commit a6d1261679537a309aca3636e9e8cf4f74134a07 Author: nd Date: Thu Sep 20 13:21:29 2018 +0200 Initial commit diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..58009e7 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,11 @@ +nextcloud: + upload_size_max: 512M + datadir: /var/www/nextcloud/data + externalurl: example.com + admin: + pw: "{{ lookup('password', '/dev/null') }}" + name: admin + db: + user: nextcloud + pw: None + name: nextcloud diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..cbb1910 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,5 @@ +--- +dependencies: + - { role: nginx } + - { role: nginx-php } + - { role: mariadb } diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..6339bd7 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,48 @@ +- name: install nextcloud + register: nextcloudinstall + unarchive: + src: "https://download.nextcloud.com/server/releases/nextcloud-14.0.0.tar.bz2" + remote_src: yes + dest: /var/www/ + owner: www-data + group: www-data + creates: /var/www/nextcloud + +- name: setup nextcloud + become_user: www-data + become: true + when: nextcloudinstall is changed + command: "/usr/bin/php occ maintenance:install -n --database 'mysql' --database-name '{{ nextcloud.db.name }}' --database-user '{{ nextcloud.db.user }}' --database-pass '{{ nextcloud.db.pw }}' --admin-user '{{ nextcloud.admin.name }}' --admin-pass '{{ nextcloud.admin.pw }}'" + args: + chdir: /var/www/nextcloud + +- name: set nextcloud trusted domains + become_user: www-data + become: true + command: '/usr/bin/php occ config:system:set trusted_domains 1 --value "{{ nextcloud.externalurl }}"' + args: + chdir: /var/www/nextcloud + +- name: copy nextcloud nginx config + template: + src: nginx.j2 + dest: /etc/nginx/sites-available/nextcloud + notify: + - restart nginx + +- name: enable nextcloud for nginx + file: + src: /etc/nginx/sites-available/nextcloud + dest: /etc/nginx/sites-enabled/nextcloud + state: link + notify: + - restart nginx + +- name: add cronjob for nextcloud + cron: + job: /usr/bin/php -f /var/www/nextcloud/cron.php + user: www-data + minute: "*/10" + name: nextcloud-cron + + diff --git a/templates/nginx.j2 b/templates/nginx.j2 new file mode 100644 index 0000000..b6f2b93 --- /dev/null +++ b/templates/nginx.j2 @@ -0,0 +1,69 @@ +server { + listen 443 ssl; + listen [::]:443 ssl; + + root /var/www/nextcloud; + client_max_body_size {{ nextcloud.upload_size_max }}; + client_body_buffer_size 128k; + fastcgi_buffers 64 4K; + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + + location = /robots.txt { + allow all; + } + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + + location / { + rewrite ^ /index.php$request_uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; + } + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$request_uri; + } +} +