bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud: reset storage mounts and restore office

Browse Source
This commit is contained in:
Brad Stein 2026-01-07 08:43:45 -03:00
parent cb7429a6a1
commit 3db0661a48
7 changed files with 199 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
services/nextcloud-mail-sync/cronjob.yaml
View File

@ -66,17 +66,22 @@ spec:
cpu: 500m cpu: 500m
memory: 512Mi memory: 512Mi
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
- name: sync-script - name: sync-script
mountPath: /sync/sync.sh mountPath: /sync/sync.sh
subPath: sync.sh subPath: sync.sh
volumes: volumes:
- name: nextcloud-app - name: nextcloud-config-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-app claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data - name: nextcloud-user-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-user-data claimName: nextcloud-user-data

79
services/nextcloud/collabora.yaml Normal file
View File

@ -0,0 +1,79 @@
# services/nextcloud/collabora.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: collabora
namespace: nextcloud
labels:
app: collabora
spec:
replicas: 1
selector:
matchLabels:
app: collabora
template:
metadata:
labels:
app: collabora
spec:
nodeSelector:
hardware: rpi5
containers:
- name: collabora
image: collabora/code:latest
imagePullPolicy: IfNotPresent
env:
- name: domain
value: cloud\\.bstein\\.dev
- name: DONT_GEN_SSL_CERT
value: "true"
- name: extra_params
value: --o:ssl.enable=false --o:ssl.termination=true
ports:
- containerPort: 9980
name: http
resources:
requests:
cpu: 250m
memory: 512Mi
limits:
cpu: 1
memory: 2Gi
---
apiVersion: v1
kind: Service
metadata:
name: collabora
namespace: nextcloud
spec:
selector:
app: collabora
ports:
- name: http
port: 9980
targetPort: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: collabora
namespace: nextcloud
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
traefik.ingress.kubernetes.io/router.entrypoints: websecure
spec:
tls:
- hosts:
- office.bstein.dev
secretName: collabora-tls
rules:
- host: office.bstein.dev
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: collabora
port:
number: 9980

13
services/nextcloud/cronjob.yaml
View File

@ -24,14 +24,19 @@ spec:
args: args:
- "cd /var/www/html && php -f cron.php" - "cd /var/www/html && php -f cron.php"
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
volumes: volumes:
- name: nextcloud-app - name: nextcloud-config-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-app claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data - name: nextcloud-user-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-user-data claimName: nextcloud-user-data

98
services/nextcloud/deployment.yaml
View File

@ -23,6 +23,44 @@ spec:
runAsUser: 33 runAsUser: 33
runAsGroup: 33 runAsGroup: 33
initContainers: initContainers:
- name: db-reset
image: postgres:16-alpine
command: ["/bin/sh", "-c"]
args:
- |
set -e
mkdir -p /var/www/html/config
if [ ! -f /var/www/html/config/.db_initialized ]; then
rm -f /var/www/html/config/config.php || true
psql "host=${POSTGRES_HOST} user=${POSTGRES_USER} password=${POSTGRES_PASSWORD} dbname=${POSTGRES_DB}" -v ON_ERROR_STOP=1 <<'SQL'
DROP SCHEMA IF EXISTS public CASCADE;
CREATE SCHEMA public;
GRANT ALL ON SCHEMA public TO PUBLIC;
SQL
touch /var/www/html/config/.db_initialized
chown 33:33 /var/www/html/config/.db_initialized || true
fi
env:
- name: POSTGRES_HOST
value: postgres-service.postgres.svc.cluster.local
- name: POSTGRES_DB
valueFrom:
secretKeyRef:
name: nextcloud-db
key: database
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: nextcloud-db
key: db-password
volumeMounts:
- name: nextcloud-config-pvc
mountPath: /var/www/html/config
- name: fix-perms - name: fix-perms
image: alpine:3.20 image: alpine:3.20
command: ["/bin/sh", "-c"] command: ["/bin/sh", "-c"]
@ -31,28 +69,28 @@ spec:
if [ ! -s /var/www/html/config/config.php ]; then if [ ! -s /var/www/html/config/config.php ]; then
rm -f /var/www/html/config/config.php || true rm -f /var/www/html/config/config.php || true
fi fi
mkdir -p /var/www/html/data || true mkdir -p /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true
if [ ! -f /var/www/html/data/.ocdata ]; then if [ ! -s /var/www/html/config/config.php ]; then
rm -f /var/www/html/data/.ocdata || true
fi
if [ -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then
touch /var/www/html/data/.ocdata touch /var/www/html/data/.ocdata
fi fi
if [ -s /var/www/html/config/config.php ] && ! grep -q "'installed'" /var/www/html/config/config.php; then if [ -s /var/www/html/config/config.php ] && ! grep -q "'installed'" /var/www/html/config/config.php; then
sed -i "/^);/i\\ 'installed' => true," /var/www/html/config/config.php sed -i "/^);/i\\ 'installed' => true," /var/www/html/config/config.php
fi fi
chown 33:33 /var/www/html || true chown -R 33:33 /var/www/html/config /var/www/html/data /var/www/html/custom_apps || true
chmod 775 /var/www/html || true
chown 33:33 /var/www/html/config || true
chown 33:33 /var/www/html/config/config.php || true
chown -R 33:33 /var/www/html/data || true
chown -R 33:33 /var/www/html/apps /var/www/html/custom_apps || true
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
runAsGroup: 0 runAsGroup: 0
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
- name: nextcloud-config - name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php subPath: extra.config.php
- name: install-nextcloud - name: install-nextcloud
@ -64,7 +102,7 @@ spec:
args: args:
- | - |
installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)" installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)"
if [ ! -s /var/www/html/config/config.php ] && [ ! -f /var/www/html/data/.ocdata ]; then if [ ! -s /var/www/html/config/config.php ]; then
su -s /bin/sh www-data -c "php /var/www/html/occ maintenance:install --database pgsql --database-host \"${POSTGRES_HOST}\" --database-name \"${POSTGRES_DB}\" --database-user \"${POSTGRES_USER}\" --database-pass \"${POSTGRES_PASSWORD}\" --admin-user \"${NEXTCLOUD_ADMIN_USER}\" --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --data-dir /var/www/html/data" su -s /bin/sh www-data -c "php /var/www/html/occ maintenance:install --database pgsql --database-host \"${POSTGRES_HOST}\" --database-name \"${POSTGRES_DB}\" --database-user \"${POSTGRES_USER}\" --database-pass \"${POSTGRES_PASSWORD}\" --admin-user \"${NEXTCLOUD_ADMIN_USER}\" --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --data-dir /var/www/html/data"
chown 33:33 /var/www/html/config/config.php || true chown 33:33 /var/www/html/config/config.php || true
chown -R 33:33 /var/www/html/data || true chown -R 33:33 /var/www/html/data || true
@ -79,6 +117,10 @@ spec:
su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_hide_password_form --type=boolean --value=true" su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_hide_password_form --type=boolean --value=true"
su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_disable_registration --type=boolean --value=false" su -s /bin/sh www-data -c "php /var/www/html/occ config:system:set oidc_login_disable_registration --type=boolean --value=false"
} }
configure_office() {
su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments wopi_url --value='https://office.bstein.dev'"
su -s /bin/sh www-data -c "php /var/www/html/occ config:app:set richdocuments public_wopi_url --value='https://office.bstein.dev'"
}
ensure_mime_defaults() { ensure_mime_defaults() {
cfg_dir="/var/www/html/resources/config" cfg_dir="/var/www/html/resources/config"
mkdir -p "${cfg_dir}" mkdir -p "${cfg_dir}"
@ -102,10 +144,17 @@ spec:
chown -R 33:33 "${target}" chown -R 33:33 "${target}"
su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true
} }
ensure_app() {
app="$1"
su -s /bin/sh www-data -c "php /var/www/html/occ app:install --force ${app}" || true
su -s /bin/sh www-data -c "php /var/www/html/occ app:enable --force ${app}" || true
}
ensure_mime_defaults ensure_mime_defaults
install_app oidc_login https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.2/oidc_login.tar.gz install_app oidc_login https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v3.2.2/oidc_login.tar.gz
install_app external https://github.com/nextcloud-releases/external/releases/download/v5.4.1/external-v5.4.1.tar.gz install_app external https://github.com/nextcloud-releases/external/releases/download/v5.4.1/external-v5.4.1.tar.gz
install_app mail https://github.com/nextcloud-releases/mail/releases/download/v3.7.24/mail-stable3.7.tar.gz install_app mail https://github.com/nextcloud-releases/mail/releases/download/v3.7.24/mail-stable3.7.tar.gz
ensure_app richdocuments
configure_office
configure_oidc configure_oidc
fi fi
env: env:
@ -147,11 +196,13 @@ spec:
name: nextcloud-oidc name: nextcloud-oidc
key: client-secret key: client-secret
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
- name: nextcloud-config - name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php subPath: extra.config.php
containers: containers:
@ -236,11 +287,13 @@ spec:
- containerPort: 80 - containerPort: 80
name: http name: http
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
- name: nextcloud-config - name: nextcloud-config-extra
mountPath: /var/www/html/config/extra.config.php mountPath: /var/www/html/config/extra.config.php
subPath: extra.config.php subPath: extra.config.php
resources: resources:
@ -251,13 +304,16 @@ spec:
cpu: 1 cpu: 1
memory: 3Gi memory: 3Gi
volumes: volumes:
- name: nextcloud-app - name: nextcloud-config-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-app claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data - name: nextcloud-user-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-user-data claimName: nextcloud-user-data
- name: nextcloud-config - name: nextcloud-config-extra
configMap: configMap:
name: nextcloud-config name: nextcloud-config
defaultMode: 0444 defaultMode: 0444

1
services/nextcloud/kustomization.yaml
View File

@ -7,6 +7,7 @@ resources:
- configmap.yaml - configmap.yaml
- pvc.yaml - pvc.yaml
- deployment.yaml - deployment.yaml
- collabora.yaml
- cronjob.yaml - cronjob.yaml
- maintenance-cronjob.yaml - maintenance-cronjob.yaml
- service.yaml - service.yaml

13
services/nextcloud/maintenance-cronjob.yaml
View File

@ -34,8 +34,10 @@ spec:
name: nextcloud-admin name: nextcloud-admin
key: admin-password key: admin-password
volumeMounts: volumeMounts:
- name: nextcloud-app - name: nextcloud-config-pvc
mountPath: /var/www/html mountPath: /var/www/html/config
- name: nextcloud-custom-apps
mountPath: /var/www/html/custom_apps
- name: nextcloud-user-data - name: nextcloud-user-data
mountPath: /var/www/html/data mountPath: /var/www/html/data
- name: maintenance-script - name: maintenance-script
@ -49,9 +51,12 @@ spec:
cpu: 500m cpu: 500m
memory: 512Mi memory: 512Mi
volumes: volumes:
- name: nextcloud-app - name: nextcloud-config-pvc
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-app claimName: nextcloud-config
- name: nextcloud-custom-apps
persistentVolumeClaim:
claimName: nextcloud-custom-apps
- name: nextcloud-user-data - name: nextcloud-user-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: nextcloud-user-data claimName: nextcloud-user-data

32
services/nextcloud/pvc.yaml
View File

@ -2,16 +2,28 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: nextcloud-app name: nextcloud-config
namespace: nextcloud namespace: nextcloud
spec: spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
resources: resources:
requests: requests:
storage: 20Gi storage: 5Gi
storageClassName: astreae
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-custom-apps
namespace: nextcloud
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: astreae storageClassName: astreae
volumeName: pvc-9cf910d9-ae30-48e6-8d90-a6cbbf3cd2cf
--- ---
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
@ -26,17 +38,3 @@ spec:
storage: 2Ti storage: 2Ti
storageClassName: asteria storageClassName: asteria
volumeName: pvc-d918158d-422f-4928-beaa-27862611fbe5 volumeName: pvc-d918158d-422f-4928-beaa-27862611fbe5
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-data
namespace: nextcloud
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 200Gi
storageClassName: astreae
volumeName: pvc-061a70fd-1dc5-4c37-8f3e-2c7156c26ae6