Fixes für zentrale Verwaltung

This commit is contained in:
phil 2021-06-26 02:32:29 +02:00
parent b33a014729
commit a6fea170a4
10 changed files with 62 additions and 11 deletions

View file

@ -4,6 +4,7 @@ mysql_socket: /var/run/mysqld/mysqld.sock
nextcloud_admin_pw: admin
nextcloud_admin_user: systemausfall.org
nextcloud_admin_pw: admin
nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.domain }}_db_pwd length=42 chars=ascii_letters,digits') }}"
nextcloud_dl_url: https://download.nextcloud.com/server/releases
nextcloud_install_path: "/data/nextcloud/{{ instance.domain }}"
nextcloud_config_file: "{{ nextcloud_install_path }}/config/config.php"

View file

@ -13,7 +13,7 @@
service:
name: nginx
state: reloaded
delegate_to: "{{ nextcloud_gateway }}"
delegate_to: "{{ gateway_host }}"
- name: restart phpfpm
service:

View file

@ -12,7 +12,7 @@
mysql_user:
name: "{{ instance.database }}"
host: "{{ inventory_hostname }}"
password: "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}"
password: "{{ nextcloud_db_password }}"
priv: "{{ instance.database }}.*:ALL"
state: present
login_unix_socket: "{{ mysql_socket }}"

View file

@ -1,8 +1,8 @@
---
- name: "fixes: {{ instance.domain }} https://github.com/nextcloud/files_pdfviewer/issues/381"
- name: "fixes: {{ instance.domain }}: https://github.com/nextcloud/files_pdfviewer/issues/381"
get_url:
url: https://raw.githubusercontent.com/nextcloud/files_pdfviewer/6d81ffbb65c3758bece144e0aff07b4a0ad20eef/js/files_pdfviewer-main.js
dest: "{{ nextcloud_install_path }}/apps/files_pdfviewer/js/files_pdfviewer-main.js"
owner: "{{ instance.user }}"
group: "{{ instance.user }}"
when: nc_installed_version >= "21.0.2"
when: nc_installed_version.stdout >= "21.0.2"

View file

@ -4,7 +4,14 @@
path: /etc/dehydrated/domains.txt
insertafter: "^# nextcloud"
line: "{{ instance.domain }}"
# when: dehydrated_installiert
delegate_to: "{{ gateway_host }}"
- name: "gateway: {{ instance.domain }}: Alias zur Zertifikatsliste hinzufügen"
lineinfile:
path: /etc/dehydrated/domains.txt
insertafter: "^# nextcloud"
line: "{{ instance.alias }}"
when: instance.alias is defined
delegate_to: "{{ gateway_host }}"
- name: "gateway: {{ instance.domain }}: Zertifikat erstellen"

View file

@ -1,6 +1,7 @@
---
- import_tasks: version.yml
tags: version
- import_tasks: packages.yml
- import_tasks: gateway.yml
- import_tasks: database.yml

View file

@ -20,7 +20,7 @@
command: >
php "{{ nextcloud_install_path }}"/occ maintenance:install --database "mysql"
--database-name "{{ instance.database }}" --database-user "{{ instance.database }}"
--database-pass "{{ lookup('password', '/tmp/nc_db_password chars=ascii_letters') }}" --database-host "{{ database_host }}"
--database-pass "{{ nextcloud_db_password }}" --database-host "{{ database_host }}"
--admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_pw }}"
become: true
become_user: "{{ instance.user }}"

View file

@ -3,12 +3,14 @@
stat:
path: "{{ nextcloud_install_path }}/version.php"
register: nc_is_installed
changed_when: false
- name: "version: {{ instance.domain }}: Prüfe NC-Version"
shell:
cmd: occ -V | cut -d ' ' -f2
cmd: ./occ -V | cut -d ' ' -f2
chdir: "{{ nextcloud_install_path }}"
become: true
become_user: "{{ instance.user }}"
register: nc_installed_version
when: nc_is_installed.stat.exists
changed_when: false

View file

@ -1,13 +1,18 @@
server {
listen 80;
server_name {{ instance.domain }};
{% if instance.alias is defined %}
server_name {{ instance.domain }};
server_name {{ instance.alias }};
{% else %}
server_name {{ instance.domain }};
{% endif %}
include snippets/letsencrypt.conf;
location / { return 301 https://$http_host$request_uri; }
}
server {
listen 443 ssl http2;
server_name {{ instance.domain }};
listen 443 ssl http2;
ssl_certificate /var/lib/dehydrated/certs/{{ instance.domain }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.domain }}/privkey.pem;
include /etc/nginx/proxy_params;
@ -24,3 +29,25 @@ server {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% if instance.alias is defined %}
server {
listen 443 ssl http2;
server_name {{ instance.alias }};
ssl_certificate /var/lib/dehydrated/certs/{{ instance.alias }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certs/{{ instance.alias }}/privkey.pem;
include /etc/nginx/proxy_params;
add_header Referrer-Policy $referrerpolicy;
add_header Strict-Transport-Security $sts;
add_header X-Content-Type-Options $xcontentoptions;
add_header X-XSS-Protection $xxssprotection;
location ~ /.well-known/(carddav|caldav) {
return 301 $scheme://$host/remote.php/dav;
}
location ~ \.* {
proxy_pass http://{{ inventory_hostname }}:80;
}
}
{% endif %}

View file

@ -1,2 +1,15 @@
---
# vars file for nextcloud
instances:
- domain: cloud.eine-welt-mv.de
user: ewlnmv
database: nc_ewlnmv
- domain: cloud.karo.ag
user: karoag
database: nc_karoag
- domain: nextcloud.bufas.net
user: bufas
database: nc_bufas
- domain: nextcloud.systemausfall.org
alias: speicher.roko.li
user: nextcloud
database: nc_nextcloud