ansible/roles/server/nextcloud/tasks/main.yml

---

- name: Configure system user
  user:
    state: present
    name: "{{ nextcloud_system_user }}"
    system: yes
    shell: /bin/false
    create_home: yes
    move_home: yes
    home: "{{ nextcloud_user_directory }}"

- name: Create database for nextcloud
  import_role:
    name: mysql/database
  vars:
    # database_user

- name: Request php-pool for nextcloud
  import_role:
    name: nginx/php-pool
  vars:
    # system_user
    src: "{{ nextcloud_installation_directory }}"
    includes:
      - "{{ nextcloud_installation_directory }}/apps"
    memory_limit: 1G

- name: Request custom nginx php server
  import_role:
    name: nginx/server
  vars:
    directives: |
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Robots-Tag none;
      add_header X-Download-Options noopen;
      add_header X-Permitted-Cross-Domain-Policies none;
      add_header Referrer-Policy no-referrer;
      fastcgi_hide_header X-Powered-By;
      root {{ nextcloud_installation_directory }};
      location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
      }
      location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
      }
      rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      client_max_body_size 10240M;
      #fastcgi_buffers 64 4K;
      location / {
        rewrite ^ /index.php$request_uri;
      }
      location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
        deny all;
      }
      location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
      }
      #location ~ \.(?:flv|mp4|mov|m4a)$ {
      #  mp4;
      #  mp4_buffer_size 100M;
      #  mp4_max_buffer_size 1024M;
      #  fastcgi_split_path_info ^(.+?\.php)(/.*)$;
      #  try_files $uri =404;
      #  fastcgi_index index.php;
      #  include fastcgi_params;
      #  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      #  fastcgi_param PATH_INFO $fastcgi_path_info;
      #  fastcgi_param HTTPS on;
      #  fastcgi_param modHeadersAvailable true;
      #  fastcgi_param front_controller_active true;
      #  fastcgi_pass {{ pool_name }};
      #  fastcgi_intercept_errors on;
      #  fastcgi_request_buffering off;
      #}
      location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true;
        fastcgi_param front_controller_active true;
        fastcgi_pass {{ pool_name }};
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
      }
      location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri/ =404;
        index index.php;
      }
      location ~ \.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
        try_files $uri /index.php$request_uri;
        access_log off;
      }

- name: Install required dependencies
  apt:
    state: present
    name:
      # For Office / Video Previews
      - ffmpeg
      - libreoffice
      # For SVG support
      - libmagickcore-6.q16-6-extra
      # PHP Dependencies
      - php-apcu
      - php-bz2
      - php-curl
#      - php-dom
#      - php-fileinfo
      - php-gd
#      - php-iconv
      - php-imagick
      - php-intl
      - php-json
      - php-mbstring
#      - php-mcrypt
      - php-mysql
#      - php-posix
#      - php-simplexml
      - php-xml
#      - php-xmlreader
#      - php-xmlwriter
      - php-zip

# TODO Redis

- name: Check if Nextcloud is already downloaded
  stat:
    path: "{{ nextcloud_installation_directory }}/index.php"
  register: nextcloud_installed
  check_mode: no

- name: Download Nextcloud
  become_user: "{{ nextcloud_system_user }}"
  include_tasks: install.yml
  when: not nextcloud_installed.stat.exists

- name: Create data directory
  file:
    state: directory
    path: "{{ nextcloud_data_directory }}"
    owner: "{{ nextcloud_system_user }}"
    group: "{{ nextcloud_system_user }}"
    mode: "u=rwx,g=rx"

- name: Install Nextcloud
  become_user: "{{ nextcloud_system_user }}"
  command: >-
    /usr/bin/php occ maintenance:install
    --database mysql
    --database-name {{ database_name | quote }}
    --database-user {{ database_user | quote }}
    --database-pass {{ database_pass | quote }}
    --database-table-prefix oc_
    --admin-user {{ nextcloud_admin_user | quote }}
    --admin-pass {{ nextcloud_admin_pass | quote }}
    --data-dir {{ nextcloud_data_directory | quote }}
  args:
    chdir: "{{ nextcloud_installation_directory }}"
    creates: "{{ nextcloud_config }}"

- name: Configure Nextcloud default domain
  become_user: "{{ nextcloud_system_user }}"
  lineinfile:
    backrefs: yes
    path: "{{ nextcloud_config }}"
    insertafter: "array \\("
    regexp: "^(\\s*)0 => '.*',$"
    line: "\\g<1>0 => '{{ domain }}',"
    validate: /usr/bin/php %s

- name: Configure Nextcloud default domain for cli
  become_user: "{{ nextcloud_system_user }}"
  lineinfile:
    backrefs: yes
    path: "{{ nextcloud_config }}"
    insertafter: "'version'"
    regexp: "^(\\s*)'overwrite.cli.url' => '.*',$"
    line: "\\1'overwrite.cli.url' => 'https://{{ domain }}',"
    validate: /usr/bin/php %s

- name: Install Nextcloud apps
  become_user: "{{ nextcloud_system_user }}"
  command: "/usr/bin/php occ app:install {{ item | quote }}"
  args:
    chdir: "{{ nextcloud_installation_directory }}"
  register: nextcloud_apps_install_results
  changed_when: "'already installed' not in nextcloud_apps_install_results.stdout"
  failed_when: nextcloud_apps_install_results.rc != 0 and not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout)
  with_items:
    - accessibility
    - activity
    - admin_audit
    - apporder
    - bruteforcesettings
    - calendar
    - checksum
    - cloud_federation_api
    - comments
    - contacts
    - dav
    - external
    - federatedfilesharing
    - federation
    - files
    - files_automatedtagging
    - files_external
    - files_pdfviewer
    - files_rightclick
    - files_sharing
    - files_texteditor
    - files_trashbin
    - files_versions
    - files_videoplayer
    - firstrunwizard
    - gallery
    - logreader
    - lookup_server_connector
    - mail
    - metadata
    - nextcloud_announcements
    - notes
    - notifications
    - oauth2
    - password_policy
    - polls
    - provisioning_api
    - quota_warning
    - serverinfo
    - sharebymail
    - sharerenamer
    - social
    - sociallogin
    - socialsharing_email
    - spreed
    - support
    - survey_client
    - systemtags
    - tasks
    - theming
    - twofactor_admin
    - twofactor_backupcodes
    - twofactor_gateway
    - twofactor_nextcloud_notification
    - twofactor_totp
    - twofactor_u2f
    - updatenotification
    - workflowengine

- name: Set background job mode to cron
  become_user: "{{ nextcloud_system_user }}"
  command: /usr/bin/php occ background:cron
  args:
    chdir: "{{ nextcloud_installation_directory }}"

- name: Add background cron job
  cron:
    name: "nextcloud cron for {{ domain }}"
    minute: "*/5"
    job: "sudo -u {{ nextcloud_system_user }} php -f \"{{ nextcloud_installation_directory }}/cron.php\""

- name: Configure auto backup of nextcloud data directory
  cron:
    hour: 1
    minute: 0
    job: "{{ global_helper_directory }}/backup_files.sh {{ nextcloud_data_directory | quote }} {{ domain | quote }}"
    name: "backup nextcloud data of {{ domain }}"
    state: present

#- name: Upgrade Nextcloud
#  become_user: "{{ nextcloud_system_user }}"
#  command: /usr/bin/php occ upgrade
#  args:
#    chdir: "{{ nextcloud_installation_directory }}"
#  register: nextcloud_upgrade_result
#  changed_when: "'already latest version' not in nextcloud_upgrade_result.rc"
Added role server/nextcloud 5 years ago			`---`

server/nextcloud: Moved roles into tasks for creating user before 5 years ago			`- name: Configure system user`
			`user:`
			`state: present`
			`name: "{{ nextcloud_system_user }}"`
			`system: yes`
			`shell: /bin/false`
			`create_home: yes`
			`move_home: yes`
			`home: "{{ nextcloud_user_directory }}"`

			`- name: Create database for nextcloud`
			`import_role:`
			`name: mysql/database`
			`vars:`
			`# database_user`

			`- name: Request php-pool for nextcloud`
			`import_role:`
			`name: nginx/php-pool`
			`vars:`
			`# system_user`
			`src: "{{ nextcloud_installation_directory }}"`
			`includes:`
			`- "{{ nextcloud_installation_directory }}/apps"`
server/nextcloud: Increased memory for php up to 1G 5 years ago			`memory_limit: 1G`
server/nextcloud: Moved roles into tasks for creating user before 5 years ago
			`- name: Request custom nginx php server`
			`import_role:`
			`name: nginx/server`
			`vars:`
			`directives: \|`
			`add_header X-Content-Type-Options nosniff;`
			`add_header X-XSS-Protection "1; mode=block";`
			`add_header X-Robots-Tag none;`
			`add_header X-Download-Options noopen;`
			`add_header X-Permitted-Cross-Domain-Policies none;`
			`add_header Referrer-Policy no-referrer;`
			`fastcgi_hide_header X-Powered-By;`
			`root {{ nextcloud_installation_directory }};`
			`location = /.well-known/carddav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`location = /.well-known/caldav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`rewrite ^/.well-known/webfinger /public.php?service=webfinger last;`
			`rewrite ^/.well-known/host-meta /public.php?service=host-meta last;`
			`rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;`
			`client_max_body_size 10240M;`
			`#fastcgi_buffers 64 4K;`
			`location / {`
			`rewrite ^ /index.php$request_uri;`
			`}`
			`location ~ ^/(build\|tests\|config\|lib\|3rdparty\|templates\|data)/ {`
			`deny all;`
			`}`
			`location ~ ^/(?:\.\|autotest\|occ\|issue\|indie\|db_\|console) {`
			`deny all;`
			`}`
			`#location ~ \.(?:flv\|mp4\|mov\|m4a)$ {`
			`# mp4;`
			`# mp4_buffer_size 100M;`
			`# mp4_max_buffer_size 1024M;`
			`# fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
			`# try_files $uri =404;`
			`# fastcgi_index index.php;`
			`# include fastcgi_params;`
			`# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`# fastcgi_param PATH_INFO $fastcgi_path_info;`
			`# fastcgi_param HTTPS on;`
			`# fastcgi_param modHeadersAvailable true;`
			`# fastcgi_param front_controller_active true;`
			`# fastcgi_pass {{ pool_name }};`
			`# fastcgi_intercept_errors on;`
			`# fastcgi_request_buffering off;`
			`#}`
			`location ~ ^/(?:index\|remote\|public\|cron\|core/ajax/update\|status\|ocs/v[12]\|updater/.+\|ocs-provider/.+)\.php(?:$\|/) {`
			`fastcgi_split_path_info ^(.+?\.php)(/.*)$;`
			`fastcgi_index index.php;`
			`include fastcgi_params;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_param PATH_INFO $fastcgi_path_info;`
			`fastcgi_param HTTPS on;`
			`fastcgi_param modHeadersAvailable true;`
			`fastcgi_param front_controller_active true;`
			`fastcgi_pass {{ pool_name }};`
			`fastcgi_intercept_errors on;`
			`fastcgi_request_buffering off;`
			`}`
			`location ~ ^/(?:updater\|ocs-provider)(?:$\|/) {`
			`try_files $uri/ =404;`
			`index index.php;`
			`}`
			`location ~ \.(?:css\|js\|woff2?\|svg\|gif\|png\|html\|ttf\|ico\|jpg\|jpeg)$ {`
			`try_files $uri /index.php$request_uri;`
			`access_log off;`
			`}`

Added role server/nextcloud 5 years ago			`- name: Install required dependencies`
			`apt:`
			`state: present`
			`name:`
			`# For Office / Video Previews`
			`- ffmpeg`
			`- libreoffice`
server/nextcloud: Added libmagickcore to dependencies 5 years ago			`# For SVG support`
			`- libmagickcore-6.q16-6-extra`
Added role server/nextcloud 5 years ago			`# PHP Dependencies`
			`- php-apcu`
			`- php-bz2`
			`- php-curl`
			`# - php-dom`
			`# - php-fileinfo`
			`- php-gd`
			`# - php-iconv`
			`- php-imagick`
			`- php-intl`
			`- php-json`
			`- php-mbstring`
server/nextcloud: Disabled php module mcrypt Already preinstalled in base packages 5 years ago			`# - php-mcrypt`
Added role server/nextcloud 5 years ago			`- php-mysql`
			`# - php-posix`
			`# - php-simplexml`
			`- php-xml`
			`# - php-xmlreader`
			`# - php-xmlwriter`
			`- php-zip`

			`# TODO Redis`

			`- name: Check if Nextcloud is already downloaded`
			`stat:`
			`path: "{{ nextcloud_installation_directory }}/index.php"`
			`register: nextcloud_installed`
			`check_mode: no`

			`- name: Download Nextcloud`
			`become_user: "{{ nextcloud_system_user }}"`
			`include_tasks: install.yml`
			`when: not nextcloud_installed.stat.exists`

			`- name: Create data directory`
			`file:`
			`state: directory`
			`path: "{{ nextcloud_data_directory }}"`
			`owner: "{{ nextcloud_system_user }}"`
			`group: "{{ nextcloud_system_user }}"`
			`mode: "u=rwx,g=rx"`

			`- name: Install Nextcloud`
			`become_user: "{{ nextcloud_system_user }}"`
			`command: >-`
			`/usr/bin/php occ maintenance:install`
			`--database mysql`
			`--database-name {{ database_name \| quote }}`
			`--database-user {{ database_user \| quote }}`
			`--database-pass {{ database_pass \| quote }}`
			`--database-table-prefix oc_`
			`--admin-user {{ nextcloud_admin_user \| quote }}`
			`--admin-pass {{ nextcloud_admin_pass \| quote }}`
			`--data-dir {{ nextcloud_data_directory \| quote }}`
			`args:`
			`chdir: "{{ nextcloud_installation_directory }}"`
			`creates: "{{ nextcloud_config }}"`

			`- name: Configure Nextcloud default domain`
			`become_user: "{{ nextcloud_system_user }}"`
			`lineinfile:`
			`backrefs: yes`
			`path: "{{ nextcloud_config }}"`
			`insertafter: "array \\("`
			`regexp: "^(\\s)0 => '.',$"`
			`line: "\\g<1>0 => '{{ domain }}',"`
			`validate: /usr/bin/php %s`

			`- name: Configure Nextcloud default domain for cli`
			`become_user: "{{ nextcloud_system_user }}"`
			`lineinfile:`
			`backrefs: yes`
			`path: "{{ nextcloud_config }}"`
			`insertafter: "'version'"`
			`regexp: "^(\\s)'overwrite.cli.url' => '.',$"`
			`line: "\\1'overwrite.cli.url' => 'https://{{ domain }}',"`
			`validate: /usr/bin/php %s`

			`- name: Install Nextcloud apps`
			`become_user: "{{ nextcloud_system_user }}"`
			`command: "/usr/bin/php occ app:install {{ item \| quote }}"`
			`args:`
			`chdir: "{{ nextcloud_installation_directory }}"`
			`register: nextcloud_apps_install_results`
			`changed_when: "'already installed' not in nextcloud_apps_install_results.stdout"`
			`failed_when: nextcloud_apps_install_results.rc != 0 and not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout)`
			`with_items:`
			`- accessibility`
			`- activity`
			`- admin_audit`
			`- apporder`
			`- bruteforcesettings`
			`- calendar`
			`- checksum`
			`- cloud_federation_api`
			`- comments`
			`- contacts`
			`- dav`
			`- external`
			`- federatedfilesharing`
			`- federation`
			`- files`
			`- files_automatedtagging`
			`- files_external`
			`- files_pdfviewer`
			`- files_rightclick`
			`- files_sharing`
			`- files_texteditor`
			`- files_trashbin`
			`- files_versions`
			`- files_videoplayer`
			`- firstrunwizard`
			`- gallery`
			`- logreader`
			`- lookup_server_connector`
			`- mail`
			`- metadata`
			`- nextcloud_announcements`
			`- notes`
			`- notifications`
			`- oauth2`
			`- password_policy`
			`- polls`
			`- provisioning_api`
			`- quota_warning`
			`- serverinfo`
			`- sharebymail`
			`- sharerenamer`
server/nextcloud: Enabled nextcloud app social 5 years ago			`- social`
Added role server/nextcloud 5 years ago			`- sociallogin`
			`- socialsharing_email`
			`- spreed`
			`- support`
			`- survey_client`
			`- systemtags`
			`- tasks`
			`- theming`
			`- twofactor_admin`
			`- twofactor_backupcodes`
			`- twofactor_gateway`
			`- twofactor_nextcloud_notification`
			`- twofactor_totp`
			`- twofactor_u2f`
			`- updatenotification`
			`- workflowengine`

			`- name: Set background job mode to cron`
			`become_user: "{{ nextcloud_system_user }}"`
			`command: /usr/bin/php occ background:cron`
			`args:`
			`chdir: "{{ nextcloud_installation_directory }}"`

server/nextcloud: Reordered background job and update task 5 years ago			`- name: Add background cron job`
			`cron:`
server/nextcloud: Fixed name for cron job For allowing different nextcloud instances work simultaneously 5 years ago			`name: "nextcloud cron for {{ domain }}"`
server/nextcloud: Reordered background job and update task 5 years ago			`minute: "*/5"`
server/nextcloud: Fixed cron job running as the correct user 5 years ago			`job: "sudo -u {{ nextcloud_system_user }} php -f \"{{ nextcloud_installation_directory }}/cron.php\""`
server/nextcloud: Reordered background job and update task 5 years ago
server/nextcloud: Added support for auto backuping data directory 5 years ago			`- name: Configure auto backup of nextcloud data directory`
			`cron:`
			`hour: 1`
			`minute: 0`
			`job: "{{ global_helper_directory }}/backup_files.sh {{ nextcloud_data_directory \| quote }} {{ domain \| quote }}"`
			`name: "backup nextcloud data of {{ domain }}"`
			`state: present`

Added role server/nextcloud 5 years ago			`#- name: Upgrade Nextcloud`
			`# become_user: "{{ nextcloud_system_user }}"`
			`# command: /usr/bin/php occ upgrade`
			`# args:`
			`# chdir: "{{ nextcloud_installation_directory }}"`
			`# register: nextcloud_upgrade_result`
			`# changed_when: "'already latest version' not in nextcloud_upgrade_result.rc"`