Add generic app to deploy extra resources

argocd-apps/extra-resources-my-apps.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: my-apps-extra-resources
+  namespace: argocd
+spec:
+  project: infra
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/my-apps.git
+    targetRevision: HEAD
+    path: manifests/extra-resources
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: my-apps
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

manifests/extra-resources/nextcloud/external-secret.yaml

@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: keycloak-client-secret
+  namespace: my-apps
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: my-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: keycloak-client-secret
+    template:
+      engineVersion: v2
+      data:
+        keycloak-client-secret: "{{ .client_secret }}"
+  data:
+    - secretKey: client_secret
+      remoteRef:
+        key: oidc-clients/nextcloud-oidc
+        property: client_secret

manifests/extra-resources/nextcloud/keycloak-post-install-cm.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nextcloud-post-install
+  namespace: my-apps
+data:
+  keycloak-post-install.sh: |
+    #!/bin/bash
+    echo "🔐 Enabling sociallogin app..."
+    occ app:install sociallogin || true
+    occ app:enable sociallogin
+
+    echo "🔐 Configuring Keycloak OIDC provider..."
+    occ sociallogin:custom_oidc keycloak \
+      --client-id="nextcloud" \
+      --client-secret="$(cat /secrets/keycloak-client-secret)" \
+      --issuer-uri="https://keycloak.dvirlabs.com/realms/dvirlabs" \
+      --auto-provision 1 \
+      --hide-login-form 0 \
+      --scope="openid profile email"

manifests/extra-resources/nextcloud/keycloak-post-install.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+echo "🔐 Enabling sociallogin app..."
+occ app:install sociallogin || true
+occ app:enable sociallogin
+
+echo "🔐 Configuring Keycloak OIDC provider..."
+occ sociallogin:custom_oidc keycloak \
+  --client-id="nextcloud" \
+  --client-secret="$(cat /secrets/keycloak-client-secret)" \
+  --issuer-uri="https://keycloak.dvirlabs.com/realms/dvirlabs" \
+  --auto-provision 1 \
+  --hide-login-form 0 \
+  --scope="openid profile email"

manifests/nextcloud/values.yaml

@@ -24,6 +24,20 @@ nextcloud:
     - name: OVERWRITEPROTOCOL
       value: https
 
+  extraVolumes:
+    - name: keycloak-post-install
+      configMap:
+        name: nextcloud-post-install
+    - name: keycloak-secret
+      secret:
+        secretName: keycloak-client-secret
+
+  extraVolumeMounts:
+    - name: keycloak-post-install
+      mountPath: /docker-entrypoint-hooks.d/post-installation
+    - name: keycloak-secret
+      mountPath: /secrets
+
 internalDatabase:
   enabled: false
 
@@ -39,7 +53,7 @@ persistence:
   enabled: true
   storageClass: nfs-client
   accessMode: ReadWriteOnce
-  size: 500Gi
+  size: 1000Gi
 
 mariadb:
   enabled: true