From bea7ae178dca073e16e84c3805d2e6d2c69e4712 Mon Sep 17 00:00:00 2001
From: Morre <morre@cccv.de>
Date: Sun, 23 Aug 2020 18:01:21 +0200
Subject: [PATCH] add group folder creation

---
 README.md              | 17 ++++++++++
 defaults/main.yml      |  1 +
 tasks/base.yml         | 71 +++++++++++++++++++++++++++++++++++++++
 tasks/groupfolders.yml | 61 +++++++++++++++++++++++++++++++++
 tasks/main.yml         | 76 +++---------------------------------------
 5 files changed, 154 insertions(+), 72 deletions(-)
 create mode 100644 README.md
 create mode 100644 tasks/base.yml
 create mode 100644 tasks/groupfolders.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5618a6c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,17 @@
+# nextcloud
+
+## Manage group folders
+
+Group folders are configured as follows:
+
+```yaml
+nextcloud:
+  groupfolders:
+  - name: folder_1
+    groups:
+    - group_name
+    - group2_name
+    quota: '1073741274' # Quota in Bytes
+```
+
+All configured groups have full edit rights in the group folder.
diff --git a/defaults/main.yml b/defaults/main.yml
index 61a48ac..776e065 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -17,3 +17,4 @@ nextcloud:
     user: nextcloud
     pw: None
     name: nextcloud
+  groupfolders: []
diff --git a/tasks/base.yml b/tasks/base.yml
new file mode 100644
index 0000000..fe0d1b8
--- /dev/null
+++ b/tasks/base.yml
@@ -0,0 +1,71 @@
+- name: install nextcloud
+  unarchive:
+    src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
+    remote_src: yes
+    dest: /var/www/
+    owner: www-data
+    group: www-data
+    creates: /var/www/nextcloud
+
+- name: create nextcloud datadir
+  file:
+    path: "{{ nextcloud.datadir }}"
+    owner: www-data
+    group: www-data
+    mode: 0770
+    state: directory
+
+- name: setup nextcloud
+  become_user: www-data
+  become: true
+  command: "/usr/bin/php occ maintenance:install -n --database 'mysql' --database-name '{{ nextcloud.db.name }}'  --database-user '{{ nextcloud.db.user }}' --database-pass '{{ nextcloud.db.pw }}' --admin-user '{{ nextcloud.admin.name }}' --admin-pass '{{ nextcloud.admin.pw }}' --data-dir '{{ nextcloud.datadir }}'"
+  args:
+    chdir: /var/www/nextcloud
+    creates: /var/www/nextcloud/config/config.php
+
+- name: set nextcloud trusted domains
+  become_user: www-data
+  become: true
+  command: '/usr/bin/php occ config:system:set trusted_domains 1 --value "{{ nextcloud.externalurl }}"'
+  args:
+    chdir: /var/www/nextcloud
+
+- name: set other nextcloud config values
+  become_user: www-data
+  become: true
+  command: '/usr/bin/php occ config:system:set "{{ item.key }}" --value "{{ item.value }}"'
+  args:
+    chdir: /var/www/nextcloud
+  with_items:
+  - { key: "mail_from_address", value: "{{ nextcloud.mail.from }}" }
+  - { key: "mail_domain",       value: "{{ nextcloud.mail.domain }}" }
+  - { key: "mail_smtpmode",     value: "{{ nextcloud.mail.mode }}" }
+  - { key: "mail_smtpauthtype", value: "PLAIN" }
+  - { key: "mail_smtphost",     value: "{{ nextcloud.mail.server|d('') }}" }
+  - { key: "mail_smtpport",     value: "25" }
+  - { key: "mail_smtppassword", value: "{{ nextcloud.mail.password|d('') }}" }
+  - { key: "mail_smtpname",     value: "{{ nextcloud.mail.user|d('') }}" }
+  - { key: "memcache.local",    value: '{{ "\OC\Memcache\APCu" }}' }
+  - { key: "datadirectory",     value: "{{ nextcloud.datadir }}" }
+
+- name: copy nextcloud nginx config
+  template:
+    src: nginx.j2
+    dest: /etc/nginx/sites-available/nextcloud
+  notify:
+  - restart nginx
+
+- name: enable nextcloud for nginx
+  file:
+    src: /etc/nginx/sites-available/nextcloud
+    dest: /etc/nginx/sites-enabled/nextcloud
+    state: link
+  notify:
+  - restart nginx
+
+- name: add cronjob for nextcloud
+  cron:
+    job: /usr/bin/php -f /var/www/nextcloud/cron.php
+    user: www-data
+    minute: "*/10"
+    name: nextcloud-cron
diff --git a/tasks/groupfolders.yml b/tasks/groupfolders.yml
new file mode 100644
index 0000000..bc81857
--- /dev/null
+++ b/tasks/groupfolders.yml
@@ -0,0 +1,61 @@
+- name: manage group folders
+  become_user: www-data
+  become: true
+
+  block:
+    # Get list of existing group folders and set them as fact
+    - name: get list of group folders
+      check_mode: no
+      command: '/usr/bin/php occ groupfolders:list --output json'
+      args:
+        chdir: /var/www/nextcloud
+      register: existing_group_folders
+
+    - set_fact:
+        group_folders: "{{ existing_group_folders.stdout | from_json }}"
+
+    # Create group folders that did not exist yet
+    - name: create non-existing folders
+      command: "/usr/bin/php occ groupfolders:create {{ item.name }}"
+      args:
+        chdir: /var/www/nextcloud
+      with_items: "{{ nextcloud.groupfolders }}"
+      when: group_folders | selectattr(search_key, 'equalto', search_val) | list | count == 0
+      vars:
+        search_key: "mount_point"
+        search_val: "{{ item.name }}"
+
+    # Get list of existing group folders AGAIN and set them as fact
+    - name: get list of group folders again
+      check_mode: no
+      command: '/usr/bin/php occ groupfolders:list --output json'
+      args:
+        chdir: /var/www/nextcloud
+      register: existing_group_folders
+
+    - set_fact:
+        group_folders: "{{ existing_group_folders.stdout | from_json }}"
+
+    # Set quota for folders where it does not match
+    - name: set group folder quota
+      command: "/usr/bin/php occ groupfolders:quota {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.quota }}"
+      args:
+        chdir: /var/www/nextcloud
+      with_items: "{{ nextcloud.groupfolders }}"
+      when: (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).quota != item.quota
+      vars:
+        search_key: "mount_point"
+        search_val: "{{ item.name }}"
+
+    # Set folder permissions if they are not correct yet
+    - name: Set folder permissions
+      command: "/usr/bin/php occ groupfolders:group {{ (group_folders | selectattr(search_key, 'equalto', search_val) | list | first).id }} {{ item.1 }} write share delete"
+      args:
+        chdir: /var/www/nextcloud
+      # Only execute when the permissions of the group for that folder are not "31" (31 is write, share, delete)
+      when: ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] is undefined) or
+            ((group_folders | selectattr(search_key, 'equalto', search_val) | list | first).groups[item.1] != 31)
+      loop: "{{ nextcloud.groupfolders | subelements('groups') }}"
+      vars:
+        search_key: "mount_point"
+        search_val: "{{ item.0.name }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index 4ad33a1..e09e339 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,73 +1,5 @@
-- name: install nextcloud
-  unarchive:
-    src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
-    remote_src: yes
-    dest: /var/www/
-    owner: www-data
-    group: www-data
-    creates: /var/www/nextcloud
-
-- name: create nextcloud datadir
-  file:
-    path: "{{ nextcloud.datadir }}"
-    owner: www-data
-    group: www-data
-    mode: 0770
-    state: directory
-
-- name: setup nextcloud
-  become_user: www-data
-  become: true
-  command: "/usr/bin/php occ maintenance:install -n --database 'mysql' --database-name '{{ nextcloud.db.name }}'  --database-user '{{ nextcloud.db.user }}' --database-pass '{{ nextcloud.db.pw }}' --admin-user '{{ nextcloud.admin.name }}' --admin-pass '{{ nextcloud.admin.pw }}' --data-dir '{{ nextcloud.datadir }}'"
-  args:
-    chdir: /var/www/nextcloud
-    creates: /var/www/nextcloud/config/config.php
-
-- name: set nextcloud trusted domains
-  become_user: www-data
-  become: true
-  command: '/usr/bin/php occ config:system:set trusted_domains 1 --value "{{ nextcloud.externalurl }}"'
-  args:
-    chdir: /var/www/nextcloud
-
-- name: set other nextcloud config values
-  become_user: www-data
-  become: true
-  command: '/usr/bin/php occ config:system:set "{{ item.key }}" --value "{{ item.value }}"'
-  args:
-    chdir: /var/www/nextcloud
-  with_items:
-  - { key: "mail_from_address", value: "{{ nextcloud.mail.from }}" }
-  - { key: "mail_domain",       value: "{{ nextcloud.mail.domain }}" }
-  - { key: "mail_smtpmode",     value: "{{ nextcloud.mail.mode }}" }
-  - { key: "mail_smtpauthtype", value: "PLAIN" }
-  - { key: "mail_smtphost",     value: "{{ nextcloud.mail.server|d('') }}" }
-  - { key: "mail_smtpport",     value: "25" }
-  - { key: "mail_smtppassword", value: "{{ nextcloud.mail.password|d('') }}" }
-  - { key: "mail_smtpname",     value: "{{ nextcloud.mail.user|d('') }}" }
-  - { key: "memcache.local",    value: '{{ "\OC\Memcache\APCu" }}' }
-  - { key: "datadirectory",     value: "{{ nextcloud.datadir }}" }
-
-- name: copy nextcloud nginx config
-  template:
-    src: nginx.j2
-    dest: /etc/nginx/sites-available/nextcloud
-  notify:
-  - restart nginx
-
-- name: enable nextcloud for nginx
-  file:
-    src: /etc/nginx/sites-available/nextcloud
-    dest: /etc/nginx/sites-enabled/nextcloud
-    state: link
-  notify:
-  - restart nginx
-
-- name: add cronjob for nextcloud
-  cron:
-    job: /usr/bin/php -f /var/www/nextcloud/cron.php
-    user: www-data
-    minute: "*/10"
-    name: nextcloud-cron
-
+- import_tasks: base.yml
 
+- include_tasks: groupfolders.yml
+  when:
+    - nextcloud.groupfolders