infrastructure/core-apps
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

add nextcloud

Browse Source
This commit is contained in:
William P
2025-05-08 19:36:36 -04:00
parent 751b3bea46
commit e5a76f34e3
10 changed files with 294 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nextcloud/cert-dubyatp-xyz.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: cert-dubyatp-xyz
annotations:
replicator.v1.mittwald.de/replicate-from: cert-manager/cert-dubyatp-xyz
replicator.v1.mittwald.de/replicated-keys: tls.crt,tls.key
type: Opaque
stringData:
tls.crt: ""
tls.key: ""

19
nextcloud/cron.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: nextcloud-cron
spec:
schedule: "*/5 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: nextcloud
image: nextcloud:28.0.3-apache
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- curl https://nextcloud.dubyatp.xyz/cron.php
restartPolicy: OnFailure

64
nextcloud/db/mariadb-statefulset.yaml Normal file
View File

@@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: mariadb
spec:
selector:
matchLabels:
app: mariadb
serviceName: mariadb
replicas: 1
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.11.11-jammy
env:
- name: MARIADB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_ROOT_PASSWORD
name: nextcloud-secret
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: MYSQL_PASSWORD
name: nextcloud-secret
- name: MARIADB_USER
valueFrom:
secretKeyRef:
key: MYSQL_USER
name: nextcloud-secret
- name: MARIADB_DATABASE
valueFrom:
secretKeyRef:
key: MYSQL_DATABASE
name: nextcloud-secret
volumeMounts:
- name: mariadb-data
mountPath: /var/lib/mysql
readinessProbe:
exec:
command: ["healthcheck.sh", "--connect", "--innodb_initialized"]
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
livenessProbe:
exec:
command: ["healthcheck.sh", "--connect", "--innodb_initialized"]
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
volumeClaimTemplates:
- metadata:
name: mariadb-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi

10
nextcloud/db/mariadb-svc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: mariadb
spec:
selector:
app: mariadb
ports:
- port: 3306
targetPort: 3306

74
nextcloud/deployment.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
spec:
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- name: nextcloud
image: nextcloud:28.0.3-apache
envFrom:
- secretRef:
name: nextcloud-secret
env:
- name: NEXTCLOUD_TRUSTED_DOMAINS
value: nextcloud.dubyatp.xyz
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
readOnly: false
resources:
limits:
memory: "1Gi"
cpu: "1000m"
requests:
memory: "500Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: nextcloud.dubyatp.xyz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: nextcloud.dubyatp.xyz
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
startupProbe:
httpGet:
path: /status.php
port: 80
httpHeaders:
- name: Host
value: nextcloud.dubyatp.xyz
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
volumes:
- name: nextcloud-data
nfs:
server: 10.105.15.20
path: /mnt/hdd-pool/nextcloud-files

24
nextcloud/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud
annotations:
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-nextcloud-headers@kubernetescrd,nextcloud-nextcloud-redirectregex@kubernetescrd
labels:
name: nextcloud
spec:
rules:
- host: nextcloud.dubyatp.xyz
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: nextcloud
port:
number: 80
tls:
- secretName: cert-dubyatp-xyz
hosts:
- nextcloud.dubyatp.xyz

22
nextcloud/nextcloud_middleware.yaml Normal file
View File

@@ -0,0 +1,22 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-headers
spec:
headers:
frameDeny: true
browserXssFilter: true
customResponseHeaders:
Strict-Transport-Security: "15552000"
X-Frame-Options: SAMEORIGIN
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: nextcloud-redirectregex
spec:
redirectRegex:
permanent: true
regex: https://(.*)/.well-known/(?:card|cal)dav
replacement: https://${1}/remote.php/dav

11
nextcloud/pvc.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-root
spec:
resources:
requests:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce

49
nextcloud/secret.yaml Normal file
View File

@@ -0,0 +1,49 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: nextcloud-secret
spec:
data:
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: nextcloud
metadataPolicy: None
property: MYSQL_DATABASE
secretKey: MYSQL_DATABASE
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: nextcloud
metadataPolicy: None
property: MYSQL_PASSWORD
secretKey: MYSQL_PASSWORD
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: nextcloud
metadataPolicy: None
property: MYSQL_ROOT_PASSWORD
secretKey: MYSQL_ROOT_PASSWORD
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: nextcloud
metadataPolicy: None
property: MYSQL_USER
secretKey: MYSQL_USER
- remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: nextcloud
metadataPolicy: None
property: REDIS_PASSWORD
secretKey: REDIS_PASSWORD
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: weyma-vault
target:
creationPolicy: Owner
deletionPolicy: Retain
name: nextcloud-secret

10
nextcloud/svc.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: v1
kind: Service
metadata:
name: nextcloud
spec:
selector:
app: nextcloud
ports:
- port: 80
targetPort: 80