clusters/ipv6/tools/nextcloud/collabora.yml

@@ -0,0 +1,32 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: collabora
+  namespace: tools
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: collabora
+  template:
+    metadata:
+      labels:
+        app: collabora
+    spec:
+      containers:
+      - name: collabora
+        image: collabora/code:25.04.8.1.1
+        ports:
+        - containerPort: 9980
+        env:
+        - name: aliasgroup1
+          valueFrom:
+            secretKeyRef:
+              key: nextcloud-url
+              name: nextcloud-secrets
+        securityContext:
+          capabilities:
+            add:
+              - MKNOD

clusters/ipv6/tools/nextcloud/nextcloud-db.yml

@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: nextcloud-db
+  namespace: tools
+spec:
+  selector:
+    matchLabels:
+      app: nextcloud-db
+  serviceName: nextcloud-db
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: nextcloud-db
+    spec:
+      containers:
+      - name: nextcloud-db
+        image: mariadb:12.1.2
+        ports:
+        - containerPort: 3306
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-secrets
+              key: root-password
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: nextcloud-secrets
+              key: user-password
+        - name: MYSQL_DATABASE
+          value: "nextcloud"
+        - name: MYSQL_USER
+          value: "nextcloud"
+        - name: MARIADB_AUTO_UPGRADE
+          value: "1"
+        volumeMounts:
+        - name: nextcloud-db
+          mountPath: /var/lib/mysql
+  volumeClaimTemplates:
+  - metadata:
+      name: nextcloud-db
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 2Gi
+      storageClassName: longhorn

clusters/ipv6/tools/nextcloud/nextcloud-ingress.yml

@@ -0,0 +1,53 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud-ingress
+  namespace: monitoring
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - nextcloud.akshun-lab.cc
+    secretName: nextcloud-tls
+  rules:
+  - host: nextcloud.akshun-lab.cc
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nextcloud-service
+            port:
+              number: 443
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: collabora-ingress
+  namespace: monitoring
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-cloudflare
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - collabora.akshun-lab.cc
+    secretName: collabora-tls
+  rules:
+  - host: collabora.akshun-lab.cc
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: collabora-service
+            port:
+              number: 9980

clusters/ipv6/tools/nextcloud/nextcloud-pvc.yml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-longhorn
+  namespace: tools
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 2Gi
+  storageClassName: longhorn

clusters/ipv6/tools/nextcloud/nextcloud-secrets-sealed.yml

@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: nextcloud-secrets
+  namespace: tools
+spec:
+  encryptedData:
+    nextcloud-url: AgAFzW3QSq6FnGK/H+pzimmSGnDOE+6hUxoTdfYWnr6GKGwzjJizDJgqRvknaNzKr1/1WtSIg32rJYM8HbRRA2RdTrWys59rG3OdDSGYrkBUnRxyw8aKOHDiSI/8gxtsJ+29t+GLL1u+apXBYOrnekjV+0R3TlDrQSG+XQmSueNX2n8sCawEwvq7M9IYJjcYISCJ+kDAChx0RdTjCfl1K+94Oc9lRZpeirDrXY0pX4+SBch8BTIyQngYX74BtqHHkonjJDyBsZySG2PToThmWYg0LQd8Xg2yrjmj89AicEh5PCgU4PW6a5RuK+8DxfW4CxRGyFwOMlD2YePTEC975oh5S+E4W+U2ccuJ9wUji8s3y52BoinlmvyixoOlDt1b+ALI69Meh6RDwDUpCWUYbiGnzlt5da1XFU6sdGBp9kMHt+f3Xknn9U+lxqFFlizBTviJTM2Ds2T9DONxnVOCTkecZzAC7HOWpWjufMln3yorvdzH9p8OAIgK8GNUK6O/+oOWeTSAvZQMDqJeOb0aFYk00oMGgyf5PKPvjUxQ9QncXl7T9+eQD8W9JNPqehTPQwXdRoXkxqXGFwlM0Yt+OcdagB7qM8lch156MLAxdzTJlw/kr2nirwgfJ4/oIKhpHDdohdIZkJWLV0p158S0CJbFGQ6M0HHb0WJPBYPdDmupXMpW+zvsUAkjx5q72zPLlG9EVhSNp7g4EeMIJKMC5ZmCQcoaUxKswu5rFhDhWXMW
+    root-password: AgBhzUvK0ez3PXXwAbwMHLVhOM+Aln/uI7tYPKplrasv5n8fVeKPF5Cpu3XbDmafCXvvaGDRQa1oaK+rvabe/9TbFd+p4SxD88VzcrU7j1uKpdoqwAcU0C6DpnoGN0ab2E8mtOeJFkeNUQ2+HOeCW9RUWXCPfMND8YJ23gbY5E2Ygo/UXyGi54xIf+XtVsTvORAIBnvziojA7Yfo6KjmYhtpeF0nRNMXWfAjw/1t6OgXTtRR2Jj2HA3k42cU3Q2+DXlbaCfErS/aKMFqdlQOFmINJyh8yqacm1Eb6lfmLmZfjHFKetbM0NJNHvYQ2Rni1tcjH9DnIOYivID84iJNDjnqMNbS7FtVEkjXamIafHbObo9QXxQbI0N1tgnmEkSuVYb9avTydos/hFMJ5dPGs/XBdvJUii+XhfIP54G86QxnkKQpXvV4gxHkdTxZOHMgprp+l8VyWpl6Ctj/lZy5ChFf6qPP8Q6BLHsmG6ykCt6gFJqFC0KBqLegWLioSHfYh6jyda2sEwJrX834TqDnrjykS4epOvf1oUdvUtx568XN9e2nGFcZTT7ehYTAY0RdSVQvKDyLL3/HuNo4HpqDB8tjPRis7opiL4WiGetmDe75H11JL5hecxMMsg9+O4xD0WbGrkb79S6A3u3MkjrnvXPTokkyQVO5doaG/hN28PFYa+j6RbJJQsvVP5I1ioU/W718E71idPU8o8/39g==
+    user-password: AgA3kPih0lVuivvYBxC3W5OuwLIiPDwMKukAAGSf6VsWgzwmhUaBoy9Psy1/0zcLg9CbjFPkcW6Me7sKpdCdumBa4KHTh2wznEUvIITXK15BiZeNsiiLSMWH5kNEvb0SZhgUn2sllQUcOL+4pkjjkCQ9SeH9aXtUkCu65eKjIsQ4j893Qx+kpD+lEkZbth7MZU6TL+LVjIFpmLv1M+eQmtz8G9+qShtrTPNaBJjWO0SgsS13K/4121bRsIBeao6LXaAIXr+RtAwMHJUMmrYV1rJHy/F/dAyCghAJuL6GL0mJKXwGJ+zag1+4ryE/VbnnGx2Et77941/f27Wl7PeH4uZmnhoEumO2ebl1Lxj+O5Qalov/fKreBYF1LOiHCbD9QyKYzCjHCQ+bVw7GDXwXnuQjHPEjAqAitTJCO5JL3ir33QFMO3C1b0xZldTdJ3HS8yeHv0icaelBFPIzawbPCJqiy38BnuJivJcHAPllOrbnjOHNNlVck+DqOq9PnFK3OnwHoMKLDqvTk0SYpKxd9m0oR5TTVgx986JgCbCD/gmzZmT6xrAatVLDaL7iG0GeIeFcWAKhJoKfQOmsLkkNNFMGk4d8f3cMV6et1FgvseMy6MFAoAHbur5768ONMkyA88BZMd4j1Jk8SUAUYbg50d0xVCSx8+L3twqk3FzRJ7c2h9ruWYyYz3P1fvJectHrXMLeiTjwA19JSNjngw==
+  template:
+    metadata:
+      name: nextcloud-secrets
+      namespace: tools
+    type: Opaque

clusters/ipv6/tools/nextcloud/nextcloud-svc.yml

@@ -0,0 +1,42 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-service
+  namespace: tools
+spec:
+  selector:
+    app: nextcloud
+  ports:
+  - protocol: TCP
+    port: 443
+    targetPort: 443
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: collabora-service
+  namespace: tools
+spec:
+  selector:
+    app: collabora
+  ports:
+  - protocol: TCP
+    port: 9980
+    targetPort: 9980
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-db
+  namespace: tools
+spec:
+  selector:
+    app: nextcloud-db
+  ports:
+    - protocol: TCP
+      port: 3306
+      targetPort: 3306
+  clusterIP: None

clusters/ipv6/tools/nextcloud/nextcloud.yml

@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  namespace: tools
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: nextcloud
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+    spec:
+      containers:
+      - name: nextcloud
+        image: lscr.io/linuxserver/nextcloud:32.0.3
+        readinessProbe:
+          exec:
+            command:
+            - sh
+            - -c
+            - nc -z nextcloud-db.tools.svc.cluster.local 3306
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          failureThreshold: 3
+        ports:
+        - containerPort: 443
+        env:
+        - name: PGID
+          value: "1000"
+        - name: PUID
+          value: "1000"
+        - name: TZ
+          value: "Asia/Kolkata"
+        volumeMounts:
+        - name: nextcloud-data
+          mountPath: /data
+        - name: nextcloud-config
+          mountPath: /config
+      volumes:
+      - name: nextcloud-data
+        nfs:
+          path: /home/akshun/nextcloud-data
+          server: 192.168.1.151
+      - name: nextcloud-config
+        persistentVolumeClaim:
+          claimName: nextcloud-longhorn