finish and test nextcloud role

2025-02-06 15:00:16 +01:00
parent a729ea3ecf
commit c472672b41
16 changed files with 78 additions and 33 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -34,7 +34,7 @@ security_autoupdate_reboot: false
 security_autoupdate_reboot_time: "03:00"
 security_autoupdate_mail_to: "service@softbox.de"
 security_autoupdate_mail_on_error: false
-security_fail2ban_enabled: false
+security_fail2ban_enabled: true
 security_fail2ban_custom_configuration_template: "jail.local.j2"
 ###
 #packages
--- a/group_vars/nextcloud.yml
+++ b/group_vars/nextcloud.yml
@@ -0,0 +1,2 @@
+hostname: cloud.softbox-rz.lan
+php_version: 8.2
--- a/roles/lamp/defaults/main.yml
+++ b/roles/lamp/defaults/main.yml
@@ -1,5 +0,0 @@
-site_conf: example.com.conf
-php_verison: "8.4"
-mysql_db_name: mysql
-mysql_db_user: mysql
-web_root: "/var/www/{{ hostname }}"
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,5 @@
+site_conf: cloud.conf
+php_verison: "8.4"
+mysql_db_name: nextcloud
+mysql_db_user: nextcloud
+web_root: "/var/www/nextcloud"
--- a/roles/nextcloud/handlers/main.yml
+++ b/roles/nextcloud/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted
--- a/roles/nextcloud/tasks/apache.yml
+++ b/roles/nextcloud/tasks/apache.yml
@@ -22,9 +22,9 @@
    mode: 0644
  notify: restart apache

- name: Enable the ownCloud site.
+- name: Enable the Nextcloud site.
  command: >
-    a2ensite owncloud.dav
+    a2ensite {{ site_conf }}
    creates="/etc/apache2/sites-enabled/{{ site_conf }}"
  notify: restart apache

--- a/roles/nextcloud/tasks/dependencies.yml
+++ b/roles/nextcloud/tasks/dependencies.yml
@@ -7,10 +7,16 @@
      - python3-pycurl
      - python3-pymysql

- name: Add ondrej repository for later versions of PHP.
-  apt_repository:
-    repo: "ppa:ondrej/php"
-    update_cache: yes
+#- name: Add ondrej repository for later versions of PHP.
+#  apt_repository:
+#    repo: "ppa:ondrej/php"
+#    update_cache: yes
+
+#sudo dpkg -l | grep php | tee packages.txt
+#sudo apt install apt-transport-https lsb-release ca-certificates wget -y
+#sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+#sudo sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
+#sudo apt update

 - name: "Install Apache, MySQL, PHP, and other dependencies."
  apt:
@@ -26,7 +32,7 @@
      - mariadb-server
      - libpcre3-dev
      - apache2
-      - "libapache2-mod-php{{ php_version }}"
+      - "libapache2-mod-php"
      - "php{{ php_version }}"
      - "php{{ php_version }}-imagick"
      - "php{{ php_version }}-common"
@@ -34,7 +40,7 @@
      - "php{{ php_version }}-gd"
      - "php{{ php_version }}-imap"
      - "php{{ php_version }}-intl"
-      - "php{{ php_version }}-json"
+      #- "php{{ php_version }}-json"
      - "php{{ php_version }}-mbstring"
      - "php{{ php_version }}-gmp"
      - "php{{ php_version }}-bcmath"
@@ -45,7 +51,7 @@
      - "php{{ php_version }}-apcu"
      - "php{{ php_version }}-redis"
      - "php{{ php_version }}-ldap"
-      - "php{{ php_version }}-smbclient"
+      #- "php{{ php_version }}-smbclient"
      - php-phpseclib
      - bzip2
      - rsync
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -14,3 +14,11 @@
 - name: Configure MySQL.
  include_tasks:
    file: mysql.yml
+
+- name: Create occ helper script.
+  include_tasks:
+    file: occ.yml
+
+- name: Download Nextcloud.
+  include_tasks:
+    file: nextcloud.yml
--- a/roles/nextcloud/tasks/mysql.yml
+++ b/roles/nextcloud/tasks/mysql.yml
--- a/roles/nextcloud/tasks/nextcloud.yml
+++ b/roles/nextcloud/tasks/nextcloud.yml
@@ -0,0 +1,13 @@
+---
+- name: Download Nextcloud source.
+  ansible.builtin.get_url:
+    url: https://download.nextcloud.com/server/releases/latest.tar.bz2
+    dest: "/tmp/nextcloud-complete-latest.tar.bz2"
+    owner: www-data
+
+- name: Extract the archive.
+  ansible.builtin.unarchive:
+    src: "/tmp/nextcloud-complete-latest.tar.bz2"
+    dest: "/var/www/"
+    owner: www-data
+    remote_src: yes
--- a/roles/nextcloud/tasks/occ.yml
+++ b/roles/nextcloud/tasks/occ.yml
@@ -0,0 +1,7 @@
+- name: Create a helper script for running occ commands.
+  template:
+    src: "templates/occ.j2"
+    dest: "/usr/local/bin/occ"
+    owner: root
+    group: root
+    mode: 0755
--- a/roles/nextcloud/tasks/php.yml
+++ b/roles/nextcloud/tasks/php.yml
@@ -1,7 +1,7 @@
 ---
 - name: Adjust OpCache memory setting.
  lineinfile:
-    dest: "/etc/php/7.4/apache2/conf.d/10-opcache.ini"
+    dest: "/etc/php/{{ php_version }}/apache2/conf.d/10-opcache.ini"
    regexp: "^opcache.memory_consumption"
    line: "opcache.memory_consumption = 96"
    state: present
--- a/roles/lamp/templates/example.com.conf.j2
+++ b/roles/lamp/templates/example.com.conf.j2
@@ -3,7 +3,7 @@ ServerName {{ hostname }}
 DirectoryIndex index.php index.html
 DocumentRoot {{ web_root }}
 <Directory {{ web_root }}>
-  Options +FollowSymlinks -Indexes
+  Options FollowSymLinks MultiViews
  AllowOverride All
  Require all granted

@@ -11,7 +11,7 @@ DocumentRoot {{ web_root }}
  Dav off
 </IfModule>

- SetEnv HOME {{ web_root }}
- SetEnv HTTP_HOME {{ web_root }}
+ #SetEnv HOME {{ web_root }}
+ #SetEnv HTTP_HOME {{ web_root }}
 </Directory>
 </VirtualHost>
--- a/roles/nextcloud/templates/occ.j2
+++ b/roles/nextcloud/templates/occ.j2
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+cd /var/www/nextcloud || exit
+sudo -E -u www-data /usr/bin/php /var/www/nextcloud/occ "$@"
--- a/run.yml
+++ b/run.yml
@@ -48,4 +48,4 @@
  roles:
    - role: geerlingguy.security
    #- role: geerlingguy.ntp ## NEEDED?
-    - role: lamp
+    - role: nextcloud
--- a/vars/vault.yml
+++ b/vars/vault.yml
@@ -1,14 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-64313562613766336237383361623333393830336465653361646334323034643831393230393737
-6538353232666230373434626365373632366265346230340a643739373735643232376564323335
-38613365393833316661643332303965653530393834653062636665613835353565643232373432
-3434333936396637340a613163333161393239636435633761316639666531633065323761333263
-62323930333162323137643939616266326333613034303339653762663566323862356136393665
-63653335396434613738626164653437613639336436613362666434343565343866336237633561
-36356139363939323635643862333730633638633139653364363435393761653131636635383765
-61663933376333663262373739643337336232323166306239616564363931366535626638626534
-66376436323735373634333164653437393830386333303034326461383062653930366437636234
-38626632653236346233636163646435313034656534623134626366663466636335313236323837
-35636531616531663663393636663735643236323234633833386463666131333036343562646539
-33343331646463613661316637653236633362393333346535376161626365643433616138663565
-3838
+31353435633062366461353231666566366662373733656337356339626234313966366139613161
+3533646266393033316330323737303638303162356161610a393337313837653835396162633030
+30313066326337393831643833663237643966383163363866386133373264373933633133653462
+6636376563336433640a356231363764363834626431616435633436306662313932313164623733
+62383062653166613661303939346135643661646630386532306161393365393133626164303337
+31623962623931353365346365623333386638313266356131326565613730303338643863396237
+39353261616339356563393236633232646361326234333533643338656331623732636432383434
+63653963336333366462366562633631336636643935646632323031666366633136383732643733
+63366433363136666131386434333431333062363238633064646336626463623730616238646136
+31333839623538306161393862306231656466613231326165666562616432363136396332646533
+30663130336438623463336333343830656138316236353963373833386434393337356262313934
+63323030323837373066323337363633636236353931643636643337393161303965613438363638
+3532