From a0378feda8e71800ad4f262685e1dac60e0c681e Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 2 Sep 2024 21:03:33 -0500 Subject: [PATCH] nextcloud: Move database to db0 Moving the Nextcloud database to the central PostgreSQL server will allow it to take advantage of the monitoring and backups in place there. For backups specifically, this will make it easier to switch from BURP to Restic, since now only the contents of the filesystem need backed up. The PostgreSQL server on _db0_ requires certificate authentication for all clients. The certificate for Nextcloud is stored in a Secret in Kubernetes, so we need to use the _nextcloud-db-cert_ role to install the script to fetch it. Nextcloud configuration doesn't expose the parameters for selecting the certificate and private key files, but fortunately, they can be encoded in the value provided to the `host` parameter, though it makes for a rather cumbersome value. --- group_vars/nextcloud.yml | 9 +---- hosts | 3 ++ nextcloud.yml | 2 + vault/nextcloud | 79 ++++++++++++++++++++++++++++++++-------- 4 files changed, 70 insertions(+), 23 deletions(-) diff --git a/group_vars/nextcloud.yml b/group_vars/nextcloud.yml index 20f295d..a4a43c5 100644 --- a/group_vars/nextcloud.yml +++ b/group_vars/nextcloud.yml @@ -1,11 +1,5 @@ nextcloud_server_name: nextcloud.pyrocufflink.net apache_server_name: '{{ nextcloud_server_name }}' -pg_hba_extra: -- type: host - database: nextcloud - user: nextcloud - address: ::1/128 - method: md5 nextcloud_trusted_proxies: - 127.0.0.1 - ::1 @@ -20,5 +14,4 @@ nextcloud_smtp: port: 25 dnf_automatic_exclude: nextcloud -postgresql_config_dir: /var/lib/pgsql/data -postgresql_allow_remote: false +nextcloud_db_host: postgresql.pyrocufflink.blue;sslcert=/etc/nextcloud/postgresql.cer;sslkey=/etc/nextcloud/postgresql.key;sslrootcert=system;sslmode=verify-full diff --git a/hosts b/hosts index 751a0c0..cf5a082 100644 --- a/hosts +++ b/hosts @@ -113,6 +113,9 @@ vmhost1.pyrocufflink.blue [nextcloud] cloud0.pyrocufflink.blue +[nextcloud-db] +db0.pyrocufflink.blue + [ntpd] [nut-monitor:children] diff --git a/nextcloud.yml b/nextcloud.yml index c3a6017..1f02ed9 100644 --- a/nextcloud.yml +++ b/nextcloud.yml @@ -11,4 +11,6 @@ - vault/nextcloud roles: - apache + - role: nextcloud-db-cert + tags: nextcloud-db-cert - nextcloud diff --git a/vault/nextcloud b/vault/nextcloud index 761915c..b538f12 100644 --- a/vault/nextcloud +++ b/vault/nextcloud @@ -1,16 +1,65 @@ $ANSIBLE_VAULT;1.1;AES256 -33653661376330396337623339373036633836393966663639653965353633643639333861336333 -3631336266646164333837336432626361656133623834360a303534313436343764653133306466 -31313939623336373939633336656337316636323732646535386334343765623363366231306635 -6566333633613066660a333338373164663831396335643537333161343563373264343362333831 -30613533373166396437313565643132663231383233373363366662376132366238613863336561 -32373765643232653035633238643164636666363863313064393739313662356637306565326139 -38636466666136633561313534633531323338363565383036323366306237643463376331386231 -66313932663930366631306533386563636137656464656461356136396130336630306233313638 -33306138326465626561323836386266616438643834643338363232616530616532376431323565 -65383432656466616236386461343435383064643966373363373433346265666139633634323630 -63383130313132333434393636333733653236346265353063656563663462336139663465323931 -34653430393836633763396365393234323937373633313832636535333031316130656137323364 -39393962666131343461313336373061643037363338643332656162633438326539316635393839 -38663761366230393033373762343663386566326566383934316162353734623137393462623835 -316662656538353965626234306438356466 +35373862343534306138396561373666303964623562366139613363306639313437353463353730 +3233363232366137363764316331356336663933343731610a363566663933383162303231346138 +37653864626165666633386265633137316634666664613931663138646334653063363562363566 +6166633336666165380a306132356139396364653632386138346465633733356164376437656361 +64336564386138616465623937666565326232303062373430363966346636356665363936396339 +62623862653433616463316262393837353064613736626637396233306265613832643365393531 +35313337323431653234343361663766383065363865356161623731633239633465656134653165 +62333961393237376166623361636637346330313761303165316431353130656632653464386232 +30343433636334373263353762313738306131626439356363373632316634613835373563346232 +64313034386434653235623935363535623366393365626363393265353365386461383862653835 +37623732343234663635333665653065383561393632326263383364353135373935616630393836 +33323562303862326566356631613634323566626564663161613632303537643935616463633363 +64376530356338316132353361383536666539613531613638343864643966323362373730353061 +66303439376461303732393232323732383665633539306235303863363833346661373230366363 +66346164373330653636633735393938343537356231323366323134356138376336383461383731 +39613762653532303630363566376333376632343733656365386231326161303331383830393733 +61653237373239633566323864616138383832353563613835363135643736636361366238663932 +63623165316433613336363663623636313263356535356666663438376664333739323361636130 +30663036363763663835313933653238633437633830653165643563663933373333303337313732 +39653730353633383735353631333634303530326139336362356539393163386130656261633739 +33393066613665356239373163396263363733643164326339383137333439333866656566333862 +64616163336639313262666634333734633239663233316138646661356163346165306562663631 +33316164396331326463353264383266613062646463633634653163356661343766623031333736 +61333339613563613230663537383062643964366162313562393564656133643462393565623437 +36613165383635653330656130326564616637386334613635643230663264343036313236356265 +31343036613935323739653332346630363433353263306464303339653261373339376233663264 +32346463636535623032613333386238636461643066383533623963383332613936373139393363 +65666564353662363832326337396331663631313333306363636330343835656532653430383264 +36376235363162663964333338613765346638353730633130656432366236396432303730636137 +33306364656637663332343738343135343761663630633132363661316161346336343730393865 +63623335323633626161316537313562363737313036346438373463643865653636653739316337 +61663131366234383833346163356363643137666366333061323634366431653633386332613330 +65316266363866636663643830326138663035393730626332646531366666396566383736626363 +39643633363765353531323336626434396464383332383061336165366164663437386565616262 +32363738343937336430393132656136623838393865626632383061663565346564313939623563 +61356661386363303436376139316437666430353730383935626431396566353634363065633563 +30366465356363396632656661623439326538626233363632303963666231663539646139353865 +37633132643661616661313330653361363630303164333162313062646236366362336639396338 +66663864353763326163326466663237363131383330326135643265363739346361623939363131 +65373034313937663765326336383830356436333465663962393630623133363961653533363335 +34363034613465363238393739656361303833376264626333363464386461306437636430363863 +36306639313236663561663939656336363233306462333033386363363966646237633064623836 +63333562373839633964306362376230626436336134353730333135323862653436353566656436 +38666566383831623664633530663034343433636539613365663230353061633962323931306333 +33363863343664373661623265393938336163376139666465636433396333643336646236373861 +35653733626166396466396565313438366537643234313564303033396433363137626231303136 +36636237346631633237336361666564383131366134386232666538343965633438366661313662 +30336537646330623364643666633938383332323533333032356130343132363134333639646231 +62366631383739313330313566363565666230316636323565653334366665396334383431633730 +35626538306232303833656262346435383863383639383661666536356563396465653335323265 +34396530356437653862376164393133616663616162663038343731373561323636356338336361 +61613934333833353534643566663266356537336163353436383538646338343939336234636562 +63663664346433666639383664306232646136636235643337656161663664616234666437626461 +61343563656362663438613934386538346466373438633838303533343566326561313133303031 +37646262626139336265636230613230353035366363613138376166326261646136333038613265 +61373663653736376535353363323266383663303234316430386436376566636337353233336235 +36306162666630326666383235306562313264363562393464623839653566393531393830316666 +37366462626135353965306462313435373539336664346135643634303339306438613161636335 +32393663663731313865333733656166626265363463373936616635313234353132343036396539 +62643835376439323134303434616434313733633963656433303336396662343262626232313437 +39336364323030633935613534366430623761313762323164356263386132663364663631313535 +66663564623235373836393533376331363664666166313365313233373538316530626231383162 +34373331346136646236346533373137663832323263303439383331613034393433326363383237 +62643833343731313536