diff --git a/defaults/main.yml b/defaults/main.yml index 23e4cbc..c5182f9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,5 @@ --- -nextcloud_version: 18.0.4 +nextcloud_version: 21.0.4 nextcloud_dist_filename: 'nextcloud-{{ nextcloud_version }}.tar.bz2' nextcloud_download_url: 'https://download.nextcloud.com/server/releases/{{ nextcloud_dist_filename }}' nextcloud_local_redis: True diff --git a/meta/main.yml b/meta/main.yml index c0b76ea..a6de52e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -44,4 +44,3 @@ dependencies: name: memcached state: latest when: nextcloud_local_memcache - diff --git a/tasks/main.yml b/tasks/main.yml index 53b6fe3..73e1a8a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,6 @@ --- - import_tasks: nextcloud-nginx.yml - import_tasks: nextcloud-install.yml +- import_tasks: nextcloud-config.yml +- import_tasks: nextcloud-ldap.yml + diff --git a/tasks/nextcloud-config.yml b/tasks/nextcloud-config.yml new file mode 100644 index 0000000..b1cc7d3 --- /dev/null +++ b/tasks/nextcloud-config.yml @@ -0,0 +1,90 @@ +--- +- block: + - name: Configure the nextcloud instance + shell: cd {{ item.doc_root }} && php occ maintenance:install --database="{{ nextcloud_db }}" --database-host "{{ nextcloud_db_host }}" --database-name "{{ nextcloud_db_name }}" --database-user "{{ nextcloud_db_user }}" --database-pass "{{ nextcloud_db_pwd }}" --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_u_pwd }}" --data-dir={{ nextcloud_data_dir }} && mkdir {{ nextcloud_data_dir }}/.ht_setup && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_setup + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_setup' + with_items: '{{ phpfpm_pools }}' + + - name: Set the trusted domains list + shell: cd {{ item.webroot }} && php occ config:system:set trusted_domains {{ item.id }} --value={{ item.name }} && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_trusted_domains_{{ item.id }} + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_trusted_domains_{{ item.id }}' + with_items: '{{ nextcloud_servernames }}' + + - name: Set the nextcloud log file path + shell: cd {{ item.doc_root }} && php occ log:file --file {{ nextcloud_log_directory }}/nextcloud.log && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_logfile + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_logfile' + with_items: '{{ phpfpm_pools }}' + + - name: Set the audit log file path + shell: cd {{ item.doc_root }} && php occ config:app:set admin_audit logfile --value={{ nextcloud_log_directory }}/audit.log && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_logfile + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_auditfile' + with_items: '{{ phpfpm_pools }}' + + - name: Set the log level + shell: cd {{ item.doc_root }} && php occ log:manage --level {{ nextcloud_log_level }} && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_log_level + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_log_level' + with_items: '{{ phpfpm_pools }}' + + - name: Set the log backend + shell: cd {{ item.doc_root }} && php occ log:manage --backend {{ nextcloud_log_backend }} && touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_log_backend + args: + creates: '{{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_log_backend' + with_items: '{{ phpfpm_pools }}' + + - name: Setup the cron configuration + shell: cd {{ item.webroot }} ; php occ background:cron ; touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_cron + args: + creates: 'touch {{ nextcloud_data_dir }}/.ht_setup/ht_nextcloud_cron' + with_items: '{{ nextcloud_servernames }}' + tags: [ 'nextcloud', 'nextcloud_config_cron' ] + + - name: Install the nextcloud cron job + become_user: root + cron: + user: '{{ item.user }}' + minute: "*/15" + job: "php -f {{ item.doc_root }}/cron.php" + name: "NextCloud cron job" + cron_file: "nextcloud_cron" + state: present + disabled: False + with_items: '{{ phpfpm_pools }}' + tags: [ 'nextcloud', 'nextcloud_config_cron', 'nextcloud_config' ] + + become: True + become_user: '{{ nextcloud_user }}' + tags: [ 'nextcloud', 'nextcloud_config' ] + +- block: + - name: Create the nextcloud encryption keys directory + become_user: root + file: + dest: '{{ nextcloud_oc_dir }}' + state: directory + owner: '{{ item.user }}' + group: '{{ item.user }}' + with_items: '{{ phpfpm_pools }}' + when: phpfpm_create_users + + - name: Create the nextcloud encryption keys directory when the user has been created externally + file: + dest: '{{ nextcloud_oc_dir }}' + state: directory + with_items: '{{ phpfpm_pools }}' + when: not phpfpm_create_users + + - name: Activate global encryption + shell: cd {{ item.doc_root }} ; php occ app:enable encryption ; php occ encryption:enable ; php occ encryption:enable-master-key ; php occ encryption:change-key-storage-root {{ nextcloud_oc_dir }} ; touch {{ nextcloud_oc_dir }}/.ht_nextcloud_oc + args: + creates: '{{ nextcloud_oc_dir }}/.ht_nextcloud_oc' + with_items: '{{ phpfpm_pools }}' + + become: True + become_user: '{{ nextcloud_user }}' + when: nextcloud_encryption_enabled + tags: [ 'nextcloud', 'nextcloud_config', 'nextcloud_config_oc' ] diff --git a/tasks/nextcloud-install.yml b/tasks/nextcloud-install.yml index 997c980..325d950 100644 --- a/tasks/nextcloud-install.yml +++ b/tasks/nextcloud-install.yml @@ -15,7 +15,7 @@ state: directory owner: '{{ item.user }}' group: '{{ item.user }}' - with_items: '{{ phpfpm_pools }}' + loop: '{{ phpfpm_pools }}' - name: Install the logrotate configuration for nextcloud template: @@ -31,7 +31,7 @@ state: directory owner: '{{ item.user }}' group: '{{ item.user }}' - with_items: '{{ phpfpm_pools }}' + loop: '{{ phpfpm_pools }}' when: phpfpm_create_users - name: Create the nextcloud data directory when the user has been created externally @@ -42,7 +42,7 @@ state: directory owner: '{{ item.user }}' group: '{{ item.user }}' - with_items: '{{ phpfpm_pools }}' + loop: '{{ phpfpm_pools }}' when: not phpfpm_create_users - name: Get nextcloud @@ -52,114 +52,6 @@ unarchive: remote_src=yes src=/srv/{{ nextcloud_dist_filename }} dest={{ nextcloud_web_basedir }} owner={{ item.user }} group={{ item.user }} args: creates: '{{ item.doc_root }}/index.php' - with_items: '{{ phpfpm_pools }}' + loop: '{{ phpfpm_pools }}' tags: [ 'nextcloud' ] - -- block: - - name: Configure the nextcloud instance - shell: cd {{ item.doc_root }} && php occ maintenance:install --database="{{ nextcloud_db }}" --database-host "{{ nextcloud_db_host }}" --database-name "{{ nextcloud_db_name }}" --database-user "{{ nextcloud_db_user }}" --database-pass "{{ nextcloud_db_pwd }}" --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_u_pwd }}" --data-dir={{ nextcloud_data_dir }} && touch {{ nextcloud_data_dir }}/.ht_nextcloud_setup - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_setup' - with_items: '{{ phpfpm_pools }}' - - - name: Set the trusted domains list - shell: cd {{ item.webroot }} && php occ config:system:set trusted_domains {{ item.id }} --value={{ item.name }} && touch {{ nextcloud_data_dir }}/.ht_nextcloud_trusted_domains_{{ item.id }} - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_trusted_domains_{{ item.id }}' - with_items: '{{ nextcloud_servernames }}' - - - name: Set the nextcloud log file path - shell: cd {{ item.doc_root }} && php occ log:file --file {{ nextcloud_log_directory }}/nextcloud.log && touch {{ nextcloud_data_dir }}/.ht_nextcloud_logfile - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_logfile' - with_items: '{{ phpfpm_pools }}' - - - name: Set the audit log file path - shell: cd {{ item.doc_root }} && php occ config:app:set admin_audit logfile --value={{ nextcloud_log_directory }}/audit.log && touch {{ nextcloud_data_dir }}/.ht_nextcloud_logfile - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_auditfile' - with_items: '{{ phpfpm_pools }}' - - - name: Set the log level - shell: cd {{ item.doc_root }} && php occ log:manage --level {{ nextcloud_log_level }} && touch {{ nextcloud_data_dir }}/.ht_nextcloud_log_level - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_log_level' - with_items: '{{ phpfpm_pools }}' - - - name: Set the log backend - shell: cd {{ item.doc_root }} && php occ log:manage --backend {{ nextcloud_log_backend }} && touch {{ nextcloud_data_dir }}/.ht_nextcloud_log_backend - args: - creates: '{{ nextcloud_data_dir }}/.ht_nextcloud_log_backend' - with_items: '{{ phpfpm_pools }}' - - - name: Setup the cron configuration - shell: cd {{ item.webroot }} ; php occ background:cron ; touch {{ nextcloud_data_dir }}/.ht_nextcloud_cron - args: - creates: 'touch {{ nextcloud_data_dir }}/.ht_nextcloud_cron' - with_items: '{{ nextcloud_servernames }}' - tags: [ 'nextcloud', 'nextcloud_config_cron' ] - - - name: Install the nextcloud cron job - become_user: root - cron: - user: '{{ item.user }}' - minute: "*/15" - job: "php -f {{ item.doc_root }}/cron.php" - name: "NextCloud cron job" - cron_file: "nextcloud_cron" - state: present - disabled: False - with_items: '{{ phpfpm_pools }}' - tags: [ 'nextcloud', 'nextcloud_config_cron', 'nextcloud_config' ] - - become: True - become_user: '{{ nextcloud_user }}' - tags: [ 'nextcloud', 'nextcloud_config' ] - -- block: - - name: Create the nextcloud encryption keys directory - become_user: root - file: - dest: '{{ nextcloud_oc_dir }}' - state: directory - owner: '{{ item.user }}' - group: '{{ item.user }}' - with_items: '{{ phpfpm_pools }}' - when: phpfpm_create_users - - - name: Create the nextcloud encryption keys directory when the user has been created externally - file: - dest: '{{ nextcloud_oc_dir }}' - state: directory - with_items: '{{ phpfpm_pools }}' - when: not phpfpm_create_users - - - name: Activate global encryption - shell: cd {{ item.doc_root }} ; php occ app:enable encryption ; php occ encryption:enable ; php occ encryption:enable-master-key ; php occ encryption:change-key-storage-root {{ nextcloud_oc_dir }} ; touch {{ nextcloud_oc_dir }}/.ht_nextcloud_oc - args: - creates: '{{ nextcloud_oc_dir }}/.ht_nextcloud_oc' - with_items: '{{ phpfpm_pools }}' - - become: True - become_user: '{{ nextcloud_user }}' - when: nextcloud_encryption_enabled - tags: [ 'nextcloud', 'nextcloud_config', 'nextcloud_config_oc' ] - -- block: - - name: Enable ldap - shell: cd {{ item.doc_root }} ; php occ app:enable user_ldap ; touch {{ item.doc_root }}/.ht_nextcloud_ldap_enabled - args: - creates: '{{ item.doc_root }}/.ht_nextcloud_ldap_enabled' - with_items: '{{ phpfpm_pools }}' - - - name: Create an empty ldap configuration to start with - shell: cd {{ item.doc_root }} ; php occ ldap:create-empty-config ; touch {{ item.doc_root }}/.ht_nextcloud_ldap_configured - args: - creates: '{{ item.doc_root }}/.ht_nextcloud_ldap_configured' - with_items: '{{ phpfpm_pools }}' - - become: True - become_user: '{{ nextcloud_user }}' - when: nextcloud_ldap_auth - tags: [ 'nextcloud', 'nextcloud_config', 'nextcloud_config_ldap' ] diff --git a/tasks/nextcloud-ldap.yml b/tasks/nextcloud-ldap.yml new file mode 100644 index 0000000..24801d9 --- /dev/null +++ b/tasks/nextcloud-ldap.yml @@ -0,0 +1,18 @@ +--- +- block: + - name: Enable ldap + shell: cd {{ item.doc_root }} ; php occ app:enable user_ldap ; touch {{ item.doc_root }}/.ht_setup/ht_nextcloud_ldap_enabled + args: + creates: '{{ item.doc_root }}/.ht_setup/ht_nextcloud_ldap_enabled' + with_items: '{{ phpfpm_pools }}' + + - name: Create an empty ldap configuration to start with + shell: cd {{ item.doc_root }} ; php occ ldap:create-empty-config ; touch {{ item.doc_root }}/.ht_setup/ht_nextcloud_ldap_configured + args: + creates: '{{ item.doc_root }}/.ht_setup/ht_nextcloud_ldap_configured' + with_items: '{{ phpfpm_pools }}' + + become: True + become_user: '{{ nextcloud_user }}' + when: nextcloud_ldap_auth + tags: [ 'nextcloud', 'nextcloud_config', 'nextcloud_config_ldap' ] diff --git a/vars/main.yml b/vars/main.yml index 531dd87..6bb0af0 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -8,6 +8,12 @@ https_port: 443 php_version: 7.4 +nextcloud_dl_file_name: + latest: "{{ ['latest', nextcloud_version_major]|reject('undefined')|join('-') }}" + releases: "{{ ['nextcloud', nextcloud_version_full]|reject('undefined')|join('-') }}" + beta: "nextcloud-{{ [nextcloud_version_full, nextcloud_version_special]|reject('undefined')|join() }}" + daily: "nextcloud-{{ nextcloud_version_major|d('') }}-daily-{{ nextcloud_version_special|d('') }}" + nextcloud_php_required_packages: - 'php{{ php_version }}-gd' - 'php{{ php_version }}-json'