nextcloud: Deploy Nextcloud w/ Apache+PHP-FPM
The *nextcloud* role installs Nextcloud from the specified release archive, downloading it to the control machine first if necessary, and configures Apache and PHP-FPM to serve it. The `nextcloud.yml` playbook uses the *cert* role to install the X.509 certificate for the Nextcloud server, sets up Apache HTTPD with the *apache* role, and installs Nextcloud using the *nextcloud* role. The host *cloud0.pyrocufflink.blue* is the Nextcloud server for Pyrocufflink.jenkins-master
parent
2aaf8c5239
commit
b09bf84a3b
|
|
@ -0,0 +1,8 @@
|
||||||
|
nextcloud_server_name: nextcloud.pyrocufflink.net
|
||||||
|
apache_server_name: '{{ nextcloud_server_name }}'
|
||||||
|
pg_hba_extra:
|
||||||
|
- type: host
|
||||||
|
database: nextcloud
|
||||||
|
user: nextcloud
|
||||||
|
address: ::1/128
|
||||||
|
method: md5
|
||||||
7
hosts
7
hosts
|
|
@ -65,9 +65,15 @@ koji0.pyrocufflink.blue
|
||||||
[named-server:children]
|
[named-server:children]
|
||||||
pyrocufflink-dns
|
pyrocufflink-dns
|
||||||
|
|
||||||
|
[nextcloud]
|
||||||
|
cloud0.pyrocufflink.blue
|
||||||
|
|
||||||
[ntpd]
|
[ntpd]
|
||||||
dc0.pyrocufflink.blue
|
dc0.pyrocufflink.blue
|
||||||
|
|
||||||
|
[postgresql]
|
||||||
|
cloud0.pyrocufflink.blue
|
||||||
|
|
||||||
[public-web]
|
[public-web]
|
||||||
web0.pyrocufflink.blue
|
web0.pyrocufflink.blue
|
||||||
|
|
||||||
|
|
@ -76,6 +82,7 @@ build0-amd64.pyrocufflink.blue
|
||||||
burp0.pyrocufflink.blue
|
burp0.pyrocufflink.blue
|
||||||
burp1.pyrocufflink.blue
|
burp1.pyrocufflink.blue
|
||||||
bw0.pyrocufflink.blue
|
bw0.pyrocufflink.blue
|
||||||
|
cloud0.pyrocufflink.blue
|
||||||
dc0.pyrocufflink.blue
|
dc0.pyrocufflink.blue
|
||||||
dns0.pyrocufflink.blue
|
dns0.pyrocufflink.blue
|
||||||
file0.pyrocufflink.blue
|
file0.pyrocufflink.blue
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
- hosts: nextcloud
|
||||||
|
vars_files:
|
||||||
|
- vault/nextcloud
|
||||||
|
roles:
|
||||||
|
- role: cert
|
||||||
|
cert_src: lego/_.pyrocufflink.net.crt
|
||||||
|
cert_dest: '{{ apache_ssl_certificate }}'
|
||||||
|
cert_key_src: lego/_.pyrocufflink.net.key
|
||||||
|
cert_key_dest: '{{ apache_ssl_certificate_key }}'
|
||||||
|
- apache
|
||||||
|
- nextcloud
|
||||||
|
|
@ -0,0 +1,2 @@
|
||||||
|
nextcloud_version: 17.0.0
|
||||||
|
nextcloud_archive_sha256: 6081421b33ecdb3130b2bfb2293a3f4045aeb0b471ee570e675de3d931a142a6
|
||||||
|
|
@ -0,0 +1,12 @@
|
||||||
|
- name: reload httpd
|
||||||
|
service:
|
||||||
|
name: httpd
|
||||||
|
state: reloaded
|
||||||
|
- name: upgrade nextcloud
|
||||||
|
become: true
|
||||||
|
become_user: apache
|
||||||
|
command: php /var/www/html/occ upgrade
|
||||||
|
- name: update nextcloud .htaccess
|
||||||
|
become: true
|
||||||
|
become_user: apache
|
||||||
|
command: php /var/www/html/occ maintenance:update:htaccess
|
||||||
|
|
@ -0,0 +1,91 @@
|
||||||
|
- name: ensure rpmfusion repo is installed
|
||||||
|
package:
|
||||||
|
name: >-
|
||||||
|
https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-{{ ansible_distribution_version }}.noarch.rpm
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: ensure required packages are installed
|
||||||
|
package:
|
||||||
|
name: '{{ nextcloud_packages }}'
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
|
||||||
|
- name: ensure nextcloud database user exists
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
postgresql_user:
|
||||||
|
name: nextcloud
|
||||||
|
password: '{{ nextcloud_db_password }}'
|
||||||
|
state: present
|
||||||
|
- name: ensure nextcloud database exists
|
||||||
|
become: true
|
||||||
|
become_user: postgres
|
||||||
|
postgresql_db:
|
||||||
|
name: nextcloud
|
||||||
|
owner: nextcloud
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: ensure nextcloud installation archive is available
|
||||||
|
become: false
|
||||||
|
delegate_to: localhost
|
||||||
|
get_url:
|
||||||
|
url: '{{ nextcloud_archive_url }}'
|
||||||
|
dest: roles/nextcloud/files/{{ nextcloud_archive_name }}
|
||||||
|
checksum: 'sha256:{{ nextcloud_archive_sha256 }}'
|
||||||
|
tags:
|
||||||
|
- unarchive
|
||||||
|
|
||||||
|
- name: ensure html directory permissions are set
|
||||||
|
file:
|
||||||
|
path: /var/www/html
|
||||||
|
owner: apache
|
||||||
|
group: apache
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: ensure nextcloud is installed
|
||||||
|
become: true
|
||||||
|
become_user: apache
|
||||||
|
unarchive:
|
||||||
|
src: '{{ nextcloud_archive_name }}'
|
||||||
|
dest: /var/www/html
|
||||||
|
extra_opts:
|
||||||
|
- --strip-components=1
|
||||||
|
notify:
|
||||||
|
- upgrade nextcloud
|
||||||
|
- update nextcloud .htaccess
|
||||||
|
tags:
|
||||||
|
- install
|
||||||
|
- unarchive
|
||||||
|
|
||||||
|
- name: ensure nextcloud data directories exist
|
||||||
|
file:
|
||||||
|
path: /var/www/html/{{ item.name }}
|
||||||
|
owner: apache
|
||||||
|
group: apache
|
||||||
|
mode: '{{ item.mode|d("0755") }}'
|
||||||
|
setype: httpd_sys_rw_content_t
|
||||||
|
state: directory
|
||||||
|
with_items:
|
||||||
|
- name: config
|
||||||
|
- name: custom_apps
|
||||||
|
- name: data
|
||||||
|
mode: '0770'
|
||||||
|
|
||||||
|
- name: ensure apache is configured to serve nextcloud
|
||||||
|
template:
|
||||||
|
src: nextcloud.httpd.conf.j2
|
||||||
|
dest: /etc/httpd/conf.d/nextcloud.conf
|
||||||
|
mode: '0644'
|
||||||
|
notify: reload httpd
|
||||||
|
|
||||||
|
- name: ensure php-fpm starts at boot
|
||||||
|
service:
|
||||||
|
name: php-fpm
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: ensure php-fpm service is running
|
||||||
|
service:
|
||||||
|
name: php-fpm
|
||||||
|
state: started
|
||||||
|
|
@ -0,0 +1,16 @@
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTPS} !on
|
||||||
|
RewriteRule /.* https://%{SERVER_NAME}$0
|
||||||
|
|
||||||
|
Header always set \
|
||||||
|
Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
||||||
|
|
||||||
|
<Directory /var/www/html>
|
||||||
|
Require all granted
|
||||||
|
AllowOverride All
|
||||||
|
Options FollowSymLinks MultiViews
|
||||||
|
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
</Directory>
|
||||||
|
|
@ -0,0 +1,25 @@
|
||||||
|
nextcloud_packages:
|
||||||
|
- bzip2
|
||||||
|
- ffmpeg
|
||||||
|
- php
|
||||||
|
- php-fpm
|
||||||
|
- php-gd
|
||||||
|
- php-gmp
|
||||||
|
- php-intl
|
||||||
|
- php-json
|
||||||
|
- php-ldap
|
||||||
|
- php-mbstring
|
||||||
|
- php-opcache
|
||||||
|
- php-pdo
|
||||||
|
- php-pecl-apcu
|
||||||
|
- php-pecl-imagick
|
||||||
|
- php-pecl-zip
|
||||||
|
- php-pgsql
|
||||||
|
- php-process
|
||||||
|
- php-smbclient
|
||||||
|
- php-xml
|
||||||
|
- python3-psycopg2
|
||||||
|
- tar
|
||||||
|
nextcloud_archive_name: nextcloud-{{ nextcloud_version }}.tar.bz2
|
||||||
|
nextcloud_archive_url: >-
|
||||||
|
https://download.nextcloud.com/server/releases/{{ nextcloud_archive_name }}
|
||||||
|
|
@ -13,6 +13,9 @@ burp1.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCoHG7YZ0bQ3vvjmpUI
|
||||||
bw0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFhC0Lu+6oNiMYQ3bALQ0L4erepswgYalGW/spbd4UJ/t1GaHx1xGKmwrIqJ/+IGULEEHyO9Ldz5PmMTTmdh7Ms=
|
bw0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFhC0Lu+6oNiMYQ3bALQ0L4erepswgYalGW/spbd4UJ/t1GaHx1xGKmwrIqJ/+IGULEEHyO9Ldz5PmMTTmdh7Ms=
|
||||||
bw0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQJvmcowUDnqJ8wKwreKNsd43g0Az0heAWRmSxG/sl9
|
bw0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQJvmcowUDnqJ8wKwreKNsd43g0Az0heAWRmSxG/sl9
|
||||||
bw0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4C69f0KJe32ZReE9FE7jZwzbPiuBnIop+f4Redo5KtOAHSd6qNpR6+ZCImgdEV+DlxC8UFRa5kqVg6jD4niGQl2p1/07c/G7b/uSKpSp5HvmBKWOiqVVfqnZcHUJC6fhTWaNqvp6zbtV8LbdTE/oStI06qKpCrUsoROHaek2zS0KznGk/UMOIiSS32XZbZKzwTSaL9LPIvugnv7HnkHHWl/IAC5vG7BXSLJLRksjS/4X8CWnYbOJB3wUt8oq1rNfD19LqFnqGUYmp3w8jk7Z6yJUdNKqWMihoV8z4HnqJ9KSGlfGMG/Tx691DXzXRXSQWiPTcZhBl8SET2NV2xEO5
|
bw0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4C69f0KJe32ZReE9FE7jZwzbPiuBnIop+f4Redo5KtOAHSd6qNpR6+ZCImgdEV+DlxC8UFRa5kqVg6jD4niGQl2p1/07c/G7b/uSKpSp5HvmBKWOiqVVfqnZcHUJC6fhTWaNqvp6zbtV8LbdTE/oStI06qKpCrUsoROHaek2zS0KznGk/UMOIiSS32XZbZKzwTSaL9LPIvugnv7HnkHHWl/IAC5vG7BXSLJLRksjS/4X8CWnYbOJB3wUt8oq1rNfD19LqFnqGUYmp3w8jk7Z6yJUdNKqWMihoV8z4HnqJ9KSGlfGMG/Tx691DXzXRXSQWiPTcZhBl8SET2NV2xEO5
|
||||||
|
cloud0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIdqy2vDbPHBHznTnngNoxruf2+zK2mxs+uNctc6TT3GDCLEvaSBaP6a8lp2fIxyuK/KxmROSmSwkNNvzy/reuQ=
|
||||||
|
cloud0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWCsUW0cQuRUqvnRIFfdx6qFaDOHk63x/jVyhbmw8oY
|
||||||
|
cloud0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFtfj3I5+gvUHgLn09hYXeOV2s/AHX4ye8NT2lrqI9e5UxGP43XaJbnI16PLVY91HxJ5uRK/bMzdg6M9XuLUG6fHLm4z/tcXGpvib1hc0YNi8Yjr14if0mAjYxKB6PJQf7/JcS5KBW8VJH5SD8nylFLQJuTWdf9vDDWsyB7Xtd/sEp0IG/pVQS4mssvWXakDSMoAQZGBu+TAlh8B5Ih7s+gGoCrOGgGhp8odVLfP2NbiQ/W3C3agDo+K5OyHNMdLoNKq7c3xECibSuZe21zNAuOLgE94K0T8LbHiTKpbLUertVCggCbDuWqbjLLbN7uonykvODPjoxEPZdebEnngj7j9A8TIn+DRrvqvqQGyjB3B7bHOr5K0B4aine4m6zTAFMjY8hU70XkkZFeII4KtNbhZCCH6Nz0e/1AdcdTZcAkXRRmBHIdaT36D8YJs06PBhCDxGEUCUQ09M2060gpy6gdUGE9H4U3iztCWUYS1AloZD73m+RHuyNhSRAiSkb/SM=
|
||||||
cm0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJu4U5OdSbCXwofCCeejxEv5ia4YgzUYI01aXy1cDp9GcndmmwZl0NHbF815G98YK3O16Kv4nTV4IEUF7JJu0/s=
|
cm0.pyrocufflink.blue ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJu4U5OdSbCXwofCCeejxEv5ia4YgzUYI01aXy1cDp9GcndmmwZl0NHbF815G98YK3O16Kv4nTV4IEUF7JJu0/s=
|
||||||
cm0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICb5SUiJ3yFQlXlqmxV18ZrfFD1z1/Nov2IJG9Y2snUd
|
cm0.pyrocufflink.blue ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICb5SUiJ3yFQlXlqmxV18ZrfFD1z1/Nov2IJG9Y2snUd
|
||||||
cm0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC07DmchhYaGlFpawpS2hswPKioVlPkLObalQ3jx/TTENu2sLNcBUzVR6y2H82EnWOjnHDOYwdKPbHjjFtOQTr8wYJlOpw75v2DesUmvn8aPhz8XMKO4M9HuwPvgo6ybc9r+VEQgm3H9LLCDSMojkkO04T0KGuAyUfV2kYnLWzjclyUXgYGNqnmHatEn1WAU8olKkyP+CImvQTctisIF9rJotBNV+f4UO7NvioaieUyBCoWlHBGUMI18m12zaoItaMoV8WHlksXoQek9EWrioC/W51nFusDr1Cwmtwz/20mtiiYn5upUz0MtEc8FFvAk7jlpFPAB1dGZMPyLXaWHKjJ
|
cm0.pyrocufflink.blue ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC07DmchhYaGlFpawpS2hswPKioVlPkLObalQ3jx/TTENu2sLNcBUzVR6y2H82EnWOjnHDOYwdKPbHjjFtOQTr8wYJlOpw75v2DesUmvn8aPhz8XMKO4M9HuwPvgo6ybc9r+VEQgm3H9LLCDSMojkkO04T0KGuAyUfV2kYnLWzjclyUXgYGNqnmHatEn1WAU8olKkyP+CImvQTctisIF9rJotBNV+f4UO7NvioaieUyBCoWlHBGUMI18m12zaoItaMoV8WHlksXoQek9EWrioC/W51nFusDr1Cwmtwz/20mtiiYn5upUz0MtEc8FFvAk7jlpFPAB1dGZMPyLXaWHKjJ
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
66373432366362303731363866636266313635656637303139383061396236333030633937373461
|
||||||
|
3538616535343334663937663532303764333737653536330a616464346532616433336632313037
|
||||||
|
66356437353766336563336139353462653162333035653833656466373639373965333932376165
|
||||||
|
3336393133393061330a336661323761316536636262303934363038303239653235653535663236
|
||||||
|
63656332656162613935343530316465366462363039663638616561373437666431373261653635
|
||||||
|
64346138323065396536333335323931333034346337353337653865663830653539623466333738
|
||||||
|
653931666565333264316635663235353537
|
||||||
Loading…
Reference in New Issue