CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity

Add nextcloud app.

Browse Source
This commit is contained in:
Paul Payne
2025-05-18 15:27:37 -07:00
parent 2d3fb6068d
commit 9726659f89
11 changed files with 314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/nextcloud/README.md Normal file
View File

@@ -0,0 +1,6 @@
# Nextcloud app
### Requires
- Postgres app
- Redis app

26
apps/nextcloud/cron.yaml Normal file
View File

@@ -0,0 +1,26 @@
---
apiVersion: batch/v1
kind: CronJob
metadata:
name: nextcloud-cron
spec:
schedule: "*/5 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: nextcloud
image: nextcloud:25.0.3-apache
imagePullPolicy: IfNotPresent
env:
- name: NEXTCLOUD_URL
valueFrom:
configMapKeyRef:
name: config
key: DOMAIN_URL
command:
- /bin/sh
- -c
- "curl -s ${NEXTCLOUD_URL}/cron.php"
restartPolicy: OnFailure

40
apps/nextcloud/db-init-job.yaml Normal file
View File

@@ -0,0 +1,40 @@
apiVersion: batch/v1
kind: Job
metadata:
name: nextcloud-db-init
spec:
template:
spec:
containers:
- name: db-init
image: postgres:15
command: ["/bin/bash", "-c"]
args:
- |
PGPASSWORD=${POSTGRES_ADMIN_PASSWORD} psql -h ${NEXTCLOUD_DB_HOST} -U postgres <<EOF
CREATE DATABASE ${NEXTCLOUD_DB_NAME} WITH OWNER ${NEXTCLOUD_DB_USER};
CREATE USER ${NEXTCLOUD_DB_USER} WITH ENCRYPTED PASSWORD '${NEXTCLOUD_DB_PASSWORD}';
GRANT ALL PRIVILEGES ON DATABASE ${NEXTCLOUD_DB_NAME} TO ${NEXTCLOUD_DB_USER};
EOF
env:
- name: POSTGRES_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: POSTGRES_ADMIN_PASSWORD
- name: NEXTCLOUD_DB_NAME
valueFrom:
configMapKeyRef:
name: config
key: NEXTCLOUD_DB_NAME
- name: NEXTCLOUD_DB_USER
valueFrom:
configMapKeyRef:
name: config
key: NEXTCLOUD_DB_USER
- name: NEXTCLOUD_DB_PASSWORD
valueFrom:
secretKeyRef:
name: secrets
key: NEXTCLOUD_DB_PASSWORD
restartPolicy: OnFailure

87
apps/nextcloud/deployment.yaml Normal file
View File

@@ -0,0 +1,87 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- image: nextcloud:29.0.16-apache
name: nextcloud
ports:
- containerPort: 80
protocol: TCP
envFrom:
- secretRef:
name: nextcloud-secrets
- configMapRef:
name: config
- secretRef:
name: secrets
- configMapRef:
name: config
env:
- name: REDIS_HOST
value: redis.redis
- name: POSTGRES_HOST
value: postgres.postgres
- name: NEXTCLOUD_TRUSTED_DOMAINS
valueFrom:
configMapKeyRef:
key: DOMAIN
name: config
- name: NEXTCLOUD_DATA_DIR
value: /mnt/data
- name: TRUSTED_PROXIES
valueFrom:
configMapKeyRef:
key: DOMAIN
name: config
- name: APACHE_DISABLE_REWRITE_IP
value: "1"
- name: OVERWRITEHOST
valueFrom:
configMapKeyRef:
key: DOMAIN
name: config
- name: OVERWRITEPROTOCOL
value: https
- name: OVERWRITECLIURL
valueFrom:
configMapKeyRef:
key: DOMAIN_URL
name: config
- name: OVERWRITEWEBROOT
value: "/"
- name: TZ
valueFrom:
configMapKeyRef:
key: TZ
name: config
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-storage
readOnly: false
- mountPath: /mnt/data
name: nextcloud-storage-nfs
readOnly: false
volumes:
- name: nextcloud-storage
persistentVolumeClaim:
claimName: nextcloud-pvc
- name: nextcloud-storage-nfs
persistentVolumeClaim:
claimName: nextcloud-pvc-nfs

25
apps/nextcloud/headers.yaml Normal file
View File

@@ -0,0 +1,25 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nextcloud-headers
spec:
headers:
frameDeny: true
browserXssFilter: true
customResponseHeaders:
Strict-Transport-Security: "15552000"
X-Frame-Options: SAMEORIGIN
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: nextcloud-redirects
namespace: nextcloud
spec:
redirectScheme:
permanent: true
scheme: https
redirectRegex:
regex: https://(.*)/.well-known/(card|cal)dav
replacement: https://$1/remote.php/dav/

23
apps/nextcloud/ingress.yaml Normal file
View File

@@ -0,0 +1,23 @@
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud-public
annotations:
traefik.ingress.kubernetes.io/router.middlewares: nextcloud-headers@kubernetescrd,nextcloud-redirects@kubernetescrd
spec:
rules:
- host: your.nextcloud.domain
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud
port:
number: 80
tls:
- secretName: wildcard-internal-sovereign-cloud-tls
hosts:
- your.nextcloud.domain

58
apps/nextcloud/kustomization.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: nextcloud
labels:
- includeSelectors: true
pairs:
app: nextcloud
managedBy: kustomize
partOf: sovereign-cloud
resources:
- cron.yaml
- deployment.yaml
- headers.yaml
- ingress.yaml
- namespace.yaml
- pvc.yaml
- service.yaml
configMapGenerator:
- name: config
envs:
- config/config.env
secretGenerator:
- name: secrets
envs:
- config/secrets.env
replacements:
- source:
kind: ConfigMap
name: config
fieldPath: data.NEXTCLOUD_DOMAIN
targets:
- select:
kind: Ingress
name: nextcloud-ingress
fieldPaths:
- spec.rules.0.host
- spec.tls.0.hosts.0
- source:
kind: ConfigMap
name: config
fieldPath: data.NEXTCLOUD_NFS_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: nextcloud-pvc-nfs
fieldPaths:
- spec.resources.requests.storage
- source:
kind: ConfigMap
name: config
fieldPath: data.NEXTCLOUD_STORAGE
targets:
- select:
kind: PersistentVolumeClaim
name: nextcloud-pvc
fieldPaths:
- spec.resources.requests.storage

8
apps/nextcloud/manifest.yaml Normal file
View File

@@ -0,0 +1,8 @@
name: nextcloud
install: true
description: Nextcloud is a suite of client-server software for creating and using file hosting services.
version: 1.0.0
icon: https://nextcloud.com/wp-content/uploads/2022/10/nextcloud-logo-blue-transparent.svg
requires:
- name: redis
- name: postgres

4
apps/nextcloud/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: nextcloud

24
apps/nextcloud/pvc.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc
spec:
storageClassName: longhorn
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc-nfs
spec:
storageClassName: longhorn # Change this to nfs-client if using NFS
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi

13
apps/nextcloud/service.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: nextcloud
namespace: nextcloud
labels:
app: nextcloud
spec:
ports:
- port: 80
selector:
app: nextcloud