k3s/argocd/apps/nextcloud/nextcloud.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: nextcloud
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: 'https://nextcloud.github.io/helm/'
    targetRevision: 8.*.*
    helm:
      values: |
        image:
          repository: nextcloud
          flavor: fpm
        
        ingress:
          enabled: true
          className: traefik
          servicePort: https
          annotations:
            kubernetes.io/ingress.class: traefik
            traefik.ingress.kubernetes.io/router.tls: "true"
            traefik.ingress.kubernetes.io/router.middlewares: kube-system-hsts@kubernetescrd
            cert-manager.io/cluster-issuer: lets-encrypt
          hosts:
            - innocloud.innovation-hub-niedersachsen.de
          tls:
            - secretName: innocloud-tls
              hosts:
                - innocloud.innovation-hub-niedersachsen.de
        
        service:
          annotations:
            traefik.ingress.kubernetes.io/service.sticky.cookie: "true"
        
        nginx:
          enabled: true
        
        phpClientHttpsFix:
          enabled: true
          protocol: https
        
        nextcloud:
          host: innocloud.innovation-hub-niedersachsen.de
          password: InnoHubADMIN_2024!
          mail:
            enabled: true
            fromAddress: admin
            domain: innovation-hub-niedersachsen.de
            smtp:
              host: 192.168.4.125
              port: 25
          
          # DinD Sidecar für AppAPI (TCP Mode)
          extraSidecarContainers:
            - name: dind
              image: docker:27-dind
              securityContext:
                privileged: true
              command:
                - dockerd
              args:
                - --host=tcp://0.0.0.0:2375
                - --tls=false
              env:
                - name: DOCKER_TLS_CERTDIR
                  value: ""
              volumeMounts:
                - name: dind-storage
                  mountPath: /var/lib/docker
              ports:
                - containerPort: 2375
                  name: docker
          
          extraVolumes:
            - name: dind-storage
              emptyDir: {}
        
        internalDatabase:
          enabled: false
        
        redis:
          enabled: true
          auth:
            password: redisInnoDBUser
          master:
            extraEnvVars:
              - name: REDIS_MASTER_HOST
                value: "localhost"
              - name: REDIS_MASTER_PORT_NUMBER
                value: "6379"
            readinessProbe:
              timeoutSeconds: 10    
          replica:
            extraEnvVars:
              - name: REDIS_MASTER_HOST
                value: "nextcloud-redis-master"
              - name: REDIS_MASTER_PORT_NUMBER
                value: "6379"
            readinessProbe:
              timeoutSeconds: 10    
        
        postgresql:
          enabled: true
          global:
            postgresql:
              auth:
                password: pgInnoDBUser
          primary:
            persistence:
              enabled: true
        
        persistence:
          enabled: true
          nextcloudData:
            enabled: true
        
        cronjob:
          enabled: true
    
    chart: nextcloud
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: nextcloud
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        pod-security.kubernetes.io/enforce: "privileged"
    automated:
      selfHeal: true
      prune: true
    syncOptions:
      - CreateNamespace=true