12 changed files with 191 additions and 0 deletions
--- a/infra/main/main.tf
+++ b/infra/main/main.tf
@ -63,6 +63,9 @@ module "digitalocean_database_cluster" {
  }, {
    name = "forgejo",
    create_default_superuser = true,
+  }, {
+    name = "nextcloud",
+    create_default_superuser = true,
  }]

  vpc_id = digitalocean_vpc.main.id
--- a/kustomizations/nextcloud/env-vars-patch.yaml
+++ b/kustomizations/nextcloud/env-vars-patch.yaml
@ -0,0 +1,14 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  template:
+    spec:
+      containers:
+        - name: app
+          env:
+            - name: PG_HOST
+              value: $(DB_SERVICE)
+            - name: REDIS_HOST
+              value: $(REDIS_SERVICE)
--- a/kustomizations/nextcloud/ingress.yaml
+++ b/kustomizations/nextcloud/ingress.yaml
@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    external-dns.alpha.kubernetes.io/hostname: nextcloud.distrust.co
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: nextcloud.distrust.co
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nextcloud
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - nextcloud.distrust.co
+    secretName: website-tls
--- a/kustomizations/nextcloud/kustomization.yaml
+++ b/kustomizations/nextcloud/kustomization.yaml
@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: nextcloud
+resources:
+- resources.yaml
+- ingress.yaml
+- namespace.yaml
+- pvc.yaml
+- service.yaml
--- a/kustomizations/nextcloud/namespace.yaml
+++ b/kustomizations/nextcloud/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nextcloud
--- a/kustomizations/nextcloud/pvc.yaml
+++ b/kustomizations/nextcloud/pvc.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: app-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+   storage: 500Gi
--- a/kustomizations/nextcloud/resources.yaml
+++ b/kustomizations/nextcloud/resources.yaml
@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+spec:
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080
+  selector:
+    app: nextcloud
+  type: ClusterIP
+...
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  labels:
+    app: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud
+    template:
+      metadata:
+        labels:
+          app: nextcloud
+      spec:
+        securityContext:
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        containers:
+        - name: nextcloud
+          image: nextcloud:apache
+          securityContext:
+            allowPrivilegedEscalation: false
+            capabilities:
+              drop:
+              - ALL
+          args: ["start"]
+          env:
+          - name: NC_PROXY
+            value: "edge"
+          - name: NC_HEALTH_ENABLED
+            value: "true"
+          - name: NC_PG_DATABASE
+            valueFrom:
+              secretKeyRef:
+                key: NC_PG_DATABASE
+                name: nc-db-secret
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: app-persistent-storage
+          restartPolicy: Always
+          volumes:
+          - name: app-persistent-storage
+            persistentVolumeClaim:
+              claimName: app-pvc
+          ports:
+          - name: http
+            containerPort: 8080
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            initialDelaySeconds: 60
+          livenessProbe:
+            httpGet:
+              path: /health/live
+              port: 8080
+            initialDelaySeconds: 60
--- a/kustomizations/nextcloud/service.yaml
+++ b/kustomizations/nextcloud/service.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+...
+spec:
+  ports:
+    - port: 80
+  selector:
+ component: app
--- a/kustomizations/redis/kustomization.yaml
+++ b/kustomizations/redis/kustomization.yaml
@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: redis
+resources:
+- resources.yaml
+- namespace.yaml
+- services.yaml
--- a/kustomizations/redis/namespace.yaml
+++ b/kustomizations/redis/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: redis
--- a/kustomizations/redis/resources.yaml
+++ b/kustomizations/redis/resources.yaml
@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    component: redis
+  name: redis
+spec:
+  selector:
+    matchLabels:
+      component: redis
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        component: redis
+    spec:
+      containers:
+        - image: redis:alpine
+          name: redis
+          ports:
+            - containerPort: 6379
+      restartPolicy: Always
--- a/kustomizations/redis/services.yaml
+++ b/kustomizations/redis/services.yaml
@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  labels:
+    component: redis
+spec:
+  ports:
+    - port: 6379
+  selector:
+    component: redis