- - name: 'install requirements'
- apt:
- pkg:
- - 'sudo'
- - 'bzip2'
- #- 'ffmpeg'
- - 'postgresql'
- - 'postgresql-contrib'
- - 'python3-psycopg2'
- - 'ca-certificates'
- state: 'present'
- update_cache: true
- cache_valid_time: 3600
- tags:
- - 'packages'
-
- - name: 'install php'
- import_role: name='service'
- vars:
- service_name: 'php7.4-fpm'
- service_packages:
- - 'php7.4-fpm'
- - 'php7.4-common'
- - 'php7.4-xml'
- - 'php7.4-gd'
- - 'php7.4-json'
- - 'php7.4-mbstring'
- - 'php7.4-zip'
- - 'php7.4-pgsql'
- - 'php7.4-ldap'
- - 'php7.4-curl'
- - 'php7.4-intl'
- - 'php7.4-bz2'
- - 'php7.4-redis'
- - 'php7.4-apcu'
- - 'php-imagick'
-
- - block:
- - name: 'create nextcloud DB'
- postgresql_db:
- name: 'nextcloud'
- - name: 'create nextcloud DB user'
- postgresql_user:
- name: 'www-data'
- db: 'nextcloud'
- priv: 'ALL'
- become: true
- become_method: 'su'
- become_user: 'postgres'
-
- - name: 'configure php-fpm'
- lineinfile:
- path: '/etc/php/7.4/fpm/pool.d/www.conf'
- line: '{{ item.line }}'
- regexp: '{{ item.regexp }}'
- loop:
- - { line: 'env[PATH] = /usr/local/bin:/usr/bin:/bin', regexp: '^;?env\[PATH\] = ' }
- - { line: 'env[TEMP] = /tmp', regexp: '^;?env\[TEMP\] = ' }
- - { line: 'env[TMP] = /tmp', regexp: '^;?env\[TMP\] = ' }
- - { line: 'env[TMPDIR] = /tmp', regexp: '^;?env\[TMPDIR\] = ' }
- - { line: 'pm = dynamic', regexp: '^;?pm = ' }
- - { line: 'pm.max_children = 120', regexp: '^;?pm.max_children = ' }
- - { line: 'pm.start_servers = 12', regexp: '^;?pm.start server = ' }
- - { line: 'pm.min_spare_servers = 6', regexp: '^;?pm.min_spare_servers = ' }
- - { line: 'pm.max_spare_servers = 18', regexp: '^;?pm.max_spare_servers = ' }
- notify: 'restart php7.4-fpm'
-
- - name: 'configure php.ini'
- lineinfile:
- path: '/etc/php/7.4/fpm/php.ini'
- line: '{{ item.line }}'
- regexp: '{{ item.regexp }}'
- loop:
- - { line: 'memory_limit = 512M', regexp: '^memory_limit =' }
- - { line: 'opcache.enable=1', regexp: '^[;]?opcache_enable=' }
- - { line: 'opcache.interned_strings_buffer=8', regexp: '^;?opcache.interned_strings_buffer=' }
- - { line: 'opcache.max_accelerated_files=10000', regexp: '^;?opcache.max_accelerated_files=' }
- - { line: 'opcache.memory_consumption=128', regexp: '^;?opcache.memory_consumption=' }
- - { line: 'opcache.save_comments=1', regexp: '^;?opcache.save_comments=' }
- - { line: 'opcache.revalidate_freq=1', regexp: '^;?opcache.revalidate_freq=' }
- notify: 'restart php7.4-fpm'
-
- - name: 'download nextcloud'
- get_url:
- url: 'https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2'
- dest: '/opt/nextcloud.tar.bz2'
- register: 'nextcloud_new_download'
- tags:
- - 'packages'
-
- - name: 'unpack nextcloud'
- unarchive:
- remote_src: true
- src: '/opt/nextcloud.tar.bz2'
- dest: '/opt'
- owner: 'www-data'
- group: 'www-data'
- mode: '0750'
- when: nextcloud_new_download.changed
- tags:
- - 'packages'
-
- - name: 'create nextcloud data folder'
- file:
- path: '/opt/nextcloud_data'
- owner: 'www-data'
- group: 'www-data'
- state: 'directory'
-
- - name: 'create nginx configuration'
- template:
- src: 'nextcloud.conf.j2'
- dest: '/etc/nginx/locations/{{ nextcloud_nginx_fqdn }}/nextcloud.conf'
- notify: 'reload nginx'
-
- - import_tasks: 'occ.yaml'
- vars:
- occ_args: '--no-warnings status --output json'
- ignore_changes: true
-
- - name: 'read installation status'
- set_fact:
- nextcloud_installed: '{{ occ_out.installed }}'
-
- - block:
- - name: 'create random root password'
- gen_passwd: length=20
- register: 'nextcloud_password'
- no_log: true
- - name: 'set initial root password'
- set_fact:
- nextcloud_initial_root_password: '{{ nextcloud_password.passwd }}'
- no_log: true
- - name: 'store root password plaintext'
- copy:
- content: '{{ nextcloud_initial_root_password }}'
- dest: '/etc/nextcloud.secret'
- mode: '0700'
- no_log: true
- diff: false
- - name: 'emit warning for initial_root_password not set'
- fail:
- msg: >-
- Warning! First Install and `initial_root_password` not provided.
- Random password generated and stored in /etc/nextcloud.secret.
- **WIPE AS SOON AS POSSIBLE**
- failed_when: false
- when: (nextcloud_initial_root_password is not defined) and (not nextcloud_installed)
-
- - name: 'install nextcloud'
- include_tasks: 'occ.yaml'
- vars:
- occ_args: >-
- maintenance:install
- --database 'pgsql'
- --database-name 'nextcloud'
- --database-host '/var/run/postgresql'
- --database-user 'www-data'
- --database-pass ''
- --admin-pass '{{ nextcloud_initial_root_password }}'
- --data-dir '/opt/nextcloud_data'
- --no-interaction
- nojson: true
- when: not nextcloud_installed
-
- - name: 'set trusted_domains'
- occ:
- command: 'config:system:set'
- key: 'trusted_domains {{ idx }}'
- value: '{{ item }}'
- loop: '{{ [ "localhost", nextcloud_nginx_fqdn ] + nextcloud_nginx_alternate_fqdns }}'
- loop_control:
- index_var: idx
-
- - name: 'update tls ldap server ca'
- copy:
- content: '{{ ldap_tls_server_ca }}'
- dest: '/etc/ldap/server_ca.crt'
- tags:
- - 'tls_int'
-
- - name: 'configure ldap client'
- copy:
- src: 'ldap.conf'
- dest: '/etc/ldap/ldap.conf'
- when: ldap_tls_enabled
-
- - name: 'enable user_ldap'
- occ:
- command: 'config:app:set'
- key: 'user_ldap enabled'
- value: 'yes'
- register: nextcloud_ldap_was_disabled
- tags:
- - 'service_password'
-
- - name: 'insall app user_ldap'
- import_tasks: 'occ.yaml'
- vars:
- occ_args: 'app:enable user_ldap'
- nojson: true
- ignore_changes: true
-
- - name: 'configure user_ldap'
- occ:
- command: 'config:app:set'
- key: 'user_ldap s01{{ item.key }}'
- value: '{{ item.value }}'
- loop: '{{ ldap_settings|dict2items }}'
- vars:
- ldap_settings:
- has_memberof_filter_support: '0'
- use_memberof_to_detect_membership: '0'
- ldap_host: '{{ ldap_server }}'
- ldap_port: '389'
- ldap_dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}'
- ldap_base: 'ou=People,{{ ldap_basedn }}'
- ldap_base_users: 'ou=People,{{ ldap_basedn }}'
- ldap_base_groups: 'ou=Group,{{ ldap_basedn }}'
- ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))'
- ldap_user_filter: '(authorizedService=nextcloud)'
- ldap_userlist_filter: '(authorizedService=nextcloud)'
- ldap_group_filter: '(objectClass=groupOfNames)'
- ldap_group_display_name: 'description'
- ldap_group_member_assoc_attribute: 'member'
- ldap_attributes_for_user_search: 'cn'
- ldap_attributes_for_group_search: 'cn'
- ldap_display_name: 'sn'
- ldap_email_attr: 'mail'
- ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}'
- ldap_experienced_admin: '1'
- ldap_configuration_active: '1'
- ldap_expert_username_attr: 'cn'
- ldap_paging_size: '0'
- tags:
- - 'ldap'
-
- - name: 'generate nextcloud ldap password'
- gen_passwd: 'length=32'
- register: 'nextcloud_ldap_passwd'
- no_log: true
- when:
- - ldap_admin_dn is defined
- - ldap_admin_pw is defined
- tags:
- - 'service_password'
-
- - name: 'set nextcloud ldap password in ldap'
- delegate_to: 'localhost'
- ldap_passwd:
- dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}'
- passwd: '{{ nextcloud_ldap_passwd.passwd }}'
- server_uri: 'ldap://{{ ldap_server }}'
- start_tls: '{{ ldap_tls_enabled }}'
- bind_dn: '{{ ldap_admin_dn }}'
- bind_pw: '{{ ldap_admin_pw }}'
- when: nextcloud_ldap_passwd.changed
- register: nextcloud_ldap_passwd_result
- tags:
- - 'service_password'
-
- - name: 'configure nextcloud ldap password with occ'
- import_tasks: 'occ.yaml'
- vars:
- occ_args: 'ldap:set-config s01 ldapAgentPassword {{ nextcloud_ldap_passwd.passwd }}'
- nojson: true
- no_log: true
- when: nextcloud_ldap_passwd_result.changed
- tags:
- - 'service_password'
-
- - name: 'MONITORING | add HTTP service'
- block:
- - name: 'MONITORING | add service to monitoring entry'
- set_fact:
- monitoring_entry: >
- {{ monitoring_entry | default({}) | combine({
- 'address': ansible_host,
- 'vhosts_uri': { nextcloud_nginx_fqdn: {'/': { 'content': 'nextcloud.com'}} },
- }, recursive=true) }}
- - name: 'MONITORING | update monitoring facts'
- set_fact:
- monitoring_facts: >
- {{ hostvars[monitoring_host]['monitoring_facts']
- | default({})
- | combine({host_fqdn: monitoring_entry}) }}
- delegate_facts: true
- delegate_to: '{{ monitoring_host }}'
- tags:
- - 'monitoring'
- ...
|
