apiVersion: v1
kind: ConfigMap
metadata:
  name: nextcloud-config
data:
    POSTGRES_USER: nextcloud
    POSTGRES_DB: nextcloud
    POSTGRES_PASSWORD: supersecretPassw0rd
    NEXTCLOUD_ADMIN_USER: administrator
    NEXTCLOUD_ADMIN_PASSWORD: adminPassw0rd
    NEXTCLOUD_TRUSTED_DOMAINS: cloud.example.com 192.168.123.22
    REDIS_HOST: 127.0.0.1
    REDIS_PORT: 6379
    TZ: Europe/Helsinki
    ## Optionally tweak these ##
    PHP_MEMORY_LIMIT: 3G
    PHP_UPLOAD_LIMIT: 10G
    
---
apiVersion: v1
kind: Pod
metadata:
  name: nextcloud
  creationTimestamp: "2022-05-25T09:38:11Z"
  labels:
    app: nextcloud
  annotations:
spec:
  volumes:
  - hostPath:
      path: /path/to/nextcloud/clamav-config    ## Path of mounted ClamAV configuration directory ##
      type: Directory
    name: clamav-config-host-1
  - hostPath:
      path: /path/to/nextcloud/app              ## Path of mounted web root on host (/var/www/nextcloud) ##
      type: Directory
    name: nextcloud-app-host-0
  - hostPath:
      path: /path/to/nextcloud/redis            ## Path of mounted Redis db dump directory ##
      type: Directory
    name: nextcloud-redis-host-0
  - name: clamav-db
    persistentVolumeClaim:
      claimName: clamav-db
  - name: nextcloud-psql
    persistentVolumeClaim:
      claimName: nextcloud-psql
  containers:

  - name: clamav
    image: docker.io/clamav/clamav:latest
    #image: ghcr.io/0ranki/clamav-docker-arm64:v1.1.0
    resources: {}
    securityContext:
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
    volumeMounts:
    - mountPath: /var/lib/clamav
      name: clamav-db
    - mountPath: /etc/clamav
      name: clamav-config-host-1

  - name: redis
    image: docker.io/library/redis:alpine
    args:
    - redis-server
    - --save
    - 60
    - 1
    - --loglevel
    - warning
    resources: {}
    securityContext:
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
    volumeMounts:
    - mountPath: /data
      name: nextcloud-redis-host-0

  - name: psql
    image: docker.io/postgres:14-alpine
    args:
    - postgres
    command:
    - docker-entrypoint.sh
    envFrom:
    - configMapRef:
        name: nextcloud-config
        optional: false
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
      privileged: false
      readOnlyRootFilesystem: false
      seLinuxOptions: {}
    volumeMounts:
    - mountPath: /var/lib/postgresql/data
      name: nextcloud-psql
    workingDir: /

  - name: app
    ## Remember to change cron container version!
    image: ghcr.io/0ranki/nextcloud-previews:latest
    ## Remember to change cron container version!
    #imagePullPolicy: never
    ports:
    - containerPort: 80
      hostPort: 8082
    envFrom:
    - configMapRef:
        name: nextcloud-config
        optional: false
    resources: {}
    securityContext:
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
    volumeMounts:
    - mountPath: /var/www/html
      name: nextcloud-app-host-0

  - name: cron
    # Remember to change main image version!
    image: ghcr.io/0ranki/nextcloud-previews:latest
    # Remember to change main image version!
      #imagePullPolicy: never
    args:
    - busybox
    - crond
    - -f
    - -l
    - 0
    - -L
    - /dev/stdout
    env:
    - name: TZ
      value: Europe/Helsinki
    resources: {}
    securityContext:
      capabilities:
        drop:
        - CAP_MKNOD
        - CAP_NET_RAW
        - CAP_AUDIT_WRITE
    volumeMounts:
    - mountPath: /var/www/html
      name: nextcloud-app-host-0

#  - name: cloudflared
#    image: docker.io/cloudflare/cloudflared:latest
#    args:
#    - tunnel
#    - --no-autoupdate
#    - run
#    - --token
#    - ### CLOUDFLARE TOKEN TÄHÄN ###
#    resources: {}
#    securityContext: {}

  restartPolicy: Always

status: {}