infra/ansible-role-nextcloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Changed installation to Debian package

Browse source 
App store and web update are now disabled. Apps need to be installed with as
Debian packages as well.
This commit is contained in:
Julian 2022-01-31 04:03:45 +01:00
parent 68e0865931
commit 650562a73d
No known key found for this signature in database
GPG key ID: 2F811E2338EE029B
7 changed files with 49 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -1,9 +1,10 @@
nextcloud:
version: ~
listen:
- "443 ssl"
- "[::]:443 ssl"
upload_size_max: 512M
datadir: /var/www/nextcloud/data
datadir: /var/lib/nextcloud/data
externalurl: example.com
mail:
mode: sendmail

25
library/nextcloud_ldap.py
View file

@ -6,7 +6,6 @@ import json
def run_module():
module_args = {
'nextcloud_path': {'type': 'str', 'default': '/var/www/nextcloud'},
'config': {'type': 'dict', 'default': {}}
}
@ -24,10 +23,7 @@ def run_module():
if 'config_id' not in module.params:
module.params['config_id'] = 's01'
os.chdir(module.params['nextcloud_path'])
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True,
cwd=module.params['nextcloud_path'])
rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
try:
current_configs = json.loads(stdout)
@ -41,15 +37,13 @@ def run_module():
module.fail_json(msg=f"Config ID ({module.params['config']['config_id']}) does not match next free config ID ({new_config_id})!", **result)
if not module.check_mode:
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True,
cwd=module.params['nextcloud_path'])
rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:create-empty-config', '--only-print-prefix'], check_rc=True)
new_config_id = stdout.strip()
if new_config_id != new_config_id_calculated:
module.fail_json(msg=f"New config id ({new_config_id}) is not the same as calculated id ({new_config_id_calculated})!", **result)
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True,
cwd=module.params['nextcloud_path'])
rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:show-config', '--show-password', '--output', 'json'], check_rc=True)
try:
current_configs = json.loads(stdout)
@ -73,25 +67,22 @@ def run_module():
if not module.check_mode:
try:
module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], key,
module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], key,
';'.join(new_config[key]) if isinstance(new_config[key], list) else str(new_config[key])],
check_rc=True, cwd=module.params['nextcloud_path'])
check_rc=True)
except Exception as e:
module.fail_json(msg="Error on key " + key + " : " + str(e), **result)
rc, stdout, stderr = module.run_command(['/usr/bin/php', 'occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True,
cwd=module.params['nextcloud_path'])
rc, stdout, stderr = module.run_command(['nextcloud-occ', 'ldap:test-config', module.params['config']['config_id']], check_rc=True)
if stdout.strip() != 'The configuration is valid and the connection could be established!':
module.fail_json(msg=f"LDAP connection test failed: {stdout}", **result)
if not module.check_mode:
module.run_command(['/usr/bin/php', 'occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True,
cwd=module.params['nextcloud_path'])
module.run_command(['nextcloud-occ', 'ldap:set-config', module.params['config']['config_id'], 'ldapConfigurationActive', '1'], check_rc=True)
# set update interval, seems necessary to activate sync.
module.run_command(['/usr/bin/php', 'occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True,
cwd=module.params['nextcloud_path'])
module.run_command(['nextcloud-occ', 'config:app:set', 'user_ldap', 'updateAttributesInterval', '--value=86400'], check_rc=True)
module.exit_json(**result)

60
tasks/base.yml
View file

@ -1,11 +1,21 @@
- name: pin nextcloud version
template:
src: apt-preferences.j2
dest: /etc/apt/preferences.d/nextcloud
mode: '0644'
- name: setup cccv repo key
apt_key:
url: "https://packages.cccv.de/docs/cccv-archive-key.gpg"
- name: add cccv infrapackages-nextcloud repo
apt_repository:
repo: "deb https://packages.cccv.de/infrapackages-nextcloud/ {{ ansible_distribution_release|lower }} main"
- name: install nextcloud
unarchive:
src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
remote_src: yes
dest: /var/www/
owner: www-data
group: www-data
creates: /var/www/nextcloud
apt:
pkg:
- nextcloud
- name: create nextcloud datadir
file:
@ -24,13 +34,17 @@
content: |
apc.enable_cli = 1
- name: check nextcloud install status
check_mode: no
shell: "nextcloud-occ status"
register: nextcloud_status_check
changed_when: false
- name: setup nextcloud
become_user: www-data
become: true
when: "'installed: false' in nextcloud_status_check.stdout"
command:
argv:
- /usr/bin/php
- occ
- nextcloud-occ
- maintenance:install
- -n
- --database
@ -47,38 +61,25 @@
- '{{ nextcloud.admin.pw }}'
- --data-dir
- '{{ nextcloud.datadir }}'
args:
chdir: /var/www/nextcloud
creates: /var/www/nextcloud/config/config.php
- name: set nextcloud trusted domains
become_user: www-data
become: true
command: # noqa no-changed-when
argv:
- /usr/bin/php
- occ
- nextcloud-occ
- config:system:set
- trusted_domains
- 1
- --value
- "{{ nextcloud.externalurl }}"
args:
chdir: /var/www/nextcloud
- name: set other nextcloud config values
become_user: www-data
become: true
command: # noqa no-changed-when
argv:
- /usr/bin/php
- occ
- nextcloud-occ
- config:system:set
- "{{ item.key }}"
- --value
- "{{ item.value }}"
args:
chdir: /var/www/nextcloud
with_items:
- { key: "mail_from_address", value: "{{ nextcloud.mail.from }}" }
- { key: "mail_domain", value: "{{ nextcloud.mail.domain }}" }
@ -111,10 +112,3 @@
state: link
notify:
- restart nginx
- name: add cronjob for nextcloud
cron:
job: /usr/bin/php -f /var/www/nextcloud/cron.php
user: www-data
minute: "*/10"
name: nextcloud-cron

27
tasks/groupfolders.yml
View file

@ -1,14 +1,9 @@
- name: manage group folders
become_user: www-data
become: true
block:
# Get list of existing group folders and set them as fact
- name: get list of group folders
check_mode: no
command: '/usr/bin/php occ groupfolders:list --output json'
args:
chdir: /var/www/nextcloud
command: 'nextcloud-occ groupfolders:list --output json'
register: existing_group_folders
- name: store existing group folders
@ -17,9 +12,7 @@
# Create group folders that did not exist yet
- name: create non-existing folders
command: "/usr/bin/php occ groupfolders:create {{ item.name }}"
args:
chdir: /var/www/nextcloud
command: "nextcloud-occ groupfolders:create {{ item.name }}"
with_items: "{{ nextcloud.groupfolders }}"
when: group_folders | selectattr(search_key, 'equalto', search_val) | list | count == 0
vars:
@ -29,9 +22,7 @@
# Get list of existing group folders AGAIN and set them as fact
- name: get list of group folders again
check_mode: no
command: '/usr/bin/php occ groupfolders:list --output json'
args:
chdir: /var/www/nextcloud
command: 'nextcloud-occ groupfolders:list --output json'
register: existing_group_folders
- name: store existing group folders
@ -40,9 +31,7 @@
# Set quota for folders where it does not match
- name: set group folder quota
command: "/usr/bin/php occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
args:
chdir: /var/www/nextcloud
command: "nextcloud-occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
with_items: "{{ nextcloud.groupfolders }}"
when: (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).quota != item.quota
vars:
@ -51,16 +40,12 @@
# We search for some random name so that the LDAP data cache gets updated
- name: update LDAP cache
command: "/usr/bin/php occ ldap:search random_string_to_update_cache"
args:
chdir: /var/www/nextcloud
command: "nextcloud-occ ldap:search random_string_to_update_cache"
changed_when: False
# Set folder permissions if they are not correct yet
- name: Set folder permissions
command: "/usr/bin/php occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
args:
chdir: /var/www/nextcloud
command: "nextcloud-occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
# Only execute when the permissions of the group for that folder are not "31" (31 is write, share, delete)
when: ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] is undefined) or
((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] != 31)

2
tasks/main.yml
View file

@ -1,8 +1,6 @@
- import_tasks: base.yml
- name: configure ldap app
become: true
become_user: www-data
nextcloud_ldap:
config: "{{ nextcloud.ldap }}"
when:

5
templates/apt-preferences.j2 Normal file
View file

@ -0,0 +1,5 @@
{% if nextcloud.version %}
Package: nextcloud
Pin: version {{ nextcloud.version }}
Pin-Priority: 999
{% endif %}

2
templates/nginx.j2
View file

@ -3,7 +3,7 @@ server {
listen {{ listen }};
{% endfor %}
root /var/www/nextcloud;
root /usr/share/nextcloud;
client_max_body_size {{ nextcloud.upload_size_max }};
client_body_buffer_size 128k;
fastcgi_buffers 64 4K;