From 92a8f042b108bc5a2d936307ce7b05143067616e Mon Sep 17 00:00:00 2001 From: binary Date: Fri, 22 Jan 2021 21:48:30 +0100 Subject: Partial implementation of nextcloud --- roles/nextcloud/meta/main.yml | 11 +++++ roles/nextcloud/tasks/main.yml | 38 ++++++++++++++++++ roles/nextcloud/templates/nextcloud.conf.httpd.j2 | 49 +++++++++++++++++++++++ roles/nextcloud/vars/main.yml | 12 ++++++ 4 files changed, 110 insertions(+) create mode 100644 roles/nextcloud/meta/main.yml create mode 100644 roles/nextcloud/tasks/main.yml create mode 100644 roles/nextcloud/templates/nextcloud.conf.httpd.j2 create mode 100644 roles/nextcloud/vars/main.yml (limited to 'roles') diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml new file mode 100644 index 0000000..0188b83 --- /dev/null +++ b/roles/nextcloud/meta/main.yml @@ -0,0 +1,11 @@ + +# nextcloud ~~ roles/nextcloud/meta/main.yml +# Meta parameters + +--- + +dependencies: + - role: httpd_pre + tags: "dependency" + when: ansible_distribution == "OpenBSD" + - { role: postgres, tags: "dependency" } diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 0000000..69ffb87 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,38 @@ + +# nextcloud ~~ roles/nextcloud/tasks/main.yml +# nextcloud setup + +--- + +- name: install nextcloud + package: name=nextcloud state=present + +- name: generate nextcloud httpd configuration + template: + src: nextcloud.conf.httpd.j2 + dest: /etc/httpd.d/nextcloud.conf + owner: "{{ user_root }}" + group: "{{ group_root }}" + mode: 0644 + when: ansible_distribution == "OpenBSD" + +- name: ensure extensions are enabled in php-fpm + lineinfile: + path: /etc/php-7.3.ini + regexp: "{{ item }}" + line: "{{ item }}" + loop: + - extension=curl + - extension=pdo_pgsql + +- name: copy configuration for domain name and tls in chroot + shell: | + mkdir -p /var/www/etc/ssl + install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc + install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/ + +- name: ensure php-fpm is restarted and enabled + service: + name: php73_fpm + state: restarted + enabled: true diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2 new file mode 100644 index 0000000..8ba5e45 --- /dev/null +++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2 @@ -0,0 +1,49 @@ +server "cloud.{{ global.domain_name }}" { + listen on * port {{ nextcloud_port }} + + root "/nextcloud" + directory index index.php + + hsts max-age 15768000 + + # deny access to confidential data/programs first + location "/.ht*" { block } + location "/.user*" { block } + location "/3rdparty*" { block } + location "/README" { block } + location "/autotest*" { block } + location "/build*" { block } + location "/config*" { block } + location "/console*" { block } + location "/data*" { block } + location "/db_*" { block } + location "/indie*" { block } + location "/issue*" { block } + location "/lib*" { block } + location "/occ*" { block } + location "/templates*" { block } + location "/tests*" { block } + + location "/*.php" { + fastcgi socket "/run/php-fpm.sock" + } + location "/*.php[/?]*" { + fastcgi socket "/run/php-fpm.sock" + } + + location "/.well-known/host-meta" { + block return 301 "/public.php?service=host-meta" + } + location "/.well-known/host-meta.json" { + block return 301 "/public.php?service=host-meta-json" + } + location "/.well-known/webfinger" { + block return 301 "/public.php?service=webfinger" + } + location "/.well-known/carddav" { + block return 301 "/remote.php/dav/" + } + location "/.well-known/caldav" { + block return 301 "/remote.php/dav/" + } +} diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml new file mode 100644 index 0000000..040338c --- /dev/null +++ b/roles/nextcloud/vars/main.yml @@ -0,0 +1,12 @@ + +# nextcloud ~~ roles/nextcloud/tasks/main.yml +# nextcloud variables + +--- + +nextcloud_port: 8080 +nextcloud_user: _nextcloud +nextcloud_group: _nextcloud + +nextcloud_db: postgres +nextcloud_instance_name: "rgoncalves.se cloud" -- cgit v1.2.3