{ kubernetes.resources = { configMaps.nextcloud.data = { POSTGRES_USER = "nextcloud"; POSTGRES_DB = "nextcloud"; POSTGRES_HOST = "lewis.dmz"; }; secrets.nextcloud.stringData.databasePassword = "ref+sops://secrets/sops.yaml#/nextcloud/databasePassword"; deployments.nextcloud = { metadata.labels.app = "nextcloud"; spec = { selector.matchLabels.app = "nextcloud"; template = { metadata.labels.app = "nextcloud"; spec = { containers.nextcloud = { image = "nextcloud:27"; envFrom = [{ configMapRef.name = "nextcloud"; }]; ports = [{ containerPort = 80; protocol = "TCP"; }]; env = [{ name = "POSTGRES_PASSWORD"; valueFrom.secretKeyRef = { name = "nextcloud"; key = "databasePassword"; }; }]; volumeMounts = [{ name = "data"; mountPath = "/var/www/html"; }]; }; volumes = [{ name = "data"; persistentVolumeClaim.claimName = "nextcloud"; }]; }; }; }; }; persistentVolumes.nextcloud.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/nextcloud/data"; }; }; persistentVolumeClaims.nextcloud.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "nextcloud"; }; services.nextcloud.spec = { selector.app = "nextcloud"; ports = [{ protocol = "TCP"; port = 80; targetPort = 80; }]; }; ingresses.nextcloud = { metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; spec = { ingressClassName = "traefik"; rules = [{ host = "cloud.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "nextcloud"; port.number = 80; }; }]; }]; tls = [{ secretName = "nextcloud-tls"; hosts = [ "cloud.kun.is" ]; }]; }; }; }; }