---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nextcloud-data-j-pv
spec:
  capacity:
    storage: 900Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-path
  hostPath:
    path: /dpool/files
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-data-j-pvc
  namespace: home-server
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path 
  resources:
    requests:
      storage: 10Gi
  volumeName: nextcloud-data-j-pv
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nextcloud-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-path
  hostPath:
    path: /dpool/services/nextcloud/data/
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-pvc
  namespace: home-server
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path 
  resources:
    requests:
      storage: 10Gi
  volumeName: nextcloud-pv
---
apiVersion: v1
kind: Service
metadata:
  name: nextcloud
  namespace: home-server
spec:
  ports:
    - port: 80
  selector:
    app: nextcloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud
  namespace: home-server
spec:
  securityContext:
    runAsUser:  1000
    runAsGroup: 1000
    fsGroup:    1000
  selector:
    matchLabels:
      app: nextcloud
  template:
    metadata:
      labels:
        app: nextcloud
    spec:
      containers:
        - name: nextcloud
          image: nextcloud:29
          env:
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-secrets
                  key: MYSQL_PASSWORD
            - name: MYSQL_DATABASE
              value: nextcloud
            - name: MYSQL_USER
              value: nextcloud
            - name: MYSQL_HOST
              value: mariadb.database
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
            - name: nextcloud-data-j
              mountPath: /dpool/services/nextcloud/data/data/34034c4d6cb6a6f4b6dfa8e8cb482e16171e867faf9d03714c0bed9ab2e87a9e/files
          securityContext:
            runAsUser:  1000
            runAsGroup: 1000
            fsGroup:    1000
      volumes:
        - name: nextcloud-data
          persistentVolumeClaim:
            claimName: nextcloud-pvc
        - name: nextcloud-data-j
          persistentVolumeClaim:
            claimName: nextcloud-data-j-pvc
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nextcloud
  namespace: home-server
  annotations:
    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
    nginx.ingress.kubernetes.io/server-snippet: |
      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/custom-http-headers: "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload"
spec:
  tls:
    - hosts:
        - nc.hxme.net
      secretName: wildcard-hxme-net
  rules:
    - host: nc.hxme.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nextcloud
                port:
                  number: 80