2 files changed, 72 insertions, 10 deletions

diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 8453ce65..fe65d62b 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -79,6 +79,43 @@
     state: directory
 
 
+- name: create image config dir
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  file:
+    path: "{{ nextcloud_base_path }}/{{ item }}/config"
+    state: directory
+
+- name: create apache vhost config
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  copy:
+    content: |
+      <VirtualHost *:8080>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        # SetEnv HTTPS on
+        # SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+      </VirtualHost>
+    dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf"
+
+- name: configure apache to run on port 8080 only
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  copy:
+    content: |
+      Listen 8080
+    dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf"
+
+
+
 - name: generate pod manifests
   loop: "{{ nextcloud_instances | dict2items }}"
   loop_control:
diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
index 4e2f6baa..7fa40cd4 100644
--- a/roles/nextcloud/templates/pod-with-mariadb.yml.j2
+++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -7,17 +7,35 @@ spec:
     allowPrivilegeEscalation: false
   containers:
   - name: nextcloud
-    image: debian:buster
-    command:
-    - /bin/bash
-    - -c
-    - "sleep 7200"
-    # securityContext:
-    #   runAsUser: {{ nextcloud_app_uid }}
-    #   runAsGroup: {{ nextcloud_app_gid }}
+    image: "nextcloud:{{ item.value.version }}"
+    securityContext:
+      runAsUser: {{ nextcloud_app_uid }}
+      runAsGroup: {{ nextcloud_app_gid }}
+    resources:
+      limits:
+        memory: "4Gi"
+    env:
+    - name: NEXTCLOUD_TRUSTED_DOMAINS
+      value: "{{ item.value.hostnames | join(' ') }}"
+    - name: MYSQL_HOST
+      value: 127.0.0.1
+    - name: MYSQL_DATABASE
+      value: nextcloud
+    - name: MYSQL_USER
+      value: nextcloud
+    - name: MYSQL_PASSWORD
+      value: "{{ item.value.database.password }}"
     volumeMounts:
     - name: nextcloud
       mountPath: /var/www/html
+    - name: config
+      mountPath: /etc/apache2/sites-available/000-default.conf
+      subPath: apache-site.conf
+      readOnly: true
+    - name: config
+      mountPath: /etc/apache2/ports.conf
+      subPath: ports.conf
+      readOnly: true
     ports:
     - containerPort: 8080
       hostPort: {{ item.value.port }}
@@ -29,19 +47,26 @@ spec:
     securityContext:
       runAsUser: {{ nextcloud_db_uid }}
       runAsGroup: {{ nextcloud_db_gid }}
+    resources:
+      limits:
+        memory: "2Gi"
     env:
     - name: MYSQL_RANDOM_ROOT_PASSWORD
       value: "true"
-    - name: MYSQL_PASSWORD
-      value: "{{ item.value.database.password }}"
     - name: MYSQL_DATABASE
       value: nextcloud
     - name: MYSQL_USER
       value: nextcloud
+    - name: MYSQL_PASSWORD
+      value: "{{ item.value.database.password }}"
     volumeMounts:
     - name: database
       mountPath: /var/lib/mysql
   volumes:
+  - name: config
+    hostPath:
+      path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
+      type: Directory
   - name: nextcloud
     hostPath:
       path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"