From ebfe577244af9a9203e2b90022fb9f27b8d56d7c Mon Sep 17 00:00:00 2001
From: Peter Kurfer <peter.kurfer@googlemail.com>
Date: Thu, 13 Jul 2023 06:36:57 +0000
Subject: [PATCH] feat: add NextCloud

---
 k8s/configure_cluster.yaml                    |   2 +
 k8s/inventory/group_vars/all.yml              | 219 +++++++++---------
 k8s/roles/cifs-csi/tasks/main.yml             |  49 ++++
 .../defaults/main.yaml                        |   0
 .../files/traefik.yaml                        |   0
 .../{master => control-plane}/tasks/main.yml  |   4 +-
 .../templates/cp-config.yaml.j2               |   0
 .../templates/k3s.service.j2                  |   0
 k8s/roles/k3s/node/tasks/main.yml             |  15 --
 k8s/roles/k3s/node/templates/k3s.service.j2   |  24 --
 k8s/roles/nextcloud/tasks/main.yml            |  39 ++++
 .../templates/values.nextcloud-keydb.yml.j2   |  29 +++
 .../templates/values.nextcloud.yml.j2         |  75 ++++++
 k8s/roles/postgres/files/values.postgres.yaml |   7 -
 k8s/setup_cluster.yaml                        |   2 +-
 15 files changed, 312 insertions(+), 153 deletions(-)
 create mode 100644 k8s/roles/cifs-csi/tasks/main.yml
 rename k8s/roles/k3s/{master => control-plane}/defaults/main.yaml (100%)
 rename k8s/roles/k3s/{master => control-plane}/files/traefik.yaml (100%)
 rename k8s/roles/k3s/{master => control-plane}/tasks/main.yml (96%)
 rename k8s/roles/k3s/{master => control-plane}/templates/cp-config.yaml.j2 (100%)
 rename k8s/roles/k3s/{master => control-plane}/templates/k3s.service.j2 (100%)
 delete mode 100644 k8s/roles/k3s/node/tasks/main.yml
 delete mode 100644 k8s/roles/k3s/node/templates/k3s.service.j2
 create mode 100644 k8s/roles/nextcloud/tasks/main.yml
 create mode 100644 k8s/roles/nextcloud/templates/values.nextcloud-keydb.yml.j2
 create mode 100644 k8s/roles/nextcloud/templates/values.nextcloud.yml.j2
 delete mode 100644 k8s/roles/postgres/files/values.postgres.yaml

diff --git a/k8s/configure_cluster.yaml b/k8s/configure_cluster.yaml
index 2b80b7a..3abe031 100644
--- a/k8s/configure_cluster.yaml
+++ b/k8s/configure_cluster.yaml
@@ -1,6 +1,7 @@
 - name: Configure cluster
   hosts: localhost
   roles:
+    - role: cifs-csi
     - role: coder
     - role: codimd
     - role: prometheus
@@ -10,3 +11,4 @@
     - role: gitea
     - role: drone
     - role: fider
+    - role: nextcloud
diff --git a/k8s/inventory/group_vars/all.yml b/k8s/inventory/group_vars/all.yml
index 1f3874c..22c0559 100644
--- a/k8s/inventory/group_vars/all.yml
+++ b/k8s/inventory/group_vars/all.yml
@@ -1,105 +1,116 @@
 $ANSIBLE_VAULT;1.1;AES256
-33663766643834623862343139626439326635323762623936643638326438373539343663333764
-6364663937306661333137623063376239313061393066610a306530663665356363623634336135
-30346238633366663836623134643932623765353634653031656236643763643031343934633233
-6139616562633266390a363566653764373237666430616539393461666461633964313761643135
-39363563666337366235633531313830346564656261376466346539653262636263623162366661
-65383361383362343636386539633265636363666133343066393637383964313534396164636536
-37653732323864623764633064353332393665333362653461623739616433646239326261323963
-62313963633137346233366431653530303330316566653537323064353064383436373139623766
-33346336353438623236346333343762646432386432626536333935653966383433653066383764
-39326338396137393535613266646437643539323864303365393932643030663134393861633135
-66303362333563326264656234633463373838363662343332626139333436373961393434313265
-64656139306536666138333137376538373862643765356339346630653036623564346136326233
-31623764396638623935356530616331616138643132663237386433396537333535623637323865
-66646362646538626666663635636132633562356132353638626538333931343830613064666166
-64346133393864316130356566373430663539326131323939336138336462376534613262326339
-62323838646339323938353663356264363662646566386437336366373739616535633662376664
-65643034383866336230386136623664626131313039646262643930393432353530323565303366
-39363733333565663337613036336330376237353837373332633433303961633062653431366266
-31313639393062333638363466383939326630303534613539393632366163313362646631363130
-31353536373736323335646139613036616666333734623634326532653466303838313461333561
-35353330393833646130306334336262393664386630356638623439343031653430666134366161
-61656433613039363133326631383865613338313734633839613739376163306138373066393733
-62643036643062643265383039663862346332653230666665313330666438383466373964343134
-32396237666637356536316137353537663934313136636631303034356436653736636466396365
-64333962333237653638663664633138376235663430396664303764636639333538343962353563
-32333530646230613461353434326539306636326437313632616366313839623063613131656463
-31363539393031653039373536396164306366323637383235373534663330386439373161323430
-37633637353565646465646638626433376361346230303838636266383731336461656435626235
-34373532643538653065626164646530623763653737393835393062663931343462356139353139
-34653831306364356239333833366466636636656165653439333065346366393665643764633265
-30383363636532623266643435643637656463666262326661623736366139306439343764643838
-36303963333731373861666135383931363030303533616635653330623538633833346138633136
-65643535643032356438663961623231396239313361366336613963383731623839363839613239
-66356262396339653963313064633737326662306130333537656631393365616130346665613334
-64333336376434356665343936363931346263656632343935653261303132316236646134346634
-38363564373864326432333465613561326465313232646166383036393231303365663132323739
-64633232323864633735616362666265633563656566333037343436383739363963656235326336
-64613431396231616366356334313338373937613131653961366636643536336233363365373264
-64383938646536343764376634643363623031653938653363313033646264373930613566363064
-33633233383464653539353633303661653939326439636435663531623461313662353232333564
-61663863626432396262386339306635613830383966356661316235653766336434376438303430
-61663936366235363938323432646539396130643965366339353332333835613430633466306538
-66323062616666646638376531623832663133633635663265613238333139636261306233326231
-61393336633834643466356363356133663362643531306164666336363131323664396230613837
-37373966353233633366653038633864326532336462653037363864323034333665303863616561
-65323131313162646566333437353966376663326439623364303462373437333837643564356565
-61323030383739323033663630346165346664383237666331636132653530643562626364383835
-64363535333965376431663135396539666333383366336361343330316532626564363761343735
-64663431333230316134393231383133633561333037383531663232663736333564323464366664
-61346166343237363332393032383166386132333831613966373734326261643663303861323266
-61393538366462356136336439356636633461323765383133666162616238333733383232613362
-33326330313761333232636231396666616366663461396433386637666263313262376337303531
-64363535343831333864653531363031303065303333373439363561376339316134633938636332
-32333861626262396630313362663361306166343232386430303436646162663538653764333761
-34336438366566616231613564653639326537636633333634326435316632373837353938623632
-34316362326262336130633166336561633631393963376561656434623437316236626636306331
-38623165613239396630313830343032616262613632383233656530393461633333323162323163
-65323965363765653431333335366435656532306431386237353733633637303365383130306333
-63383633353538306136376132663036316532376661616664376265326664646536323765663837
-61386665363936396638363531613466393831333265613963326466623034336431336137623837
-62613864646364666635643635643732633138636562646462303366626233326239373464323437
-37366165303961326364363933663539326435306165383663656337353164383465366134363236
-33643334363236386137333433613630333866306233633731363036373030326134393632396666
-63623862333338646130666665636332653961616333633134663636303339336234656534633366
-33636537386365376532643239333732343662323236353238613562353862366137363837306463
-64326264383364356565623663383032633232613664613135613436353632376363333738316464
-63633966656566666161623363323461373461396530623638323761326164306132396465626234
-34343532376161616237663134336639383538393831303737396435376534646431363339373432
-63663532666130336239336262373730626165323634353163626332356166386435363766386465
-32643331643237363566336135343732636433643564666530316166616337356465313564343132
-32613734363162643339646562393030316261323731346134393361356232343263383334633230
-32333161656533346535653833396466346635373839616136373663303839616631323838313436
-65353839373634393631366463303464353135356263623362393038633936353632663135633431
-35366365306263613632623863653066633833656661633264343533373731313636383564623031
-38393130616237353662333261663339393262333531386430353662666631623663666232386365
-36393639313938646238323630303265336565363632623137303430343032303834643739353931
-39616364383764383763653934373133343366346432376233616266646662616332633464326539
-32613365313135333531333933646130313934376434653838646266386230323062613464363136
-64323166636334336464303236326337393837613631363863383037666263616630613833653733
-62386265353863636433356532323164306539623965363733363139323363356364373035313531
-33393635653461613132613066333935663631353665623937336330323966613363316463373766
-31333538633534663265316135363731613130356662303931326139626261373662333432376638
-37393138663366313433386365356164633239646334353663316535303034303332646431616632
-33343238376564306139373062346363653266356664343165393530653533366632366563366232
-37373161346433373230393662366462626666393163353863303537313030313031633661306136
-39633039666466306336373835313830636166316562373832336433333337336235376236623061
-32663136363032333162363563343739613165336530613739303738306635646461363435656464
-33353338393463323163316136613536623064323438336532373733303230656630376432656331
-66623061333335633637316339303765313861643662373662326661613365333266623539386130
-30363939346539316565306638346330353030396132626338346630323134646230623165373363
-39343765616434333139663539313661323539336137613462336666333162373035383839613931
-66366566393434656532323461363539326434653366386630623631323034613536376134356231
-35316336653862303562393430323738353938663561386461343337353930613865366438383161
-35326330303431353333373966353938633062373430306232373430343262613632356561616662
-61663938323266323334353262313731333962363732666261366432386465373861346265613130
-66636530353062333332633161643161306335623763336665346137643538616336323636636264
-30303165626564346233396236383538623839393562656134643434373137323234373337323263
-64633734343737376534653733653438336638363230343061376465636334396562636265336430
-64656261663463336230366633613231663130636539626162616662656137643938663838336365
-31643133303966616638663337323366663630633266333464663763303735353434376232363433
-64643539613036653731616435353437396432626534346463373766643433313934616263663063
-31646530353836306365386333623465663639663935613166393266636265356131666236346433
-37323566656131353936363833656666376337613230373163353363653064646265333866643636
-63386164303636646463
+33643030613065616536613463646664623664336531303162336336373132313866653536323266
+3932613739313265306639366461363037303365363634330a343835313130653537663464346366
+66333136313038393466313331666265666264666233336137663135303861646465616339366438
+3362326363383738640a623630626138323335353666383561656234653234666261363437656265
+37393737653038626639323565666630393466313034653664383632366432613035333537326339
+30623137333331393466396666373539636561313736376536643034393638333139626338636433
+37666163396135353936623530316235313762666634636164626130623865663063393336653061
+31336631313234373833333533636262313364666532356635656333393531366132613635333962
+39653437356431306164353561336561326532336635373035616564336537316432326537376134
+36343630326230396463396262666463643632373565656230303335343637663931656431376238
+66366265666565633166343038396237393934393838303535613163636333663338623937303838
+39636531356536646535343233323961633564333838303239353831653931396536393138356335
+36336334666632393636316462623865343936383631363563373532356538366238323932633361
+34306564366364376134363238346264373563313239396531346365373166383039393333373534
+63336632333632616339313765373433306163363730333838653436663237663331363034633837
+34613130336430663439313262393464366463333132343238623862363231623735633936623263
+63643065303666343431653733666636336464386136323034646462646534303634636132326466
+61373334333831323337366631653763393763323832353761363465346563353661313238333334
+65323636613764313037313066623734316430663835623638623235366532313966383064643165
+62363530666430623637656233613931623439353734326266613538376531646434616535333836
+31353937346637386333366261366631383639616136396639316239303731623465383863313333
+35383737646163383064373836363862333538343463303932366435323536386638636236333732
+66396439656561373662626632306632333161316662376463653266643239393930613165376539
+62653133386562313435333330393938326239313633363235633638646163346362626663393065
+37363535346432313833356262353364633234393330626433613730643363356165393034643465
+65666466653139333536333232613138666239313766343765663165646165366634643839363934
+37653633393832323431303134623731636461346132656638303537616335333065343065616231
+37643032393662353436666563626337366566386265303335653035323561373730656163656436
+32336437316234613230366265663932343061333233636165353264336364663261386638646331
+63373030376263373739623531623963626338336262336237323939303332303032303631383063
+38336231376231326563306338393466343534333565343266333366666533326233326563366639
+33323439353463383966333261306266356237346333663237396531393863366335663335663561
+64323962663338646635613336333933313532396534353039333439323163353137356561373463
+34663461626238303961306562313139386633313039636136333434386539303632383966313431
+61396263626239343536313430633932353430636463313961666666316532613938353438656364
+65393934346161333334386531306134343736656165633733383131383261666135313931363138
+35393834653538666663356132653238373133303636303038373462633238316562396430373133
+65303362393364313662373731313937336233396430643831353763393932373534366666306535
+33336538363739656537653861316263373838643830383736316235313037656236336562306431
+32373466313030656230333566616437306538643333306465316232383937613834643934613037
+61643664396465613635356231353061336531396232613338376134396138643434363338633161
+64316264633863393366626238386531313930323233363033313333326166633163633837616262
+37366336636361663638333063646630656266656139376335653563626133343937306233346638
+35353332323032333562653536333763613636373762636464366439363734613063323532626632
+37393839396231363037646164356532653039303830636336663562393332363131623134643961
+34303736323064313230346261356162303366383537383730653832646137656136323831353563
+65396432663236323538663535373338383030356465643032373064363866613661316434356463
+35346161373661616635663530386266653966396338316134643937343034383431623938383462
+31386461303966333432303536656536376632393832393563393331346338613166373761353936
+64316662636161616137636364353935613931336435383766306462366536636265643535393530
+39616263353638373533303237383063663335356431316131333038346662353264383437373133
+34666536303163613335643532646530666330366635386465666336666235306431663763303839
+64343437353436336336373737386138663134313737316538376133616633623935623335333830
+34626138656436626333376165656437613935623734303932333962393736643939363835313861
+63306137313533343439653631356161633636356431663631363239376639323631383966306338
+61643232353430383863353231326532316265623637343665343964366463316236383065373962
+38396462343734303636393336343463303639383961653337376364386661653164333333333934
+36306464396266373662386264373031626561643439376361383434376538326162633362383361
+61323735323438356430323833396665613261613161663435386131626565336134333963633065
+36636266353865353337363838356435376131383133393237343539326263623131666432363662
+30633532303937356465613434646166356138633864353665616632313031623731393062633531
+64383866653331313666636563353866633932303135383761316435383366346363653131326662
+37636165643966376536646332626438646361373331376565353161646232613439623466663062
+32353137353562383439343766306136376131343232383762666137393464366436643165363032
+63306132633365393937633935633832386662656639636339333262626663653736613863366236
+61666465376664333439343862306634316462363663323830656333656361313234363432396264
+62663536626463616239643637643131346365376537373732626432353135363735616461383763
+35303364313434396561356536303831356637383662366465613866353639303030333433353636
+64303762616339393031303735623433393664396361653962373430646237323230643463366237
+62393838336538363066663037333132616464303765343365306134306463623864346238613030
+38306163326337613366626263623738346435616238643162393333643231306633316163343731
+30663064313037323237303339613263663335303763373565633364326561343736353137643466
+35613539623338623839366536666461616562623632313338323539333962353662313762613835
+61383337653565396430663133613934623236373938333739323364616333356365383339393165
+30643664336337323539346139316234306633303531653331323739613162616231333863653632
+35303938643035613630363961396430326536626434656532323466326133326336616430633834
+64393438306433653133333535353864626335343362653834633732343236333864356466333032
+36346362646236313436613233336438333237666433336431326236323264363235343537363234
+34343136616536356663386563613363386566393365343234326466386636373661363363613165
+33356430373232643539393835653662393365636332636166616139653161313465356633623763
+39316433383233363363616365643339333565356166613763346362366337613334653163303366
+62306139396565313863376139373434383530343338306533633265313538323330303835363061
+37626333346235383830393865643838363332636366333633313865323566646232653137656435
+35373739656339323732613634333765373737383937653239353366633163353465636131313237
+65363561383133323539633630386337363462343663313335313933393936666636376337613331
+34646163613933646666316666663562663939663434646638366630366363303737333131383661
+62626439663037353061326264363833336634373565376534616235356563383766646630623437
+39343335636366343161656663343238633963326163626332356330303037353238356136316134
+37386230626464633330396539633965353633393865653335373136666435626533343134363634
+30343935323965643836323166333437653630663834393861306339613333396630393731663266
+37636433653434386161316530333630306336633262613231643762623661393164313934303637
+33663436623165386537343835313661356564383466356633396537313664333361303938656633
+30643966373961663464366634363831373961393835326433366261323939643331316464623864
+62653566326663393534313964643536623361343064666462373338326561653562643265643130
+36366339663763353734613831636166303638363439363031613964343566653661326565333737
+34363963333464376331366236663762363830363439366433653734353964663963353539663333
+61636464383936326666616235633135356332393134363330303561343030633366643736636665
+31373566316131303463383737636264336536373464316535623430346664633033346335666334
+34343964623661653864396635303262656162326262363863343061323339376265613762656130
+35376664626231623338363562383939626539336433623633666134383531633436343832383565
+37663832366265396331613330623165373332646339616535346364646630623636313264356138
+31303434323938613239353933636137653333306238383237333839353261373431616232613064
+37353538653333303938363762336464343030343037626232633765353934616664663039323735
+36633034346562623866376666333031333233636636363235613362366562346636656532336262
+38373637616139633862323632316362346337356463376166626433303132333432323766343138
+64333537653861333233643064306435653663633864346165396666623163343062316262646266
+61653761376332376337636634303737303035346662373966323336623631316266346563323233
+30313638636138383632636562313763303934356263613037623439366566333862343732383430
+32363336653837643131326430656333656333306566666135383232346632323234663963333438
+36343264623861666166626536366630316233346439663531303939316330633762303965313831
+62313633316631356461643735366232396431626364643761333237386539353161333961656133
+32373034653566393431306263323665383032396437386337353534323434663237653132666561
+38353836376335353662346530376366623562663130633737663865343665303432316636336437
+61623338313064313364653930323537623835326431623964316461653534373230386234313239
+643366363332346361353436633736353037
diff --git a/k8s/roles/cifs-csi/tasks/main.yml b/k8s/roles/cifs-csi/tasks/main.yml
new file mode 100644
index 0000000..c54477b
--- /dev/null
+++ b/k8s/roles/cifs-csi/tasks/main.yml
@@ -0,0 +1,49 @@
+---
+- name: Add csi-driver-smb chart repo
+  kubernetes.core.helm_repository:
+    name: csi-driver-smb
+    repo_url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts
+
+- name: Deploy csi-driver-smb chart
+  kubernetes.core.helm:
+    name: csi-driver-smb
+    chart_ref: csi-driver-smb/csi-driver-smb
+    release_namespace: kube-system
+    chart_version: v1.11.0
+    update_repo_cache: true
+    values: {}
+
+- name: Create StorageBox credentials secret
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Secret
+      metadata:
+        name: smbcreds
+        namespace: kube-system
+      data:
+        username: "{{ storage.cifs.username | b64encode }}"
+        password: "{{ storage.cifs.password | b64encode }}"
+
+- name: Deploy StorageBox storage class
+  kubernetes.core.k8s:
+    state: present
+    definition:
+      apiVersion: storage.k8s.io/v1
+      kind: StorageClass
+      metadata:
+        name: storage-box
+      provisioner: smb.csi.k8s.io
+      parameters:
+        source: "//u358507.your-storagebox.de/backup"
+        csi.storage.k8s.io/provisioner-secret-name: "smbcreds"
+        csi.storage.k8s.io/provisioner-secret-namespace: "kube-system"
+        csi.storage.k8s.io/node-stage-secret-name: "smbcreds"
+        csi.storage.k8s.io/node-stage-secret-namespace: "kube-system"
+      volumeBindingMode: Immediate
+      mountOptions:
+        - dir_mode=0770
+        - file_mode=0770
+        - uid=1001
+        - gid=1001
\ No newline at end of file
diff --git a/k8s/roles/k3s/master/defaults/main.yaml b/k8s/roles/k3s/control-plane/defaults/main.yaml
similarity index 100%
rename from k8s/roles/k3s/master/defaults/main.yaml
rename to k8s/roles/k3s/control-plane/defaults/main.yaml
diff --git a/k8s/roles/k3s/master/files/traefik.yaml b/k8s/roles/k3s/control-plane/files/traefik.yaml
similarity index 100%
rename from k8s/roles/k3s/master/files/traefik.yaml
rename to k8s/roles/k3s/control-plane/files/traefik.yaml
diff --git a/k8s/roles/k3s/master/tasks/main.yml b/k8s/roles/k3s/control-plane/tasks/main.yml
similarity index 96%
rename from k8s/roles/k3s/master/tasks/main.yml
rename to k8s/roles/k3s/control-plane/tasks/main.yml
index 531b42c..7a8e485 100644
--- a/k8s/roles/k3s/master/tasks/main.yml
+++ b/k8s/roles/k3s/control-plane/tasks/main.yml
@@ -45,12 +45,12 @@
     path: "{{ k3s_server_location }}/server/node-token"
     mode: "g+rx,o+rx"
 
-- name: Read node-token from master
+- name: Read node-token from control-plane
   slurp:
     path: "{{ k3s_server_location }}/server/node-token"
   register: node_token
 
-- name: Store Master node-token
+- name: Store control-plane node-token
   set_fact:
     token: "{{ node_token.content | b64decode | regex_replace('\n', '') }}"
 
diff --git a/k8s/roles/k3s/master/templates/cp-config.yaml.j2 b/k8s/roles/k3s/control-plane/templates/cp-config.yaml.j2
similarity index 100%
rename from k8s/roles/k3s/master/templates/cp-config.yaml.j2
rename to k8s/roles/k3s/control-plane/templates/cp-config.yaml.j2
diff --git a/k8s/roles/k3s/master/templates/k3s.service.j2 b/k8s/roles/k3s/control-plane/templates/k3s.service.j2
similarity index 100%
rename from k8s/roles/k3s/master/templates/k3s.service.j2
rename to k8s/roles/k3s/control-plane/templates/k3s.service.j2
diff --git a/k8s/roles/k3s/node/tasks/main.yml b/k8s/roles/k3s/node/tasks/main.yml
deleted file mode 100644
index 64050cf..0000000
--- a/k8s/roles/k3s/node/tasks/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Copy K3s service file
-  template:
-    src: "k3s.service.j2"
-    dest: "{{ systemd_dir }}/k3s-node.service"
-    owner: root
-    group: root
-    mode: 0755
-
-- name: Enable and check K3s service
-  systemd:
-    name: k3s-node
-    daemon_reload: yes
-    state: restarted
-    enabled: yes
diff --git a/k8s/roles/k3s/node/templates/k3s.service.j2 b/k8s/roles/k3s/node/templates/k3s.service.j2
deleted file mode 100644
index 02dc591..0000000
--- a/k8s/roles/k3s/node/templates/k3s.service.j2
+++ /dev/null
@@ -1,24 +0,0 @@
-[Unit]
-Description=Lightweight Kubernetes
-Documentation=https://k3s.io
-After=network-online.target
-
-[Service]
-Type=notify
-ExecStartPre=-/sbin/modprobe br_netfilter
-ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s agent --server https://{{ master_ip }}:6443 --node-ip {{ k8s_ip}} --kubelet-arg="provider-id=hcloud://{{ vm_id }}" --token {{ hostvars[groups['control_plane'][0]]['token'] }} {{ extra_agent_args | default("") }}
-KillMode=process
-Delegate=yes
-# Having non-zero Limit*s causes performance problems due to accounting overhead
-# in the kernel. We recommend using cgroups to do container-local accounting.
-LimitNOFILE=1048576
-LimitNPROC=infinity
-LimitCORE=infinity
-TasksMax=infinity
-TimeoutStartSec=0
-Restart=always
-RestartSec=5s
-
-[Install]
-WantedBy=multi-user.target
diff --git a/k8s/roles/nextcloud/tasks/main.yml b/k8s/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..fa052c7
--- /dev/null
+++ b/k8s/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+- name: Create NextCloud namespace
+  kubernetes.core.k8s:
+    name: nextcloud
+    api_version: v1
+    kind: Namespace
+    state: present
+    definition:
+      metadata:
+        labels:
+          prometheus: default
+
+- name: Add KeyDB chart repo
+  kubernetes.core.helm_repository:
+    name: enapter
+    repo_url: https://enapter.github.io/charts/
+
+- name: Add NextCloud chart repo
+  kubernetes.core.helm_repository:
+    name: nextcloud
+    repo_url: https://nextcloud.github.io/helm/
+
+- name: Deploy KeyDB chart
+  kubernetes.core.helm:
+    name: nextcloud-keydb
+    chart_ref: enapter/keydb
+    release_namespace: nextcloud
+    chart_version: "0.48.0"
+    update_repo_cache: true
+    release_values: "{{ lookup('template', 'values.nextcloud-keydb.yml.j2') | from_yaml }}"
+
+- name: Deploy NextCloud chart
+  kubernetes.core.helm:
+    name: nextcloud
+    chart_ref: nextcloud/nextcloud
+    release_namespace: nextcloud
+    chart_version: "3.5.17"
+    update_repo_cache: true
+    release_values: "{{ lookup('template', 'values.nextcloud.yml.j2') | from_yaml }}"
\ No newline at end of file
diff --git a/k8s/roles/nextcloud/templates/values.nextcloud-keydb.yml.j2 b/k8s/roles/nextcloud/templates/values.nextcloud-keydb.yml.j2
new file mode 100644
index 0000000..5200adf
--- /dev/null
+++ b/k8s/roles/nextcloud/templates/values.nextcloud-keydb.yml.j2
@@ -0,0 +1,29 @@
+imageRepository: code.icb4dc0.de/prskr/infrastructure/keydb
+imageTag: v6.3.2
+
+nodes: 3
+podDisruptionBudget:
+  enabled: true
+persistentVolume:
+  enabled: false
+resources:
+  requests:
+    cpu: 50m
+    memory: 100Mi
+  limits:
+    cpu: 250m
+    memory: 256Mi
+exporter:
+  enabled: true
+  imageTag: v1.51.0
+  resources:
+    requests:
+      cpu: 50m
+      memory: 50Mi
+    limits:
+      cpu: 150m
+      memory: 100Mi
+serviceMonitor:
+  enabled: true
+  labels:
+    prometheus: default
diff --git a/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2 b/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2
new file mode 100644
index 0000000..e217973
--- /dev/null
+++ b/k8s/roles/nextcloud/templates/values.nextcloud.yml.j2
@@ -0,0 +1,75 @@
+image:
+  flavor: fpm
+
+ingress:
+  enabled: true
+
+phpClientHttpsFix:
+  enabled: true
+
+nextcloud:
+  host: nextcloud.icb4dc0.de
+  username: "{{ nextcloud.root.username }}"
+  password: "{{ nextcloud.root.password }}"
+  defaultConfigs:
+    redis.config.php: false
+  configs:
+    logs.config.php: |-
+      <?php
+        $CONFIG = array (
+          "log_type" => "errorlog",
+      );
+    redis.config.php: |-
+      <?php
+      if (getenv('REDIS_HOST')) {
+        $CONFIG = array (
+          'memcache.distributed' => '\OC\Memcache\Redis',
+          'memcache.locking' => '\OC\Memcache\Redis',
+          'redis' => array(
+            'host' => getenv('REDIS_HOST'),
+            'port' => getenv('REDIS_HOST_PORT') ?: 6379,
+          ),
+        );
+      }
+  securityContext:
+    runAsUser: 1001
+    runAsGroup: 1001
+
+  extraEnv:
+    - name: REDIS_HOST
+      value: nextcloud-keydb
+
+nginx:
+  enabled: true
+
+redis:
+  enabled: false
+
+cronjob:
+  enabled: true
+
+internalDatabase:
+  enabled: false
+
+externalDatabase:
+  enabled: true
+  type: postgresql
+  host: postgres-15-postgresql.postgres.svc.cluster.local:5432
+  database: nextcloud
+  user: "{{ nextcloud.db.username }}"
+  password: "{{ nextcloud.db.password }}"
+
+persistence:
+  enabled: true
+  storageClass: hcloud-volumes
+  size: 8Gi
+  nextcloudData:
+    enabled: true
+    storageClass: storage-box
+    accessMode: ReadWriteMany
+    size: 100Gi
+
+metrics:
+  enabled: true
+  serviceMonitor:
+    enabled: true
\ No newline at end of file
diff --git a/k8s/roles/postgres/files/values.postgres.yaml b/k8s/roles/postgres/files/values.postgres.yaml
deleted file mode 100644
index 254fb36..0000000
--- a/k8s/roles/postgres/files/values.postgres.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-auth:
-  existingSecret: postgres-credentials
-
-primary:
-  persistence:
-    storageClass: hcloud-volumes
-    size: 8Gi
diff --git a/k8s/setup_cluster.yaml b/k8s/setup_cluster.yaml
index 4047eb9..7999272 100644
--- a/k8s/setup_cluster.yaml
+++ b/k8s/setup_cluster.yaml
@@ -9,4 +9,4 @@
 - name: Setup control plane
   hosts: control_plane
   roles:
-    - role: k3s/master
+    - role: k3s/control-plane