Weitere Einrichtungsschritte

This commit is contained in:
phil 2020-12-03 22:14:27 +00:00
parent db196d0567
commit 78307df9e0
10 changed files with 107 additions and 29 deletions

View file

@ -9,7 +9,16 @@ nextcloud_mysql_db: "nc_{{ common_name }}"
nextcloud_mysql_pw: admin nextcloud_mysql_pw: admin
nextcloud_mysql_user: "nc_{{ common_name }}" nextcloud_mysql_user: "nc_{{ common_name }}"
nextcloud_install_path: "/data/nextcloud/{{ nextcloud_domain }}" nextcloud_install_path: "/data/nextcloud/{{ nextcloud_domain }}"
nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php"
nextcloud_php_memory_limit: 512M
nextcloud_trusted_domains: ['localhost', '{{ nextcloud_domain }}'] nextcloud_trusted_domains: ['localhost', '{{ nextcloud_domain }}']
nextcloud_trusted_proxies: ['10.42.7.1']
nextcloud_version: nextcloud-20.0.2 nextcloud_version: nextcloud-20.0.2
nextcloud_mail_from: noreply
nextcloud_mail_domain: postfach.senselab.org
nextcloud_smtp_auth_type: LOGIN
nextcloud_smtp_host: sl-postbote.kahlo
nextcloud_smtp_port: 25
php_version: "7.3" php_version: "7.3"

View file

@ -4,7 +4,7 @@
name: apache2 name: apache2
state: reloaded state: reloaded
-name: restart apache - name: restart apache
service: service:
name: apache2 name: apache2
state: restarted state: restarted

18
tasks/apache.yml Normal file
View file

@ -0,0 +1,18 @@
---
- name: "Apache Module laden"
apache2_module:
state: present
name: "{{ item }}"
with_items:
- macro
- proxy_fcgi
- setenvif
notify: restart apache
- name: "Apache Seite einrichten"
lineinfile:
path: /etc/apache2/conf-available/nextcloud_sites.conf
insertafter: "^Ansbile"
line: "Use NCSite {{ nextcloud_domain }} {{ common_name }}"
state: present
notify: reload apache

View file

@ -1,5 +1,5 @@
--- ---
- name: "Ensure nextcloud database exists" - name: "Datenbank einrichten"
mysql_db: mysql_db:
name: '{{ nextcloud_mysql_db }}' name: '{{ nextcloud_mysql_db }}'
state: present state: present
@ -7,7 +7,7 @@
delegate_to: "{{ nextcloud_database_host }}" delegate_to: "{{ nextcloud_database_host }}"
# Todo: Formatierung des Nutzernamens und Zuordnung des hosts schlaegt fehl # Todo: Formatierung des Nutzernamens und Zuordnung des hosts schlaegt fehl
- name: "Ensure database user exists and has all privileges" - name: "Datenbank Benutzer einrichten"
mysql_user: mysql_user:
name: "{{ nextcloud_mysql_user }}" name: "{{ nextcloud_mysql_user }}"
password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}" password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters') }}"

View file

@ -1,5 +1,5 @@
--- ---
- name: "Add domain to cerificate list" - name: "Gateway Domain zur Zertifikatsliste hinzufügen"
lineinfile: lineinfile:
path: /etc/dehydrated/domains.txt path: /etc/dehydrated/domains.txt
insertafter: "^# nextcloud" insertafter: "^# nextcloud"
@ -7,11 +7,11 @@
# when: dehydrated_installiert # when: dehydrated_installiert
delegate_to: "{{ nextcloud_gateway }}" delegate_to: "{{ nextcloud_gateway }}"
- name: "Obtain certificate" - name: "Gateway Zertifikat erstelle"
command: dehydrated --cron -g command: dehydrated --cron -g
delegate_to: "{{ nextcloud_gateway }}" delegate_to: "{{ nextcloud_gateway }}"
- name: "Copy webserver site configuration" - name: "Gateway Proxy einrichten"
template: template:
src: nginx_site.j2 src: nginx_site.j2
dest: "/etc/nginx/sites-available/{{ nextcloud_domain }}" dest: "/etc/nginx/sites-available/{{ nextcloud_domain }}"
@ -20,7 +20,7 @@
mode: 0644 mode: 0644
delegate_to: "{{ nextcloud_gateway }}" delegate_to: "{{ nextcloud_gateway }}"
- name: "Enable site configuration" - name: "Gateway Seite aktivieren"
file: file:
src: "/etc/nginx/sites-available/{{ nextcloud_domain }}" src: "/etc/nginx/sites-available/{{ nextcloud_domain }}"
dest: "/etc/nginx/sites-enabled/{{ nextcloud_domain }}" dest: "/etc/nginx/sites-enabled/{{ nextcloud_domain }}"

View file

@ -1,7 +1,9 @@
--- ---
- import_tasks: packages.yml
- import_tasks: gateway.yml - import_tasks: gateway.yml
- import_tasks: database.yml - import_tasks: database.yml
tags: database tags: database
- import_tasks: php.yml
- import_tasks: apache.yml
- import_tasks: nextcloud.yml - import_tasks: nextcloud.yml
tags: nextcloud tags: nextcloud
- import_tasks: php.yml

View file

@ -1,12 +1,12 @@
--- ---
- name: "Ensure install dir is present" - name: "NC Verzeichnis prüfen"
file: file:
path: "{{ nextcloud_install_path }}" path: "{{ nextcloud_install_path }}"
mode: 0755 mode: 0755
state: directory state: directory
- name: "Download und unarchive Nextcloud" - name: "NC herunterladen und entpacken"
unarchive: unarchive:
src: "{{ nextcloud_dl_url }}/{{ nextcloud_version }}.tar.bz2" src: "{{ nextcloud_dl_url }}/{{ nextcloud_version }}.tar.bz2"
remote_src: true remote_src: true
@ -17,7 +17,7 @@
group: "{{ common_name }}" group: "{{ common_name }}"
mode: 0755 mode: 0755
- name: "Install Nextcloud" - name: "NC Installation"
command: > command: >
php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql" php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql"
--database-name "{{ nextcloud_mysql_db }}" --database-user "{{ nextcloud_mysql_user }}" --database-name "{{ nextcloud_mysql_db }}" --database-user "{{ nextcloud_mysql_user }}"
@ -27,7 +27,7 @@
become_user: "{{ common_name }}" become_user: "{{ common_name }}"
changed_when: true changed_when: true
- name: "Ensure trusted domains are set" - name: "NC trusted domains einrichte"
command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"' command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
become: true become: true
become_user: "{{ common_name }}" become_user: "{{ common_name }}"
@ -35,16 +35,45 @@
with_indexed_items: with_indexed_items:
- '{{ nextcloud_trusted_domains }}' - '{{ nextcloud_trusted_domains }}'
- name: "Ensure Apache marco module is loaded" - name: "NC cron einrichten"
apache2_module: cron:
state: present name: "nextcloud {{ nextcloud_domain }}"
name: macro minute: "*/5"
notify: restart apache user: "{{ common_name }}"
job: "php -f {{ nextcloud_install_path}}/cron.php"
cron_file: "nextcloud"
- name: "Setup Apache site config" - name: "NC allgemeie Konfiguration"
lineinfile: command: "{{ item }}"
path: /etc/apache2/conf-available/nextcloud_sites.conf become: true
insertafter: "^Ansbile" become_user: "{{ common_name }}"
line: "Use NCSite {{ nextcloud_domain }} {{ common_name }}" changed_when: true
state: present with_items:
notify: reload apache - "php {{ nextcloud_install_path }}/occ app:enable encryption"
- "php {{ nextcloud_install_path }}/occ encryption:enable"
- 'php {{ nextcloud_install_path }}/occ config:system:set memcache.local --value "\\OC\\Memcache\\APCu"'
- "php {{ nextcloud_install_path }}/occ background:cron"
- 'php {{ nextcloud_install_path }}/occ config:system:set overwrite.cli.url --value https://{{ nextcloud_domain }}'
- 'php {{ nextcloud_install_path }}/occ config:system:set htaccess.RewriteBase --value /'
- name: "NC Mailversand einrichten"
blockinfile:
path: "{{ nextcloud_config_file }}"
insertbefore: '^\);'
marker_begin: mailserver
block: |2
'mail_from_address' => '{{ nextcloud_mail_from }}',
'mail_smtpmode' => 'smtp',
'mail_sendmailmode' => 'smtp',
'mail_domain' => '{{ nextcloud_mail_domain }}',
'mail_smtpauthtype' => '{{ nextcloud_smtp_auth_type }}',
'mail_smtphost' => '{{ nextcloud_smtp_host }}',
'mail_smtpport' => '{{ nextcloud_smtp_port}}',
- name: "NC trusted proxies eirichten"
command: 'php {{ nextcloud_install_path }}/occ config:system:set trusted_proxies {{ item.0 }} --value "{{ item.1 }}"'
become: true
become_user: "{{ common_name }}"
changed_when: true
with_indexed_items:
- '{{ nextcloud_trusted_proxies }}'

20
tasks/packages.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: "Pakete Fakten sammeln"
package_facts:
manager: apt
- name: "Pakete Datenbank installieren"
apt:
pkg:
- python-pymysql
update_cache: yes
cache_valid_time: 3600
# nur für db_gast ausführen
- name: "Pakete installieren"
apt:
pkg:
- php-redis
- redis
update_cache: yes
cache_valid_time: 3600

View file

@ -1,6 +1,6 @@
--- ---
- name: "Create PHP-FPM-User" - name: "PHP FPM-Nutzer anlegen"
user: user:
name: "{{ common_name }}" name: "{{ common_name }}"
create_home: no create_home: no
@ -8,7 +8,7 @@
shell: /bin/false shell: /bin/false
state: present state: present
- name: "Copy PHP-FPM configuration" - name: "PHP FPM-Pool einrichten"
template: template:
src: php_fpm_pool.j2 src: php_fpm_pool.j2
dest: "/etc/php/{{ php_version }}/fpm/pool.d/{{ common_name }}.conf" dest: "/etc/php/{{ php_version }}/fpm/pool.d/{{ common_name }}.conf"

View file

@ -41,6 +41,6 @@ security.limit_extensions = .php .php3 .php4 .php5
;php_flag[display_errors] = off ;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on ;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M php_admin_value[memory_limit] = {{ nextcloud_php_memory_limit }}
php_admin_value[open_basedir] = {{ nextcloud_install_path }}:/tmp:/dev/urandom:/proc/meminfo:/var/log php_admin_value[open_basedir] = {{ nextcloud_install_path }}:/tmp:/dev/urandom:/proc/meminfo:/var/log
;php_admin_value[disable_functions] = mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_exec,passthru,system,proc_get_status,proc_close,proc_nice,proc_terminate,proc_open,curl_ini,parse_ini_file,show_source,dl,symlink,system_exec,exec,shell_exec,phpinfo ;php_admin_value[disable_functions] = mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_exec,passthru,system,proc_get_status,proc_close,proc_nice,proc_terminate,proc_open,curl_ini,parse_ini_file,show_source,dl,symlink,system_exec,exec,shell_exec,phpinfo