# services/nextcloud-mail-sync/cronjob.yaml apiVersion: batch/v1 kind: CronJob metadata: name: nextcloud-mail-sync namespace: nextcloud spec: schedule: "0 5 * * *" concurrencyPolicy: Forbid successfulJobsHistoryLimit: 3 failedJobsHistoryLimit: 1 jobTemplate: spec: template: spec: restartPolicy: OnFailure securityContext: runAsUser: 0 runAsGroup: 0 serviceAccountName: nextcloud-vault containers: - name: mail-sync image: nextcloud:29-apache imagePullPolicy: IfNotPresent command: - /bin/sh - -c env: - name: KC_BASE value: https://sso.bstein.dev - name: KC_REALM value: atlas - name: MAILU_DOMAIN value: bstein.dev - name: POSTGRES_HOST value: postgres-service.postgres.svc.cluster.local resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi volumeMounts: - name: nextcloud-web mountPath: /var/www/html - name: nextcloud-config-pvc mountPath: /var/www/html/config - name: nextcloud-custom-apps mountPath: /var/www/html/custom_apps - name: nextcloud-user-data mountPath: /var/www/html/data - name: sync-script mountPath: /sync/sync.sh subPath: sync.sh - name: vault-secrets mountPath: /vault/secrets readOnly: true - name: vault-scripts mountPath: /vault/scripts readOnly: true args: - | set -euo pipefail . /vault/scripts/nextcloud_vault_env.sh exec /sync/sync.sh volumes: - name: nextcloud-config-pvc persistentVolumeClaim: claimName: nextcloud-config-v2 - name: nextcloud-custom-apps persistentVolumeClaim: claimName: nextcloud-custom-apps-v2 - name: nextcloud-user-data persistentVolumeClaim: claimName: nextcloud-user-data-v2 - name: nextcloud-web persistentVolumeClaim: claimName: nextcloud-web-v2 - name: sync-script configMap: name: nextcloud-mail-sync-script defaultMode: 0755 - name: vault-secrets csi: driver: secrets-store.csi.k8s.io readOnly: true volumeAttributes: secretProviderClass: nextcloud-vault - name: vault-scripts configMap: name: nextcloud-vault-env defaultMode: 0555