apiVersion: v1
kind: Namespace
metadata:
  name: nextcloud
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-db-pvc
  namespace: nextcloud
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path
  resources:
    requests:
      storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-data-pvc
  namespace: nextcloud
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path
  resources:
    requests:
      storage: 50Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: postgres
  namespace: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:16-alpine
          env:
            - name: POSTGRES_DB
              value: nextcloud
            - name: POSTGRES_USER
              value: nextcloud
            - name: POSTGRES_PASSWORD
              value: nextcloud
          volumeMounts:
            - name: db-data
              mountPath: /var/lib/postgresql/data
      volumes:
        - name: db-data
          persistentVolumeClaim:
            claimName: nextcloud-db-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
  namespace: nextcloud
spec:
  selector:
    app: postgres
  ports:
    - port: 5432
      targetPort: 5432
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud
  namespace: nextcloud
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nextcloud
  template:
    metadata:
      labels:
        app: nextcloud
    spec:
      containers:
        - name: nextcloud
          image: nextcloud:latest
          env:
            - name: POSTGRES_HOST
              value: postgres
            - name: POSTGRES_DB
              value: nextcloud
            - name: POSTGRES_USER
              value: nextcloud
            - name: POSTGRES_PASSWORD
              value: nextcloud
            - name: NEXTCLOUD_TRUSTED_DOMAINS
              value: next.roysland.net
            - name: TRUSTED_PROXIES
              value: "10.42.0.0/16"
            - name: OVERWRITEPROTOCOL
              value: "https"
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
            - name: user-data
              mountPath: /var/www/html/data
      volumes:
        - name: nextcloud-data
          persistentVolumeClaim:
            claimName: nextcloud-data-pvc
        - name: user-data
          hostPath:
            path: /mnt/nextcloud-data
            type: Directory
---
apiVersion: v1
kind: Service
metadata:
  name: nextcloud
  namespace: nextcloud
spec:
  selector:
    app: nextcloud
  ports:
    - port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nextcloud
  namespace: nextcloud
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    traefik.ingress.kubernetes.io/router.middlewares: nextcloud-hsts@kubernetescrd
spec:
  ingressClassName: traefik
  tls:
    - hosts:
        - next.roysland.net
      secretName: nextcloud-tls
  rules:
    - host: next.roysland.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nextcloud
                port:
                  number: 80
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: hsts
  namespace: nextcloud
spec:
  headers:
    stsSeconds: 15552000
    stsIncludeSubdomains: true
    stsPreload: true