From a6fea170a426fa242924eb61af668fed68577f36 Mon Sep 17 00:00:00 2001 From: phil Date: Sat, 26 Jun 2021 02:32:29 +0200 Subject: [PATCH] =?UTF-8?q?Fixes=20f=C3=BCr=20zentrale=20Verwaltung?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- defaults/main.yml | 1 + handlers/main.yml | 2 +- tasks/database.yml | 2 +- tasks/fixes.yml | 4 ++-- tasks/gateway.yml | 9 ++++++++- tasks/main.yml | 1 + tasks/nextcloud.yml | 2 +- tasks/version.yml | 4 +++- templates/nginx_site.j2 | 33 ++++++++++++++++++++++++++++++--- vars/main.yml | 15 ++++++++++++++- 10 files changed, 62 insertions(+), 11 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 9e731a4..2cd74c0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,6 +4,7 @@ mysql_socket: /var/run/mysqld/mysqld.sock nextcloud_admin_pw: admin nextcloud_admin_user: systemausfall.org nextcloud_admin_pw: admin +nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.domain }}_db_pwd length=42 chars=ascii_letters,digits') }}" nextcloud_dl_url: https://download.nextcloud.com/server/releases nextcloud_install_path: "/data/nextcloud/{{ instance.domain }}" nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php" diff --git a/handlers/main.yml b/handlers/main.yml index 4bef115..1ec7331 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -13,7 +13,7 @@ service: name: nginx state: reloaded - delegate_to: "{{ nextcloud_gateway }}" + delegate_to: "{{ gateway_host }}" - name: restart phpfpm service: diff --git a/tasks/database.yml b/tasks/database.yml index b6c5b0a..1c4e06d 100644 --- a/tasks/database.yml +++ b/tasks/database.yml @@ -12,7 +12,7 @@ mysql_user: name: "{{ instance.database }}" host: "{{ inventory_hostname }}" - password: "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}" + password: "{{ nextcloud_db_password }}" priv: "{{ instance.database }}.*:ALL" state: present login_unix_socket: "{{ mysql_socket }}" diff --git a/tasks/fixes.yml b/tasks/fixes.yml index 257bf56..2e237bb 100644 --- a/tasks/fixes.yml +++ b/tasks/fixes.yml @@ -1,8 +1,8 @@ --- -- name: "fixes: {{ instance.domain }} https://github.com/nextcloud/files_pdfviewer/issues/381" +- name: "fixes: {{ instance.domain }}: https://github.com/nextcloud/files_pdfviewer/issues/381" get_url: url: https://raw.githubusercontent.com/nextcloud/files_pdfviewer/6d81ffbb65c3758bece144e0aff07b4a0ad20eef/js/files_pdfviewer-main.js dest: "{{ nextcloud_install_path }}/apps/files_pdfviewer/js/files_pdfviewer-main.js" owner: "{{ instance.user }}" group: "{{ instance.user }}" - when: nc_installed_version >= "21.0.2" + when: nc_installed_version.stdout >= "21.0.2" diff --git a/tasks/gateway.yml b/tasks/gateway.yml index 5f7e5ec..4cf71ce 100644 --- a/tasks/gateway.yml +++ b/tasks/gateway.yml @@ -4,7 +4,14 @@ path: /etc/dehydrated/domains.txt insertafter: "^# nextcloud" line: "{{ instance.domain }}" - # when: dehydrated_installiert + delegate_to: "{{ gateway_host }}" + +- name: "gateway: {{ instance.domain }}: Alias zur Zertifikatsliste hinzufügen" + lineinfile: + path: /etc/dehydrated/domains.txt + insertafter: "^# nextcloud" + line: "{{ instance.alias }}" + when: instance.alias is defined delegate_to: "{{ gateway_host }}" - name: "gateway: {{ instance.domain }}: Zertifikat erstellen" diff --git a/tasks/main.yml b/tasks/main.yml index db83423..43396a0 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,6 +1,7 @@ --- - import_tasks: version.yml tags: version + - import_tasks: packages.yml - import_tasks: gateway.yml - import_tasks: database.yml diff --git a/tasks/nextcloud.yml b/tasks/nextcloud.yml index 44b8cdb..1767aef 100644 --- a/tasks/nextcloud.yml +++ b/tasks/nextcloud.yml @@ -20,7 +20,7 @@ command: > php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql" --database-name "{{ instance.database }}" --database-user "{{ instance.database }}" - --database-pass "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}" --database-host "{{ database_host }}" + --database-pass "{{ nextcloud_db_password }}" --database-host "{{ database_host }}" --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}" become: true become_user: "{{ instance.user }}" diff --git a/tasks/version.yml b/tasks/version.yml index d6cbaa0..36a4158 100644 --- a/tasks/version.yml +++ b/tasks/version.yml @@ -3,12 +3,14 @@ stat: path: "{{ nextcloud_install_path }}/version.php" register: nc_is_installed + changed_when: false - name: "version: {{ instance.domain }}: Prüfe NC-Version" shell: - cmd: occ -V | cut -d ' ' -f2 + cmd: ./occ -V | cut -d ' ' -f2 chdir: "{{ nextcloud_install_path }}" become: true become_user: "{{ instance.user }}" register: nc_installed_version when: nc_is_installed.stat.exists + changed_when: false diff --git a/templates/nginx_site.j2 b/templates/nginx_site.j2 index 8e436da..70eb84a 100644 --- a/templates/nginx_site.j2 +++ b/templates/nginx_site.j2 @@ -1,13 +1,18 @@ server { listen 80; - server_name {{ instance.domain }}; +{% if instance.alias is defined %} + server_name {{ instance.domain }}; + server_name {{ instance.alias }}; +{% else %} + server_name {{ instance.domain }}; +{% endif %} include snippets/letsencrypt.conf; location / { return 301 https://$http_host$request_uri; } } server { + listen 443 ssl http2; server_name {{ instance.domain }}; - listen 443 ssl http2; ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem; ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem; include /etc/nginx/proxy_params; @@ -23,4 +28,26 @@ server { location ~ \.* { proxy_pass http://{{ inventory_hostname }}:80; } -} \ No newline at end of file +} + +{% if instance.alias is defined %} +server { + listen 443 ssl http2; + server_name {{ instance.alias }}; + ssl_certificate /var/lib/dehydrated/certs/{{ instance.alias }}/fullchain.pem; + ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.alias }}/privkey.pem; + include /etc/nginx/proxy_params; + add_header Referrer-Policy $referrerpolicy; + add_header Strict-Transport-Security $sts; + add_header X-Content-Type-Options $xcontentoptions; + add_header X-XSS-Protection $xxssprotection; + + location ~ /.well-known/(carddav|caldav) { + return 301 $scheme://$host/remote.php/dav; + } + + location ~ \.* { + proxy_pass http://{{ inventory_hostname }}:80; + } +} +{% endif %} \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml index b52587a..906b162 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,2 +1,15 @@ --- -# vars file for nextcloud \ No newline at end of file +instances: + - domain: cloud.eine-welt-mv.de + user: ewlnmv + database: nc_ewlnmv + - domain: cloud.karo.ag + user: karoag + database: nc_karoag + - domain: nextcloud.bufas.net + user: bufas + database: nc_bufas + - domain: nextcloud.systemausfall.org + alias: speicher.roko.li + user: nextcloud + database: nc_nextcloud