From e5a76f34e3edef3bed12efbefc48bb13c6138f2a Mon Sep 17 00:00:00 2001 From: William P Date: Thu, 8 May 2025 19:36:36 -0400 Subject: [PATCH] add nextcloud --- nextcloud/cert-dubyatp-xyz.yaml | 11 ++++ nextcloud/cron.yaml | 19 +++++++ nextcloud/db/mariadb-statefulset.yaml | 64 +++++++++++++++++++++++ nextcloud/db/mariadb-svc.yaml | 10 ++++ nextcloud/deployment.yaml | 74 +++++++++++++++++++++++++++ nextcloud/ingress.yaml | 24 +++++++++ nextcloud/nextcloud_middleware.yaml | 22 ++++++++ nextcloud/pvc.yaml | 11 ++++ nextcloud/secret.yaml | 49 ++++++++++++++++++ nextcloud/svc.yaml | 10 ++++ 10 files changed, 294 insertions(+) create mode 100644 nextcloud/cert-dubyatp-xyz.yaml create mode 100644 nextcloud/cron.yaml create mode 100644 nextcloud/db/mariadb-statefulset.yaml create mode 100644 nextcloud/db/mariadb-svc.yaml create mode 100644 nextcloud/deployment.yaml create mode 100644 nextcloud/ingress.yaml create mode 100644 nextcloud/nextcloud_middleware.yaml create mode 100644 nextcloud/pvc.yaml create mode 100644 nextcloud/secret.yaml create mode 100644 nextcloud/svc.yaml diff --git a/nextcloud/cert-dubyatp-xyz.yaml b/nextcloud/cert-dubyatp-xyz.yaml new file mode 100644 index 0000000..479b45e --- /dev/null +++ b/nextcloud/cert-dubyatp-xyz.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: cert-dubyatp-xyz + annotations: + replicator.v1.mittwald.de/replicate-from: cert-manager/cert-dubyatp-xyz + replicator.v1.mittwald.de/replicated-keys: tls.crt,tls.key +type: Opaque +stringData: + tls.crt: "" + tls.key: "" \ No newline at end of file diff --git a/nextcloud/cron.yaml b/nextcloud/cron.yaml new file mode 100644 index 0000000..1e37a24 --- /dev/null +++ b/nextcloud/cron.yaml @@ -0,0 +1,19 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: nextcloud-cron +spec: + schedule: "*/5 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: nextcloud + image: nextcloud:28.0.3-apache + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - curl https://nextcloud.dubyatp.xyz/cron.php + restartPolicy: OnFailure \ No newline at end of file diff --git a/nextcloud/db/mariadb-statefulset.yaml b/nextcloud/db/mariadb-statefulset.yaml new file mode 100644 index 0000000..663113d --- /dev/null +++ b/nextcloud/db/mariadb-statefulset.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: mariadb +spec: + selector: + matchLabels: + app: mariadb + serviceName: mariadb + replicas: 1 + template: + metadata: + labels: + app: mariadb + spec: + containers: + - name: mariadb + image: mariadb:10.11.11-jammy + env: + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_ROOT_PASSWORD + name: nextcloud-secret + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + key: MYSQL_PASSWORD + name: nextcloud-secret + - name: MARIADB_USER + valueFrom: + secretKeyRef: + key: MYSQL_USER + name: nextcloud-secret + - name: MARIADB_DATABASE + valueFrom: + secretKeyRef: + key: MYSQL_DATABASE + name: nextcloud-secret + volumeMounts: + - name: mariadb-data + mountPath: /var/lib/mysql + readinessProbe: + exec: + command: ["healthcheck.sh", "--connect", "--innodb_initialized"] + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + livenessProbe: + exec: + command: ["healthcheck.sh", "--connect", "--innodb_initialized"] + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + volumeClaimTemplates: + - metadata: + name: mariadb-data + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: 10Gi diff --git a/nextcloud/db/mariadb-svc.yaml b/nextcloud/db/mariadb-svc.yaml new file mode 100644 index 0000000..0391b0e --- /dev/null +++ b/nextcloud/db/mariadb-svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: mariadb +spec: + selector: + app: mariadb + ports: + - port: 3306 + targetPort: 3306 diff --git a/nextcloud/deployment.yaml b/nextcloud/deployment.yaml new file mode 100644 index 0000000..230f7a6 --- /dev/null +++ b/nextcloud/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nextcloud +spec: + selector: + matchLabels: + app: nextcloud + template: + metadata: + labels: + app: nextcloud + spec: + containers: + - name: nextcloud + image: nextcloud:28.0.3-apache + envFrom: + - secretRef: + name: nextcloud-secret + env: + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: nextcloud.dubyatp.xyz + volumeMounts: + - mountPath: /var/www/html + name: nextcloud-data + readOnly: false + resources: + limits: + memory: "1Gi" + cpu: "1000m" + requests: + memory: "500Mi" + cpu: "500m" + livenessProbe: + httpGet: + path: /status.php + port: 80 + httpHeaders: + - name: Host + value: nextcloud.dubyatp.xyz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + httpGet: + path: /status.php + port: 80 + httpHeaders: + - name: Host + value: nextcloud.dubyatp.xyz + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 + startupProbe: + httpGet: + path: /status.php + port: 80 + httpHeaders: + - name: Host + value: nextcloud.dubyatp.xyz + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 + successThreshold: 1 + volumes: + - name: nextcloud-data + nfs: + server: 10.105.15.20 + path: /mnt/hdd-pool/nextcloud-files \ No newline at end of file diff --git a/nextcloud/ingress.yaml b/nextcloud/ingress.yaml new file mode 100644 index 0000000..f79c2d3 --- /dev/null +++ b/nextcloud/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: nextcloud + annotations: + traefik.ingress.kubernetes.io/router.middlewares: nextcloud-nextcloud-headers@kubernetescrd,nextcloud-nextcloud-redirectregex@kubernetescrd + labels: + name: nextcloud +spec: + rules: + - host: nextcloud.dubyatp.xyz + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: nextcloud + port: + number: 80 + tls: + - secretName: cert-dubyatp-xyz + hosts: + - nextcloud.dubyatp.xyz diff --git a/nextcloud/nextcloud_middleware.yaml b/nextcloud/nextcloud_middleware.yaml new file mode 100644 index 0000000..91977f6 --- /dev/null +++ b/nextcloud/nextcloud_middleware.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: nextcloud-headers +spec: + headers: + frameDeny: true + browserXssFilter: true + customResponseHeaders: + Strict-Transport-Security: "15552000" + X-Frame-Options: SAMEORIGIN +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: nextcloud-redirectregex +spec: + redirectRegex: + permanent: true + regex: https://(.*)/.well-known/(?:card|cal)dav + replacement: https://${1}/remote.php/dav \ No newline at end of file diff --git a/nextcloud/pvc.yaml b/nextcloud/pvc.yaml new file mode 100644 index 0000000..327875f --- /dev/null +++ b/nextcloud/pvc.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nextcloud-root +spec: + resources: + requests: + storage: 10Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce diff --git a/nextcloud/secret.yaml b/nextcloud/secret.yaml new file mode 100644 index 0000000..538d09b --- /dev/null +++ b/nextcloud/secret.yaml @@ -0,0 +1,49 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: nextcloud-secret +spec: + data: + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: nextcloud + metadataPolicy: None + property: MYSQL_DATABASE + secretKey: MYSQL_DATABASE + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: nextcloud + metadataPolicy: None + property: MYSQL_PASSWORD + secretKey: MYSQL_PASSWORD + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: nextcloud + metadataPolicy: None + property: MYSQL_ROOT_PASSWORD + secretKey: MYSQL_ROOT_PASSWORD + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: nextcloud + metadataPolicy: None + property: MYSQL_USER + secretKey: MYSQL_USER + - remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: nextcloud + metadataPolicy: None + property: REDIS_PASSWORD + secretKey: REDIS_PASSWORD + refreshInterval: 1h + secretStoreRef: + kind: ClusterSecretStore + name: weyma-vault + target: + creationPolicy: Owner + deletionPolicy: Retain + name: nextcloud-secret \ No newline at end of file diff --git a/nextcloud/svc.yaml b/nextcloud/svc.yaml new file mode 100644 index 0000000..c09d8c8 --- /dev/null +++ b/nextcloud/svc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Service +metadata: + name: nextcloud +spec: + selector: + app: nextcloud + ports: + - port: 80 + targetPort: 80