added nextcloud, gitea

argocd-apps/homelab.yaml

@@ -192,3 +192,47 @@ spec:
     - CreateNamespace=true
     - PruneLast=true
 ---
+# Gitea
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: gitea
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: homelab
+  source:
+    repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
+    targetRevision: main
+    path: gitea-system
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: gitea-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    - PruneLast=true
+---
+# Nextcloud
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nextcloud
+  namespace: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: homelab
+  source:
+    repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git
+    targetRevision: main
+    path: nextcloud-system
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: nextcloud-system
+  syncPolicy:
+    syncOptions:
+    - CreateNamespace=true
+    - PruneLast=true
+---

gitea-system/gitea.yaml

@@ -0,0 +1,359 @@
+# After deployment create admin user with below command in gitea container:
+#
+# su git
+# gitea admin user create --username admin --password '<password>' --email <email> --admin
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: gitea
+    app.kubernetes.io/version: 1.25.2
+  name: gitea
+  namespace: gitea-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: gitea
+      app.kubernetes.io/name: gitea
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: gitea
+        app.kubernetes.io/name: gitea
+        app.kubernetes.io/version: 1.25.2
+    spec:
+      initContainers:
+      - name: init-directories
+        image: busybox:1.36
+        command:
+        - sh
+        - -c
+        - |
+          mkdir -p /data/gitea/conf
+          chown -R 1000:1000 /data
+        volumeMounts:
+        - name: data
+          mountPath: /data
+      containers:
+      - name: gitea
+        image: gitea/gitea:1.25.2
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: USER_UID
+          value: "1000"
+        - name: USER_GID
+          value: "1000"
+        - name: GITEA__database__DB_TYPE
+          value: postgres
+        - name: GITEA__database__HOST
+          value: gitea-postgres:5432
+        - name: GITEA__database__NAME
+          value: gitea
+        - name: GITEA__database__USER
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: username
+        - name: GITEA__database__PASSWD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: password
+        - name: GITEA__server__DOMAIN
+          value: gitea.dooplex.hu
+        - name: GITEA__server__ROOT_URL
+          value: https://gitea.dooplex.hu/
+        - name: GITEA__server__HTTP_PORT
+          value: "3000"
+        - name: GITEA__server__SSH_DOMAIN
+          value: gitea.dooplex.hu
+        - name: GITEA__server__SSH_PORT
+          value: "22"
+        - name: GITEA__server__SSH_LISTEN_PORT
+          value: "2222"
+        - name: GITEA__server__LFS_START_SERVER
+          value: "true"
+        - name: GITEA__security__INSTALL_LOCK
+          value: "true"
+        - name: GITEA__security__SECRET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: gitea-app
+              key: secret-key
+        - name: GITEA__security__INTERNAL_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: gitea-app
+              key: internal-token
+        - name: GITEA__server__LFS_JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: gitea-app
+              key: lfs-jwt-secret
+        - name: GITEA__service__DISABLE_REGISTRATION
+          value: "true"
+        - name: GITEA__mailer__ENABLED
+          value: "true"
+        - name: GITEA__mailer__PROTOCOL
+          value: smtp+starttls
+        - name: GITEA__mailer__SMTP_ADDR
+          valueFrom:
+            secretKeyRef:
+              name: smtp-credentials
+              key: host
+        - name: GITEA__mailer__SMTP_PORT
+          valueFrom:
+            secretKeyRef:
+              name: smtp-credentials
+              key: port
+        - name: GITEA__mailer__USER
+          valueFrom:
+            secretKeyRef:
+              name: smtp-credentials
+              key: username
+        - name: GITEA__mailer__PASSWD
+          valueFrom:
+            secretKeyRef:
+              name: smtp-credentials
+              key: password
+        - name: GITEA__mailer__FROM
+          valueFrom:
+            secretKeyRef:
+              name: smtp-credentials
+              key: from-address
+        - name: GITEA__time__DEFAULT_UI_LOCATION
+          value: Europe/Budapest
+        ports:
+        - containerPort: 3000
+          name: http
+          protocol: TCP
+        - containerPort: 2222
+          name: ssh
+          protocol: TCP
+        livenessProbe:
+          httpGet:
+            path: /api/healthz
+            port: http
+          initialDelaySeconds: 60
+          periodSeconds: 30
+          timeoutSeconds: 10
+          failureThreshold: 5
+        readinessProbe:
+          httpGet:
+            path: /api/healthz
+            port: http
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+          failureThreshold: 3
+        resources:
+          limits:
+            cpu: "1"
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 256Mi
+        volumeMounts:
+        - name: data
+          mountPath: /data
+        - name: repos
+          mountPath: /data/git/repositories
+      securityContext:
+        fsGroup: 1000
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: gitea-data
+      - name: repos
+        hostPath:
+          path: /mnt/4_hdd/data/gitea/repositories
+          type: DirectoryOrCreate
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: postgres
+  name: gitea-postgres
+  namespace: gitea-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: gitea
+      app.kubernetes.io/name: postgres
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/instance: gitea
+        app.kubernetes.io/name: postgres
+    spec:
+      containers:
+      - name: postgres
+        image: postgres:16-alpine
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: POSTGRES_USER
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: username
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: gitea-db
+              key: password
+        - name: POSTGRES_DB
+          value: gitea
+        - name: PGDATA
+          value: /var/lib/postgresql/data/pgdata
+        ports:
+        - containerPort: 5432
+          name: postgres
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 500m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/postgresql/data
+          subPath: data
+      securityContext:
+        fsGroup: 999
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: gitea-postgres
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: gitea
+    app.kubernetes.io/version: 1.25.2
+  name: gitea
+  namespace: gitea-system
+spec:
+  type: ClusterIP
+  ports:
+  - name: http
+    port: 3000
+    protocol: TCP
+    targetPort: http
+  - name: ssh
+    port: 22
+    protocol: TCP
+    targetPort: ssh
+  selector:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: gitea
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: postgres
+  name: gitea-postgres
+  namespace: gitea-system
+spec:
+  type: ClusterIP
+  ports:
+  - name: postgres
+    port: 5432
+    protocol: TCP
+    targetPort: postgres
+  selector:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: postgres
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    external-dns.alpha.kubernetes.io/hostname: gitea.dooplex.hu,gitea.home
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: gitea
+  name: gitea
+  namespace: gitea-system
+spec:
+  ingressClassName: nginx-internal
+  rules:
+  - host: gitea.dooplex.hu
+    http:
+      paths:
+      - backend:
+          service:
+            name: gitea
+            port:
+              number: 3000
+        path: /
+        pathType: Prefix
+  - host: gitea.home
+    http:
+      paths:
+      - backend:
+          service:
+            name: gitea
+            port:
+              number: 3000
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - gitea.dooplex.hu
+    secretName: gitea-tls
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: gitea
+  name: gitea-data
+  namespace: gitea-system
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app.kubernetes.io/instance: gitea
+    app.kubernetes.io/name: postgres
+  name: gitea-postgres
+  namespace: gitea-system
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: longhorn

nextcloud-system/nextcloud.yaml

@@ -0,0 +1,733 @@
+---
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: nextcloud-postgresql
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+    app.kubernetes.io/component: primary
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: nextcloud
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    - ports:
+        - port: 5432
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: nextcloud-postgresql
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+    app.kubernetes.io/component: primary
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: nextcloud
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: nextcloud-postgresql
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+automountServiceAccountToken: false
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nextcloud-config
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/version: "32.0.2"
+data:
+  custom.config.php: |-
+    <?php
+    $CONFIG = array (
+      'overwriteprotocol' => 'https',
+      'overwrite.cli.url' => 'https://dooplex.hu',
+      'filelocking.enabled' => true,
+      'memcache.local' => '\\OC\\Memcache\\APCu',
+      'default_phone_region' => 'HU',
+      'allow_local_remote_servers' => true,
+    );
+  previews.config.php: |-
+    <?php
+    $CONFIG = array (
+      'enable_previews' => true,
+      'enabledPreviewProviders' => array (
+        '\\OC\\Preview\\Movie',
+        '\\OC\\Preview\\PNG',
+        '\\OC\\Preview\\JPEG',
+        '\\OC\\Preview\\GIF',
+        '\\OC\\Preview\\BMP',
+        '\\OC\\Preview\\XBitmap',
+        '\\OC\\Preview\\MP3',
+        '\\OC\\Preview\\MP4',
+        '\\OC\\Preview\\TXT',
+        '\\OC\\Preview\\MarkDown',
+        '\\OC\\Preview\\PDF'
+      ),
+    );
+  .htaccess: |-
+    # line below if for Apache 2.4
+    <ifModule mod_authz_core.c>
+    Require all denied
+    </ifModule>
+    # line below if for Apache 2.2
+    <ifModule !mod_authz_core.c>
+    deny from all
+    </ifModule>
+    # section for Apache 2.2 and 2.4
+    <ifModule mod_autoindex.c>
+    IndexIgnore *
+    </ifModule>
+    
+  apache-pretty-urls.config.php: |-
+    <?php
+    $CONFIG = array (
+      'htaccess.RewriteBase' => '/',
+    );
+    
+  apcu.config.php: |-
+    <?php
+    $CONFIG = array (
+      'memcache.local' => '\OC\Memcache\APCu',
+    );
+    
+  apps.config.php: |-
+    <?php
+    $CONFIG = array (
+      'apps_paths' => array (
+          0 => array (
+                  'path'     => OC::$SERVERROOT.'/apps',
+                  'url'      => '/apps',
+                  'writable' => false,
+          ),
+          1 => array (
+                  'path'     => OC::$SERVERROOT.'/custom_apps',
+                  'url'      => '/custom_apps',
+                  'writable' => true,
+          ),
+      ),
+    );
+    
+  autoconfig.php: |-
+    <?php
+    
+    $autoconfig_enabled = false;
+    
+    if (getenv('SQLITE_DATABASE')) {
+        $AUTOCONFIG['dbtype'] = 'sqlite';
+        $AUTOCONFIG['dbname'] = getenv('SQLITE_DATABASE');
+        $autoconfig_enabled = true;
+    } elseif (getenv('MYSQL_DATABASE_FILE') && getenv('MYSQL_USER_FILE') && getenv('MYSQL_PASSWORD_FILE') && getenv('MYSQL_HOST')) {
+        $AUTOCONFIG['dbtype'] = 'mysql';
+        $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('MYSQL_DATABASE_FILE')));
+        $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('MYSQL_USER_FILE')));
+        $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('MYSQL_PASSWORD_FILE')));
+        $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
+        $autoconfig_enabled = true;
+    } elseif (getenv('MYSQL_DATABASE') && getenv('MYSQL_USER') && getenv('MYSQL_PASSWORD') && getenv('MYSQL_HOST')) {
+        $AUTOCONFIG['dbtype'] = 'mysql';
+        $AUTOCONFIG['dbname'] = getenv('MYSQL_DATABASE');
+        $AUTOCONFIG['dbuser'] = getenv('MYSQL_USER');
+        $AUTOCONFIG['dbpass'] = getenv('MYSQL_PASSWORD');
+        $AUTOCONFIG['dbhost'] = getenv('MYSQL_HOST');
+        $autoconfig_enabled = true;
+    } elseif (getenv('POSTGRES_DB_FILE') && getenv('POSTGRES_USER_FILE') && getenv('POSTGRES_PASSWORD_FILE') && getenv('POSTGRES_HOST')) {
+        $AUTOCONFIG['dbtype'] = 'pgsql';
+        $AUTOCONFIG['dbname'] = trim(file_get_contents(getenv('POSTGRES_DB_FILE')));
+        $AUTOCONFIG['dbuser'] = trim(file_get_contents(getenv('POSTGRES_USER_FILE')));
+        $AUTOCONFIG['dbpass'] = trim(file_get_contents(getenv('POSTGRES_PASSWORD_FILE')));
+        $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
+        $autoconfig_enabled = true;
+    } elseif (getenv('POSTGRES_DB') && getenv('POSTGRES_USER') && getenv('POSTGRES_PASSWORD') && getenv('POSTGRES_HOST')) {
+        $AUTOCONFIG['dbtype'] = 'pgsql';
+        $AUTOCONFIG['dbname'] = getenv('POSTGRES_DB');
+        $AUTOCONFIG['dbuser'] = getenv('POSTGRES_USER');
+        $AUTOCONFIG['dbpass'] = getenv('POSTGRES_PASSWORD');
+        $AUTOCONFIG['dbhost'] = getenv('POSTGRES_HOST');
+        $autoconfig_enabled = true;
+    }
+    
+    if ($autoconfig_enabled) {
+        $AUTOCONFIG['directory'] = getenv('NEXTCLOUD_DATA_DIR') ?: '/var/www/html/data';
+    }
+    
+  reverse-proxy.config.php: |-
+    <?php
+    $overwriteHost = getenv('OVERWRITEHOST');
+    if ($overwriteHost) {
+      $CONFIG['overwritehost'] = $overwriteHost;
+    }
+    
+    $overwriteProtocol = getenv('OVERWRITEPROTOCOL');
+    if ($overwriteProtocol) {
+      $CONFIG['overwriteprotocol'] = $overwriteProtocol;
+    }
+    
+    $overwriteCliUrl = getenv('OVERWRITECLIURL');
+    if ($overwriteCliUrl) {
+      $CONFIG['overwrite.cli.url'] = $overwriteCliUrl;
+    }
+    
+    $overwriteWebRoot = getenv('OVERWRITEWEBROOT');
+    if ($overwriteWebRoot) {
+      $CONFIG['overwritewebroot'] = $overwriteWebRoot;
+    }
+    
+    $overwriteCondAddr = getenv('OVERWRITECONDADDR');
+    if ($overwriteCondAddr) {
+      $CONFIG['overwritecondaddr'] = $overwriteCondAddr;
+    }
+    
+    $trustedProxies = getenv('TRUSTED_PROXIES');
+    if ($trustedProxies) {
+      $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies)));
+    }
+    
+    $forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS');
+    if ($forwardedForHeaders) {
+      $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders)));
+    }
+    
+  upgrade-disable-web.config.php: |-
+    <?php
+    $CONFIG = array (
+      'upgrade.disable-web' => true,
+    );
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nextcloud-phpconfig
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/version: "32.0.2"
+data:
+  uploadLimit.ini: |-
+    upload_max_filesize = 10G
+    post_max_size = 10G
+    max_input_time = 3600
+    max_execution_time = 3600
+    memory_limit = 512M
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: nextcloud-nextcloud
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/component: app
+    app.kubernetes.io/version: "32.0.2"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "10Gi"
+  storageClassName: "longhorn"
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-postgresql-data
+  namespace: "nextcloud-system"
+spec:
+  accessModes:
+    - "ReadWriteOnce"
+  resources:
+    requests:
+      storage: "5Gi"
+  storageClassName: "longhorn"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-postgresql-hl
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+    app.kubernetes.io/component: primary
+  annotations:
+spec:
+  type: ClusterIP
+  clusterIP: None
+  # We want all pods in the StatefulSet to have their addresses published for
+  # the sake of the other Postgresql pods even before they're ready, since they
+  # have to be able to talk to each other in order to become ready.
+  publishNotReadyAddresses: true
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: primary
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-postgresql
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+    app.kubernetes.io/component: primary
+spec:
+  type: ClusterIP
+  sessionAffinity: None
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+      nodePort: null
+  selector:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: primary
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud
+  namespace: "nextcloud-system"
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nextcloud.home
+  labels:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/component: app
+    app.kubernetes.io/version: "32.0.2"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 80
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/component: app
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/component: app
+    app.kubernetes.io/version: "32.0.2"
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: nextcloud
+      app.kubernetes.io/instance: nextcloud
+      app.kubernetes.io/component: app
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: nextcloud
+        app.kubernetes.io/instance: nextcloud
+        app.kubernetes.io/component: app
+      annotations:
+        nextcloud-config-hash: 06b49913be13b1f9a81745166dd75ada59e7ddd39e8f6a2c5538affe2a6d1093
+        php-config-hash: 5a497358af870e06b42325eee83d7c0e5466b7f6819cb49b598559d96def7428
+        hooks-hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
+    spec:
+      containers:
+        - name: nextcloud
+          image: docker.io/library/nextcloud:32.0.2-apache
+          imagePullPolicy: IfNotPresent
+          env:
+            - name: SMTP_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: smtp-credentials
+                  key: host
+            - name: SMTP_PORT
+              valueFrom:
+                secretKeyRef:
+                  name: smtp-credentials
+                  key: port
+            - name: SMTP_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: smtp-credentials
+                  key: username
+            - name: SMTP_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: smtp-credentials
+                  key: password
+            - name: SMTP_SECURE
+              value: tls
+            - name: SMTP_AUTHTYPE
+              value: LOGIN
+            - name: MAIL_FROM_ADDRESS
+              value: nextcloud
+            - name: MAIL_DOMAIN
+              value: gmail.com
+            - name: POSTGRES_HOST
+              value: nextcloud-postgresql
+            - name: POSTGRES_DB
+              value: "nextcloud"
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-db
+                  key: db-username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-db
+                  key: db-password
+            - name: NEXTCLOUD_ADMIN_USER
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud
+                  key: nextcloud-username
+            - name: NEXTCLOUD_ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud
+                  key: nextcloud-password
+            - name: NEXTCLOUD_TRUSTED_DOMAINS
+              value: "nextcloud.home 10.42.0.0/16 10.43.0.0/16 dooplex.hu"
+            - name: NEXTCLOUD_DATA_DIR
+              value: "/data"
+          resources:
+            {}
+          volumeMounts:
+            - name: nextcloud-main
+              mountPath: /var/www/
+              subPath: root
+            - name: nextcloud-main
+              mountPath: /var/www/html
+              subPath: html
+            - name: nextcloud-main
+              mountPath: /var/www/html/config
+              subPath: config
+            - name: nextcloud-main
+              mountPath: /var/www/html/custom_apps
+              subPath: custom_apps
+            - name: nextcloud-main
+              mountPath: /var/www/tmp
+              subPath: tmp
+            - name: nextcloud-main
+              mountPath: /var/www/html/themes
+              subPath: themes
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/custom.config.php
+              subPath: custom.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/previews.config.php
+              subPath: previews.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/.htaccess
+              subPath: .htaccess
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/apache-pretty-urls.config.php
+              subPath: apache-pretty-urls.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/apcu.config.php
+              subPath: apcu.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/apps.config.php
+              subPath: apps.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/autoconfig2.php
+              subPath: autoconfig2.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/reverse-proxy.config.php
+              subPath: reverse-proxy.config.php
+            - name: nextcloud-config
+              mountPath: /var/www/html/config/upgrade-disable-web.config.php
+              subPath: upgrade-disable-web.config.php
+            - mountPath: /data
+              name: data
+            - name: nextcloud-phpconfig
+              mountPath: "/usr/local/etc/php/conf.d/uploadLimit.ini"
+              subPath: uploadLimit.ini
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          startupProbe:
+            httpGet:
+              path: /status.php
+              port: 80
+              httpHeaders:
+              - name: Host
+                value: "192.168.0.210"
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 30
+          livenessProbe:
+            httpGet:
+              path: /status.php
+              port:  80
+              httpHeaders:
+              - name: Host
+                value: "192.168.0.210"
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /status.php
+              port:  80
+              httpHeaders:
+              - name: Host
+                value: "192.168.0.210"
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 3
+      initContainers:
+        - name: postgresql-isready
+          image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
+          resources:
+            {}
+          securityContext:
+            {}
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: nextcloud-db
+                  key: db-username
+            - name: POSTGRES_HOST
+              value: nextcloud-postgresql
+          command:
+            - "sh"
+            - "-c"
+            - "until pg_isready -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ; do sleep 2 ; done"
+      volumes:
+        - name: nextcloud-main
+          persistentVolumeClaim:
+            claimName: nextcloud-nextcloud
+        - name: nextcloud-config
+          configMap:
+            name: nextcloud-config
+        - name: nextcloud-phpconfig
+          configMap:
+            name: nextcloud-phpconfig
+        - hostPath:
+            path: /mnt/4_hdd/data/nextcloud
+            type: Directory
+          name: data
+      securityContext:
+        # Will mount configuration files as www-data (id: 33) for nextcloud
+        fsGroup: 33
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: nextcloud-postgresql
+  namespace: "nextcloud-system"
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 17.5.0
+    app.kubernetes.io/component: primary
+spec:
+  replicas: 1
+  serviceName: nextcloud-postgresql-hl
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: nextcloud
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary
+  template:
+    metadata:
+      name: nextcloud-postgresql
+      labels:
+        app.kubernetes.io/instance: nextcloud
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/version: 17.5.0
+        app.kubernetes.io/component: primary
+    spec:
+      serviceAccountName: nextcloud-postgresql
+      automountServiceAccountToken: false
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/instance: nextcloud
+                    app.kubernetes.io/name: postgresql
+                    app.kubernetes.io/component: primary
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+      securityContext:
+        fsGroup: 1001
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      hostNetwork: false
+      hostIPC: false
+      containers:
+        - name: postgresql
+          image: docker.io/bitnamilegacy/postgresql:17.5.0-debian-12-r3
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
+            runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: POSTGRESQL_PORT_NUMBER
+              value: "5432"
+            - name: POSTGRESQL_VOLUME_DIR
+              value: "/bitnami/postgresql"
+            - name: PGDATA
+              value: "/bitnami/postgresql/data"
+            # Authentication
+            - name: POSTGRES_USER
+              value: "nextcloud"
+            - name: POSTGRES_PASSWORD_FILE
+              value: /opt/bitnami/postgresql/secrets/password
+            - name: POSTGRES_POSTGRES_PASSWORD_FILE
+              value: /opt/bitnami/postgresql/secrets/postgres-password
+            - name: POSTGRES_DATABASE
+              value: "nextcloud"
+            # LDAP
+            - name: POSTGRESQL_ENABLE_LDAP
+              value: "no"
+            # TLS
+            - name: POSTGRESQL_ENABLE_TLS
+              value: "no"
+            # Audit
+            - name: POSTGRESQL_LOG_HOSTNAME
+              value: "false"
+            - name: POSTGRESQL_LOG_CONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_LOG_DISCONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+              value: "off"
+            # Others
+            - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+              value: "error"
+            - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+              value: "pgaudit"
+          ports:
+            - name: tcp-postgresql
+              containerPort: 5432
+          livenessProbe:
+            failureThreshold: 6
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432
+          readinessProbe:
+            failureThreshold: 6
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - -e
+                - |
+                  exec pg_isready -U "nextcloud" -d "dbname=nextcloud" -h 127.0.0.1 -p 5432
+          resources:
+            limits:
+              cpu: 150m
+              ephemeral-storage: 2Gi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/postgresql/conf
+              subPath: app-conf-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/postgresql/tmp
+              subPath: app-tmp-dir
+            - name: postgresql-password
+              mountPath: /opt/bitnami/postgresql/secrets/
+            - name: dshm
+              mountPath: /dev/shm
+            - name: data
+              mountPath: /bitnami/postgresql
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        - name: postgresql-password
+          secret:
+            secretName: nextcloud-postgresql
+        - name: dshm
+          emptyDir:
+            medium: Memory
+        - name: data
+          persistentVolumeClaim:
+             claimName: nextcloud-postgresql-data # NOW PERSISTENT