Initial commit

defaults/main.yml

@@ -0,0 +1,11 @@
+nextcloud:
+  upload_size_max: 512M
+  datadir: /var/www/nextcloud/data
+  externalurl: example.com
+  admin:
+    pw: "{{ lookup('password', '/dev/null') }}"
+    name: admin
+  db:
+    user: nextcloud
+    pw: None
+    name: nextcloud

meta/main.yml

@@ -0,0 +1,5 @@
+---
+dependencies:
+  - { role: nginx }
+  - { role: nginx-php }
+  - { role: mariadb }

tasks/main.yml

@@ -0,0 +1,48 @@
+- name: install nextcloud
+  register: nextcloudinstall
+  unarchive:
+    src: "https://download.nextcloud.com/server/releases/nextcloud-14.0.0.tar.bz2"
+    remote_src: yes
+    dest: /var/www/
+    owner: www-data
+    group: www-data
+    creates: /var/www/nextcloud
+
+- name: setup nextcloud
+  become_user: www-data
+  become: true
+  when: nextcloudinstall is changed
+  command: "/usr/bin/php occ maintenance:install -n --database 'mysql' --database-name '{{ nextcloud.db.name }}'  --database-user '{{ nextcloud.db.user }}' --database-pass '{{ nextcloud.db.pw }}' --admin-user '{{ nextcloud.admin.name }}' --admin-pass '{{ nextcloud.admin.pw }}'"
+  args:
+    chdir: /var/www/nextcloud
+
+- name: set nextcloud trusted domains
+  become_user: www-data
+  become: true
+  command: '/usr/bin/php occ config:system:set trusted_domains 1 --value "{{ nextcloud.externalurl }}"'
+  args:
+    chdir: /var/www/nextcloud
+
+- name: copy nextcloud nginx config
+  template:
+    src: nginx.j2
+    dest: /etc/nginx/sites-available/nextcloud
+  notify:
+  - restart nginx
+
+- name: enable nextcloud for nginx
+  file:
+    src: /etc/nginx/sites-available/nextcloud
+    dest: /etc/nginx/sites-enabled/nextcloud
+    state: link
+  notify:
+  - restart nginx
+
+- name: add cronjob for nextcloud
+  cron:
+    job: /usr/bin/php -f /var/www/nextcloud/cron.php
+    user: www-data
+    minute: "*/10"
+    name: nextcloud-cron
+
+

templates/nginx.j2

@@ -0,0 +1,69 @@
+server {
+        listen 443 ssl;
+        listen [::]:443 ssl;
+
+        root /var/www/nextcloud;
+        client_max_body_size {{ nextcloud.upload_size_max }};
+        client_body_buffer_size 128k;
+	fastcgi_buffers 64 4K;
+
+	add_header X-Content-Type-Options nosniff;
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Robots-Tag none;
+	add_header X-Download-Options noopen;
+	add_header X-Permitted-Cross-Domain-Policies none;
+	add_header Referrer-Policy no-referrer;
+
+	location = /robots.txt {
+		allow all;
+	}
+	location = /.well-known/carddav {
+		return 301 $scheme://$host/remote.php/dav;
+	}
+	location = /.well-known/caldav {
+		return 301 $scheme://$host/remote.php/dav;
+	}
+
+	location / {
+		rewrite ^ /index.php$request_uri;
+	}
+
+	location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+		deny all;
+	}
+	location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+		deny all;
+	}
+
+	location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
+		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTPS on;
+		fastcgi_param modHeadersAvailable true;
+		fastcgi_param front_controller_active true;
+		fastcgi_pass php-handler;
+		fastcgi_intercept_errors on;
+		fastcgi_request_buffering off;
+	}
+
+	location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+		try_files $uri/ =404;
+		index index.php;
+	}
+	location ~ \.(?:css|js|woff|svg|gif)$ {
+		try_files $uri /index.php$request_uri;
+		add_header Cache-Control "public, max-age=15778463";
+		add_header X-Content-Type-Options nosniff;
+		add_header X-XSS-Protection "1; mode=block";
+		add_header X-Robots-Tag none;
+		add_header X-Download-Options noopen;
+		add_header X-Permitted-Cross-Domain-Policies none;
+		add_header Referrer-Policy no-referrer;
+	}
+	location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
+		try_files $uri /index.php$request_uri;
+	}
+}
+