{
  kubernetes.resources = {
    configMaps.nextcloud.data = {
      POSTGRES_USER = "nextcloud";
      POSTGRES_DB = "nextcloud";
      POSTGRES_HOST = "lewis.dmz";
    };

    secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword";

    deployments.nextcloud = {
      metadata.labels.app = "nextcloud";

      spec = {
        selector.matchLabels.app = "nextcloud";

        template = {
          metadata.labels.app = "nextcloud";

          spec = {
            volumes.data.persistentVolumeClaim.claimName = "nextcloud";

            containers.nextcloud = {
              image = "nextcloud:27";
              envFrom = [{ configMapRef.name = "nextcloud"; }];
              ports.web.containerPort = 80;

              env.POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
                name = "nextcloud";
                key = "databasePassword";
              };

              volumeMounts = [{
                name = "data";
                mountPath = "/var/www/html";
              }];
            };
          };
        };
      };
    };

    services.nextcloud.spec = {
      selector.app = "nextcloud";

      ports.web = {
        port = 80;
        targetPort = "web";
      };
    };
  };

  lab = {
    nfsVolumes.nextcloud.path = "nextcloud/data";

    ingresses.nextcloud = {
      host = "cloud.kun.is";

      service = {
        name = "nextcloud";
        portName = "web";
      };
    };
  };
}