# services/nextcloud/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud namespace: nextcloud labels: app: nextcloud spec: replicas: 1 selector: matchLabels: app: nextcloud template: metadata: labels: app: nextcloud spec: nodeSelector: hardware: rpi5 securityContext: fsGroup: 33 runAsUser: 33 runAsGroup: 33 initContainers: - name: fix-perms image: alpine:3.20 command: ["/bin/sh", "-c"] args: - | if [ ! -s /var/www/html/config/config.php ]; then rm -f /var/www/html/config/config.php || true fi mkdir -p /var/www/html/data || true chown 33:33 /var/www/html || true chmod 775 /var/www/html || true chown 33:33 /var/www/html/config || true chown 33:33 /var/www/html/config/config.php || true chown -R 33:33 /var/www/html/data || true chown -R 33:33 /var/www/html/apps /var/www/html/custom_apps || true securityContext: runAsUser: 0 runAsGroup: 0 volumeMounts: - name: nextcloud-data mountPath: /var/www/html - name: nextcloud-config mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php - name: install-nextcloud image: nextcloud:29-apache securityContext: runAsUser: 0 runAsGroup: 0 command: ["/bin/sh", "-c"] args: - | installed="$(su -s /bin/sh www-data -c "php /var/www/html/occ status" 2>/dev/null | awk '/installed:/{print $3}' || true)" if [ ! -s /var/www/html/config/config.php ] || [ "${installed}" != "true" ]; then rm -f /var/www/html/config/config.php || true rm -rf /var/www/html/data/* || true su -s /bin/sh www-data -c "php /var/www/html/occ maintenance:install --database pgsql --database-host \"${POSTGRES_HOST}\" --database-name \"${POSTGRES_DB}\" --database-user \"${POSTGRES_USER}\" --database-pass \"${POSTGRES_PASSWORD}\" --admin-user \"${NEXTCLOUD_ADMIN_USER}\" --admin-pass \"${NEXTCLOUD_ADMIN_PASSWORD}\" --data-dir /var/www/html/data" chown 33:33 /var/www/html/config/config.php || true chown -R 33:33 /var/www/html/data || true fi env: - name: POSTGRES_HOST value: postgres-service.postgres.svc.cluster.local - name: POSTGRES_DB valueFrom: secretKeyRef: name: nextcloud-db key: database - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-db key: db-username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-db key: db-password - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud-admin key: admin-user - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud-admin key: admin-password volumeMounts: - name: nextcloud-data mountPath: /var/www/html - name: nextcloud-config mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php containers: - name: nextcloud image: nextcloud:29-apache imagePullPolicy: IfNotPresent env: # DB (external secret required: nextcloud-db with keys username,password,database) - name: POSTGRES_HOST value: postgres-service.postgres.svc.cluster.local - name: POSTGRES_DB valueFrom: secretKeyRef: name: nextcloud-db key: database - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-db key: db-username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-db key: db-password # Admin bootstrap (external secret: nextcloud-admin with keys admin-user, admin-password) - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud-admin key: admin-user - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud-admin key: admin-password - name: NEXTCLOUD_TRUSTED_DOMAINS value: cloud.bstein.dev - name: OVERWRITEHOST value: cloud.bstein.dev - name: OVERWRITEPROTOCOL value: https - name: OVERWRITECLIURL value: https://cloud.bstein.dev # SMTP (external secret: nextcloud-smtp with keys username, password) - name: SMTP_HOST value: mail.bstein.dev - name: SMTP_PORT value: "587" - name: SMTP_SECURE value: tls - name: SMTP_NAME valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-password - name: MAIL_FROM_ADDRESS value: no-reply - name: MAIL_DOMAIN value: bstein.dev # OIDC (external secret: nextcloud-oidc with keys client-id, client-secret) - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: nextcloud-oidc key: client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: nextcloud-oidc key: client-secret - name: NEXTCLOUD_UPDATE value: "1" - name: APP_INSTALL value: "mail,oidc_login,external" ports: - containerPort: 80 name: http volumeMounts: - name: nextcloud-data mountPath: /var/www/html - name: nextcloud-config mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php resources: requests: cpu: 250m memory: 1Gi limits: cpu: 1 memory: 3Gi volumes: - name: nextcloud-data persistentVolumeClaim: claimName: nextcloud-data - name: nextcloud-config configMap: name: nextcloud-config defaultMode: 0444