diff options
| -rw-r--r-- | hosts | 1 | ||||
| -rw-r--r-- | roles/nextcloud/defaults/main.yml | 88 | ||||
| -rw-r--r-- | roles/nextcloud/tasks/download.yml | 36 | ||||
| -rw-r--r-- | roles/nextcloud/tasks/installation.yml | 49 | ||||
| -rw-r--r-- | roles/nextcloud/tasks/main.yml | 26 | ||||
| -rw-r--r-- | site.yml | 9 |
6 files changed, 209 insertions, 0 deletions
@@ -5,3 +5,4 @@ vm [vm] code +cloud diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml new file mode 100644 index 0000000..5c49657 --- /dev/null +++ b/roles/nextcloud/defaults/main.yml @@ -0,0 +1,88 @@ +--- +php_ver: 8.2 + +nextcloud_php_present: + - php{{ php_ver }}-bcmath + - php{{ php_ver }}-imagick + - php{{ php_ver }}-zip + +nextcloud_nfs_present: + - nfs-common + +nextcloud_redis_host: + - 192.168.122.1 + +nextcloud_redis_port: + - 6379 + +nextcloud_data_nfs_share: "192.168.122.1:/srv/nextcloud/data" + +nextcloud_db_host: "192.168.122.1" +nextcloud_db_name: "nextcloud" +nextcloud_db_admin: "nextcloud_user" +nextcloud_db_pwd: "c543f02c0715eff22cc9ae0faf6f01d7b39cb2c0be08d62f4f945b20ef8ba666" + +# defaults file for nextcloud +# [DOWNLOAD] +# An URL will be generated following naming rules used by nextcloud's repository +# Not following this rules correctly will make the role unable to download nextcloud. +nextcloud_version_channel: "releases" # mandatory # (releases/prereleases/daily) +# channel releases requires version_full. +# channel prereleases requires version_full. Optional: version_special. +# channel daily requires requires version_full & version_special. +nextcloud_get_latest: true # mandatory # specify if the latest archive should be downloaded. +nextcloud_dl_file_name: "latest" +# Override generated file name for channels: releases/daily. +# optional : version_major. +# nextcloud_version_major: 25 # (24/25/26) for releases or for daily (master/stable25/stable26...) +# nextcloud_version_full: "25.0.3" # full version string +# nextcloud_version_special: "" # For prereleases: "RCn/beta" or for daily "YYYY-MM-DD" +nextcloud_repository: "https://download.nextcloud.com/server" # Domain URL where to download Nextcloud. +nextcloud_archive_format: "zip" # zip/tar.bz2 +# nextcloud_full_src: "https://download.nextcloud.com/server/releases/nextcloud-25.0.0.zip" # specify directly a full URL to the archive or a path on the control host + + +# [NEXTCLOUD CONFIG] +nextcloud_trusted_domain: + - "cloud.maxmail.xyz" + - "cloud.iamfabulous.de" + +nextcloud_ipv6: false + +nextcloud_trusted_proxies: [ "192.168.122.1" ] + +nextcloud_instance_name: "{{ nextcloud_trusted_domain | first }}" + +nextcloud_webroot: "/var/www/nextcloud" +nextcloud_data_dir: "/var/www/ncdata" +nextcloud_admin_name: "admin" +# nextcloud_admin_pwd: "secret" + +nextcloud_websrv_user: www-data + +nextcloud_websrv_group: www-data + +nextcloud_redis_settings: + - { name: 'redis host', value: "{{ nextcloud_redis_host }}" } + - { name: 'redis port', value: "{{ nextcloud_redis_port }}" } + - { name: 'memcache.locking', value: '\OC\Memcache\Redis' } + +nextcloud_background_cron: true + +## Custom nextcloud settings +## https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html +nextcloud_config_settings: + - { name: 'default_phone_region', value: 'DE' } # set a country code using ISO 3166-1 + - { name: 'overwrite.cli.url', value: 'https://{{ nextcloud_trusted_domain | first }}' } + - { name: 'memcache.local', value: '\OC\Memcache\APCu' } + - { name: 'mysql.utf8mb4', value: true } + - { name: 'updater.release.channel', value: 'production' } # production/stable/daily/beta + +# [APPS] +nextcloud_apps: {} +nextcloud_disable_apps: [] +nextcloud_patch_user_saml_app: false # Apply Workaround to lower-case REALM for REMOTE_USER environment-variable. + +# [SYSTEM] +# nextcloud_mysql_root_pwd: "secret" +upgrade_packages_first: false diff --git a/roles/nextcloud/tasks/download.yml b/roles/nextcloud/tasks/download.yml new file mode 100644 index 0000000..0aaf858 --- /dev/null +++ b/roles/nextcloud/tasks/download.yml @@ -0,0 +1,36 @@ +- name: install php packages + apt: + name: '{{ nextcloud_php_present }}' + install_recommends: 'no' + +- name: nc_download | Create and set directory ownership & permissions for the webroot folder + ansible.builtin.file: + path: "{{ nextcloud_webroot }}" + mode: "u=rwX,g=rX,o-rwx" + recurse: true + state: directory + owner: "{{ nextcloud_websrv_user }}" + group: "{{ nextcloud_websrv_group }}" + +- name: nc_download | Download and extract Nextcloud + block: + - name: nc_download | Download & extract Nextcloud to /tmp." + ansible.builtin.unarchive: + remote_src: true + src: "{{ nextcloud_full_src | default(nextcloud_calculated_url) }}" + dest: "/tmp/" + vars: + nextcloud_calculated_url: "{{ nextcloud_repository }}/{{ nextcloud_version_channel }}/{{ nextcloud_calculated_file }}" + nextcloud_calculated_file: "{{ nextcloud_dl_file_name + '.' + nextcloud_archive_format }}" + + - name: "nc_download | Move extracted files to {{ nextcloud_webroot }}" + ansible.builtin.command: "cp -r /tmp/nextcloud/. {{ nextcloud_webroot }}/" + when: nextcloud_webroot is not none + register: output + changed_when: "output.rc == 0" + + - name: nc_download | Remove nextcloud archive files + ansible.builtin.file: + path: /tmp/nextcloud + state: absent + diff --git a/roles/nextcloud/tasks/installation.yml b/roles/nextcloud/tasks/installation.yml new file mode 100644 index 0000000..5020b88 --- /dev/null +++ b/roles/nextcloud/tasks/installation.yml @@ -0,0 +1,49 @@ +- name: install nfs packages + apt: + name: '{{ nextcloud_nfs_present }}' + install_recommends: 'no' + state: present + +- name: check mountpoint exist + ansible.builtin.file: + path: "{{ nextcloud_data_dir }}" + state: directory + mode: 0640 + owner: www-data + group: www-data + +- name: mount network share + ansible.posix.mount: + src: "{{ nextcloud_data_nfs_share }}" + path: "{{ nextcloud_data_dir }}" + fstype: nfs + opts: "rw,sync" + state: mounted + +- name: "nc_installation | Generate password {{ nextcloud_admin_name }}" + ansible.builtin.set_fact: + nextcloud_admin_pwd: "{{ lookup('password', '/root/ncpasswd.txt') }}" + become: true + when: nextcloud_admin_pwd is not defined + +- name: nc_installation | Set temporary permissions for command line installation + ansible.builtin.file: + path: "{{ nextcloud_webroot }}" + state: directory + recurse: true + owner: "{{ nextcloud_websrv_user }}" + group: "{{ nextcloud_websrv_group }}" + +- name: nc_installation | Verify config.php - check filesize + ansible.builtin.stat: + path: "{{ nextcloud_webroot }}/config/config.php" + register: nc_installation_confsize + failed_when: nc_installation_confsize.stat.size is undefined or nc_installation_confsize.stat.size <= 100 + +- name: nc_installation | Verify config.php - php syntax check + ansible.builtin.command: "php -l {{ nextcloud_webroot }}/config/config.php" + register: nc_installation_confphp + changed_when: false + failed_when: + - nc_installation_confphp.rc is defined + - nc_installation_confphp.rc != 0 diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 0000000..485f8f1 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Check Nextcloud installed + ansible.builtin.stat: + path: "{{ nextcloud_webroot }}/index.php" + register: nc_nextcloud_installed + +- name: Downloading Nextcloud + ansible.builtin.include_tasks: download.yml + when: not nc_nextcloud_installed.stat.exists + +- name: Check Nextcloud configuration exists. + ansible.builtin.stat: + path: "{{ nextcloud_webroot }}/config/config.php" + register: nc_nextcloud_conf + +- name: Check Nextcloud is configured + ansible.builtin.command: grep -q "{{ nextcloud_trusted_domain | first }}" {{ nextcloud_webroot }}/config/config.php + failed_when: false + changed_when: false + register: nc_nextcloud_configured + when: nc_nextcloud_conf.stat.exists + +- name: Nextcloud installation + ansible.builtin.include_tasks: installation.yml + when: | + (not nc_nextcloud_conf.stat.exists) or + (nc_nextcloud_configured.rc is defined and nc_nextcloud_configured.rc != 0) @@ -120,4 +120,13 @@ - ghrss - applications +# ------------------------------------------------------------ + +- name: nextcloud + hosts: cloud + roles: + - nextcloud + tags: + - nextcloud + #the_user: "{{ ansible_user_id }}" |