aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--roles/nextcloud/meta/main.yml11
-rw-r--r--roles/nextcloud/tasks/main.yml38
-rw-r--r--roles/nextcloud/templates/nextcloud.conf.httpd.j249
-rw-r--r--roles/nextcloud/vars/main.yml12
4 files changed, 110 insertions, 0 deletions
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 0000000..0188b83
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,11 @@
+
+# nextcloud ~~ roles/nextcloud/meta/main.yml
+# Meta parameters
+
+---
+
+dependencies:
+ - role: httpd_pre
+ tags: "dependency"
+ when: ansible_distribution == "OpenBSD"
+ - { role: postgres, tags: "dependency" }
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..69ffb87
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,38 @@
+
+# nextcloud ~~ roles/nextcloud/tasks/main.yml
+# nextcloud setup
+
+---
+
+- name: install nextcloud
+ package: name=nextcloud state=present
+
+- name: generate nextcloud httpd configuration
+ template:
+ src: nextcloud.conf.httpd.j2
+ dest: /etc/httpd.d/nextcloud.conf
+ owner: "{{ user_root }}"
+ group: "{{ group_root }}"
+ mode: 0644
+ when: ansible_distribution == "OpenBSD"
+
+- name: ensure extensions are enabled in php-fpm
+ lineinfile:
+ path: /etc/php-7.3.ini
+ regexp: "{{ item }}"
+ line: "{{ item }}"
+ loop:
+ - extension=curl
+ - extension=pdo_pgsql
+
+- name: copy configuration for domain name and tls in chroot
+ shell: |
+ mkdir -p /var/www/etc/ssl
+ install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc
+ install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/
+
+- name: ensure php-fpm is restarted and enabled
+ service:
+ name: php73_fpm
+ state: restarted
+ enabled: true
diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
new file mode 100644
index 0000000..8ba5e45
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
@@ -0,0 +1,49 @@
+server "cloud.{{ global.domain_name }}" {
+ listen on * port {{ nextcloud_port }}
+
+ root "/nextcloud"
+ directory index index.php
+
+ hsts max-age 15768000
+
+ # deny access to confidential data/programs first
+ location "/.ht*" { block }
+ location "/.user*" { block }
+ location "/3rdparty*" { block }
+ location "/README" { block }
+ location "/autotest*" { block }
+ location "/build*" { block }
+ location "/config*" { block }
+ location "/console*" { block }
+ location "/data*" { block }
+ location "/db_*" { block }
+ location "/indie*" { block }
+ location "/issue*" { block }
+ location "/lib*" { block }
+ location "/occ*" { block }
+ location "/templates*" { block }
+ location "/tests*" { block }
+
+ location "/*.php" {
+ fastcgi socket "/run/php-fpm.sock"
+ }
+ location "/*.php[/?]*" {
+ fastcgi socket "/run/php-fpm.sock"
+ }
+
+ location "/.well-known/host-meta" {
+ block return 301 "/public.php?service=host-meta"
+ }
+ location "/.well-known/host-meta.json" {
+ block return 301 "/public.php?service=host-meta-json"
+ }
+ location "/.well-known/webfinger" {
+ block return 301 "/public.php?service=webfinger"
+ }
+ location "/.well-known/carddav" {
+ block return 301 "/remote.php/dav/"
+ }
+ location "/.well-known/caldav" {
+ block return 301 "/remote.php/dav/"
+ }
+}
diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml
new file mode 100644
index 0000000..040338c
--- /dev/null
+++ b/roles/nextcloud/vars/main.yml
@@ -0,0 +1,12 @@
+
+# nextcloud ~~ roles/nextcloud/tasks/main.yml
+# nextcloud variables
+
+---
+
+nextcloud_port: 8080
+nextcloud_user: _nextcloud
+nextcloud_group: _nextcloud
+
+nextcloud_db: postgres
+nextcloud_instance_name: "rgoncalves.se cloud"
remember that computers suck.