From c85ee51590d667b87ba1c1fe97bac19a2bbc630b Mon Sep 17 00:00:00 2001
From: Felix Wolf <felix.wolf@blueworld-gmbh.de>
Date: Sat, 4 Apr 2026 18:17:32 +0200
Subject: [PATCH] feat: Adds Nextcloud pre-install hook and ArgoCD ignore rules

Introduces a `before-starting` hook that creates a `CAN_INSTALL` file, signaling Nextcloud to proceed with its installation process.

Configures ArgoCD to ignore differences in `batch/Job` resources' `spec.selector` and `spec.template.metadata.labels`. This prevents spurious out-of-sync states caused by Kubernetes mutating these fields on job creation, improving application synchronization stability.
---
 .../argocd/ignore-jobs.overlay.ytt.yaml          | 16 ++++++++++++++++
 prototypes/nextcloud/helm/nextcloud.yaml         |  3 +++
 rendered/argocd/production/app-nextcloud.yaml    |  7 +++++++
 .../nextcloud/configmap-nextcloud-hooks.yaml     | 15 +++++++++++++++
 .../nextcloud/deployment-nextcloud.yaml          | 10 +++++++++-
 5 files changed, 50 insertions(+), 1 deletion(-)
 create mode 100644 envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml
 create mode 100644 rendered/envs/production/nextcloud/configmap-nextcloud-hooks.yaml

diff --git a/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml b/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml
new file mode 100644
index 0000000..9a505aa
--- /dev/null
+++ b/envs/production/_apps/nextcloud/argocd/ignore-jobs.overlay.ytt.yaml
@@ -0,0 +1,16 @@
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/match by=overlay.all, expects="1+"
+---
+#@overlay/match-child-defaults missing_ok=True
+spec:
+  ignoreDifferences:
+    - group: batch
+      kind: Job
+      jsonPointers:
+        - /spec/selector
+        - /spec/template/metadata/labels
+  syncPolicy:
+    syncOptions:
+      #@overlay/append
+      - RespectIgnoreDifferences=true
diff --git a/prototypes/nextcloud/helm/nextcloud.yaml b/prototypes/nextcloud/helm/nextcloud.yaml
index e25dc6a..d233999 100644
--- a/prototypes/nextcloud/helm/nextcloud.yaml
+++ b/prototypes/nextcloud/helm/nextcloud.yaml
@@ -53,6 +53,9 @@ nextcloud:
       opcache.save_comments=1
       opcache.revalidate_freq=60
 
+  hooks:
+    before-starting: touch /var/www/html/config/CAN_INSTALL
+
   extraSidecarContainers:
     - name: caddy
       image: caddy:2-alpine
diff --git a/rendered/argocd/production/app-nextcloud.yaml b/rendered/argocd/production/app-nextcloud.yaml
index 6819d13..d8ed32b 100644
--- a/rendered/argocd/production/app-nextcloud.yaml
+++ b/rendered/argocd/production/app-nextcloud.yaml
@@ -11,6 +11,12 @@ spec:
   destination:
     namespace: nextcloud
     server: https://kubernetes.default.svc
+  ignoreDifferences:
+    - group: batch
+      jsonPointers:
+        - /spec/selector
+        - /spec/template/metadata/labels
+      kind: Job
   project: env-production
   source:
     path: rendered/envs/production/nextcloud
@@ -23,3 +29,4 @@ spec:
     syncOptions:
       - CreateNamespace=true
       - ServerSideApply=true
+      - RespectIgnoreDifferences=true
diff --git a/rendered/envs/production/nextcloud/configmap-nextcloud-hooks.yaml b/rendered/envs/production/nextcloud/configmap-nextcloud-hooks.yaml
new file mode 100644
index 0000000..611c9af
--- /dev/null
+++ b/rendered/envs/production/nextcloud/configmap-nextcloud-hooks.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+data:
+  before-starting.sh: touch /var/www/html/config/CAN_INSTALL
+kind: ConfigMap
+metadata:
+  annotations:
+    a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
+  labels:
+    app.kubernetes.io/instance: nextcloud
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: nextcloud
+    app.kubernetes.io/version: 33.0.0
+    helm.sh/chart: nextcloud-9.0.4
+  name: nextcloud-hooks
+  namespace: nextcloud
diff --git a/rendered/envs/production/nextcloud/deployment-nextcloud.yaml b/rendered/envs/production/nextcloud/deployment-nextcloud.yaml
index 6a1668d..50f5c50 100644
--- a/rendered/envs/production/nextcloud/deployment-nextcloud.yaml
+++ b/rendered/envs/production/nextcloud/deployment-nextcloud.yaml
@@ -27,7 +27,7 @@ spec:
   template:
     metadata:
       annotations:
-        hooks-hash: 9525c2748a6c7cd0e28ec740623d0b3fa5a75c83b51ccfd136bc89c76737b204
+        hooks-hash: 47a89ca9deff73131884ece615e1cabb1f600fec60aa8f20244ae3c5bb58f948
         nextcloud-config-hash: 0d229123637fe9f641f41261891a44b761ff32c52f973314650897e768f3456d
         php-config-hash: b638f66fd8d65de8364dbad6efc59a6524c7b2e2377b5623cf5e921e4d3d2400
       labels:
@@ -208,6 +208,10 @@ spec:
             - mountPath: /usr/local/etc/php/conf.d/uploadLimit.ini
               name: nextcloud-phpconfig
               subPath: uploadLimit.ini
+            - mountPath: /docker-entrypoint-hooks.d/before-starting/helm.sh
+              name: nextcloud-hooks
+              readOnly: true
+              subPath: before-starting.sh
         - command:
             - /cron.sh
           env:
@@ -416,6 +420,10 @@ spec:
         - configMap:
             name: nextcloud-phpconfig
           name: nextcloud-phpconfig
+        - configMap:
+            defaultMode: 493
+            name: nextcloud-hooks
+          name: nextcloud-hooks
         - configMap:
             name: nextcloud-caddy-config
           name: caddy-config