apiVersion: v1
kind: Service
metadata:
  name: nextcloud
spec:
  ports:
    - name: app
      port: 11000
      protocol: TCP
      targetPort: 11000
  clusterIP: None
  type: ClusterIP

---
apiVersion: v1
kind: Endpoints
metadata:
  name: nextcloud
subsets:
  - addresses:
      - ip: 192.168.21.200
    ports:
      - name: app
        port: 11000
        protocol: TCP

---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: nextcloud-ingress
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`nextcloud.durp.info`) && PathPrefix(`/`)
      kind: Rule
      middlewares:
        - name: nextcloud-chain
      services:
        - name: nextcloud
          port: 11000
          scheme: http
  tls:
    secretName: nextcloud-tls

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: nextcloud-tls
spec:
  secretName: nextcloud-tls
  issuerRef:
    name: letsencrypt-production
    kind: ClusterIssuer
  commonName: "nextcloud.durp.info"
  dnsNames:
    - "nextcloud.durp.info"

---
kind: Service
apiVersion: v1
metadata:
  name: nextcloud-external-dns
  annotations:
    external-dns.alpha.kubernetes.io/hostname: nextcloud.durp.info
spec:
  type: ExternalName
  externalName: durp.info

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-secure-headers
spec:
  headers:
    hostsProxyHeaders:
      - "X-Forwarded-Host"
    referrerPolicy: "same-origin"

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: https-redirect
spec:
  redirectScheme:
    scheme: https

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: nextcloud-chain
spec:
  chain:
    middlewares:
      - name: https-redirect
      - name: nextcloud-secure-headers