Update Nextcloud role to include Hiddenservice tasks

defaults/main.yml

@@ -2,15 +2,15 @@
 apache_custom_conf_path: /etc/apache2/conf-available
 
 nextcloud_admin_user: systemausfall.org
-nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ instance.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
+nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ item.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
-nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
+nextcloud_db_password: "{{ lookup('password', '/tmp/{{ item.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
 nextcloud_github_api_url: https://api.github.com/repos/nextcloud/server/releases/latest
 nextcloud_dl_url: "https://download.nextcloud.com/server/releases/nextcloud-{{ latest_version.stdout }}.tar.bz2"
 nextcloud_root: /data/nextcloud
-nextcloud_install_path: "{{ nextcloud_root }}/{{ instance.name }}"
+nextcloud_install_path: "{{ nextcloud_root }}/{{ item.name }}"
 nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php"
 nextcloud_php_memory_limit: 512M
 nextcloud_php_upload_limit: 512M
-nextcloud_trusted_domains: ['localhost', '{{ instance.name }}']
+nextcloud_trusted_domains: ['localhost', '{{ item.name }}']
 
 redis_config_file: /etc/redis/redis.conf

handlers/main.yml

@@ -1,22 +1,26 @@
 ---
 - name: reload apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: reloaded
 
 - name: restart apache
-  service:
+  ansible.builtin.service:
-   name: apache2
+    name: apache2
-   state: restarted
+    state: restarted
+
+- name: Get certificate
+  ansible.builtin.command: dehydrated --cron -g
+  delegate_to: "{{ gateway_host }}"
 
 - name: reload nginx
-  service:
+  ansible.builtin.service:
     name: nginx
     state: reloaded
   delegate_to: "{{ gateway_host }}"
 
 - name: restart fail2ban
-  service:
+  ansible.builtin.service:
     name: fail2ban
     state: restarted
 

meta/main.yml

@@ -3,8 +3,8 @@ galaxy_info:
   description: Role to deploy Nextcloud
   company: Sense.Lab
   license: GPLv3
-  min_ansible_version: 2.4
+  min_ansible_version: "2.4"
   platforms:
     - name: Debian
       versions:
-      - Buster
+        - bullseye

tasks/apache.yml

@@ -1,13 +1,35 @@
 ---
-- name: "apache: {{ instance.name }}: Seite einrichten"
+- name: "Apache | Aktiviere Apache-Module"
-  lineinfile:
+  community.general.apache2_module:
-    path: /etc/apache2/conf-available/nextcloud_sites.conf
+    name: "{{ item.name }}"
-    insertafter: "^Ansbile"
+    state: "{{ item.state | default('present') }}"
-    line: "Use NCSite {{ instance.name }} {{ instance.user }}"
+  loop:
+    - name: env
+    - name: expires
+    - name: headers
+    - name: macro
+    - name: mpm_event
+    - name: mpm_prefork
+      state: absent
+    - name: proxy_fcgi
+    - name: setenvif
+  notify: restart apache
+
+- name: "Apache | Richte Nextcloud-Seiten ein"
+  ansible.builtin.template:
+    src: apache2/nextcloud_sites.conf.j2
+    dest: /etc/apache2/conf-available/nextcloud_sites.conf
+    mode: "0644"
   notify: reload apache
 
-- name: "apache: {{ instance.alias }}: Alias einrichten"
+- name: "Apache | Kopiere Apache-Vorlage für Seitenkonfiguration"
-  template:
+  ansible.builtin.template:
-    src: apache2/custom.conf.j2
+    src: apache2/nextcloud.conf.j2
-    dest: "{{ apache_custom_conf_path }}/{{ instance.name }}.conf"
+    dest: /etc/apache2/sites-available/nextcloud.conf
+    mode: "0644"
+
+- name: "Apache | Aktiviere Apache-Seitenkonfiguration"
+  ansible.builtin.command:
+    cmd: a2ensite nextcloud.conf
+    creates: /etc/apache2/sites-enabled/nextcloud.conf
   notify: reload apache

tasks/common.yml

@@ -1,43 +1,9 @@
 ---
-- name: "Common | Aktiviere Apache-Module"
-  ansible.builtin.apache2_module:
-    name: "{{ item.name }}"
-    state: "{{ item.state|default('present') }}"
-  loop:
-    - name: env
-    - name: expires
-    - name: headers
-    - name: macro
-    - name: mpm_event
-    - name: mpm_prefork
-      state: absent
-    - name: proxy_fcgi
-    - name: setenvif
-  notify: restart apache
-
-- name: "Common | Erstelle Apache-Konfiguration für NC-Seiten"
-  ansible.builtin.file:
-    path: /etc/apache2/conf-available/nextcloud_sites.conf
-    state: touch
-    mode: 0644
-
-- name: "Common | Kopiere Apache-Vorlage für Seitenkonfiguration"
-  ansible.builtin.template:
-    src: ../roles/nextcloud/templates/apache_site.conf.j2
-    dest: /etc/apache2/sites-available/nextcloud.conf
-    mode: 0644
-
-- name: "Common | Aktiviere Apache-Seitenkonfiguration"
-  ansible.builtin.command:
-    cmd: a2ensite nextcloud.conf
-    creates: /etc/apache2/sites-enabled/nextcloud.conf
-  notify: reload apache
-
 - name: "Common | Kopiere PHP-CLI-Konfiguration"
   ansible.builtin.copy:
-    src: ../roles/nextcloud/files/30-sao-nextcloud.ini
+    src: 30-sao-nextcloud.ini
     dest: "/etc/php/{{ php_version.stdout }}/mods-available/sao-nextcloud.ini"
-    mode: 0644
+    mode: "0644"
 
 - name: "Common | Aktiviere PHP-CLI-Konfiguration"
   ansible.builtin.file:
@@ -45,7 +11,7 @@
     dest: "/etc/php/{{ php_version.stdout }}/cli/conf.d/30-sao-nextcloud.ini"
     state: link
 
-- name: "Common | Ermittle letzte Version"
+- name: "Common | Ermittle aktuelle Nextcloud-Version"
   ansible.builtin.shell:
     cmd: curl -sL "{{ nextcloud_github_api_url }}" | jq -r ".tag_name" | cut -d 'v' -f2
   changed_when: false
@@ -53,6 +19,6 @@
 
 - name: "Common | Kopiere Update-Skript"
   ansible.builtin.template:
-    src: ../roles/nextcloud/templates/nextcloud-updater.j2
+    src: nextcloud-updater.j2
     dest: "/usr/local/bin/nextcloud-updater"
-    mode: 0755
+    mode: "0755"

tasks/configuration.yml

@@ -1,52 +1,62 @@
 ---
-- name: "Configuration | Richte trusted domains ein | {{ instance.name }}"
+- name: "Configuration | Setze Variable"
-  ansible.builtin.command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
+  ansible.builtin.set_fact:
+    nextcloud_install_path: "{{ nextcloud_root }}/{{ instances.name }}"
+
+- name: "Configuration | Richte trusted domains ein | {{ instances.name }}"
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
+    chdir: "{{ nextcloud_install_path }}"
   become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
   changed_when: true
   with_indexed_items:
-    - '{{ nextcloud.trusted_domains | default(instance.name) }}'
+    - '{{ instances.config.trusted_domains }}'
 
-- name: "Configuration | Richte cron-Job ein | {{ instance.name }}"
+- name: "Configuration | Richte cron-Job ein | {{ instances.name }}"
   ansible.builtin.cron:
-    name: "nextcloud {{ instance.name }}"
+    name: "nextcloud {{ instances.name }}"
     minute: "*/5"
-    user: "{{ instance.user }}"
+    user: "{{ instances.user }}"
-    job: "php -f {{ nextcloud_install_path}}/cron.php"
+    job: "php -f {{ nextcloud_install_path }}/cron.php"
     cron_file: "nextcloud"
 
-- name: "Configuration | Richte allgemeie Konfiguration ein | {{ instance.name }}"
+- name: "Configuration | Richte allgemeie Konfiguration ein | {{ instances.name }}"
-  ansible.builtin.command: "{{ item }}"
+  ansible.builtin.command:
+    cmd: "{{ commands }}"
+    chdir: "{{ nextcloud_install_path }}"
   become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
   changed_when: true
-  with_items:
+  loop:
-    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
+    - 'php occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set memcache.distributed --value "\OC\Memcache\Redis"'
+    - 'php occ config:system:set memcache.distributed --value "\OC\Memcache\Redis"'
-    - "php {{ nextcloud_install_path }}/occ background:cron"
+    - "php occ background:cron"
-    - 'php {{ nextcloud_install_path }}/occ config:system:set overwrite.cli.url --value https://{{ instance.name }}'
+    - 'php occ config:system:set overwrite.cli.url --value https://{{ instances.name }}'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set htaccess.RewriteBase --value /'
+    - 'php occ config:system:set htaccess.RewriteBase --value /'
-    - 'php {{ nextcloud_install_path }}/occ maintenance:update:htaccess'
+    - 'php occ maintenance:update:htaccess'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set default_language --value "de"'
+    - 'php occ config:system:set default_language --value "de"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set default_phone_region --value "DE"'
+    - 'php occ config:system:set default_phone_region --value "DE"'
-    - 'php {{ nextcloud_install_path }}/occ config:system:set loglevel --value "1"'
+    - 'php occ config:system:set loglevel --value "1"'
+  loop_control:
+    loop_var: commands
 
-- name: "Configuration | Richte Mailversand ein | {{ instance.name }}"
+- name: "Configuration | Richte Mailversand ein | {{ instances.name }}"
   ansible.builtin.blockinfile:
     path: "{{ nextcloud_config_file }}"
     insertbefore: '^\);'
     marker: "// {mark} ANSIBLE MANAGED BLOCK"
     marker_begin: mailserver
     block: |2
-        'mail_from_address' => '{{ nextcloud.mail_from }}',
+        'mail_from_address' => '{{ instances.config.mail_from }}',
         'mail_smtpmode' => 'smtp',
         'mail_sendmailmode' => 'smtp',
-        'mail_domain' => '{{ nextcloud.mail_domain }}',
+        'mail_domain' => '{{ instances.config.mail_domain }}',
-        'mail_smtpauthtype' => '{{ nextcloud.smtp_auth_type }}',
+        'mail_smtpauthtype' => '{{ instances.config.smtp_auth_type }}',
-        'mail_smtphost' => '{{ nextcloud.smtp_host }}',
+        'mail_smtphost' => '{{ instances.config.smtp_host }}',
-        'mail_smtpport' => '{{ nextcloud.smtp_port }}',
+        'mail_smtpport' => '{{ instances.config.smtp_port }}',
 
-- name: "Configuration | Richte Filelocking ein | {{ instance.name }}"
+- name: "Configuration | Richte Filelocking ein | {{ instances.name }}"
   ansible.builtin.blockinfile:
     path: "{{ nextcloud_config_file }}"
     insertbefore: '^\);'
@@ -62,15 +72,17 @@
              'timeout' => 1.5,
         ),
 
-- name: "Configuration | Richte trusted proxies ein | {{ instance.name }}"
+- name: "Configuration | Richte trusted proxies ein | {{ instances.name }}"
-  ansible.builtin.command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
+    chdir: "{{ nextcloud_install_path }}"
   become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ instances.user }}"
   changed_when: true
   with_indexed_items:
-    - "{{ nextcloud.trusted_proxies }}"
+    - "{{ instances.config.trusted_proxies }}"
 
-- name: "Configuration | Richte Logging ein | {{ instance.name }}"
+- name: "Configuration | Richte Logging ein | {{ instances.name }}"
   ansible.builtin.blockinfile:
     path: "{{ nextcloud_config_file }}"
     insertbefore: '^\);'

tasks/database.yml

@@ -1,18 +1,18 @@
 ---
-- name: "database | {{ instance.name }} | Datenbank einrichten"
+- name: "Database | Erstelle Datenbank | {{ item.name }}"
-  mysql_db:
+  community.mysql.mysql_db:
-    name: "{{ instance.database }}"
+    name: "{{ item.database }}"
     state: present
     login_unix_socket: "{{ mysql_socket }}"
     login_user: root
   delegate_to: "{{ database_host }}"
 
-- name: "database | {{ instance.name }} | Benutzer einrichten"
+- name: "Database | Richten Datenbank-Benutzer ein | {{ item.name }}"
-  mysql_user:
+  community.mysql.mysql_user:
-    name: "{{ instance.database }}"
+    name: "{{ item.database }}"
     host: "{{ inventory_hostname }}"
     password: "{{ nextcloud_db_password }}"
-    priv: "{{ instance.database }}.*:ALL"
+    priv: "{{ item.database }}.*:ALL"
     state: present
     login_unix_socket: "{{ mysql_socket }}"
     login_user: root

tasks/fail2ban.yml

@@ -1,12 +1,14 @@
 ---
-- name: "fail2ban | {{ instance.name }} | Kopiere Filter"
+- name: "Fail2ban | Kopiere Filter | {{ item.name }}"
-  copy:
+  ansible.builtin.copy:
     src: fail2ban/filter.conf
     dest: /etc/fail2ban/filter.d/nextcloud.conf
+    mode: "0644"
   notify: restart fail2ban
 
-- name: "fail2ban | {{ instance.name }} | Kopiere Jail"
+- name: "Fail2ban | Kopiere Jail | {{ item.name }}"
-  template:
+  ansible.builtin.template:
     src: fail2ban/jail.conf.j2
-    dest: /etc/fail2ban/jail.d/nextcloud-{{ instance.user }}.conf
+    dest: /etc/fail2ban/jail.d/nextcloud-{{ item.user }}.conf
+    mode: "0644"
   notify: restart fail2ban

tasks/gateway.yml

@@ -1,40 +1,33 @@
 ---
-- name: "gateway: {{ instance.name }}: Domain zur Zertifikatsliste hinzufügen"
+- name: "Gateway | Füge Domain zur Zertifikatsliste hinzu | {{ item.name }}"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/dehydrated/domains.txt
     insertafter: "^# nextcloud"
-    line: "{{ instance.name }}"
+    line: "{{ item.name }}"
   register: dehydrated
-  delegate_to: "{{ gateway_host }}"
 
-- name: "gateway: {{ instance.name }}: Alias zur Zertifikatsliste hinzufügen"
+- name: "Gateway | Füge Alias zur Zertifikatsliste hinzu | {{ item.name }}"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/dehydrated/domains.txt
     insertafter: "^# nextcloud"
-    line: "{{ item }}"
+    line: "{{ alias }}"
-  when: instance.alias is defined
+  when: item.alias is defined
-  register: dehydrated
+  loop: "{{ item.alias }}"
-  delegate_to: "{{ gateway_host }}"
+  loop_control:
-  loop: "{{ instance.alias }}"
+    loop_var: alias
+  notify: Get certificate
 
-- name: "gateway: {{ instance.name }}: Zertifikat erstellen"
+- name: "Gateway | Richte Proxy ein | {{ item.name }}"
-  command: dehydrated --cron -g
+  ansible.builtin.template:
-  delegate_to: "{{ gateway_host }}"
-  when: dehydrated.changed
-
-- name: "gateway: {{ instance.name }}: Proxy einrichten"
-  template:
     src: nginx_site.j2
-    dest: "/etc/nginx/sites-available/{{ instance.name }}"
+    dest: "/etc/nginx/sites-available/{{ item.name }}"
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
-  delegate_to: "{{ gateway_host }}"
 
-- name: "gateway: {{ instance.name }}: Seite aktivieren"
+- name: "Gateway | Aktiviere Seite | {{ item.name }}"
-  file:
+  ansible.builtin.file:
-    src: "/etc/nginx/sites-available/{{ instance.name }}"
+    src: "/etc/nginx/sites-available/{{ item.name }}"
-    dest: "/etc/nginx/sites-enabled/{{ instance.name }}"
+    dest: "/etc/nginx/sites-enabled/{{ item.name }}"
     state: link
   notify: reload nginx
-  delegate_to: "{{ gateway_host }}"

tasks/hiddenservice.yml

@@ -0,0 +1,23 @@
+---
+- name: "Hiddenservice | Richte Hiddenservice ein | {{ item.name }}"
+  ansible.builtin.import_role:
+    name: configure-hiddenservice
+  delegate_to: "{{ onion_host }}"
+  when: item.config.hiddenservice is defined and item.config.hiddenservice
+
+- name: "Hiddenservice | Kopiere Apache-Anpassungen | {{ item.name }}"
+  ansible.builtin.template:
+    src: templates/apache2/custom.conf.j2
+    dest: "/etc/apache2/conf-available/{{ item.name }}.conf"
+    mode: "0644"
+  notify: reload apache
+
+# Das erste Argument gibt den Platz im Array an, beginnend mit 0.
+- name: "Hiddenservice | Richte trusted domains ein | {{ item.name }}"
+  ansible.builtin.command:
+    cmd: 'php occ config:system:set trusted_domains {{ item.config.trusted_domains | length }} --value "{{ hiddenservice_address.stdout }}"'
+    chdir: "{{ nextcloud_install_path }}"
+  become: true
+  become_user: "{{ item.user }}"
+  changed_when: true
+  when: item.config.hiddenservice is defined and item.config.hiddenservice

tasks/main.yml

@@ -1,39 +1,58 @@
 ---
-- import_tasks: version.yml
+- name: Run common tasks
-  tags: version
+  ansible.builtin.import_tasks: common.yml
+  tags: common
 
-- import_tasks: gateway.yml
+- name: Install packages
-  tags: gateway
+  ansible.builtin.import_tasks: packages.yml
+  tags: packages
 
-- import_tasks: database.yml
+- name: Redis
+  ansible.builtin.import_tasks: redis.yml
+  tags: redis
+
+- name: Setup Gateway
+  ansible.builtin.include_tasks: gateway.yml
+  args:
+    apply:
+      delegate_to: "{{ gateway_host }}"
+  loop: "{{ nextcloud_instances }}"
+
+- name: Run database tasks
+  ansible.builtin.include_tasks: database.yml
   tags: database
+  loop: "{{ nextcloud_instances }}"
 
-- import_tasks: user.yml
+- name: Run user tasks
+  ansible.builtin.include_tasks: user.yml
   tags: user
+  loop: "{{ nextcloud_instances }}"
 
-- import_tasks: php.yml
+- name: Run php tasks
+  ansible.builtin.include_tasks: php.yml
   tags: php
+  loop: "{{ nextcloud_instances }}"
 
-- name: Configure hiddenservices
+- name: Run Hiddenservice tasks
-  ansible.builtin.import_role:
+  ansible.builtin.include_tasks: hiddenservice.yml
-    name: configure-hiddenservice
+  loop: "{{ nextcloud_instances }}"
-  tags: hiddenservice
-  delegate_to: "{{ onion_host }}"
-  when: item.config.hiddenservice is defined and item.config.hiddenservice
 
-- import_tasks: user.yml
+- name: Run Webserver tasks
-  tags: user
+  ansible.builtin.import_tasks: apache.yml
-
-- import_tasks: apache.yml
   tags: apache
 
-- name: "Nextcloud installieren"
+- name: Installation
-  include_tasks: nextcloud.yml
+  ansible.builtin.include_tasks: nextcloud.yml
-  when: nc_is_installed.stat.exists == False
+  loop: "{{ nextcloud_instances }}"
-  tags: nextcloud
 
-- import_tasks: configuration.yml
+- name: Configure Nextcloud
-  tags: configuration
+  ansible.builtin.include_tasks: configuration.yml
+  loop: "{{ nextcloud_instances }}"
+  loop_control:
+    loop_var: instances
+    index_var: instance_id
 
-- import_tasks: fail2ban.yml
+- name: Configure Fail2ban
+  ansible.builtin.include_tasks: fail2ban.yml
   tags: fail2ban
+  loop: "{{ nextcloud_instances }}"

tasks/nextcloud.yml

@@ -1,29 +1,50 @@
 ---
-- name: "nextcloud: {{ instance.name }}: Verzeichnis prüfen"
+- name: "Nextcloud | Prüfe NC-Installation | {{ item.name }}"
-  file:
+  ansible.builtin.stat:
-    path: "{{ nextcloud_install_path }}"
+    path: "{{ nextcloud_install_path }}/version.php"
-    mode: 0644
+  register: nc_is_installed
-    state: directory
+  check_mode: false
+  changed_when: false
 
-- name: "nextcloud: {{ instance.name }}: herunterladen und entpacken"
+- name: "Nextcloud | Prüfe NC-Version | {{ item.name }}"
-  unarchive:
+  ansible.builtin.shell:
+    cmd: php ./occ -V | awk '{print $NF}'
+    chdir: "{{ nextcloud_install_path }}"
+  become: true
+  become_user: "{{ item.user }}"
+  register: nc_installed_version
+  when: nc_is_installed.stat.exists
+  check_mode: false
+  changed_when: false
+
+- name: "Nextcloud | Prüfe Installationsverzeichnis | {{ item.name }}"
+  ansible.builtin.file:
+    path: "{{ nextcloud_install_path }}"
+    mode: "0644"
+    state: directory
+  when: not nc_is_installed.stat.exists
+
+- name: "Nextcloud | Lade Archiv herunter | {{ item.name }}"
+  ansible.builtin.unarchive:
     src: "{{ nextcloud_dl_url }}"
     remote_src: true
     extra_opts:
       - "--strip-components=1"
     dest: "{{ nextcloud_install_path }}"
-    owner: "{{ instance.user }}"
+    owner: "{{ item.user }}"
-    group: "{{ instance.user }}"
+    group: "{{ item.user }}"
-    mode: 0644
+    mode: "0644"
+  when: not nc_is_installed.stat.exists
 
-- name: "nextcloud: {{ instance.name }}: Installation"
+- name: "Nextcloud | Führe Installation aus | {{ item.name }}"
-  command:
+  ansible.builtin.command:
     cmd: >
       php occ maintenance:install --database "mysql"
-      --database-name "{{ instance.database }}" --database-user "{{ instance.database }}"
+      --database-name "{{ item.database }}" --database-user "{{ item.database }}"
       --database-pass "{{ nextcloud_db_password }}" --database-host "{{ database_host }}"
       --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}"
     chdir: "{{ nextcloud_install_path }}"
   become: true
-  become_user: "{{ instance.user }}"
+  become_user: "{{ item.user }}"
   changed_when: true
+  when: not nc_is_installed.stat.exists

tasks/packages.yml

@@ -1,18 +1,6 @@
 ---
-- name: "packages: Fakten sammeln"
+- name: "Packages | Installiere Pakete"
-  package_facts:
+  ansible.builtin.apt:
-    manager: apt
-
-- name: "packages: Datenbank-Pakete installieren"
-  apt:
-    pkg:
-      - python3-pymysql
-    update_cache: yes
-    cache_valid_time: 3600
-  delegate_to: "{{ database_host }}"
-
-- name: "packages: Pakete installieren"
-  apt:
     pkg:
       - php-apcu
       - php-bcmath
@@ -27,5 +15,5 @@
       - php-zip
       - redis
       - libmagickcore-6.q16-6-extra
-    update_cache: yes
+    update_cache: true
     cache_valid_time: 3600

tasks/php.yml

@@ -1,32 +1,33 @@
 ---
-- name: "php | {{ instance.name }} | FPM-Pool kopieren"
+- name: "PHP | Erstelle FPM-Pool| {{ item.name }}"
-  template:
+  ansible.builtin.template:
     src: php_fpm_pool.j2
-    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ instance.user }}.cfg"
+    dest: "/etc/php/{{ php_version.stdout }}/fpm/pool.d/{{ item.user }}.cfg"
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   notify:
     - stop php-fpm-socket
     - stop php-fpm-service
     - start php-fpm-socket
 
-- name: "php | {{ instance.name }} | Erstelle Log-Datei"
+- name: "PHP | Erstelle Log-Datei | {{ item.name }}"
-  file:
+  ansible.builtin.file:
-    path: "{{ php_fpm_log_dir }}/{{ instance.user }}.log"
+    path: "{{ php_fpm_log_dir }}/{{ item.user }}.log"
     state: touch
-    owner: "{{ instance.user }}"
+    owner: "{{ item.user }}"
-    group: "{{ instance.user }}"
+    group: "{{ item.user }}"
+    mode: "0644"
 
-- name: "php | {{ instance.name }} | Aktiviere systemd Socket"
+- name: "PHP | Aktiviere systemd Socket | {{ item.name }}"
-  systemd:
+  ansible.builtin.systemd:
-    name: "php-fpm@{{ instance.user }}.socket"
+    name: "php-fpm@{{ item.user }}.socket"
     enabled: true
     state: started
     daemon_reload: true
 
-- name: "php | {{ instance.name }} | Aktiviere systemd Service"
+- name: "PHP | Aktiviere systemd Service | {{ item.name }}"
-  systemd:
+  ansible.builtin.systemd:
-    name: "php-fpm@{{ instance.user }}.service"
+    name: "php-fpm@{{ item.user }}.service"
     enabled: true
     daemon-reload: true

tasks/redis.yml

@@ -1,22 +1,22 @@
 ---
-- name: "redis: Aktiviere Socket"
+- name: "Redis | Aktiviere Socket"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ redis_config_file }}"
     regexp: '^# unixsocket /var/run/redis/redis-server.sock'
     line: 'unixsocket /var/run/redis/redis-server.sock'
 
-- name: "redis: Socket-Berechtigungen stetzen"
+- name: "Redis | Setze Socket-Berechtigungen"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ redis_config_file }}"
     regexp: '^# unixsocketperm 700'
     line: 'unixsocketperm 770'
 
-- name: "redis: Ermittle Anzahl der NC-Instanzen"
+- name: "Redis | Ermittle Anzahl der NC-Instanzen"
-  set_fact:
+  ansible.builtin.set_fact:
     instances_number: "{{ nextcloud_instances | length }}"
 
-- name: "redis: Konfiguriere Anzahl der Datenbanken"
+- name: "Redis | Konfiguriere Anzahl der Datenbanken"
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "{{ redis_config_file }}"
     regexp: '^databases 16$'
     line: 'databases {{ instances_number }}'

tasks/user.yml

@@ -1,15 +1,15 @@
 ---
-- name: "user | {{ instance.name }} | Nextcloud-System-Nutzer anlegen"
+- name: "User | Lege Nextcloud-System-Nutzer an | {{ item.name }}"
-  user:
+  ansible.builtin.user:
-    name: "{{ instance.user }}"
+    name: "{{ item.user }}"
     create_home: false
     password_lock: true
     groups: redis
     shell: /bin/false
     state: present
 
-- name: "user | {{ instance.name }} | Füge www-data zur Nextcloud-Nutzer-Gruppe hinzu"
+- name: "User | Füge www-data zur Nextcloud-Nutzer-Gruppe hinzu | {{ item.name }}"
-  user:
+  ansible.builtin.user:
     name: www-data
-    groups: "{{ instance.user }}"
+    groups: "{{ item.user }}"
     append: true

tasks/version.yml

@@ -1,18 +0,0 @@
----
-- name: "version: {{ instance.name }}: Prüfe NC-Installation"
-  stat:
-    path: "{{ nextcloud_install_path }}/version.php"
-  register: nc_is_installed
-  check_mode: false
-  changed_when: false
-
-- name: "version: {{ instance.name }}: Prüfe NC-Version"
-  shell:
-    cmd: php ./occ -V | awk '{print $NF}'
-    chdir: "{{ nextcloud_install_path }}"
-  become: true
-  become_user: "{{ instance.user }}"
-  register: nc_installed_version
-  when: nc_is_installed.stat.exists
-  check_mode: false
-  changed_when: false

templates/apache2/custom.conf.j2

@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 
-{% if instance.alias is defined %}
+{% if item.alias is defined %}
-{% for alias in instance.alias %}
+{% for alias in item.alias %}
 ServerAlias {{ alias }}
 {% endfor %}
 {% endif %}

templates/apache2/nextcloud_sites.conf.j2

@@ -0,0 +1,5 @@
+### {{ ansible_managed }}
+
+{% for site in nextcloud_instances %}
+Use NCSite {{ site.name }} {{ site.user }}
+{% endfor %}

templates/fail2ban/jail.conf.j2

@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 
-[nextcloud-{{ instance.user }}]
+[nextcloud-{{ item.user }}]
 backend = auto
 enabled = true
 port = 80,443
@@ -9,4 +9,4 @@ filter = nextcloud
 maxretry = 3
 bantime = 86400
 findtime = 43200
-logpath = {{ nextcloud_root }}/{{ instance.name }}/data/nextcloud.log
+logpath = {{ nextcloud_root }}/{{ item.name }}/data/nextcloud.log

templates/nginx_site.j2

@@ -1,8 +1,8 @@
 server {
         listen 80;
-	server_name {{ instance.name }};
+	server_name {{ item.name }};
-{% if instance.alias is defined %}
+{% if item.alias is defined %}
-  {% for alias in instance.alias %}
+  {% for alias in item.alias %}
 	server_name {{ alias }};
   {% endfor %}
 {% endif %}
@@ -12,9 +12,9 @@ server {
 
 server {
 	listen 443 ssl http2;
-        server_name {{ instance.name }};
+        server_name {{ item.name }};
-        ssl_certificate /var/lib/dehydrated/certs/{{ instance.name }}/fullchain.pem;
+        ssl_certificate /var/lib/dehydrated/certs/{{ item.name }}/fullchain.pem;
-        ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.name }}/privkey.pem;
+        ssl_certificate_key /var/lib/dehydrated/certs/{{ item.name }}/privkey.pem;
         include /etc/nginx/proxy_params;
         add_header Referrer-Policy $referrerpolicy;
         add_header Strict-Transport-Security $sts;
@@ -30,8 +30,8 @@ server {
         }
 }
 
-{% if instance.alias is defined %}
+{% if item.alias is defined %}
-  {% for alias in instance.alias %}
+  {% for alias in item.alias %}
 server {
 	listen 443 ssl http2;
         server_name {{ alias }};

templates/php_fpm_pool.j2

@@ -1,7 +1,7 @@
 [global]
 error_log = ${FPM_ERROR_LOG}
 
-[{{ instance.user }}]
+[{{ item.user }}]
 listen = ${FPM_SOCKET_PATH}
 pm = dynamic
 pm.max_children = 60