apiVersion: v1
kind: Pod
metadata:
  name: "{{ item.key }}"
spec:
  securityContext:
    allowPrivilegeEscalation: false
  containers:
  - name: nextcloud
    image: debian:buster
    command:
    - /bin/bash
    - -c
    - "sleep 7200"
    # securityContext:
    #   runAsUser: {{ nextcloud_app_uid }}
    #   runAsGroup: {{ nextcloud_app_gid }}
    volumeMounts:
    - name: nextcloud
      mountPath: /var/www/html
    ports:
    - containerPort: 8080
      hostPort: {{ item.value.port }}
  - name: database
    image: "mariadb:{{ item.value.database.version }}"
    args:
    - --transaction-isolation=READ-COMMITTED
    - --binlog-format=ROW
    securityContext:
      runAsUser: {{ nextcloud_db_uid }}
      runAsGroup: {{ nextcloud_db_gid }}
    env:
    - name: MYSQL_RANDOM_ROOT_PASSWORD
      value: "true"
    - name: MYSQL_PASSWORD
      value: "{{ item.value.database.password }}"
    - name: MYSQL_DATABASE
      value: nextcloud
    - name: MYSQL_USER
      value: nextcloud
    volumeMounts:
    - name: database
      mountPath: /var/lib/mysql
  volumes:
  - name: nextcloud
    hostPath:
      path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
      type: Directory
  - name: database
    hostPath:
      path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
      type: Directory