- name: 'install requirements' apt: pkg: - 'sudo' - 'bzip2' #- 'ffmpeg' - 'postgresql' - 'postgresql-contrib' - 'python3-psycopg2' - 'ca-certificates' state: 'present' update_cache: true cache_valid_time: 3600 tags: - 'packages' - name: 'install php' import_role: name='service' vars: service_name: 'php7.4-fpm' service_packages: - 'php7.4-fpm' - 'php7.4-common' - 'php7.4-xml' - 'php7.4-gd' - 'php7.4-json' - 'php7.4-mbstring' - 'php7.4-zip' - 'php7.4-pgsql' - 'php7.4-ldap' - 'php7.4-curl' - 'php7.4-intl' - 'php7.4-bz2' - 'php7.4-redis' - 'php7.4-apcu' - 'php-imagick' - block: - name: 'create nextcloud DB' postgresql_db: name: 'nextcloud' - name: 'create nextcloud DB user' postgresql_user: name: 'www-data' db: 'nextcloud' priv: 'ALL' become: true become_method: 'su' become_user: 'postgres' - name: 'configure php-fpm' lineinfile: path: '/etc/php/7.4/fpm/pool.d/www.conf' line: '{{ item.line }}' regexp: '{{ item.regexp }}' loop: - { line: 'env[PATH] = /usr/local/bin:/usr/bin:/bin', regexp: '^;?env\[PATH\] = ' } - { line: 'env[TEMP] = /tmp', regexp: '^;?env\[TEMP\] = ' } - { line: 'env[TMP] = /tmp', regexp: '^;?env\[TMP\] = ' } - { line: 'env[TMPDIR] = /tmp', regexp: '^;?env\[TMPDIR\] = ' } - { line: 'pm = dynamic', regexp: '^;?pm = ' } - { line: 'pm.max_children = 120', regexp: '^;?pm.max_children = ' } - { line: 'pm.start_servers = 12', regexp: '^;?pm.start server = ' } - { line: 'pm.min_spare_servers = 6', regexp: '^;?pm.min_spare_servers = ' } - { line: 'pm.max_spare_servers = 18', regexp: '^;?pm.max_spare_servers = ' } notify: 'restart php7.4-fpm' - name: 'configure php.ini' lineinfile: path: '/etc/php/7.4/fpm/php.ini' line: '{{ item.line }}' regexp: '{{ item.regexp }}' loop: - { line: 'memory_limit = 512M', regexp: '^memory_limit =' } - { line: 'opcache.enable=1', regexp: '^[;]?opcache_enable=' } - { line: 'opcache.interned_strings_buffer=8', regexp: '^;?opcache.interned_strings_buffer=' } - { line: 'opcache.max_accelerated_files=10000', regexp: '^;?opcache.max_accelerated_files=' } - { line: 'opcache.memory_consumption=128', regexp: '^;?opcache.memory_consumption=' } - { line: 'opcache.save_comments=1', regexp: '^;?opcache.save_comments=' } - { line: 'opcache.revalidate_freq=1', regexp: '^;?opcache.revalidate_freq=' } notify: 'restart php7.4-fpm' - name: 'download nextcloud' get_url: url: 'https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2' dest: '/opt/nextcloud.tar.bz2' register: 'nextcloud_new_download' tags: - 'packages' - name: 'unpack nextcloud' unarchive: remote_src: true src: '/opt/nextcloud.tar.bz2' dest: '/opt' owner: 'www-data' group: 'www-data' mode: '0750' when: nextcloud_new_download.changed tags: - 'packages' - name: 'create nextcloud data folder' file: path: '/opt/nextcloud_data' owner: 'www-data' group: 'www-data' state: 'directory' - name: 'create nginx configuration' template: src: 'nextcloud.conf.j2' dest: '/etc/nginx/locations/{{ nextcloud_nginx_fqdn }}/nextcloud.conf' notify: 'reload nginx' - import_tasks: 'occ.yaml' vars: occ_args: '--no-warnings status --output json' ignore_changes: true - name: 'read installation status' set_fact: nextcloud_installed: '{{ occ_out.installed }}' - block: - name: 'create random root password' gen_passwd: length=20 register: 'nextcloud_password' no_log: true - name: 'set initial root password' set_fact: nextcloud_initial_root_password: '{{ nextcloud_password.passwd }}' no_log: true - name: 'store root password plaintext' copy: content: '{{ nextcloud_initial_root_password }}' dest: '/etc/nextcloud.secret' mode: '0700' no_log: true diff: false - name: 'emit warning for initial_root_password not set' fail: msg: >- Warning! First Install and `initial_root_password` not provided. Random password generated and stored in /etc/nextcloud.secret. **WIPE AS SOON AS POSSIBLE** failed_when: false when: (nextcloud_initial_root_password is not defined) and (not nextcloud_installed) - name: 'install nextcloud' include_tasks: 'occ.yaml' vars: occ_args: >- maintenance:install --database 'pgsql' --database-name 'nextcloud' --database-host '/var/run/postgresql' --database-user 'www-data' --database-pass '' --admin-pass '{{ nextcloud_initial_root_password }}' --data-dir '/opt/nextcloud_data' --no-interaction nojson: true when: not nextcloud_installed - name: 'set trusted_domains' occ: command: 'config:system:set' key: 'trusted_domains {{ idx }}' value: '{{ item }}' loop: '{{ [ "localhost", nextcloud_nginx_fqdn ] + nextcloud_nginx_alternate_fqdns }}' loop_control: index_var: idx - name: 'update tls ldap server ca' copy: content: '{{ ldap_tls_server_ca }}' dest: '/etc/ldap/server_ca.crt' tags: - 'tls_int' - name: 'configure ldap client' copy: src: 'ldap.conf' dest: '/etc/ldap/ldap.conf' when: ldap_tls_enabled - name: 'enable user_ldap' occ: command: 'config:app:set' key: 'user_ldap enabled' value: 'yes' register: nextcloud_ldap_was_disabled tags: - 'service_password' - name: 'insall app user_ldap' import_tasks: 'occ.yaml' vars: occ_args: 'app:enable user_ldap' nojson: true ignore_changes: true - name: 'configure user_ldap' occ: command: 'config:app:set' key: 'user_ldap s01{{ item.key }}' value: '{{ item.value }}' loop: '{{ ldap_settings|dict2items }}' vars: ldap_settings: has_memberof_filter_support: '0' use_memberof_to_detect_membership: '0' ldap_host: '{{ ldap_server }}' ldap_port: '389' ldap_dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}' ldap_base: 'ou=People,{{ ldap_basedn }}' ldap_base_users: 'ou=People,{{ ldap_basedn }}' ldap_base_groups: 'ou=Group,{{ ldap_basedn }}' ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))' ldap_user_filter: '(authorizedService=nextcloud)' ldap_userlist_filter: '(authorizedService=nextcloud)' ldap_group_filter: '(objectClass=groupOfNames)' ldap_group_display_name: 'description' ldap_group_member_assoc_attribute: 'member' ldap_attributes_for_user_search: 'cn' ldap_attributes_for_group_search: 'cn' ldap_display_name: 'sn' ldap_email_attr: 'mail' ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}' ldap_experienced_admin: '1' ldap_configuration_active: '1' ldap_expert_username_attr: 'cn' ldap_paging_size: '0' tags: - 'ldap' - name: 'generate nextcloud ldap password' gen_passwd: 'length=32' register: 'nextcloud_ldap_passwd' no_log: true when: - ldap_admin_dn is defined - ldap_admin_pw is defined tags: - 'service_password' - name: 'set nextcloud ldap password in ldap' delegate_to: 'localhost' ldap_passwd: dn: 'cn={{ host_fqdn }},ou=Server,{{ ldap_basedn }}' passwd: '{{ nextcloud_ldap_passwd.passwd }}' server_uri: 'ldap://{{ ldap_server }}' start_tls: '{{ ldap_tls_enabled }}' bind_dn: '{{ ldap_admin_dn }}' bind_pw: '{{ ldap_admin_pw }}' when: nextcloud_ldap_passwd.changed register: nextcloud_ldap_passwd_result tags: - 'service_password' - name: 'configure nextcloud ldap password with occ' import_tasks: 'occ.yaml' vars: occ_args: 'ldap:set-config s01 ldapAgentPassword {{ nextcloud_ldap_passwd.passwd }}' nojson: true no_log: true when: nextcloud_ldap_passwd_result.changed tags: - 'service_password' - name: 'MONITORING | add HTTP service' block: - name: 'MONITORING | add service to monitoring entry' set_fact: monitoring_entry: > {{ monitoring_entry | default({}) | combine({ 'address': ansible_host, 'vhosts_uri': { nextcloud_nginx_fqdn: {'/': { 'content': 'nextcloud.com'}} }, }, recursive=true) }} - name: 'MONITORING | update monitoring facts' set_fact: monitoring_facts: > {{ hostvars[monitoring_host]['monitoring_facts'] | default({}) | combine({host_fqdn: monitoring_entry}) }} delegate_facts: true delegate_to: '{{ monitoring_host }}' tags: - 'monitoring' ...