---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nextcloud-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-path
  hostPath:
    path: /dpool/services/nextcloud/data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-pvc
  namespace: home-server
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path 
  resources:
    requests:
      storage: 10Gi
  volumeName: nextcloud-pv
---
apiVersion: v1
kind: Service
metadata:
  name: nextcloud
  namespace: home-server
spec:
  ports:
    - port: 80
  selector:
    app: nextcloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud
  namespace: home-server
spec:
  securityContext:
    runAsUser:  1000
    runAsGroup: 1000
    fsGroup:    1000
  selector:
    matchLabels:
      app: nextcloud
  template:
    metadata:
      labels:
        app: nextcloud
    spec:
      containers:
        - name: nextcloud
          image: nextcloud:29
          env:
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-secrets
                  key: MYSQL_PASSWORD
            - name: MYSQL_DATABASE
              value: nextcloud
            - name: MYSQL_USER
              value: nextcloud
            - name: MYSQL_HOST
              value: nextcloud-db
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
          securityContext:
            runAsUser:  1000
            runAsGroup: 1000
            fsGroup:    1000
      volumes:
        - name: nextcloud-data
          persistentVolumeClaim:
            claimName: nextcloud-pvc

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nextcloud
  namespace: home-server
  annotations:
    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
    nginx.ingress.kubernetes.io/server-snippet: |
      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
spec:
  tls:
    - hosts:
        - nc.hxme.net
      secretName: wildcard-hxme-net
  rules:
    - host: nc.hxme.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nextcloud
                port:
                  number: 80


---
apiVersion: k8s.mariadb.com/v1alpha1
kind: Grant
metadata:
  name: nextcloud
  namespace: database
spec:
  databaseRef:
    name: nextcloud
  accountName: nextcloud@'%'
  privileges:
    - ALL
  mariaDbRef:
    name: mariadb
  passwordSecretKeyRef:
    name: nextcloud-secrets
    key:  MYSQL_PASSWORD