# services/nextcloud-mail-sync/cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: nextcloud-mail-sync namespace: nextcloud spec: schedule: "0 5 * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 jobTemplate: spec: template: metadata: annotations: vault.hashicorp.com/agent-inject: "true" vault.hashicorp.com/agent-pre-populate-only: "true" vault.hashicorp.com/role: "nextcloud" vault.hashicorp.com/agent-inject-secret-nextcloud-env.sh: "kv/data/atlas/nextcloud/nextcloud-db" vault.hashicorp.com/agent-inject-template-nextcloud-env.sh: | {{ with secret "kv/data/atlas/nextcloud/nextcloud-db" }} export POSTGRES_DB="{{ .Data.data.database }}" export POSTGRES_USER="{{ index .Data.data "db-username" }}" export POSTGRES_PASSWORD="{{ index .Data.data "db-password" }}" {{ end }} {{ with secret "kv/data/atlas/nextcloud/nextcloud-admin" }} export NEXTCLOUD_ADMIN_USER="{{ index .Data.data "admin-user" }}" export NEXTCLOUD_ADMIN_PASSWORD="{{ index .Data.data "admin-password" }}" {{ end }} export ADMIN_USER="${NEXTCLOUD_ADMIN_USER}" export ADMIN_PASS="${NEXTCLOUD_ADMIN_PASSWORD}" {{ with secret "kv/data/atlas/nextcloud/nextcloud-oidc" }} export OIDC_CLIENT_ID="{{ index .Data.data "client-id" }}" export OIDC_CLIENT_SECRET="{{ index .Data.data "client-secret" }}" {{ end }} {{ with secret "kv/data/atlas/shared/postmark-relay" }} export SMTP_NAME="{{ index .Data.data "relay-username" }}" export SMTP_PASSWORD="{{ index .Data.data "relay-password" }}" {{ end }} {{ with secret "kv/data/atlas/shared/keycloak-admin" }} export KC_ADMIN_USER="{{ .Data.data.username }}" export KC_ADMIN_PASS="{{ .Data.data.password }}" {{ end }} spec: restartPolicy: OnFailure securityContext: runAsUser: 0 runAsGroup: 0 serviceAccountName: nextcloud-vault containers: - name: mail-sync image: nextcloud:29-apache imagePullPolicy: IfNotPresent command: - /bin/sh - -c env: - name: KC_BASE value: https://sso.bstein.dev - name: KC_REALM value: atlas - name: MAILU_DOMAIN value: bstein.dev - name: POSTGRES_HOST value: postgres-service.postgres.svc.cluster.local resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: nextcloud-web mountPath: /var/www/html - name: nextcloud-config-pvc mountPath: /var/www/html/config - name: nextcloud-custom-apps mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - name: sync-script mountPath: /sync/sync.sh subPath: sync.sh args: - | set -euo pipefail . /vault/secrets/nextcloud-env.sh exec /sync/sync.sh volumes: - name: nextcloud-config-pvc persistentVolumeClaim: claimName: nextcloud-config-v2 - name: nextcloud-custom-apps persistentVolumeClaim: claimName: nextcloud-custom-apps-v2 - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data-v2 - name: nextcloud-web persistentVolumeClaim: claimName: nextcloud-web-v2 - name: sync-script configMap: name: nextcloud-mail-sync-script defaultMode: 0755