infra/ansible-role-nextcloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changed installation to Debian package

Browse source 
App store and web update are now disabled. Apps need to be installed with as
Debian packages as well.
This commit is contained in:
Julian 2022-01-31 04:03:45 +01:00
parent 68e0865931
commit 650562a73d
No known key found for this signature in database
GPG key ID: 2F811E2338EE029B
7 changed files with 49 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -1,9 +1,10 @@
nextcloud: nextcloud:
version: ~
listen: listen:
- "443 ssl" - "443 ssl"
- "[::]:443 ssl" - "[::]:443 ssl"
upload_size_max: 512M upload_size_max: 512M
datadir: /var/www/nextcloud/data datadir: /var/lib/nextcloud/data
externalurl: example.com externalurl: example.com
mail: mail:
mode: sendmail mode: sendmail

25
library/nextcloud_ldap.py
View file

@ -6,7 +6,6 @@ import json
def run_module(): def run_module():
module_args = { module_args = {
'nextcloud_path': {'type': 'str', 'default': '/var/www/nextcloud'},
'config': {'type': 'dict', 'default': {}} 'config': {'type': 'dict', 'default': {}}
} }
@ -24,10 +23,7 @@ def run_module():
if 'config_id' not in module.params: if 'config_id' not in module.params:
module.params['config_id'] = 's01' module.params['config_id'] = 's01'
os.chdir(module.params['nextcloud_path']) rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True,
cwd=module.params['nextcloud_path'])
try: try:
current_configs = json.loads(stdout) current_configs = json.loads(stdout)
@ -41,15 +37,13 @@ def run_module():
module.fail_json(msg=f"Config ID ({module.params['config']['config_id']}) does not match next free config ID ({new_config_id})!", **result) module.fail_json(msg=f"Config ID ({module.params['config']['config_id']}) does not match next free config ID ({new_config_id})!", **result)
if not module.check_mode: if not module.check_mode:
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True, rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True)
cwd=module.params['nextcloud_path'])
new_config_id = stdout.strip() new_config_id = stdout.strip()
if new_config_id != new_config_id_calculated: if new_config_id != new_config_id_calculated:
module.fail_json(msg=f"New config id ({new_config_id}) is not the same as calculated id ({new_config_id_calculated})!", **result) module.fail_json(msg=f"New config id ({new_config_id}) is not the same as calculated id ({new_config_id_calculated})!", **result)
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True, rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
cwd=module.params['nextcloud_path'])
try: try:
current_configs = json.loads(stdout) current_configs = json.loads(stdout)
@ -73,25 +67,22 @@ def run_module():
if not module.check_mode: if not module.check_mode:
try: try:
module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], key, module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], key,
';'.join(new_config[key]) if isinstance(new_config[key], list) else str(new_config[key])], ';'.join(new_config[key]) if isinstance(new_config[key], list) else str(new_config[key])],
check_rc=True, cwd=module.params['nextcloud_path']) check_rc=True)
except Exception as e: except Exception as e:
module.fail_json(msg="Error on key " + key + " : " + str(e), **result) module.fail_json(msg="Error on key " + key + " : " + str(e), **result)
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True, rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True)
cwd=module.params['nextcloud_path'])
if stdout.strip() != 'The configuration is valid and the connection could be established!': if stdout.strip() != 'The configuration is valid and the connection could be established!':
module.fail_json(msg=f"LDAP connection test failed: {stdout}", **result) module.fail_json(msg=f"LDAP connection test failed: {stdout}", **result)
if not module.check_mode: if not module.check_mode:
module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True, module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True)
cwd=module.params['nextcloud_path'])
# set update interval, seems necessary to activate sync. # set update interval, seems necessary to activate sync.
module.run_command(['/usr/bin/php', 'occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True, module.run_command(['nextcloud-occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True)
cwd=module.params['nextcloud_path'])
module.exit_json(**result) module.exit_json(**result)

60
tasks/base.yml
View file

@ -1,11 +1,21 @@
- name: pin nextcloud version
template:
src: apt-preferences.j2
dest: /etc/apt/preferences.d/nextcloud
mode: '0644'
- name: setup cccv repo key
apt_key:
url: "https://packages.cccv.de/docs/cccv-archive-key.gpg"
- name: add cccv infrapackages-nextcloud repo
apt_repository:
repo: "deb https://packages.cccv.de/infrapackages-nextcloud/ {{ ansible_distribution_release|lower }} main"
- name: install nextcloud - name: install nextcloud
unarchive: apt:
src: "https://download.nextcloud.com/server/releases/latest.tar.bz2" pkg:
remote_src: yes - nextcloud
dest: /var/www/
owner: www-data
group: www-data
creates: /var/www/nextcloud
- name: create nextcloud datadir - name: create nextcloud datadir
file: file:
@ -24,13 +34,17 @@
content: | content: |
apc.enable_cli = 1 apc.enable_cli = 1
- name: check nextcloud install status
check_mode: no
shell: "nextcloud-occ status"
register: nextcloud_status_check
changed_when: false
- name: setup nextcloud - name: setup nextcloud
become_user: www-data when: "'installed: false' in nextcloud_status_check.stdout"
become: true
command: command:
argv: argv:
- /usr/bin/php - nextcloud-occ
- occ
- maintenance:install - maintenance:install
- -n - -n
- --database - --database
@ -47,38 +61,25 @@
- '{{ nextcloud.admin.pw }}' - '{{ nextcloud.admin.pw }}'
- --data-dir - --data-dir
- '{{ nextcloud.datadir }}' - '{{ nextcloud.datadir }}'
args:
chdir: /var/www/nextcloud
creates: /var/www/nextcloud/config/config.php
- name: set nextcloud trusted domains - name: set nextcloud trusted domains
become_user: www-data
become: true
command: # noqa no-changed-when command: # noqa no-changed-when
argv: argv:
- /usr/bin/php - nextcloud-occ
- occ
- config:system:set - config:system:set
- trusted_domains - trusted_domains
- 1 - 1
- --value - --value
- "{{ nextcloud.externalurl }}" - "{{ nextcloud.externalurl }}"
args:
chdir: /var/www/nextcloud
- name: set other nextcloud config values - name: set other nextcloud config values
become_user: www-data
become: true
command: # noqa no-changed-when command: # noqa no-changed-when
argv: argv:
- /usr/bin/php - nextcloud-occ
- occ
- config:system:set - config:system:set
- "{{ item.key }}" - "{{ item.key }}"
- --value - --value
- "{{ item.value }}" - "{{ item.value }}"
args:
chdir: /var/www/nextcloud
with_items: with_items:
- { key: "mail_from_address", value: "{{ nextcloud.mail.from }}" } - { key: "mail_from_address", value: "{{ nextcloud.mail.from }}" }
- { key: "mail_domain", value: "{{ nextcloud.mail.domain }}" } - { key: "mail_domain", value: "{{ nextcloud.mail.domain }}" }
@ -111,10 +112,3 @@
state: link state: link
notify: notify:
- restart nginx - restart nginx
- name: add cronjob for nextcloud
cron:
job: /usr/bin/php -f /var/www/nextcloud/cron.php
user: www-data
minute: "*/10"
name: nextcloud-cron

27
tasks/groupfolders.yml
View file

@ -1,14 +1,9 @@
- name: manage group folders - name: manage group folders
become_user: www-data
become: true
block: block:
# Get list of existing group folders and set them as fact # Get list of existing group folders and set them as fact
- name: get list of group folders - name: get list of group folders
check_mode: no check_mode: no
command: '/usr/bin/php occ groupfolders:list --output json' command: 'nextcloud-occ groupfolders:list --output json'
args:
chdir: /var/www/nextcloud
register: existing_group_folders register: existing_group_folders
- name: store existing group folders - name: store existing group folders
@ -17,9 +12,7 @@
# Create group folders that did not exist yet # Create group folders that did not exist yet
- name: create non-existing folders - name: create non-existing folders
command: "/usr/bin/php occ groupfolders:create {{ item.name }}" command: "nextcloud-occ groupfolders:create {{ item.name }}"
args:
chdir: /var/www/nextcloud
with_items: "{{ nextcloud.groupfolders }}" with_items: "{{ nextcloud.groupfolders }}"
when: group_folders | selectattr(search_key, 'equalto', search_val) | list | count == 0 when: group_folders | selectattr(search_key, 'equalto', search_val) | list | count == 0
vars: vars:
@ -29,9 +22,7 @@
# Get list of existing group folders AGAIN and set them as fact # Get list of existing group folders AGAIN and set them as fact
- name: get list of group folders again - name: get list of group folders again
check_mode: no check_mode: no
command: '/usr/bin/php occ groupfolders:list --output json' command: 'nextcloud-occ groupfolders:list --output json'
args:
chdir: /var/www/nextcloud
register: existing_group_folders register: existing_group_folders
- name: store existing group folders - name: store existing group folders
@ -40,9 +31,7 @@
# Set quota for folders where it does not match # Set quota for folders where it does not match
- name: set group folder quota - name: set group folder quota
command: "/usr/bin/php occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}" command: "nextcloud-occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
args:
chdir: /var/www/nextcloud
with_items: "{{ nextcloud.groupfolders }}" with_items: "{{ nextcloud.groupfolders }}"
when: (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).quota != item.quota when: (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).quota != item.quota
vars: vars:
@ -51,16 +40,12 @@
# We search for some random name so that the LDAP data cache gets updated # We search for some random name so that the LDAP data cache gets updated
- name: update LDAP cache - name: update LDAP cache
command: "/usr/bin/php occ ldap:search random_string_to_update_cache" command: "nextcloud-occ ldap:search random_string_to_update_cache"
args:
chdir: /var/www/nextcloud
changed_when: False changed_when: False
# Set folder permissions if they are not correct yet # Set folder permissions if they are not correct yet
- name: Set folder permissions - name: Set folder permissions
command: "/usr/bin/php occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete" command: "nextcloud-occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
args:
chdir: /var/www/nextcloud
# Only execute when the permissions of the group for that folder are not "31" (31 is write, share, delete) # Only execute when the permissions of the group for that folder are not "31" (31 is write, share, delete)
when: ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] is undefined) or when: ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] is undefined) or
((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] != 31) ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] != 31)

2
tasks/main.yml
View file

@ -1,8 +1,6 @@
- import_tasks: base.yml - import_tasks: base.yml
- name: configure ldap app - name: configure ldap app
become: true
become_user: www-data
nextcloud_ldap: nextcloud_ldap:
config: "{{ nextcloud.ldap }}" config: "{{ nextcloud.ldap }}"
when: when:

5
templates/apt-preferences.j2 Normal file
View file

@ -0,0 +1,5 @@
{% if nextcloud.version %}
Package: nextcloud
Pin: version {{ nextcloud.version }}
Pin-Priority: 999
{% endif %}

2
templates/nginx.j2
View file

@ -3,7 +3,7 @@ server {
listen {{ listen }}; listen {{ listen }};
{% endfor %} {% endfor %}
root /var/www/nextcloud; root /usr/share/nextcloud;
client_max_body_size {{ nextcloud.upload_size_max }}; client_max_body_size {{ nextcloud.upload_size_max }};
client_body_buffer_size 128k; client_body_buffer_size 128k;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;