You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
198 lines
4.9 KiB
198 lines
4.9 KiB
- name: 'install requirements'
|
|
apt:
|
|
pkg:
|
|
- 'sudo'
|
|
- 'bzip2'
|
|
- 'php7.3-fpm'
|
|
- 'php7.3-common'
|
|
- 'php7.3-xml'
|
|
- 'php7.3-gd'
|
|
- 'php7.3-json'
|
|
- 'php7.3-mbstring'
|
|
- 'php7.3-zip'
|
|
- 'php7.3-pgsql'
|
|
- 'php7.3-ldap'
|
|
- 'php7.3-curl'
|
|
- 'php7.3-intl'
|
|
- 'php7.3-bz2'
|
|
#- 'php7.3.-imagick'
|
|
#- 'ffmpeg'
|
|
- 'postgresql'
|
|
- 'postgresql-contrib'
|
|
- 'python3-psycopg2'
|
|
- 'ca-certificates'
|
|
state: 'present'
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
tags:
|
|
- 'packages'
|
|
|
|
- block:
|
|
- name: 'create nextcloud DB'
|
|
postgresql_db:
|
|
name: 'nextcloud'
|
|
- name: 'create nextcloud DB user'
|
|
postgresql_user:
|
|
name: 'www-data'
|
|
db: 'nextcloud'
|
|
priv: 'ALL'
|
|
become: true
|
|
become_method: 'su'
|
|
become_user: 'postgres'
|
|
|
|
- name: 'download nextcloud'
|
|
get_url:
|
|
url: 'https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2'
|
|
dest: '/opt/nextcloud.tar.bz2'
|
|
register: 'new_download'
|
|
tags:
|
|
- 'packages'
|
|
|
|
- name: 'unpack nextcloud'
|
|
unarchive:
|
|
src: '/opt/nextcloud.tar.bz2'
|
|
dest: '/opt'
|
|
owner: 'www-data'
|
|
group: 'www-data'
|
|
copy: no
|
|
when: new_download.changed
|
|
tags:
|
|
- 'packages'
|
|
|
|
- name: 'create nextcloud data folder'
|
|
file:
|
|
path: '/opt/nextcloud_data'
|
|
owner: 'www-data'
|
|
group: 'www-data'
|
|
state: 'directory'
|
|
|
|
- name: 'create nginx configuration'
|
|
template:
|
|
src: 'nextcloud.conf.j2'
|
|
dest: '/etc/nginx/locations/{{ server_fqdn }}/nextcloud.conf'
|
|
notify: 'restart nginx'
|
|
|
|
- import_tasks: 'occ.yaml'
|
|
vars:
|
|
occ_args: '--no-warnings status --output json'
|
|
ignore_changes: true
|
|
- set_fact:
|
|
installed: '{{ occ_out.installed }}'
|
|
|
|
- block:
|
|
- name: 'create random root password'
|
|
gen_passwd: length=20
|
|
register: 'password'
|
|
- set_fact:
|
|
initial_root_password: '{{ password.passwd }}'
|
|
- name: 'store root password plaintext'
|
|
copy:
|
|
content: '{{ initial_root_password }}'
|
|
dest: '/etc/nextcloud.secret'
|
|
- fail:
|
|
msg: >-
|
|
Warning! First Install and `initial_root_password` not provided.
|
|
Random password generated and stored in /etc/nextcloud.secret.
|
|
**WIPE AS SOON AS POSSIBLE**
|
|
failed_when: false
|
|
when: (initial_root_password is not defined) and (not installed)
|
|
|
|
- name: 'install nextcloud'
|
|
include_tasks: 'occ.yaml'
|
|
vars:
|
|
occ_args: >-
|
|
maintenance:install
|
|
--database 'pgsql'
|
|
--database-name 'nextcloud'
|
|
--database-host '/var/run/postgresql'
|
|
--database-user 'www-data'
|
|
--database-pass ''
|
|
--admin-pass '{{ initial_root_password }}'
|
|
--data-dir '/opt/nextcloud_data'
|
|
--no-interaction
|
|
nojson: true
|
|
when: not installed
|
|
|
|
- name: 'set trusted_domains'
|
|
occ:
|
|
command: 'config:system:set'
|
|
key: 'trusted_domains {{ idx }}'
|
|
value: '{{ item }}'
|
|
loop:
|
|
- 'localhost'
|
|
- '{{ server_fqdn }}'
|
|
loop_control:
|
|
index_var: idx
|
|
|
|
- name: 'update tls ca'
|
|
copy:
|
|
content: '{{ tls_root_ca }}'
|
|
dest: '/etc/ldap/root_ca.crt'
|
|
tags:
|
|
- 'tls_int'
|
|
|
|
- name: 'configure ldap client'
|
|
copy:
|
|
src: 'ldap.conf'
|
|
dest: '/etc/ldap/ldap.conf'
|
|
when: ldap_tls_enabled
|
|
|
|
- name: 'enable user_ldap'
|
|
occ:
|
|
command: 'config:app:set'
|
|
key: 'user_ldap enabled'
|
|
value: 'yes'
|
|
tags:
|
|
- 'service_password'
|
|
|
|
- name: 'configure user_ldap'
|
|
occ:
|
|
command: 'config:app:set'
|
|
key: 'user_ldap s01{{ item.key }}'
|
|
value: '{{ item.value }}'
|
|
loop: '{{ ldap_settings|dict2items }}'
|
|
vars:
|
|
ldap_settings:
|
|
has_memberof_filter_support: '1'
|
|
ldap_host: '{{ ldap_server }}'
|
|
ldap_port: '389'
|
|
ldap_dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
|
|
ldap_base: 'ou=People,{{ ldap_basedn }}'
|
|
ldap_base_users: 'ou=People,{{ ldap_basedn }}'
|
|
ldap_base_groups: 'ou=Groups,{{ ldap_basedn }}'
|
|
ldap_login_filter: '(&(cn=%uid)(authorizedService=nextcloud))'
|
|
ldap_user_filter: '(authorizedService=nextcloud)'
|
|
ldap_attributes_for_user_search: 'cn'
|
|
ldap_attributes_for_group_search: 'cn'
|
|
ldap_email_attr: 'mail'
|
|
ldap_tls: '{{ 1 if ldap_tls_enabled else 0 }}'
|
|
ldap_experienced_admin: '1'
|
|
ldap_configuration_active: '1'
|
|
|
|
- name: 'generate nextcloud ldap password'
|
|
gen_passwd: 'length=32'
|
|
register: 'new_passwd'
|
|
no_log: true
|
|
tags:
|
|
- 'service_password'
|
|
|
|
- name: 'set nextcloud ldap password in ldap'
|
|
delegate_to: 'localhost'
|
|
ldap_passwd:
|
|
dn: 'cn={{ ansible_hostname }},ou=Server,{{ ldap_basedn }}'
|
|
passwd: '{{ new_passwd.passwd }}'
|
|
server_uri: 'ldap://{{ ldap_server }}'
|
|
start_tls: '{{ ldap_tls_enabled }}'
|
|
bind_dn: '{{ ldap_admin_dn }}'
|
|
bind_pw: '{{ ldap_admin_pw }}'
|
|
no_log: true
|
|
tags:
|
|
- 'service_password'
|
|
|
|
- import_tasks: 'occ.yaml'
|
|
vars:
|
|
occ_args: 'ldap:set-config s01 ldapAgentPassword {{ new_passwd.passwd }}'
|
|
nojson: true
|
|
tags:
|
|
- 'service_password'
|
|
...
|