securityContext:
  allowPrivilegeEscalation: false
containers:
- name: nextcloud
{#  image: "nextcloud{% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}/{{ nextcloud_instance }}{% endif %}:{{ nextcloud_instances[nextcloud_instance].version }}" #}
  image: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}"
  securityContext:
    runAsUser: {{ nextcloud_app_uid }}
    runAsGroup: {{ nextcloud_app_gid }}
  resources:
    limits:
      memory: "4Gi"
{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
  env:
  - name: NEXTCLOUD_TRUSTED_DOMAINS
    value: "{{ nextcloud_instances[nextcloud_instance].publish.hostnames | join(' ') }}"
  - name: MYSQL_HOST
    value: 127.0.0.1
  - name: MYSQL_DATABASE
    value: nextcloud
  - name: MYSQL_USER
    value: nextcloud
  - name: MYSQL_PASSWORD
    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
{% endif %}
  volumeMounts:
  - name: nextcloud
    mountPath: /var/www/html
  - name: config
    mountPath: /etc/apache2/sites-available/000-default.conf
    subPath: apache-site.conf
    readOnly: true
  - name: config
    mountPath: /etc/apache2/ports.conf
    subPath: ports.conf
    readOnly: true
  - name: tls
    mountPath: /etc/ssl/publish
    readOnly: true
  ports:
  - containerPort: 8080
    hostPort: {{ nextcloud_instances[nextcloud_instance].port }}
    hostIP: 127.0.0.1
- name: redis
  image: "redis:{{ nextcloud_instances[nextcloud_instance].redis.version }}"
  args:
  - --bind 127.0.0.1
  securityContext:
    runAsUser: {{ nextcloud_redis_uid }}
    runAsGroup: {{ nextcloud_redis_gid }}
  resources:
    limits:
      memory: "512Mi"
  volumeMounts:
  - name: redis
    mountPath: /data
- name: database
  image: "mariadb:{{ nextcloud_instances[nextcloud_instance].database.version }}"
  args:
  - --transaction-isolation=READ-COMMITTED
  - --log-bin=binlog
  - --binlog-format=ROW
{% for arg in (nextcloud_instances[nextcloud_instance].database.extra_args | default([])) %}
  - {{ arg }}
{% endfor %}
  securityContext:
    runAsUser: {{ nextcloud_db_uid }}
    runAsGroup: {{ nextcloud_db_gid }}
  resources:
    limits:
      memory: "2Gi"
  env:
  - name: MARIADB_AUTO_UPGRADE
    value: "true"
  - name: MARIADB_DISABLE_UPGRADE_BACKUP
    value: "true"
{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
  - name: MARIADB_RANDOM_ROOT_PASSWORD
    value: "true"
  - name: MARIADB_DATABASE
    value: nextcloud
  - name: MARIADB_USER
    value: nextcloud
  - name: MARIADB_PASSWORD
    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
{% endif %}
  volumeMounts:
  - name: database
    mountPath: /var/lib/mysql
volumes:
- name: config
  hostPath:
    path: "{{ nextcloud_instance_basepath }}/config/"
    type: Directory
- name: tls
  hostPath:
    path: "{{ nextcloud_instance_basepath }}/tls/"
    type: Directory
- name: nextcloud
  hostPath:
    path: "{{ nextcloud_instance_basepath }}/nextcloud"
    type: Directory
- name: redis
  hostPath:
    path: "{{ nextcloud_instance_basepath }}/redis"
    type: Directory
- name: database
  hostPath:
    path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}"
    type: Directory