---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nextcloud-data-j-pv
spec:
  capacity:
    storage: 900Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-path
  hostPath:
    path: /dpool/files
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-data-j-pvc
  namespace: home-server
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path 
  resources:
    requests:
      storage: 10Gi
  volumeName: nextcloud-data-j-pv
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: nextcloud-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-path
  hostPath:
    path: /dpool/services/nextcloud/data/
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nextcloud-pvc
  namespace: home-server
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: local-path 
  resources:
    requests:
      storage: 10Gi
  volumeName: nextcloud-pv
---
apiVersion: v1
kind: Service
metadata:
  name: nextcloud
  namespace: home-server
spec:
  ports:
    - port: 80
  selector:
    app: nextcloud
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nextcloud
  namespace: home-server
spec:
  securityContext:
    runAsUser:  1000
    runAsGroup: 1000
    fsGroup:    1000
  selector:
    matchLabels:
      app: nextcloud
  template:
    metadata:
      labels:
        app: nextcloud
    spec:
      containers:
        - name: nextcloud
          image: nextcloud:30
          env:
            - name: MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: nextcloud-secrets
                  key: MYSQL_PASSWORD
            - name: MYSQL_DATABASE
              value: nextcloud
            - name: MYSQL_USER
              value: nextcloud
            - name: MYSQL_HOST
              value: mariadb.database
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nextcloud-data
              mountPath: /var/www/html
            - name: nextcloud-data-j
              mountPath: /var/www/html/data/34034c4d6cb6a6f4b6dfa8e8cb482e16171e867faf9d03714c0bed9ab2e87a9e/files
          securityContext:
            runAsUser:  1000
            runAsGroup: 1000
            fsGroup:    1000
      volumes:
        - name: nextcloud-data
          persistentVolumeClaim:
            claimName: nextcloud-pvc
        - name: nextcloud-data-j
          persistentVolumeClaim:
            claimName: nextcloud-data-j-pvc
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nextcloud
  namespace: home-server
  annotations:
    external-dns.alpha.kubernetes.io/hostname: nc.hxme.net
    nginx.ingress.kubernetes.io/server-snippet: |
      add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/custom-http-headers: "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload"
spec:
  tls:
    - hosts:
        - nc.hxme.net
      secretName: wildcard-hxme-net
  rules:
    - host: nc.hxme.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: nextcloud
                port:
                  number: 80



  ---
# This is a Kubernetes CronJob that executes the Nextcloud background tasks.
# It is designed to run the 'cron.php' script every 5 minutes.
apiVersion: batch/v1
kind: CronJob
metadata:
  name: nextcloud-cron
  namespace: home-server
spec:
  # The schedule for the cron job, in standard cron format.
  # This will run the job every 5 minutes.
  schedule: "*/5 * * * *"
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 1
  jobTemplate:
    spec:
      template:
        spec:
          # This security context ensures the job runs with the correct user and group
          # for the Nextcloud container, which is often www-data (UID 33).
          securityContext:
            runAsUser: 33
            runAsGroup: 33
          containers:
            - name: nextcloud-cron
              # Use the same Nextcloud image as the main deployment to ensure consistency.
              image: nextcloud:30
              imagePullPolicy: IfNotPresent
              # The command to execute. 'php -f /var/www/html/cron.php' is the official
              # Nextcloud command for running background tasks.
              command: ["php", "-f", "/var/www/html/cron.php"]
              env:
                # The environment variables are passed to the cron job container so it
                # can connect to the same database as the main Nextcloud pod.
                - name: MYSQL_PASSWORD
                  valueFrom:
                    secretKeyRef:
                      name: nextcloud-secrets
                      key: MYSQL_PASSWORD
                - name: MYSQL_DATABASE
                  value: nextcloud
                - name: MYSQL_USER
                  value: nextcloud
                - name: MYSQL_HOST
                  value: mariadb.database
              volumeMounts:
                # Mount the persistent volume claim to access the Nextcloud installation
                # and data directories.
                - name: nextcloud-data
                  mountPath: /var/www/html
          volumes:
            - name: nextcloud-data
              persistentVolumeClaim:
                claimName: nextcloud-pvc
          # Set the restart policy to 'OnFailure' to allow the job to complete and
          # not remain in a running state.
          restartPolicy: OnFailure