Update Nextcloud role to include Hiddenservice tasks

2023-05-21 23:01:31 +02:00 · 2023-05-21 23:01:31 +02:00 · 63eb7d74f7
parent 7f42bc9fd2
commit 63eb7d74f7
23 changed files with 282 additions and 244 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -2,15 +2,15 @@
 apache_custom_conf_path: /etc/apache2/conf-available

 nextcloud_admin_user: systemausfall.org
-nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ instance.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
-nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
+nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ item.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
+nextcloud_db_password: "{{ lookup('password', '/tmp/{{ item.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
 nextcloud_github_api_url: https://api.github.com/repos/nextcloud/server/releases/latest
 nextcloud_dl_url: "https://download.nextcloud.com/server/releases/nextcloud-{{ latest_version.stdout }}.tar.bz2"
 nextcloud_root: /data/nextcloud
-nextcloud_install_path: "{{ nextcloud_root }}/{{ instance.name }}"
+nextcloud_install_path: "{{ nextcloud_root }}/{{ item.name }}"
 nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php"
 nextcloud_php_memory_limit: 512M
 nextcloud_php_upload_limit: 512M
-nextcloud_trusted_domains: ['localhost', '{{ instance.name }}']
+nextcloud_trusted_domains: ['localhost', '{{ item.name }}']

 redis_config_file: /etc/redis/redis.conf
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -1,22 +1,26 @@
 ---
 - name: reload apache
-  service:
+  ansible.builtin.service:
    name: apache2
    state: reloaded

 - name: restart apache
-  service:
-   name: apache2
-   state: restarted
+  ansible.builtin.service:
+    name: apache2
+    state: restarted
+
+- name: Get certificate
+  ansible.builtin.command: dehydrated --cron -g
+  delegate_to: "{{ gateway_host }}"

 - name: reload nginx
-  service:
+  ansible.builtin.service:
    name: nginx
    state: reloaded
  delegate_to: "{{ gateway_host }}"

 - name: restart fail2ban
-  service:
+  ansible.builtin.service:
    name: fail2ban
    state: restarted

--- a/meta/main.yml
+++ b/meta/main.yml
@ -3,8 +3,8 @@ galaxy_info:
  description: Role to deploy Nextcloud
  company: Sense.Lab
  license: GPLv3
-  min_ansible_version: 2.4
+  min_ansible_version: "2.4"
  platforms:
    - name: Debian
      versions:
-      - Buster
+        - bullseye
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@ -1,13 +1,35 @@
 ---
- name: "apache: {{ instance.name }}: Seite einrichten"
-  lineinfile:
-    path: /etc/apache2/conf-available/nextcloud_sites.conf
-    insertafter: "^Ansbile"
-    line: "Use NCSite {{ instance.name }} {{ instance.user }}"
+- name: "Apache | Aktiviere Apache-Module"
+  community.general.apache2_module:
+    name: "{{ item.name }}"
+    state: "{{ item.state | default('present') }}"
+  loop:
+    - name: env
+    - name: expires
+    - name: headers
+    - name: macro
+    - name: mpm_event
+    - name: mpm_prefork
+      state: absent
+    - name: proxy_fcgi
+    - name: setenvif
+  notify: restart apache
+
+- name: "Apache | Richte Nextcloud-Seiten ein"
+  ansible.builtin.template:
+    src: apache2/nextcloud_sites.conf.j2
+    dest: /etc/apache2/conf-available/nextcloud_sites.conf
+    mode: "0644"
  notify: reload apache

- name: "apache: {{ instance.alias }}: Alias einrichten"
-  template:
-    src: apache2/custom.conf.j2
-    dest: "{{ apache_custom_conf_path }}/{{ instance.name }}.conf"
+- name: "Apache | Kopiere Apache-Vorlage für Seitenkonfiguration"
+  ansible.builtin.template:
+    src: apache2/nextcloud.conf.j2
+    dest: /etc/apache2/sites-available/nextcloud.conf
+    mode: "0644"
+
+- name: "Apache | Aktiviere Apache-Seitenkonfiguration"
+  ansible.builtin.command:
+    cmd: a2ensite nextcloud.conf
+    creates: /etc/apache2/sites-enabled/nextcloud.conf
  notify: reload apache
--- a/tasks/common.yml
+++ b/tasks/common.yml
@ -1,43 +1,9 @@
 ---
- name: "Common | Aktiviere Apache-Module"
-  ansible.builtin.apache2_module:
-    name: "{{ item.name }}"
-    state: "{{ item.state|default('present') }}"
-  loop:
-    - name: env
-    - name: expires
-    - name: headers
-    - name: macro
-    - name: mpm_event
-    - name: mpm_prefork
-      state: absent
-    - name: proxy_fcgi
-    - name: setenvif
-  notify: restart apache
-
- name: "Common | Erstelle Apache-Konfiguration für NC-Seiten"
-  ansible.builtin.file:
-    path: /etc/apache2/conf-available/nextcloud_sites.conf
-    state: touch
-    mode: 0644
-
- name: "Common | Kopiere Apache-Vorlage für Seitenkonfiguration"
-  ansible.builtin.template:
-    src: ../roles/nextcloud/templates/apache_site.conf.j2
-    dest: /etc/apache2/sites-available/nextcloud.conf
-    mode: 0644
-
- name: "Common | Aktiviere Apache-Seitenkonfiguration"
-  ansible.builtin.command:
-    cmd: a2ensite nextcloud.conf
-    creates: /etc/apache2/sites-enabled/nextcloud.conf
-  notify: reload apache
-
 - name: "Common | Kopiere PHP-CLI-Konfiguration"
  ansible.builtin.copy:
-    src: ../roles/nextcloud/files/30-sao-nextcloud.ini
+    src: 30-sao-nextcloud.ini
    dest: "/etc/php/{{ php_version.stdout }}/mods-available/sao-nextcloud.ini"
-    mode: 0644
+    mode: "0644"

 - name: "Common | Aktiviere PHP-CLI-Konfiguration"
  ansible.builtin.file:
@ -45,7 +11,7 @@
    dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini"
    state: link

- name: "Common | Ermittle letzte Version"
+- name: "Common | Ermittle aktuelle Nextcloud-Version"
  ansible.builtin.shell:
    cmd: curl -sL "{{ nextcloud_github_api_url }}" | jq -r ".tag_name" | cut -d 'v' -f2
  changed_when: false
@ -53,6 +19,6 @@

 - name: "Common | Kopiere Update-Skript"
  ansible.builtin.template:
-    src: ../roles/nextcloud/templates/nextcloud-updater.j2
+    src: nextcloud-updater.j2
    dest: "/usr/local/bin/nextcloud-updater"
-    mode: 0755
+    mode: "0755"
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@ -1,52 +1,62 @@
 ---
- name: "Configuration | Richte trusted domains ein | {{ instance.name }}"
-  ansible.builtin.command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
+- name: "Configuration | Setze Variable"
+  ansible.builtin.set_fact:
+    nextcloud_install_path: "{{ nextcloud_root }}/{{ instances.name }}"
+
+- name: "Configuration | Richte trusted domains ein | {{ instances.name }}"
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
+    chdir: "{{ nextcloud_install_path }}"
  become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
  changed_when: true
  with_indexed_items:
-    - '{{ nextcloud.trusted_domains | default(instance.name) }}'
+    - '{{ instances.config.trusted_domains }}'

- name: "Configuration | Richte cron-Job ein | {{ instance.name }}"
+- name: "Configuration | Richte cron-Job ein | {{ instances.name }}"
  ansible.builtin.cron:
-    name: "nextcloud {{ instance.name }}"
+    name: "nextcloud {{ instances.name }}"
    minute: "*/5"
-    user: "{{ instance.user }}"
-    job: "php -f {{ nextcloud_install_path}}/cron.php"
+    user: "{{ instances.user }}"
+    job: "php -f {{ nextcloud_install_path }}/cron.php"
    cron_file: "nextcloud"

- name: "Configuration | Richte allgemeie Konfiguration ein | {{ instance.name }}"
-  ansible.builtin.command: "{{ item }}"
+- name: "Configuration | Richte allgemeie Konfiguration ein | {{ instances.name }}"
+  ansible.builtin.command:
+    cmd: "{{ commands }}"
+    chdir: "{{ nextcloud_install_path }}"
  become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
  changed_when: true
-  with_items:
-    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.distributed --value "\OC\Memcache\Redis"'
-    - "php {{ nextcloud_install_path }}/occ background:cron"
-    - 'php {{ nextcloud_install_path }}/occ config:system:set overwrite.cli.url --value https://{{ instance.name }}'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set htaccess.RewriteBase --value /'
-    - 'php {{ nextcloud_install_path }}/occ maintenance:update:htaccess'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set default_language --value "de"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set default_phone_region --value "DE"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set loglevel --value "1"'
+  loop:
+    - 'php occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
+    - 'php occ config:system:set memcache.distributed --value "\OC\Memcache\Redis"'
+    - "php occ background:cron"
+    - 'php occ config:system:set overwrite.cli.url --value https://{{ instances.name }}'
+    - 'php occ config:system:set htaccess.RewriteBase --value /'
+    - 'php occ maintenance:update:htaccess'
+    - 'php occ config:system:set default_language --value "de"'
+    - 'php occ config:system:set default_phone_region --value "DE"'
+    - 'php occ config:system:set loglevel --value "1"'
+  loop_control:
+    loop_var: commands

- name: "Configuration | Richte Mailversand ein | {{ instance.name }}"
+- name: "Configuration | Richte Mailversand ein | {{ instances.name }}"
  ansible.builtin.blockinfile:
    path: "{{ nextcloud_config_file }}"
    insertbefore: '^\);'
    marker: "// {mark} ANSIBLE MANAGED BLOCK"
    marker_begin: mailserver
    block: |2
-        'mail_from_address' => '{{ nextcloud.mail_from }}',
+        'mail_from_address' => '{{ instances.config.mail_from }}',
        'mail_smtpmode' => 'smtp',
        'mail_sendmailmode' => 'smtp',
-        'mail_domain' => '{{ nextcloud.mail_domain }}',
-        'mail_smtpauthtype' => '{{ nextcloud.smtp_auth_type }}',
-        'mail_smtphost' => '{{ nextcloud.smtp_host }}',
-        'mail_smtpport' => '{{ nextcloud.smtp_port }}',
+        'mail_domain' => '{{ instances.config.mail_domain }}',
+        'mail_smtpauthtype' => '{{ instances.config.smtp_auth_type }}',
+        'mail_smtphost' => '{{ instances.config.smtp_host }}',
+        'mail_smtpport' => '{{ instances.config.smtp_port }}',

- name: "Configuration | Richte Filelocking ein | {{ instance.name }}"
+- name: "Configuration | Richte Filelocking ein | {{ instances.name }}"
  ansible.builtin.blockinfile:
    path: "{{ nextcloud_config_file }}"
    insertbefore: '^\);'
@ -62,15 +72,17 @@
             'timeout' => 1.5,
        ),

- name: "Configuration | Richte trusted proxies ein | {{ instance.name }}"
-  ansible.builtin.command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
+- name: "Configuration | Richte trusted proxies ein | {{ instances.name }}"
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
+    chdir: "{{ nextcloud_install_path }}"
  become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
  changed_when: true
  with_indexed_items:
-    - "{{ nextcloud.trusted_proxies }}"
+    - "{{ instances.config.trusted_proxies }}"

- name: "Configuration | Richte Logging ein | {{ instance.name }}"
+- name: "Configuration | Richte Logging ein | {{ instances.name }}"
  ansible.builtin.blockinfile:
    path: "{{ nextcloud_config_file }}"
    insertbefore: '^\);'
--- a/tasks/database.yml
+++ b/tasks/database.yml
@ -1,18 +1,18 @@
 ---
- name: "database | {{ instance.name }} | Datenbank einrichten"
-  mysql_db:
-    name: "{{ instance.database }}"
+- name: "Database | Erstelle Datenbank | {{ item.name }}"
+  community.mysql.mysql_db:
+    name: "{{ item.database }}"
    state: present
    login_unix_socket: "{{ mysql_socket }}"
    login_user: root
  delegate_to: "{{ database_host }}"

- name: "database | {{ instance.name }} | Benutzer einrichten"
-  mysql_user:
-    name: "{{ instance.database }}"
+- name: "Database | Richten Datenbank-Benutzer ein | {{ item.name }}"
+  community.mysql.mysql_user:
+    name: "{{ item.database }}"
    host: "{{ inventory_hostname }}"
    password: "{{ nextcloud_db_password }}"
-    priv: "{{ instance.database }}.*:ALL"
+    priv: "{{ item.database }}.*:ALL"
    state: present
    login_unix_socket: "{{ mysql_socket }}"
    login_user: root
--- a/tasks/fail2ban.yml
+++ b/tasks/fail2ban.yml
@ -1,12 +1,14 @@
 ---
- name: "fail2ban | {{ instance.name }} | Kopiere Filter"
-  copy:
+- name: "Fail2ban | Kopiere Filter | {{ item.name }}"
+  ansible.builtin.copy:
    src: fail2ban/filter.conf
    dest: /etc/fail2ban/filter.d/nextcloud.conf
+    mode: "0644"
  notify: restart fail2ban

- name: "fail2ban | {{ instance.name }} | Kopiere Jail"
-  template:
+- name: "Fail2ban | Kopiere Jail | {{ item.name }}"
+  ansible.builtin.template:
    src: fail2ban/jail.conf.j2
-    dest: /etc/fail2ban/jail.d/nextcloud-{{ instance.user }}.conf
+    dest: /etc/fail2ban/jail.d/nextcloud-{{ item.user }}.conf
+    mode: "0644"
  notify: restart fail2ban
--- a/tasks/gateway.yml
+++ b/tasks/gateway.yml
@ -1,40 +1,33 @@
 ---
- name: "gateway: {{ instance.name }}: Domain zur Zertifikatsliste hinzufügen"
-  lineinfile:
+- name: "Gateway | Füge Domain zur Zertifikatsliste hinzu | {{ item.name }}"
+  ansible.builtin.lineinfile:
    path: /etc/dehydrated/domains.txt
    insertafter: "^# nextcloud"
-    line: "{{ instance.name }}"
+    line: "{{ item.name }}"
  register: dehydrated
-  delegate_to: "{{ gateway_host }}"

- name: "gateway: {{ instance.name }}: Alias zur Zertifikatsliste hinzufügen"
-  lineinfile:
+- name: "Gateway | Füge Alias zur Zertifikatsliste hinzu | {{ item.name }}"
+  ansible.builtin.lineinfile:
    path: /etc/dehydrated/domains.txt
    insertafter: "^# nextcloud"
-    line: "{{ item }}"
-  when: instance.alias is defined
-  register: dehydrated
-  delegate_to: "{{ gateway_host }}"
-  loop: "{{ instance.alias }}"
+    line: "{{ alias }}"
+  when: item.alias is defined
+  loop: "{{ item.alias }}"
+  loop_control:
+    loop_var: alias
+  notify: Get certificate

- name: "gateway: {{ instance.name }}: Zertifikat erstellen"
-  command: dehydrated --cron -g
-  delegate_to: "{{ gateway_host }}"
-  when: dehydrated.changed
-
- name: "gateway: {{ instance.name }}: Proxy einrichten"
-  template:
+- name: "Gateway | Richte Proxy ein | {{ item.name }}"
+  ansible.builtin.template:
    src: nginx_site.j2
-    dest: "/etc/nginx/sites-available/{{ instance.name }}"
+    dest: "/etc/nginx/sites-available/{{ item.name }}"
    owner: root
    group: root
-    mode: 0644
-  delegate_to: "{{ gateway_host }}"
+    mode: "0644"

- name: "gateway: {{ instance.name }}: Seite aktivieren"
-  file:
-    src: "/etc/nginx/sites-available/{{ instance.name }}"
-    dest: "/etc/nginx/sites-enabled/{{ instance.name }}"
+- name: "Gateway | Aktiviere Seite | {{ item.name }}"
+  ansible.builtin.file:
+    src: "/etc/nginx/sites-available/{{ item.name }}"
+    dest: "/etc/nginx/sites-enabled/{{ item.name }}"
    state: link
  notify: reload nginx
-  delegate_to: "{{ gateway_host }}"
--- a/tasks/hiddenservice.yml
+++ b/tasks/hiddenservice.yml
@ -0,0 +1,23 @@
+---
+- name: "Hiddenservice | Richte Hiddenservice ein | {{ item.name }}"
+  ansible.builtin.import_role:
+    name: configure-hiddenservice
+  delegate_to: "{{ onion_host }}"
+  when: item.config.hiddenservice is defined and item.config.hiddenservice
+
+- name: "Hiddenservice | Kopiere Apache-Anpassungen | {{ item.name }}"
+  ansible.builtin.template:
+    src: templates/apache2/custom.conf.j2
+    dest: "/etc/apache2/conf-available/{{ item.name }}.conf"
+    mode: "0644"
+  notify: reload apache
+
+# Das erste Argument gibt den Platz im Array an, beginnend mit 0.
+- name: "Hiddenservice | Richte trusted domains ein | {{ item.name }}"
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_domains {{ item.config.trusted_domains | length }} --value "{{ hiddenservice_address.stdout }}"'
+    chdir: "{{ nextcloud_install_path }}"
+  become: true
+  become_user: "{{ item.user }}"
+  changed_when: true
+  when: item.config.hiddenservice is defined and item.config.hiddenservice
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,39 +1,58 @@
 ---
- import_tasks: version.yml
-  tags: version
+- name: Run common tasks
+  ansible.builtin.import_tasks: common.yml
+  tags: common

- import_tasks: gateway.yml
-  tags: gateway
+- name: Install packages
+  ansible.builtin.import_tasks: packages.yml
+  tags: packages

- import_tasks: database.yml
+- name: Redis
+  ansible.builtin.import_tasks: redis.yml
+  tags: redis
+
+- name: Setup Gateway
+  ansible.builtin.include_tasks: gateway.yml
+  args:
+    apply:
+      delegate_to: "{{ gateway_host }}"
+  loop: "{{ nextcloud_instances }}"
+
+- name: Run database tasks
+  ansible.builtin.include_tasks: database.yml
  tags: database
+  loop: "{{ nextcloud_instances }}"

- import_tasks: user.yml
+- name: Run user tasks
+  ansible.builtin.include_tasks: user.yml
  tags: user
+  loop: "{{ nextcloud_instances }}"

- import_tasks: php.yml
+- name: Run php tasks
+  ansible.builtin.include_tasks: php.yml
  tags: php
+  loop: "{{ nextcloud_instances }}"

- name: Configure hiddenservices
-  ansible.builtin.import_role:
-    name: configure-hiddenservice
-  tags: hiddenservice
-  delegate_to: "{{ onion_host }}"
-  when: item.config.hiddenservice is defined and item.config.hiddenservice
+- name: Run Hiddenservice tasks
+  ansible.builtin.include_tasks: hiddenservice.yml
+  loop: "{{ nextcloud_instances }}"

- import_tasks: user.yml
-  tags: user
-
- import_tasks: apache.yml
+- name: Run Webserver tasks
+  ansible.builtin.import_tasks: apache.yml
  tags: apache

- name: "Nextcloud installieren"
-  include_tasks: nextcloud.yml
-  when: nc_is_installed.stat.exists == False
-  tags: nextcloud
+- name: Installation
+  ansible.builtin.include_tasks: nextcloud.yml
+  loop: "{{ nextcloud_instances }}"

- import_tasks: configuration.yml
-  tags: configuration
+- name: Configure Nextcloud
+  ansible.builtin.include_tasks: configuration.yml
+  loop: "{{ nextcloud_instances }}"
+  loop_control:
+    loop_var: instances
+    index_var: instance_id

- import_tasks: fail2ban.yml
+- name: Configure Fail2ban
+  ansible.builtin.include_tasks: fail2ban.yml
  tags: fail2ban
+  loop: "{{ nextcloud_instances }}"
--- a/tasks/nextcloud.yml
+++ b/tasks/nextcloud.yml
@ -1,29 +1,50 @@
 ---
- name: "nextcloud: {{ instance.name }}: Verzeichnis prüfen"
-  file:
-    path: "{{ nextcloud_install_path }}"
-    mode: 0644
-    state: directory
+- name: "Nextcloud | Prüfe NC-Installation | {{ item.name }}"
+  ansible.builtin.stat:
+    path: "{{ nextcloud_install_path }}/version.php"
+  register: nc_is_installed
+  check_mode: false
+  changed_when: false

- name: "nextcloud: {{ instance.name }}: herunterladen und entpacken"
-  unarchive:
+- name: "Nextcloud | Prüfe NC-Version | {{ item.name }}"
+  ansible.builtin.shell:
+    cmd: php ./occ -V | awk '{print $NF}'
+    chdir: "{{ nextcloud_install_path }}"
+  become: true
+  become_user: "{{ item.user }}"
+  register: nc_installed_version
+  when: nc_is_installed.stat.exists
+  check_mode: false
+  changed_when: false
+
+- name: "Nextcloud | Prüfe Installationsverzeichnis | {{ item.name }}"
+  ansible.builtin.file:
+    path: "{{ nextcloud_install_path }}"
+    mode: "0644"
+    state: directory
+  when: not nc_is_installed.stat.exists
+
+- name: "Nextcloud | Lade Archiv herunter | {{ item.name }}"
+  ansible.builtin.unarchive:
    src: "{{ nextcloud_dl_url }}"
    remote_src: true
    extra_opts:
      - "--strip-components=1"
    dest: "{{ nextcloud_install_path }}"
-    owner: "{{ instance.user }}"
-    group: "{{ instance.user }}"
-    mode: 0644
+    owner: "{{ item.user }}"
+    group: "{{ item.user }}"
+    mode: "0644"
+  when: not nc_is_installed.stat.exists

- name: "nextcloud: {{ instance.name }}: Installation"
-  command:
+- name: "Nextcloud | Führe Installation aus | {{ item.name }}"
+  ansible.builtin.command:
    cmd: >
      php occ maintenance:install --database "mysql"
-      --database-name "{{ instance.database }}" --database-user "{{ instance.database }}"
+      --database-name "{{ item.database }}" --database-user "{{ item.database }}"
      --database-pass "{{ nextcloud_db_password }}" --database-host "{{ database_host }}"
      --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}"
    chdir: "{{ nextcloud_install_path }}"
  become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ item.user }}"
  changed_when: true
+  when: not nc_is_installed.stat.exists
--- a/tasks/packages.yml
+++ b/tasks/packages.yml
@ -1,18 +1,6 @@
 ---
- name: "packages: Fakten sammeln"
-  package_facts:
-    manager: apt
-
- name: "packages: Datenbank-Pakete installieren"
-  apt:
-    pkg:
-      - python3-pymysql
-    update_cache: yes
-    cache_valid_time: 3600
-  delegate_to: "{{ database_host }}"
-
- name: "packages: Pakete installieren"
-  apt:
+- name: "Packages | Installiere Pakete"
+  ansible.builtin.apt:
    pkg:
      - php-apcu
      - php-bcmath
@ -27,5 +15,5 @@
      - php-zip
      - redis
      - libmagickcore-6.q16-6-extra
-    update_cache: yes
+    update_cache: true
    cache_valid_time: 3600
--- a/tasks/php.yml
+++ b/tasks/php.yml
@ -1,32 +1,33 @@
 ---
- name: "php | {{ instance.name }} | FPM-Pool kopieren"
-  template:
+- name: "PHP | Erstelle FPM-Pool| {{ item.name }}"
+  ansible.builtin.template:
    src: php_fpm_pool.j2
-    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ instance.user }}.cfg"
+    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ item.user }}.cfg"
    owner: root
    group: root
-    mode: 0644
+    mode: "0644"
  notify:
    - stop php-fpm-socket
    - stop php-fpm-service
    - start php-fpm-socket

- name: "php | {{ instance.name }} | Erstelle Log-Datei"
-  file:
-    path: "{{ php_fpm_log_dir }}/{{ instance.user }}.log"
+- name: "PHP | Erstelle Log-Datei | {{ item.name }}"
+  ansible.builtin.file:
+    path: "{{ php_fpm_log_dir }}/{{ item.user }}.log"
    state: touch
-    owner: "{{ instance.user }}"
-    group: "{{ instance.user }}"
+    owner: "{{ item.user }}"
+    group: "{{ item.user }}"
+    mode: "0644"

- name: "php | {{ instance.name }} | Aktiviere systemd Socket"
-  systemd:
-    name: "php-fpm@{{ instance.user }}.socket"
+- name: "PHP | Aktiviere systemd Socket | {{ item.name }}"
+  ansible.builtin.systemd:
+    name: "php-fpm@{{ item.user }}.socket"
    enabled: true
    state: started
    daemon_reload: true

- name: "php | {{ instance.name }} | Aktiviere systemd Service"
-  systemd:
-    name: "php-fpm@{{ instance.user }}.service"
+- name: "PHP | Aktiviere systemd Service | {{ item.name }}"
+  ansible.builtin.systemd:
+    name: "php-fpm@{{ item.user }}.service"
    enabled: true
    daemon-reload: true
--- a/tasks/redis.yml
+++ b/tasks/redis.yml
@ -1,22 +1,22 @@
 ---
- name: "redis: Aktiviere Socket"
-  lineinfile:
+- name: "Redis | Aktiviere Socket"
+  ansible.builtin.lineinfile:
    path: "{{ redis_config_file }}"
    regexp: '^# unixsocket /var/run/redis/redis-server.sock'
    line: 'unixsocket /var/run/redis/redis-server.sock'

- name: "redis: Socket-Berechtigungen stetzen"
-  lineinfile:
+- name: "Redis | Setze Socket-Berechtigungen"
+  ansible.builtin.lineinfile:
    path: "{{ redis_config_file }}"
    regexp: '^# unixsocketperm 700'
    line: 'unixsocketperm 770'

- name: "redis: Ermittle Anzahl der NC-Instanzen"
-  set_fact:
+- name: "Redis | Ermittle Anzahl der NC-Instanzen"
+  ansible.builtin.set_fact:
    instances_number: "{{ nextcloud_instances | length }}"

- name: "redis: Konfiguriere Anzahl der Datenbanken"
-  lineinfile:
+- name: "Redis | Konfiguriere Anzahl der Datenbanken"
+  ansible.builtin.lineinfile:
    path: "{{ redis_config_file }}"
    regexp: '^databases 16$'
    line: 'databases {{ instances_number }}'
--- a/tasks/user.yml
+++ b/tasks/user.yml
@ -1,15 +1,15 @@
 ---
- name: "user | {{ instance.name }} | Nextcloud-System-Nutzer anlegen"
-  user:
-    name: "{{ instance.user }}"
+- name: "User | Lege Nextcloud-System-Nutzer an | {{ item.name }}"
+  ansible.builtin.user:
+    name: "{{ item.user }}"
    create_home: false
    password_lock: true
    groups: redis
    shell: /bin/false
    state: present

- name: "user | {{ instance.name }} | Füge www-data zur Nextcloud-Nutzer-Gruppe hinzu"
-  user:
+- name: "User | Füge www-data zur Nextcloud-Nutzer-Gruppe hinzu | {{ item.name }}"
+  ansible.builtin.user:
    name: www-data
-    groups: "{{ instance.user }}"
+    groups: "{{ item.user }}"
    append: true
--- a/tasks/version.yml
+++ b/tasks/version.yml
@ -1,18 +0,0 @@
---
- name: "version: {{ instance.name }}: Prüfe NC-Installation"
-  stat:
-    path: "{{ nextcloud_install_path }}/version.php"
-  register: nc_is_installed
-  check_mode: false
-  changed_when: false
-
- name: "version: {{ instance.name }}: Prüfe NC-Version"
-  shell:
-    cmd: php ./occ -V | awk '{print $NF}'
-    chdir: "{{ nextcloud_install_path }}"
-  become: true
-  become_user: "{{ instance.user }}"
-  register: nc_installed_version
-  when: nc_is_installed.stat.exists
-  check_mode: false
-  changed_when: false
--- a/templates/apache2/custom.conf.j2
+++ b/templates/apache2/custom.conf.j2
@ -1,7 +1,7 @@
 # {{ ansible_managed }}

-{% if instance.alias is defined %}
-{% for alias in instance.alias %}
+{% if item.alias is defined %}
+{% for alias in item.alias %}
 ServerAlias {{ alias }}
 {% endfor %}
 {% endif %}
--- a/templates/apache2/apache_site.conf.j2
+++ b/templates/apache2/apache_site.conf.j2
--- a/templates/apache2/nextcloud_sites.conf.j2
+++ b/templates/apache2/nextcloud_sites.conf.j2
@ -0,0 +1,5 @@
+### {{ ansible_managed }}
+
+{% for site in nextcloud_instances %}
+Use NCSite {{ site.name }} {{ site.user }}
+{% endfor %}
--- a/templates/fail2ban/jail.conf.j2
+++ b/templates/fail2ban/jail.conf.j2
@ -1,6 +1,6 @@
 # {{ ansible_managed }}

-[nextcloud-{{ instance.user }}]
+[nextcloud-{{ item.user }}]
 backend = auto
 enabled = true
 port = 80,443
@ -9,4 +9,4 @@ filter = nextcloud
 maxretry = 3
 bantime = 86400
 findtime = 43200
-logpath = {{ nextcloud_root }}/{{ instance.name }}/data/nextcloud.log
+logpath = {{ nextcloud_root }}/{{ item.name }}/data/nextcloud.log
--- a/templates/nginx_site.j2
+++ b/templates/nginx_site.j2
@ -1,8 +1,8 @@
 server {
        listen 80;
-	server_name {{ instance.name }};
-{% if instance.alias is defined %}
-  {% for alias in instance.alias %}
+	server_name {{ item.name }};
+{% if item.alias is defined %}
+  {% for alias in item.alias %}
 	server_name {{ alias }};
  {% endfor %}
 {% endif %}
@ -12,9 +12,9 @@ server {

 server {
 	listen 443 ssl http2;
-        server_name {{ instance.name }};
-        ssl_certificate /var/lib/dehydrated/certs/{{ instance.name }}/fullchain.pem;
-        ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.name }}/privkey.pem;
+        server_name {{ item.name }};
+        ssl_certificate /var/lib/dehydrated/certs/{{ item.name }}/fullchain.pem;
+        ssl_certificate_key /var/lib/dehydrated/certs/{{ item.name }}/privkey.pem;
        include /etc/nginx/proxy_params;
        add_header Referrer-Policy $referrerpolicy;
        add_header Strict-Transport-Security $sts;
@ -30,8 +30,8 @@ server {
        }
 }

-{% if instance.alias is defined %}
-  {% for alias in instance.alias %}
+{% if item.alias is defined %}
+  {% for alias in item.alias %}
 server {
 	listen 443 ssl http2;
        server_name {{ alias }};
--- a/templates/php_fpm_pool.j2
+++ b/templates/php_fpm_pool.j2
@ -1,7 +1,7 @@
 [global]
 error_log = ${FPM_ERROR_LOG}

-[{{ instance.user }}]
+[{{ item.user }}]
 listen = ${FPM_SOCKET_PATH}
 pm = dynamic
 pm.max_children = 60