senselab/ansible-role-nextcloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixes für zentrale Verwaltung

Browse source
This commit is contained in:
phil 2021-06-26 02:32:29 +02:00
parent b33a014729
commit a6fea170a4
10 changed files with 62 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
defaults/main.yml
View file

@ -4,6 +4,7 @@ mysql_socket: /var/run/mysqld/mysqld.sock
nextcloud_admin_pw: admin nextcloud_admin_pw: admin
nextcloud_admin_user: systemausfall.org nextcloud_admin_user: systemausfall.org
nextcloud_admin_pw: admin nextcloud_admin_pw: admin
nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.domain }}_db_pwd length=42 chars=ascii_letters,digits') }}"
nextcloud_dl_url: https://download.nextcloud.com/server/releases nextcloud_dl_url: https://download.nextcloud.com/server/releases
nextcloud_install_path: "/data/nextcloud/{{ instance.domain }}" nextcloud_install_path: "/data/nextcloud/{{ instance.domain }}"
nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php" nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php"

2
handlers/main.yml
View file

@ -13,7 +13,7 @@
service: service:
name: nginx name: nginx
state: reloaded state: reloaded
delegate_to: "{{ nextcloud_gateway }}" delegate_to: "{{ gateway_host }}"
- name: restart phpfpm - name: restart phpfpm
service: service:

2
tasks/database.yml
View file

@ -12,7 +12,7 @@
mysql_user: mysql_user:
name: "{{ instance.database }}" name: "{{ instance.database }}"
host: "{{ inventory_hostname }}" host: "{{ inventory_hostname }}"
password: "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}" password: "{{ nextcloud_db_password }}"
priv: "{{ instance.database }}.*:ALL" priv: "{{ instance.database }}.*:ALL"
state: present state: present
login_unix_socket: "{{ mysql_socket }}" login_unix_socket: "{{ mysql_socket }}"

4
tasks/fixes.yml
View file

@ -1,8 +1,8 @@
--- ---
- name: "fixes: {{ instance.domain }} https://github.com/nextcloud/files_pdfviewer/issues/381" - name: "fixes: {{ instance.domain }}: https://github.com/nextcloud/files_pdfviewer/issues/381"
get_url: get_url:
url: https://raw.githubusercontent.com/nextcloud/files_pdfviewer/6d81ffbb65c3758bece144e0aff07b4a0ad20eef/js/files_pdfviewer-main.js url: https://raw.githubusercontent.com/nextcloud/files_pdfviewer/6d81ffbb65c3758bece144e0aff07b4a0ad20eef/js/files_pdfviewer-main.js
dest: "{{ nextcloud_install_path }}/apps/files_pdfviewer/js/files_pdfviewer-main.js" dest: "{{ nextcloud_install_path }}/apps/files_pdfviewer/js/files_pdfviewer-main.js"
owner: "{{ instance.user }}" owner: "{{ instance.user }}"
group: "{{ instance.user }}" group: "{{ instance.user }}"
when: nc_installed_version >= "21.0.2" when: nc_installed_version.stdout >= "21.0.2"

9
tasks/gateway.yml
View file

@ -4,7 +4,14 @@
path: /etc/dehydrated/domains.txt path: /etc/dehydrated/domains.txt
insertafter: "^# nextcloud" insertafter: "^# nextcloud"
line: "{{ instance.domain }}" line: "{{ instance.domain }}"
# when: dehydrated_installiert delegate_to: "{{ gateway_host }}"
- name: "gateway: {{ instance.domain }}: Alias zur Zertifikatsliste hinzufügen"
lineinfile:
path: /etc/dehydrated/domains.txt
insertafter: "^# nextcloud"
line: "{{ instance.alias }}"
when: instance.alias is defined
delegate_to: "{{ gateway_host }}" delegate_to: "{{ gateway_host }}"
- name: "gateway: {{ instance.domain }}: Zertifikat erstellen" - name: "gateway: {{ instance.domain }}: Zertifikat erstellen"

1
tasks/main.yml
View file

@ -1,6 +1,7 @@
--- ---
- import_tasks: version.yml - import_tasks: version.yml
tags: version tags: version
- import_tasks: packages.yml - import_tasks: packages.yml
- import_tasks: gateway.yml - import_tasks: gateway.yml
- import_tasks: database.yml - import_tasks: database.yml

2
tasks/nextcloud.yml
View file

@ -20,7 +20,7 @@
command: > command: >
php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql" php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql"
--database-name "{{ instance.database }}" --database-user "{{ instance.database }}" --database-name "{{ instance.database }}" --database-user "{{ instance.database }}"
--database-pass "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}" --database-host "{{ database_host }}" --database-pass "{{ nextcloud_db_password }}" --database-host "{{ database_host }}"
--admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}" --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}"
become: true become: true
become_user: "{{ instance.user }}" become_user: "{{ instance.user }}"

4
tasks/version.yml
View file

@ -3,12 +3,14 @@
stat: stat:
path: "{{ nextcloud_install_path }}/version.php" path: "{{ nextcloud_install_path }}/version.php"
register: nc_is_installed register: nc_is_installed
changed_when: false
- name: "version: {{ instance.domain }}: Prüfe NC-Version" - name: "version: {{ instance.domain }}: Prüfe NC-Version"
shell: shell:
cmd: occ -V | cut -d ' ' -f2 cmd: ./occ -V | cut -d ' ' -f2
chdir: "{{ nextcloud_install_path }}" chdir: "{{ nextcloud_install_path }}"
become: true become: true
become_user: "{{ instance.user }}" become_user: "{{ instance.user }}"
register: nc_installed_version register: nc_installed_version
when: nc_is_installed.stat.exists when: nc_is_installed.stat.exists
changed_when: false

29
templates/nginx_site.j2
View file

@ -1,13 +1,18 @@
server { server {
listen 80; listen 80;
{% if instance.alias is defined %}
server_name {{ instance.domain }}; server_name {{ instance.domain }};
server_name {{ instance.alias }};
{% else %}
server_name {{ instance.domain }};
{% endif %}
include snippets/letsencrypt.conf; include snippets/letsencrypt.conf;
location / { return 301 https://$http_host$request_uri; } location / { return 301 https://$http_host$request_uri; }
} }
server { server {
server_name {{ instance.domain }};
listen 443 ssl http2; listen 443 ssl http2;
server_name {{ instance.domain }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem; ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem; ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem;
include /etc/nginx/proxy_params; include /etc/nginx/proxy_params;
@ -24,3 +29,25 @@ server {
proxy_pass http://{{ inventory_hostname }}:80; proxy_pass http://{{ inventory_hostname }}:80;
} }
} }
{% if instance.alias is defined %}
server {
listen 443 ssl http2;
server_name {{ instance.alias }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.alias }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.alias }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% endif %}

15
vars/main.yml
View file

@ -1,2 +1,15 @@
--- ---
# vars file for nextcloud instances:
- domain: cloud.eine-welt-mv.de
user: ewlnmv
database: nc_ewlnmv
- domain: cloud.karo.ag
user: karoag
database: nc_karoag
- domain: nextcloud.bufas.net
user: bufas
database: nc_bufas
- domain: nextcloud.systemausfall.org
alias: speicher.roko.li
user: nextcloud
database: nc_nextcloud