud + labels: + app: collabora +spec: + replicas: 1 + selector: + matchLabels: + app: collabora + template: + metadata: + labels: + app: collabora + spec: + nodeSelector: + hardware: rpi5 + containers: + - name: collabora + image: collabora/code:latest + imagePullPolicy: IfNotPresent + env: + - name: domain + value: cloud\\.bstein\\.dev + - name: DONT_GEN_SSL_CERT + value: "true" + - name: extra_params + value: --o:ssl.enable=false --o:ssl.termination=true + ports: + - containerPort: 9980 + name: http + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 1 + memory: 2Gi +--- +apiVersion: v1 +kind: Service +metadata: + name: collabora + namespace: nextcloud +spec: + selector: + app: collabora + ports: + - name: http + port: 9980 + targetPort: http +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: collabora + namespace: nextcloud + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + traefik.ingress.kubernetes.io/router.entrypoints: websecure +spec: + tls: + - hosts: + - office.bstein.dev + secretName: collabora-tls + rules: + - host: office.bstein.dev + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: collabora + port: + number: 9980 diff --git a/services/nextcloud/cronjob.yaml b/services/nextcloud/cronjob.yaml index 7900bb1..53772a5 100644 --- a/services/nextcloud/cronjob.yaml +++ b/services/nextcloud/cronjob.yaml @@ -24,14 +24,19 @@ spec: args: - "cd /var/www/html && php -f cron.php" volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data volumes: - - name: nextcloud-app + - name: nextcloud-config-pvc persistentVolumeClaim: - claimName: nextcloud-app + claimName: nextcloud-config + - name: nextcloud-custom-apps + persistentVolumeClaim: + claimName: nextcloud-custom-apps - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data diff --git a/services/nextcloud/deployment.yaml b/services/nextcloud/deployment.yaml index 8a05102..85cf561 100644 --- a/services/nextcloud/deployment.yaml +++ b/services/nextcloud/deployment.yaml @@ -23,6 +23,44 @@ spec: runAsUser: 33 runAsGroup: 33 initContainers: + - name: db-reset + image: postgres:16-alpine + command: ["/bin/sh", "-c"] + args: + - | + set -e + mkdir -p /var/www/html/config + if [ ! -f /var/www/html/config/.db_initialized ]; then + rm -f /var/www/html/config/config.php || true + psql "host=${POSTGRES_HOST} user=${POSTGRES_USER} password=${POSTGRES_PASSWORD} dbname=${POSTGRES_DB}" -v ON_ERROR_STOP=1 <<'SQL' + DROP SCHEMA IF EXISTS public CASCADE; + CREATE SCHEMA public; + GRANT ALL ON SCHEMA public TO PUBLIC; +SQL + touch /var/www/html/config/.db_initialized + chown 33:33 /var/www/html/config/.db_initialized || true + fi + env: + - name: POSTGRES_HOST + value: postgres-service.postgres.svc.cluster.local + - name: POSTGRES_DB + valueFrom: + secretKeyRef: + name: nextcloud-db + key: database + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-username + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-db + key: db-password + volumeMounts: + - name: nextcloud-config-pvc + mountPath: /var/www/html/config - name: fix-perms image: alpine:3.20 command: ["/bin/sh", "-c"] @@ -31,28 +69,28 @@ spec: if [ ! -s /var/www/html/config/config.php ]; then rm -f /var/www/html/config/config.php || true fi - mkdir -p /var/www/html/data || true - if [ ! -f /var/www/html/data/.ocdata ]; then + mkdir -p /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true + if [ ! -s /var/www/html/config/config.php ]; then + rm -f /var/www/html/data/.ocdata || true + fi + if [ -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then touch /var/www/html/data/.ocdata fi if [ -s /var/www/html/config/config.php ] && ! grep -q "'installed'" /var/www/html/config/config.php; then sed -i "/^);/i\\ 'installed' => true," /var/www/html/config/config.php fi - chown 33:33 /var/www/html || true - chmod 775 /var/www/html || true - chown 33:33 /var/www/html/config || true - chown 33:33 /var/www/html/config/config.php || true - chown -R 33:33 /var/www/html/data || true - chown -R 33:33 /var/www/html/apps /var/www/html/custom_apps || true + chown -R 33:33 /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true securityContext: runAsUser: 0 runAsGroup: 0 volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - - name: nextcloud-config + - name: nextcloud-config-extra mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php - name: install-nextcloud @@ -64,7 +102,7 @@ spec: args: - | installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)" - if [ ! -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then + if [ ! -s /var/www/html/config/config.php ]; then su -s /bin/sh www-data -c "php /var/www/html/occ maintenance:install --database pgsql --database-host \"${POSTGRES_HOST}\" --database-name \"${POSTGRES_DB}\" --database-user \"${POSTGRES_USER}\" --database-pass \"${POSTGRES_PASSWORD}\" --admin-user \"${NEXTCLOUD_ADMIN_USER}\" --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --data-dir /var/www/html/data" chown 33:33 /var/www/html/config/config.php || true chown -R 33:33 /var/www/html/data || true @@ -79,6 +117,10 @@ spec: su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_hide_password_form --type=boolean --value=true" su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_disable_registration --type=boolean --value=false" } + configure_office() { + su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments wopi_url --value='https://office.bstein.dev'" + su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments public_wopi_url --value='https://office.bstein.dev'" + } ensure_mime_defaults() { cfg_dir="/var/www/html/resources/config" mkdir -p "${cfg_dir}" @@ -102,10 +144,17 @@ spec: chown -R 33:33 "${target}" su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true } + ensure_app() { + app="$1" + su -s /bin/sh www-data -c "php /var/www/html/occ app:install --force ${app}" || true + su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true + } ensure_mime_defaults install_app oidc_login https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.2/oidc_login.tar.gz install_app external https://github.com/nextcloud-releases/external/releases/download/v5.4.1/external-v5.4.1.tar.gz install_app mail https://github.com/nextcloud-releases/mail/releases/download/v3.7.24/mail-stable3.7.tar.gz + ensure_app richdocuments + configure_office configure_oidc fi env: @@ -147,11 +196,13 @@ spec: name: nextcloud-oidc key: client-secret volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - - name: nextcloud-config + - name: nextcloud-config-extra mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php containers: @@ -236,11 +287,13 @@ spec: - containerPort: 80 name: http volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - - name: nextcloud-config + - name: nextcloud-config-extra mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php resources: @@ -251,13 +304,16 @@ spec: cpu: 1 memory: 3Gi volumes: - - name: nextcloud-app + - name: nextcloud-config-pvc persistentVolumeClaim: - claimName: nextcloud-app + claimName: nextcloud-config + - name: nextcloud-custom-apps + persistentVolumeClaim: + claimName: nextcloud-custom-apps - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data - - name: nextcloud-config + - name: nextcloud-config-extra configMap: name: nextcloud-config defaultMode: 0444 diff --git a/services/nextcloud/kustomization.yaml b/services/nextcloud/kustomization.yaml index 271b854..8192690 100644 --- a/services/nextcloud/kustomization.yaml +++ b/services/nextcloud/kustomization.yaml @@ -7,6 +7,7 @@ resources: - configmap.yaml - pvc.yaml - deployment.yaml + - collabora.yaml - cronjob.yaml - maintenance-cronjob.yaml - service.yaml diff --git a/services/nextcloud/maintenance-cronjob.yaml b/services/nextcloud/maintenance-cronjob.yaml index c9421dd..a3d0bb6 100644 --- a/services/nextcloud/maintenance-cronjob.yaml +++ b/services/nextcloud/maintenance-cronjob.yaml @@ -34,8 +34,10 @@ spec: name: nextcloud-admin key: admin-password volumeMounts: - - name: nextcloud-app - mountPath: /var/www/html + - name: nextcloud-config-pvc + mountPath: /var/www/html/config + - name: nextcloud-custom-apps + mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - name: maintenance-script @@ -49,9 +51,12 @@ spec: cpu: 500m memory: 512Mi volumes: - - name: nextcloud-app + - name: nextcloud-config-pvc persistentVolumeClaim: - claimName: nextcloud-app + claimName: nextcloud-config + - name: nextcloud-custom-apps + persistentVolumeClaim: + claimName: nextcloud-custom-apps - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data diff --git a/services/nextcloud/pvc.yaml b/services/nextcloud/pvc.yaml index d5223cb..d34e151 100644 --- a/services/nextcloud/pvc.yaml +++ b/services/nextcloud/pvc.yaml @@ -2,16 +2,28 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: nextcloud-app + name: nextcloud-config namespace: nextcloud spec: accessModes: - ReadWriteMany resources: requests: - storage: 20Gi + storage: 5Gi + storageClassName: astreae +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-custom-apps + namespace: nextcloud +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 5Gi storageClassName: astreae - volumeName: pvc-9cf910d9-ae30-48e6-8d90-a6cbbf3cd2cf --- apiVersion: v1 kind: PersistentVolumeClaim @@ -26,17 +38,3 @@ spec: storage: 2Ti storageClassName: asteria volumeName: pvc-d918158d-422f-4928-beaa-27862611fbe5 ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: nextcloud-data - namespace: nextcloud -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 200Gi - storageClassName: astreae - volumeName: pvc-061a70fd-1dc5-4c37-8f3e-2c7156c26ae6