initial setup of nextcloud

TODO: database, config, apps folder

ansible-5/roles/prod.k3s/defaults/main.yml

@@ -20,6 +20,12 @@ fstab:
     - name: mariadb
       path: "/opt/data/db"
       state: mounted
+    - name: nextcloud
+      path: "/opt/data/nextcloud"
+      state: mounted
+    - name: nextcloud2
+      path: "/opt/data/nextcloud2"
+      state: mounted
 
 helm:
   repos:
@@ -60,3 +66,8 @@ apps:
     namespace: default
     pvc: data-dkregistry-0
     state: present
+
+  nextcloud:
+    enabled: true
+    namespace: nextcloud
+    state: absent

ansible-5/roles/prod.k3s/files/nextcloud/values.yaml

@@ -0,0 +1,113 @@
+---
+
+image:
+#  repository: dkregistry.xai-corp.net
+  tag: "21.0"
+#  flavor: apache
+#  pullSecrets: regcred
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/custom-response-headers: "Access-Control-Allow-Origin:*||Access-Control-Allow-Methods:GET,POST,OPTIONS||Access-Control-Allow-Headers:DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range||Access-Control-Expose-Headers:Content-Length,Content-Range"
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
+
+nextcloud:
+#  image: xaicorp/nextcloud
+  host: xaibox.xai-corp.net
+  datadir: /var/www/html/data
+  defaultConfigs:
+    autoconfig\.php: false
+  configs:
+    config.php: |-
+      <?php
+      $CONFIG = [
+        'installed' => true,
+        'instanceid' => 'ocxziwl6co38',
+        'passwordsalt' => 'FKWh+oXeNAm2EPHg6mz+9xE48gunGb',
+        'secret' => 'yC3EEMk31oZpas8U65awdT5rxR40+8uP5NEkD82S3iLNNWqr',
+        'trusted_domains' => [
+          0 => 'dkhost.xai-corp.net:8083',
+          1 => 'dkhost:8083',
+          2 => 'tasks.xaibox_app:8083',
+          3 => 'xaibox.xai-corp.net',
+          4 => 'localhost',
+        ],
+        'htaccess.RewriteBase' => '/',
+        'memcache.local' => '\\OC\\Memcache\\APCu',
+        'apps_paths' => [
+          0 => [
+            'path' => '/var/www/html/apps',
+            'url' => '/apps',
+            'writable' => false,
+          ],
+          1 => [
+            'path' => '/var/www/html/custom_apps',
+            'url' => '/custom_apps',
+            'writable' => true,
+          ],
+        ],
+        'datadirectory' => '/var/www/html/data',
+        'dbtype' => 'mysql',
+        'dbname' => 'nextcloud',
+        'dbhost' => 'mariadb.mariadb',
+        'dbport' => '3306',
+        'dbtableprefix' => 'oc_',
+        'mysql.utf8mb4' => true,
+        'dbuser' => 'nextcloud',
+        'dbpassword' => 'xh891hx1hc89f239hibndnxc1i',
+  
+        'version' => '21.0.9.1',
+        'overwrite.cli.url' => 'http://localhost',
+        'log_type' => 'owncloud',
+        'logfile' => 'nextcloud.log'
+      ];
+
+#  extraVars:
+#    ServerName: xaibox.xai-corp.net
+#
+  extraVolumes:
+    - name: extra-data
+      persistentVolumeClaim:
+        claimName: nextcloud-data-0
+    - name: extra-apps
+      persistentVolumeClaim:
+        claimName: nextcloud-apps-0
+
+#  volumeMounts:
+#    - name: extra-data
+#      mountPath: /data
+#    - name: extra-apps
+#      mountPath: /apps
+
+persistence:
+  enabled: true
+#  existingClaim: nextcloud-main-0
+  nextcloudData:
+    enabled: true
+    existingClaim: nextcloud-data-0
+
+readinessProbe:
+  initialDelaySeconds: 30
+
+startupProbe:
+  enabled: true
+  initialDelaySeconds: 60
+
+internalDatabase:
+  enabled: false
+externalDatabase:
+  enabled: true
+  type: mysql
+  host: "sql.xai-corp.net:3306"
+  database: nextcloud2
+  user: nextcloud
+  password: xh891hx1hc89f239hibndnxc1i
+
+redis:
+  enabled: false

ansible-5/roles/prod.k3s/tasks/deployments/dkregistry.yaml

@@ -37,7 +37,6 @@
         namespace: "{{apps.dkregistry.namespace}}"
       stringData:
         htpassword: "richard:$2y$05$Zp.GEiUbsGYYVOYWE71truuERCAE.D5wwGzU3Xi3wIVAWjH60t/U."
-
   become: true
 
 - name: create docker-registry resources

ansible-5/roles/prod.k3s/tasks/deployments/nextcloud.yaml

@@ -0,0 +1,54 @@
+---
+# https://github.com/nextcloud/helm/tree/master/charts/nextcloud
+
+
+- name: Create a namespace for nextcloud
+  k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    name: "{{apps.nextcloud.namespace}}"
+    api_version: v1
+    kind: Namespace
+    state: "{{apps.nextcloud.state}}"
+  become: true
+
+
+- name: create persistent volume resources
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.nextcloud.state}}"
+    definition: "{{ lookup('template', item) | from_yaml }}"
+  loop:
+    - nextcloud/pv-apps.yaml
+    - nextcloud/pv-data.yaml
+    - nextcloud/pv-configs.yaml
+    - nextcloud/pv-main.yaml
+    - nextcloud/pv-apps-claim.yaml
+    - nextcloud/pv-data-claim.yaml
+    - nextcloud/pv-configs-claim.yaml
+    - nextcloud/pv-main-claim.yaml
+  become: true
+
+- name: Install nextcloud globally available
+  block:
+    - name: Add nextcloud chart helm repo
+      local_action:
+        module: kubernetes.core.helm_repository
+        name: nextcloud
+        repo_url: https://nextcloud.github.io/helm/
+
+    - name: load variables files/nextcloud/values.yaml
+      ansible.builtin.include_vars:
+        file: files/nextcloud/values.yaml
+        name: stash_values
+
+    - name: Install Nextcloud Release
+      local_action:
+        module: kubernetes.core.helm
+        release_state: "{{apps.nextcloud.state}}"
+        name: nextcloud
+        namespace: "{{apps.nextcloud.namespace}}"
+        create_namespace: yes
+        update_repo_cache: True
+        chart_ref: nextcloud/nextcloud
+        values: "{{stash_values}}"
+        wait: true

ansible-5/roles/prod.k3s/tasks/main.yml

@@ -29,6 +29,10 @@
   include_tasks: deployments/dkregistry.yaml
   when: apps.dkregistry.enabled
 
+- name: deploy nextcloud
+  include_tasks: deployments/nextcloud.yaml
+  when: apps.nextcloud.enabled
+
 #-----------------------------------------------------
 #- include_tasks: mariadb.yaml
 #

ansible-5/roles/prod.k3s/templates/nextcloud/pv-apps-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-apps-0
+  namespace: "{{apps.nextcloud.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/nextcloud/pv-apps.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nextcloud-pv-apps-local
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/nextcloud2/apps"
+

ansible-5/roles/prod.k3s/templates/nextcloud/pv-configs-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-configs-0
+  namespace: "{{apps.nextcloud.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/nextcloud/pv-configs.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nextcloud-pv-configs-local
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/nextcloud2/config"
+

ansible-5/roles/prod.k3s/templates/nextcloud/pv-data-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-data-0
+  namespace: "{{apps.nextcloud.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/nextcloud/pv-data.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nextcloud-pv-data-local
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/nextcloud2/data"
+

ansible-5/roles/prod.k3s/templates/nextcloud/pv-main-claim.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-main-0
+  namespace: "{{apps.nextcloud.namespace}}"
+spec:
+  storageClassName: manual
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi

ansible-5/roles/prod.k3s/templates/nextcloud/pv-main.yaml

@@ -0,0 +1,17 @@
+---
+# persistent volume
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nextcloud-pv-main-local
+  labels:
+    type: emptyDir
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 100Gi
+  accessModes:
+    - ReadWriteOnce
+  hostPath:
+    path: "/opt/data/nextcloud2/main"
+