You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
280 lines
8.0 KiB
YAML
280 lines
8.0 KiB
YAML
---
|
|
|
|
- name: Configure system user
|
|
user:
|
|
state: present
|
|
name: "{{ nextcloud_system_user }}"
|
|
system: yes
|
|
shell: /bin/false
|
|
create_home: yes
|
|
move_home: yes
|
|
home: "{{ nextcloud_user_directory }}"
|
|
|
|
- name: Create database for nextcloud
|
|
import_role:
|
|
name: mysql/database
|
|
vars:
|
|
# database_user
|
|
|
|
- name: Request php-pool for nextcloud
|
|
import_role:
|
|
name: nginx/php-pool
|
|
vars:
|
|
# system_user
|
|
src: "{{ nextcloud_installation_directory }}"
|
|
includes:
|
|
- "{{ nextcloud_installation_directory }}/apps"
|
|
|
|
- name: Request custom nginx php server
|
|
import_role:
|
|
name: nginx/server
|
|
vars:
|
|
directives: |
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header X-Robots-Tag none;
|
|
add_header X-Download-Options noopen;
|
|
add_header X-Permitted-Cross-Domain-Policies none;
|
|
add_header Referrer-Policy no-referrer;
|
|
fastcgi_hide_header X-Powered-By;
|
|
root {{ nextcloud_installation_directory }};
|
|
location = /.well-known/carddav {
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
}
|
|
location = /.well-known/caldav {
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
}
|
|
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
|
|
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
|
|
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
|
|
client_max_body_size 10240M;
|
|
#fastcgi_buffers 64 4K;
|
|
location / {
|
|
rewrite ^ /index.php$request_uri;
|
|
}
|
|
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
|
|
deny all;
|
|
}
|
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
|
deny all;
|
|
}
|
|
#location ~ \.(?:flv|mp4|mov|m4a)$ {
|
|
# mp4;
|
|
# mp4_buffer_size 100M;
|
|
# mp4_max_buffer_size 1024M;
|
|
# fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
# try_files $uri =404;
|
|
# fastcgi_index index.php;
|
|
# include fastcgi_params;
|
|
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
# fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
# fastcgi_param HTTPS on;
|
|
# fastcgi_param modHeadersAvailable true;
|
|
# fastcgi_param front_controller_active true;
|
|
# fastcgi_pass {{ pool_name }};
|
|
# fastcgi_intercept_errors on;
|
|
# fastcgi_request_buffering off;
|
|
#}
|
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
|
|
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
|
fastcgi_index index.php;
|
|
include fastcgi_params;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param HTTPS on;
|
|
fastcgi_param modHeadersAvailable true;
|
|
fastcgi_param front_controller_active true;
|
|
fastcgi_pass {{ pool_name }};
|
|
fastcgi_intercept_errors on;
|
|
fastcgi_request_buffering off;
|
|
}
|
|
location ~ ^/(?:updater|ocs-provider)(?:$|/) {
|
|
try_files $uri/ =404;
|
|
index index.php;
|
|
}
|
|
location ~ \.(?:css|js|woff2?|svg|gif|png|html|ttf|ico|jpg|jpeg)$ {
|
|
try_files $uri /index.php$request_uri;
|
|
access_log off;
|
|
}
|
|
|
|
- name: Install required dependencies
|
|
apt:
|
|
state: present
|
|
name:
|
|
# For Office / Video Previews
|
|
- ffmpeg
|
|
- libreoffice
|
|
# PHP Dependencies
|
|
- php-apcu
|
|
- php-bz2
|
|
- php-curl
|
|
# - php-dom
|
|
# - php-fileinfo
|
|
- php-gd
|
|
# - php-iconv
|
|
- php-imagick
|
|
- php-intl
|
|
- php-json
|
|
- php-mbstring
|
|
# - php-mcrypt
|
|
- php-mysql
|
|
# - php-posix
|
|
# - php-simplexml
|
|
- php-xml
|
|
# - php-xmlreader
|
|
# - php-xmlwriter
|
|
- php-zip
|
|
|
|
# TODO Redis
|
|
|
|
- name: Check if Nextcloud is already downloaded
|
|
stat:
|
|
path: "{{ nextcloud_installation_directory }}/index.php"
|
|
register: nextcloud_installed
|
|
check_mode: no
|
|
|
|
- name: Download Nextcloud
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
include_tasks: install.yml
|
|
when: not nextcloud_installed.stat.exists
|
|
|
|
- name: Create data directory
|
|
file:
|
|
state: directory
|
|
path: "{{ nextcloud_data_directory }}"
|
|
owner: "{{ nextcloud_system_user }}"
|
|
group: "{{ nextcloud_system_user }}"
|
|
mode: "u=rwx,g=rx"
|
|
|
|
- name: Install Nextcloud
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
command: >-
|
|
/usr/bin/php occ maintenance:install
|
|
--database mysql
|
|
--database-name {{ database_name | quote }}
|
|
--database-user {{ database_user | quote }}
|
|
--database-pass {{ database_pass | quote }}
|
|
--database-table-prefix oc_
|
|
--admin-user {{ nextcloud_admin_user | quote }}
|
|
--admin-pass {{ nextcloud_admin_pass | quote }}
|
|
--data-dir {{ nextcloud_data_directory | quote }}
|
|
args:
|
|
chdir: "{{ nextcloud_installation_directory }}"
|
|
creates: "{{ nextcloud_config }}"
|
|
|
|
- name: Configure Nextcloud default domain
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
lineinfile:
|
|
backrefs: yes
|
|
path: "{{ nextcloud_config }}"
|
|
insertafter: "array \\("
|
|
regexp: "^(\\s*)0 => '.*',$"
|
|
line: "\\g<1>0 => '{{ domain }}',"
|
|
validate: /usr/bin/php %s
|
|
|
|
- name: Configure Nextcloud default domain for cli
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
lineinfile:
|
|
backrefs: yes
|
|
path: "{{ nextcloud_config }}"
|
|
insertafter: "'version'"
|
|
regexp: "^(\\s*)'overwrite.cli.url' => '.*',$"
|
|
line: "\\1'overwrite.cli.url' => 'https://{{ domain }}',"
|
|
validate: /usr/bin/php %s
|
|
|
|
- name: Install Nextcloud apps
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
command: "/usr/bin/php occ app:install {{ item | quote }}"
|
|
args:
|
|
chdir: "{{ nextcloud_installation_directory }}"
|
|
register: nextcloud_apps_install_results
|
|
changed_when: "'already installed' not in nextcloud_apps_install_results.stdout"
|
|
failed_when: nextcloud_apps_install_results.rc != 0 and not (nextcloud_apps_install_results.rc == 1 and 'already installed' in nextcloud_apps_install_results.stdout)
|
|
with_items:
|
|
- accessibility
|
|
- activity
|
|
- admin_audit
|
|
- apporder
|
|
- bruteforcesettings
|
|
- calendar
|
|
- checksum
|
|
- cloud_federation_api
|
|
- comments
|
|
- contacts
|
|
- dav
|
|
- external
|
|
- federatedfilesharing
|
|
- federation
|
|
- files
|
|
- files_automatedtagging
|
|
- files_external
|
|
- files_pdfviewer
|
|
- files_rightclick
|
|
- files_sharing
|
|
- files_texteditor
|
|
- files_trashbin
|
|
- files_versions
|
|
- files_videoplayer
|
|
- firstrunwizard
|
|
- gallery
|
|
- logreader
|
|
- lookup_server_connector
|
|
- mail
|
|
- metadata
|
|
- nextcloud_announcements
|
|
- notes
|
|
- notifications
|
|
- oauth2
|
|
- password_policy
|
|
- polls
|
|
- provisioning_api
|
|
- quota_warning
|
|
- serverinfo
|
|
- sharebymail
|
|
- sharerenamer
|
|
- social
|
|
- sociallogin
|
|
- socialsharing_email
|
|
- spreed
|
|
- support
|
|
- survey_client
|
|
- systemtags
|
|
- tasks
|
|
- theming
|
|
- twofactor_admin
|
|
- twofactor_backupcodes
|
|
- twofactor_gateway
|
|
- twofactor_nextcloud_notification
|
|
- twofactor_totp
|
|
- twofactor_u2f
|
|
- updatenotification
|
|
- workflowengine
|
|
|
|
- name: Set background job mode to cron
|
|
become_user: "{{ nextcloud_system_user }}"
|
|
command: /usr/bin/php occ background:cron
|
|
args:
|
|
chdir: "{{ nextcloud_installation_directory }}"
|
|
|
|
- name: Add background cron job
|
|
cron:
|
|
name: "nextcloud"
|
|
minute: "*/5"
|
|
job: "php -f \"{{ nextcloud_installation_directory }}/cron.php\""
|
|
|
|
- name: Configure auto backup of nextcloud data directory
|
|
cron:
|
|
hour: 1
|
|
minute: 0
|
|
job: "{{ global_helper_directory }}/backup_files.sh {{ nextcloud_data_directory | quote }} {{ domain | quote }}"
|
|
name: "backup nextcloud data of {{ domain }}"
|
|
state: present
|
|
|
|
#- name: Upgrade Nextcloud
|
|
# become_user: "{{ nextcloud_system_user }}"
|
|
# command: /usr/bin/php occ upgrade
|
|
# args:
|
|
# chdir: "{{ nextcloud_installation_directory }}"
|
|
# register: nextcloud_upgrade_result
|
|
# changed_when: "'already latest version' not in nextcloud_upgrade_result.rc"
|