Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

195 lines
4.8 KiB

  1. - name: 'install requirements'
  2. apt:
  3. pkg:
  4. - 'sudo'
  5. - 'bzip2'
  6. - 'php7.3-fpm'
  7. - 'php7.3-common'
  8. - 'php7.3-xml'
  9. - 'php7.3-gd'
  10. - 'php7.3-json'
  11. - 'php7.3-mbstring'
  12. - 'php7.3-zip'
  13. - 'php7.3-pgsql'
  14. - 'php7.3-ldap'
  15. - 'php7.3-curl'
  16. - 'php7.3-intl'
  17. - 'php7.3-bz2'
  18. #- 'php7.3.-imagick'
  19. #- 'ffmpeg'
  20. - 'postgresql'
  21. - 'postgresql-contrib'
  22. - 'python3-psycopg2'
  23. - 'ca-certificates'
  24. state: 'present'
  25. update_cache: true
  26. cache_valid_time: 3600
  27. tags:
  28. - 'packages'
  29. - block:
  30. - name: 'create nextcloud DB'
  31. postgresql_db:
  32. name: 'nextcloud'
  33. - name: 'create nextcloud DB user'
  34. postgresql_user:
  35. name: 'www-data'
  36. db: 'nextcloud'
  37. priv: 'ALL'
  38. become: true
  39. become_method: 'su'
  40. become_user: 'postgres'
  41. - name: 'download latest nextcloud'
  42. get_url:
  43. url: 'https://download.nextcloud.com/server/releases/nextcloud-18.0.3.tar.bz2'
  44. dest: '/opt/nextcloud.tar.bz2'
  45. register: 'new_download'
  46. tags:
  47. - 'packages'
  48. - name: 'unpack nextcloud'
  49. unarchive:
  50. src: '/opt/nextcloud.tar.bz2'
  51. dest: '/opt'
  52. owner: 'www-data'
  53. group: 'www-data'
  54. copy: no
  55. when: new_download.changed
  56. tags:
  57. - 'packages'
  58. - name: 'create nextcloud data folder'
  59. file:
  60. path: '/opt/nextcloud_data'
  61. owner: 'www-data'
  62. group: 'www-data'
  63. state: 'directory'
  64. - name: 'create nginx configuration'
  65. template:
  66. src: 'nextcloud.conf.j2'
  67. dest: '/etc/nginx/locations/{{ server_fqdn }}/nextcloud.conf'
  68. notify: 'restart nginx'
  69. - import_tasks: 'occ.yaml'
  70. vars:
  71. occ_args: '--no-warnings status --output json'
  72. ignore_changes: true
  73. - set_fact:
  74. installed: '{{ occ_out.installed }}'
  75. - block:
  76. - name: 'create random root password'
  77. gen_passwd: length=20
  78. register: 'password'
  79. - set_fact:
  80. initial_root_password: '{{ new_passwd.passwd }}'
  81. - name: 'store root password plaintext'
  82. copy:
  83. content: '{{ initial_root_password }}'
  84. dest: '/etc/nextcloud.secret'
  85. - fail:
  86. msg: >-
  87. Warning! First Install and `initial_root_password` not provided.
  88. Random password generated and stored in /etc/nextcloud.secret.
  89. **WIPE AS SOON AS POSSIBLE**
  90. failed_when: false
  91. when: (initial_root_password is not defined) and (not installed)
  92. - name: 'install nextcloud'
  93. include_tasks: 'occ.yaml'
  94. vars:
  95. occ_args: >-
  96. maintenance:install
  97. --database 'pgsql'
  98. --database-name 'nextcloud'
  99. --database-host '/var/run/postgresql'
  100. --database-user 'www-data'
  101. --database-pass ''
  102. --admin-pass '{{ initial_root_password }}'
  103. --data-dir '/opt/nextcloud_data'
  104. --no-interaction
  105. nojson: true
  106. when: not installed
  107. - name: 'set trusted_domains'
  108. occ:
  109. command: 'config:system:set'
  110. key: 'trusted_domains {{ idx }}'
  111. value: '{{ item }}'
  112. loop:
  113. - 'localhost'
  114. - '{{ server_fqdn }}'
  115. loop_control:
  116. index_var: idx
  117. - name: 'update tls ca'
  118. copy:
  119. content: '{{ tls_root_ca }}'
  120. dest: '/etc/ldap/root_ca.crt'
  121. tags:
  122. - 'tls_int'
  123. - name: 'configure ldap client'
  124. copy:
  125. src: 'ldap.conf'
  126. dest: '/etc/ldap/ldap.conf'
  127. - name: 'enable user_ldap'
  128. occ:
  129. command: 'config:app:set'
  130. key: 'user_ldap enabled'
  131. value: 'yes'
  132. tags:
  133. - 'service_password'
  134. - name: 'configure user_ldap'
  135. occ:
  136. command: 'config:app:set'
  137. key: 'user_ldap s01{{ item.key }}'
  138. value: '{{ item.value }}'
  139. loop: '{{ ldap_settings|dict2items }}'
  140. vars:
  141. ldap_settings:
  142. has_memberof_filter_support: '1'
  143. ldap_host: '{{ ldap_server }}'
  144. ldap_port: '389'
  145. ldap_dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
  146. ldap_base: 'ou=People,{{ ldap_basedn }}'
  147. ldap_base_users: 'ou=People,{{ ldap_basedn }}'
  148. ldap_base_groups: 'ou=Groups,{{ ldap_basedn }}'
  149. ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))'
  150. ldap_user_filter: '(authorizedService=nextcloud)'
  151. ldap_attributes_for_user_search: 'cn'
  152. ldap_attributes_for_group_search: 'cn'
  153. ldap_email_attr: 'mail'
  154. ldap_tls: '1'
  155. ldap_experienced_admin: '1'
  156. ldap_configuration_active: '1'
  157. - name: 'generate nextcloud ldap password'
  158. gen_passwd: 'length=32'
  159. register: 'new_passwd'
  160. tags:
  161. - 'service_password'
  162. - name: 'set nextcloud ldap password in ldap'
  163. delegate_to: 'localhost'
  164. ldap_passwd:
  165. dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
  166. passwd: '{{ new_passwd.passwd }}'
  167. server_uri: 'ldap://{{ ldap_server }}'
  168. start_tls: true
  169. bind_dn: '{{ ldap_admin_dn }}'
  170. bind_pw: '{{ ldap_admin_pw }}'
  171. tags:
  172. - 'service_password'
  173. - import_tasks: 'occ.yaml'
  174. vars:
  175. occ_args: 'ldap:set-config s01 ldapAgentPassword {{ new_passwd.passwd }}'
  176. nojson: true
  177. tags:
  178. - 'service_password'
  179. ...