finalize nextcloud roles

This commit is contained in:
vincent 2020-02-16 16:22:01 +01:00
parent 59f1fd68d9
commit f27af0b0b7
6 changed files with 185 additions and 7 deletions

View File

@ -1,2 +1,27 @@
--- ---
# defaults file for nextcloud # defaults file for nextcloud
nextcloud_db_name: nextcloud
nextcloud_SQl_target_file:
nextcloud_db_user: nextcloud
nextcloud_db_password:
nextcloud_admin_user: admin
nextcloud_admin_password:
nextcloud_datadirectory: /var/nextcloud
nextcloud_web_root: /usr/share/webapps/nextcloud
nextcloud_trusted_domains:
- localhost
nextcloud_dbhost: localhost
nextcloud_dbport:
nextcloud_config_options: # additional options to set in config.php
- option: overwrite.cli.url
value: "'https://nextcloud.example.com'"
- option: maintenance
value: false
- option: loglevel
value: 2
nextcloud_fail2ban_jail_maxretry: 10
nextcloud_fail2ban_jail_findtime: 3600
nextcloud_fail2ban_jail_bantime: 900
nextcloud_fail2ban_jail_action: iptables-allports

11
files/nextcloud.hook Normal file
View File

@ -0,0 +1,11 @@
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = nextcloud
Target = nextcloud-app-*
[Action]
Description = Update Nextcloud installation
When = PostTransaction
Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/nextcloud/occ upgrade

View File

@ -1,2 +1,9 @@
--- ---
# handlers file for nextcloud # handlers file for nextcloud
- name: "Restart fail2ban"
service:
name: fail2ban
state: restarted
when: ansible_service_mgr == "systemd"
become: yes

View File

@ -1,7 +1,6 @@
galaxy_info: galaxy_info:
author: your name author: VDU
description: your role description description: nextcloud instalation
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the # If the issue tracker for your role is not on github, uncomment the
# next line and provide a value # next line and provide a value
@ -47,7 +46,12 @@ galaxy_info:
# NOTE: A tag is limited to a single word comprised of alphanumeric characters. # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role. # Maximum 20 tags per role.
dependencies: [] dependencies:
- nginx
- mariadb
- php
- cronie
- fail2ban
# List your role dependencies here, one per line. Be sure to remove the '[]' above, # List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list. # if you add dependencies to this list.

View File

@ -1,2 +1,124 @@
--- ---
# tasks file for nextcloud # tasks file for nextcloud
- name: "Ensure database is present"
become: yes
mysql_db:
name: "{{ nextcloud_db_name }}"
collation: utf8mb4_unicode_ci
encoding: utf8mb4
state: present
register: nextcloud_database_creation
- name: import DATA in database in case of creation
become: yes
mysql_db:
name: "{{ nextcloud_db_name }}"
state: import
target: "{{gitea_SQl_target_file}}"
when: nextcloud_database_creation.changed == true and nextcloud_SQl_target_file is defined
- name: "Ensure db user is present"
become: yes
mysql_user:
name: "{{ nextcloud_db_user }}"
host: localhost
password: "{{ nextcloud_db_password }}"
priv: "{{ nextcloud_db_name }}.*:ALL"
state: present
- name: ensure pacman hook folder exist
become: true
file:
path: /etc/pacman.d/hooks
state: directory
- name: add pacman hook
copy:
dest: /etc/pacman.d/hooks/nextcloud_hook # required. Remote absolute path where the file should be copied to. If I(src) is a directory, this must be a directory too. If I(dest) is a nonexistent path and if either I(dest) ends with "/" or I(src) is a directory, I(dest) is created. If I(src) and I(dest) are files, the parent directory of I(dest) isn't created: the task fails if it doesn't already exist.
src: nextcloud.hook # not required. Local path to a file to copy to the remote server; can be absolute or relative. If path is a directory, it is copied recursively. In this case, if path ends with "/", only inside contents of that directory are copied to destination. Otherwise, if it does not end with "/", the directory itself with all contents is copied. This behavior is similar to Rsync.
become: true
when: ansible_facts['os_family'] == "Archlinux"
- name: install nextcloud
package:
state: present # required. Whether to install (C(present)), or remove (C(absent)) a package. Other states depend on the underlying package module, i.e C(latest).
name: nextcloud # required. Package name, or package specifier with version, like C(name-1.0).,Be aware that packages are not always named the same and this module will not 'translate' them per distro.
become: true
- name: change owner on nextcloud web directory
become: true
file:
state: directory
path: "{{ nextcloud_web_root}}"
owner: http
recurse: yes
- name: création du répertoire data
become: true
file:
path: "{{ nextcloud_datadirectory }}"
group: http # not required. Name of the group that should own the file/directory, as would be fed to I(chown).
state: directory # not required. choices: absent;directory;file;hard;link;touch. If C(directory), all intermediate subdirectories will be created if they do not exist. Since Ansible 1.7 they will be created with the supplied permissions. If C(file), the file will NOT be created if it does not exist; see the C(touch) value or the M(copy) or M(template) module if you want that behavior. If C(link), the symbolic link will be created or changed. Use C(hard) for hardlinks. If C(absent), directories will be recursively deleted, and files or symlinks will be unlinked. Note that C(absent) will not cause C(file) to fail if the C(path) does not exist as the state did not change. If C(touch) (new in 1.4), an empty file will be created if the C(path) does not exist, while an existing file or directory will receive updated file access and modification times (similar to the way `touch` works from the command line).
owner: http # not required. Name of the user that should own the file/directory, as would be fed to I(chown).
- name: check if config exist
stat:
path: /etc/webapps/nextcloud/config/config.php # required. The full path of the file/object to get the facts of.
register: nextcloud_config_exist
- name: "Searching for a String"
become: yes
shell: awk "/'installed' => true/" /etc/webapps/nextcloud/config/config.php
register: installed_mode
changed_when: installed_mode.stdout == ""
when: nextcloud_config_exist.stat.exists == true
- name: installation - ensure nextcloud installation is finished
command: >
php {{ nextcloud_web_root }}/occ maintenance:install --database "mysql" --database-name "{{ nextcloud_db_name}}"
--database-user "{{ nextcloud_db_user }}" --database-pass "{{ nextcloud_db_password }}"
--admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_password }}" --data-dir "{{ nextcloud_datadirectory }}"
become: true
become_user: http
changed_when: true
when: installed_mode is changed or nextcloud_config_exist.stat.exists == false
- name: installation - ensure trusted domains are set
command: 'php {{ nextcloud_web_root }}/occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"'
become: true
become_user: http
changed_when: true
with_indexed_items:
- '{{ nextcloud_trusted_domains }}'
- name: ensure additional options are set in config.php if defined
become: true
lineinfile:
path: '{{ nextcloud_web_root }}/config/config.php'
regexp: '^\s*''{{ item.option }}'''
line: ' ''{{ item.option }}'' => {{ item.value }},'
insertafter: '\$CONFIG'
with_items: '{{ nextcloud_config_options }}'
when: nextcloud_config_options is defined
- name: create cron for nextcloud
cron:
job: "sudo -u http /usr/bin/php -f {{nextcloud_web_root}}/cron.php"
user: root # not required. The specific user whose crontab should be modified.
minute: 0,15,30,45 # not required. Minute when the job should run ( 0-59, *, */2, etc )
name: "nextcloud cron job" # not required. Description of a crontab entry or, if env is set, the name of environment variable. Required if state=absent. Note that if name is not set and state=present, then a new crontab entry will always be created, regardless of existing ones.
become: yes
- name: Install fail2ban jail
template:
src: fail2ban/nextcloud.local.j2
dest: /etc/fail2ban/jail.d/nextcloud_local
owner: root
group: root
mode: 0644
notify: Restart fail2ban
become: yes

View File

@ -0,0 +1,9 @@
[gitea]
enabled = true
port = http,https
filter = nextcloud
logpath = {{ nextcloud_datadirectory }}/nextcloud.log
maxretry = {{ nextcloud_fail2ban_jail_maxretry }}
findtime = {{ nextcloud_fail2ban_jail_findtime }}
bantime = {{ nextcloud_fail2ban_jail_bantime }}
action = {{ nextcloud_fail2ban_jail_action }}