continuous deploy - service account and gitea workflow

deploy/app/.env.d/.gitignore

@@ -0,0 +1,3 @@
+**
+!.gitignore
+!**.example

deploy/app/.env.d/nextcloud-mariadb.env.example

@@ -0,0 +1,4 @@
+MARIADB_USER=????
+MARIADB_PASSWORD=????
+MARIADB_ROOT_PASSWORD=???
+MARIADB_DATABASE=???

deploy/app/.env.d/nextcloud.secrets.env.example

@@ -0,0 +1,3 @@
+NEXTCLOUD_HOST=????
+NEXTCLOUD_USERNAME=????
+NEXTCLOUD_PASSWORD=???

deploy/app/.env.d/pbs.env.example

@@ -0,0 +1,3 @@
+PBS_REPOSITORY=????
+PBS_PASSWORD=????
+PBS_FINGERPRINT=???

deploy/app/.gitignore

@@ -0,0 +1,2 @@
+**.local.**
+**.private.**

deploy/app/helm-values.yaml

@@ -0,0 +1,154 @@
+image:
+  repository: nextcloud
+  flavor: apache
+  tag:
+  pullPolicy: Always
+  
+replicaCount: 1
+
+livenessProbe:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 6
+
+readinessProbe:
+  initialDelaySeconds: 60
+  periodSeconds: 10
+  timeoutSeconds: 5
+  failureThreshold: 12
+
+# ------------------------------------------------------------------------------
+# Nextcloud maintenance mode & Kubernetes probes
+# ------------------------------------------------------------------------------
+# When performing upgrades or running `occ upgrade`, Nextcloud may return 503
+# on /status.php until the database migration is complete. During this period,
+# Kubernetes will repeatedly kill the pod because the readiness/liveness probes
+# fail before the upgrade finishes.
+#
+# To prevent Kubernetes from terminating the pod during maintenance or upgrades,
+# temporarily disable both probes. This allows the container to stay alive long
+# enough for you to exec into it and run:
+#
+#     php occ upgrade
+#
+# After the upgrade completes, re‑enable the probes.
+#
+# Example:
+#
+# livenessProbe:
+#   enabled: false
+#
+# readinessProbe:
+#   enabled: false
+# ------------------------------------------------------------------------------
+
+
+
+internalDatabase:
+  enabled: false
+
+mariadb:
+  enabled: false
+
+externalDatabase:
+  enabled: true
+  type: mysql
+  host: nextcloud-mariadb.cloud-limbosolutions-com.svc.cluster.local
+  user: "???"
+  password: "???"
+  database: "???"
+  port: 3306
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 8Gi
+
+  nextcloudData:
+    accessMode: ReadWriteOnce
+    size: 8Gi
+
+resources:
+  limits:
+    cpu: "1"
+    memory: 3000Mi
+  requests:
+    cpu: "0.5"
+    memory: 512Mi
+
+
+## Cronjob to execute Nextcloud background tasks
+## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron
+##
+cronjob:
+  enabled: true
+
+nextcloud:
+  extraVolumes:
+    - name: mf-documents
+      persistentVolumeClaim:
+        claimName: mf-documents-limbosolutions-com
+    - name: mf-photos
+      persistentVolumeClaim:
+        claimName: mf-gallery-limbosolutions-com
+    - name: media-gaming
+      persistentVolumeClaim:
+        claimName: media-gaming-limbosolutions-com
+    - name: media-music
+      persistentVolumeClaim:
+        claimName: media-music-limbosolutions-com
+    - name: media-videos
+      persistentVolumeClaim:
+        claimName: media-videos-limbosolutions-com
+    - name: it-storage
+      persistentVolumeClaim:
+        claimName: it-storage-limbosolutions-com
+    - name: mf-nextcloud
+      persistentVolumeClaim:
+        claimName: mf-nextcloud-limbosolutions-com
+
+
+  extraVolumeMounts:
+      - name: mf-nextcloud
+        mountPath: /var/www/html/data/marcio.fernandes/files
+
+      - name: mf-documents
+        mountPath: /var/www/html/data/marcio.fernandes/files/Documents
+
+      - name: mf-photos
+        mountPath: /var/www/html/data/marcio.fernandes/files/Photos
+
+      - name: media-gaming
+        mountPath: /var/www/html/data/marcio.fernandes/files/Gaming
+
+      - name: media-music
+        mountPath: /var/www/html/data/marcio.fernandes/files/Music
+
+      - name: media-videos
+        mountPath: /var/www/html/data/marcio.fernandes/files/Videos
+
+      - name: it-storage
+        mountPath: /var/www/html/data/marcio.fernandes/files/NeirdStorage
+  configs:
+    https.config.php: |-
+      <?php
+        $CONFIG = array (
+          'overwritehost' => 'cloud.limbosolutions.com',
+          'overwrite.cli.url' => 'https://cloud.limbosolutions.com',
+          'overwriteprotocol' => 'https',
+          'trusted_proxies' => array ( 0 => '127.0.0.1', 1 => '::1', 2 => '10.0.0.0'),
+        );
+    
+    # A value of 1 e.g. will only run these background jobs between 01:00am UTC and 05:00am UTC:
+    # https://docs.nextcloud.com/server/30/admin_manual/configuration_server/background_jobs_configuration.html
+    maintenance.config.php: |-
+      <?php
+        $CONFIG = array (
+          'maintenance_window_start' => 1,
+        );
+ingress:
+  enabled: false
+
+
+

deploy/app/kustomization.yaml

@@ -4,16 +4,16 @@ kind: Kustomization
 secretGenerator:
 - name: nextcloud-mariadb
   envs:
-    - ./.env.d/nextcloud-mariadb.secrets
+    - ./.env.d/nextcloud-mariadb.env
 
 - name: backup-secret
   envs:
-    - ./.env.d/pbs.secrets
+    - ./.env.d/pbs.env
 
 resources:
-  - ./persistent-volumes-claims.yaml
+  - ./storage-limbosolutions-com/pvc.yaml
   - ./mariadb-deploy.yaml
-  - ./backup-cronjob.yaml
+  - ./backups/backup-pbs-cronjob.yaml
 
 generatorOptions:
   disableNameSuffixHash: true

deploy/app/mariadb-deploy.yaml

@@ -3,7 +3,6 @@ apiVersion: v1
 kind: Service
 metadata:
   name: nextcloud-mariadb
-  namespace: cloud-limbosolutions-com
 spec:
   clusterIP: None
   selector:

deploy/app/storage-limbosolutions-com/pvc.yaml

@@ -3,7 +3,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: mf-documents-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: mf-documents-limbosolutions-com-nextcloud
@@ -18,7 +17,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: media-music-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: media-music-limbosolutions-com-nextcloud
@@ -34,7 +32,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: media-videos-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: media-videos-limbosolutions-com-nextcloud
@@ -50,7 +47,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: media-gaming-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: media-gaming-limbosolutions-com-nextcloud
@@ -66,7 +62,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: it-storage-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: it-storage-limbosolutions-com-nextcloud
@@ -81,10 +76,11 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: mf-gallery-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: mf-gallery-limbosolutions-com-nextcloud
+
+  
   accessModes:
   - ReadWriteMany
   resources:
@@ -97,7 +93,6 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: mf-nextcloud-limbosolutions-com
-  namespace: cloud-limbosolutions-com
 spec:
   storageClassName: storage-limbosolutions-com
   volumeName: mf-nextcloud-limbosolutions-com-nextcloud