# services/nextcloud/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: nextcloud namespace: nextcloud labels: app: nextcloud spec: replicas: 1 selector: matchLabels: app: nextcloud template: metadata: labels: app: nextcloud spec: nodeSelector: hardware: rpi5 securityContext: fsGroup: 33 runAsUser: 33 runAsGroup: 33 initContainers: - name: fix-perms image: alpine:3.20 command: ["/bin/sh", "-c"] args: - | chown -R 33:33 /var/www/html/config || true chown -R 33:33 /var/www/html/data || true securityContext: runAsUser: 0 runAsGroup: 0 volumeMounts: - name: nextcloud-data mountPath: /var/www/html - name: nextcloud-config mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php containers: - name: nextcloud image: nextcloud:29-apache imagePullPolicy: IfNotPresent env: # DB (external secret required: nextcloud-db with keys username,password,database) - name: POSTGRES_HOST value: postgres-service.postgres.svc.cluster.local - name: POSTGRES_DB valueFrom: secretKeyRef: name: nextcloud-db key: database - name: POSTGRES_USER valueFrom: secretKeyRef: name: nextcloud-db key: db-username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: nextcloud-db key: db-password # Admin bootstrap (external secret: nextcloud-admin with keys admin-user, admin-password) - name: NEXTCLOUD_ADMIN_USER valueFrom: secretKeyRef: name: nextcloud-admin key: admin-user - name: NEXTCLOUD_ADMIN_PASSWORD valueFrom: secretKeyRef: name: nextcloud-admin key: admin-password - name: NEXTCLOUD_TRUSTED_DOMAINS value: cloud.bstein.dev - name: OVERWRITEHOST value: cloud.bstein.dev - name: OVERWRITEPROTOCOL value: https - name: OVERWRITECLIURL value: https://cloud.bstein.dev # SMTP (external secret: nextcloud-smtp with keys username, password) - name: SMTP_HOST value: mail.bstein.dev - name: SMTP_PORT value: "587" - name: SMTP_SECURE value: tls - name: SMTP_NAME valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-username - name: SMTP_PASSWORD valueFrom: secretKeyRef: name: nextcloud-smtp key: smtp-password - name: MAIL_FROM_ADDRESS value: no-reply - name: MAIL_DOMAIN value: bstein.dev # OIDC (external secret: nextcloud-oidc with keys client-id, client-secret) - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: name: nextcloud-oidc key: client-id - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: name: nextcloud-oidc key: client-secret - name: NEXTCLOUD_UPDATE value: "1" - name: APP_INSTALL value: "mail,oidc_login,external" ports: - containerPort: 80 name: http volumeMounts: - name: nextcloud-data mountPath: /var/www/html - name: nextcloud-config mountPath: /var/www/html/config/extra.config.php subPath: extra.config.php resources: requests: cpu: 250m memory: 1Gi limits: cpu: 1 memory: 3Gi volumes: - name: nextcloud-data persistentVolumeClaim: claimName: nextcloud-data - name: nextcloud-config configMap: name: nextcloud-config defaultMode: 0444