diff options
-rw-r--r-- | roles/nextcloud/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/nextcloud/meta/main.yml | 24 | ||||
-rw-r--r-- | roles/nextcloud/tasks/main.yml | 80 | ||||
-rw-r--r-- | roles/nextcloud/templates/etc-php-7.3.ini.j2 | 198 | ||||
-rw-r--r-- | roles/nextcloud/templates/nextcloud.conf.httpd.j2 | 87 | ||||
-rw-r--r-- | roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2 | 4 |
6 files changed, 404 insertions, 0 deletions
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml new file mode 100644 index 0000000..f1835cf --- /dev/null +++ b/roles/nextcloud/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +nextcloud__package_name: nextcloud-27.1.5 +nextcloud__package_dependencies: + - php-pgsql-8.1.27 + - php-pdo_pgsql-8.1.27 + +nextcloud__user: nextcloud +nextcloud__group: nextcloud + +nextcloud__php_service_name: php81_fpm diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml new file mode 100644 index 0000000..246fc09 --- /dev/null +++ b/roles/nextcloud/meta/main.yml @@ -0,0 +1,24 @@ +--- + +dependencies: + - role: httpd_pre + +argument_specs: + main: + short_description: nextcloud main entrypoint. + options: + + nextcloud__listen_port: + type: int + required: true + description: Listen port + + nextcloud__package_name: + type: str + required: true + description: Package name to be installed + + nextcloud__domain_name: + type: str + required: true + description: Domain name diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 0000000..bb744e7 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,80 @@ +--- + +- name: install nextcloud + ansible.builtin.package: + name: "{{ nextcloud__package_name }}" + state: present + register: nextcloud__result_install + failed_when: + - nextcloud__result_install.failed + - not nextcloud__result_install.msg is defined + - not "because of conflicts" in nextcloud__result_install.msg + +- name: update nextcloud + ansible.builtin.package: + name: nextcloud + state: latest + +- name: install nextcloud extra dependencies + package: + name: "{{ nextcloud__package_dependencies }}" + state: present + +- name: start and enable php-service + ansible.builtin.service: + name: "{{ nextcloud__php_service_name }}" + state: started + enabled: true + +- name: generate nextcloud httpd configuration + template: + src: nextcloud.conf.httpd.j2 + dest: "{{ httpd_pre__configuration_dir }}/nextcloud.conf" + owner: 0 + group: 0 + mode: "0644" + +# - name: generate nextcloud php config +# template: +# src: etc-php-7.3.ini.j2 +# dest: /etc/php-7.3.ini +# owner: "www" +# group: "www" +# mode: "0644" + +# - name: generate nextcloud custom config +# template: +# src: var-www-nextcloud-config-custom.config.php.j2 +# dest: /var/www/nextcloud/config/custom.config.php +# owner: "www" +# group: "www" +# mode: "0644" + +# - name: copy configuration for domain name and tls in chroot +# shell: | +# mkdir -p /var/www/etc/ssl +# install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc +# install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/ + +# - name: enable cron job for nextcloud indexing and housekeeping +# cron: +# name: "nextcloud indexing" +# minute: "*/5" +# job: "php -f /var/www/nextcloud/cron.php" +# user: www + +# - name: ensure directories are chown to www +# file: +# path: "/var/www/nextcloud/{{ item }}" +# owner: "www" +# group: "www" +# recurse: true +# loop: +# - "apps" +# - "updater" +# +# - name: ensure php-fpm is restarted and enabled +# service: +# name: php73_fpm +# state: restarted +# enabled: true diff --git a/roles/nextcloud/templates/etc-php-7.3.ini.j2 b/roles/nextcloud/templates/etc-php-7.3.ini.j2 new file mode 100644 index 0000000..0e79971 --- /dev/null +++ b/roles/nextcloud/templates/etc-php-7.3.ini.j2 @@ -0,0 +1,198 @@ +[PHP] +auto_append_file= +auto_globals_jit=On +auto_prepend_file= +default_charset="UTF-8" +default_mimetype="text/html" +disable_classes= +disable_functions= +display_errors=Off +display_startup_errors=Off +doc_root= +enable_dl=Off +engine=On +error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT +expose_php=On +extension_dir="/usr/local/lib/php-7.3/modules" +html_errors=On +ignore_repeated_errors=Off +ignore_repeated_source=Off +implicit_flush=Off +include_path=".:/pear/lib:/var/www/pear/lib" +log_errors=On +log_errors_max_len=1024 +max_execution_time=30 +output_buffering=4096 +precision=14 +register_argc_argv=Off +report_memleaks=On +request_order="GP" +serialize_precision=-1 +short_open_tag=Off +unserialize_callback_func= +user_dir= +variables_order="GPCS" +zend.enable_gc=On +zlib.output_compression=Off + +allow_url_fopen=On +allow_url_include=Off +default_socket_timeout=60 +file_uploads=On +max_file_uploads=20 + +memory_limit={{ nextcloud_php_memory_limit }} +max_input_time={{ nextcloud_php_max_inputtime }} +post_max_size={{ nextcloud_php_upload_maxsize }} +upload_max_filesize={{ nextcloud_php_upload_maxsize }} + +pm=dynamic +pm.maxchildren=120 +pm.start_servers=12 +pm.min_spare_servers=6 +pm.max_spare_servers=18 + +extension=curl +extension=gd +extension=intl +extension=pdo_pgsql +extension=zip + +[CLI Server] +cli_server.color=On + +[Date] +date.timezone=UTC + +[iconv] + +[imap] + +[intl] + +[sqlite3] + +[Pcre] + +[Pdo] + +[Pdo_mysql] +pdo_mysql.default_socket= + +[Phar] + +[mail function] +SMTP=localhost +smtp_port=25 +mail.add_x_header=Off + +[ODBC] +odbc.allow_persistent=On +odbc.check_persistent=On +odbc.max_persistent=-1 +odbc.max_links=-1 +odbc.defaultlrl=4096 +odbc.defaultbinmode=1 + +[Interbase] +ibase.allow_persistent=1 +ibase.max_persistent=-1 +ibase.max_links=-1 +ibase.timestampformat="%Y-%m-%d %H:%M:%S" +ibase.dateformat="%Y-%m-%d" +ibase.timeformat="%H:%M:%S" + +[MySQLi] +mysqli.max_persistent=-1 +mysqli.allow_persistent=On +mysqli.max_links=-1 +mysqli.default_port=3306 +mysqli.default_socket= +mysqli.default_host= +mysqli.default_user= +mysqli.default_pw= +mysqli.reconnect=Off + +[mysqlnd] +mysqlnd.collect_statistics=On +mysqlnd.collect_memory_statistics=Off + +[OCI8] + +[PostgreSQL] +pgsql.allow_persistent=On +pgsql.auto_reset_persistent=Off +pgsql.max_persistent=-1 +pgsql.max_links=-1 +pgsql.ignore_notice=0 +pgsql.log_notice=0 + +[bcmath] +bcmath.scale=0 + +[browscap] + +[Session] +session.save_handler=files +session.use_strict_mode=0 +session.use_cookies=1 +session.use_only_cookies=1 +session.name=PHPSESSID +session.auto_start=0 +session.cookie_lifetime=0 +session.cookie_path=/ +session.cookie_domain= +session.cookie_httponly= +session.cookie_samesite= +session.serialize_handler=php +session.gc_probability=1 +session.gc_divisor=1000 +session.gc_maxlifetime=1440 +session.referer_check= +session.cache_limiter=nocache +session.cache_expire=180 +session.use_trans_sid=0 +session.sid_length=26 +session.trans_sid_tags="a=href,area=href,frame=src,form=" +session.sid_bits_per_character=5 + +[Assertion] +zend.assertions=-1 + +[COM] + +[mbstring] + +[gd] + +[exif] + +[Tidy] + +tidy.clean_output=Off + +[soap] +soap.wsdl_cache_enabled=1 +soap.wsdl_cache_dir="/tmp" +soap.wsdl_cache_ttl=86400 +soap.wsdl_cache_limit=5 + +[sysvshm] + +[ldap] +ldap.max_links=-1 + +[dba] + +[opcache] +opcache.enable=1 +opcache.enable_cli=1 +opcache.memory_consumption=128 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.revalidate_freq=1 +opcache.save_comments=1 + +[curl] + +[openssl] diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2 new file mode 100644 index 0000000..ffae130 --- /dev/null +++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2 @@ -0,0 +1,87 @@ +# managed by Ansible +# see: https://x61.sh/log/2023/02/20230217T112354-nextcloud_openbsd.html + + +server "{{ nextcloud__domain_name }}" { + listen on * port {{ nextcloud__listen_port }} + + root "/nextcloud" + + hsts max-age 15768000 + + # set max upload size + connection max request body 537919488 + connection max requests 1000 + connection request timeout 3600 + connection timeout 3600 + tcp nodelay + + gzip-static + + # deny access to the specified files + location "/db_structure.xml" { block } + location "/README" { block } + location "/config*" { block } + location "/build*" { block } + location "/tests*" { block } + location "/lib*" { block } + location "/3rdparty*" { block } + location "/templates*" { block } + location "/data*" { block } + location "/.ht*" { block } + location "/.user*" { block } + location "/autotest*" { block } + location "/occ*" { block } + location "/issue*" { block } + location "/indie*" { block } + location "/db_*" { block } + location "/console*" { block } + + location "/core/*" { + gzip-static + pass + } + + location "/apps/*" { + gzip-static + pass + } + + location "/dist/*" { + gzip-static + pass + } + + location "/.well-known/carddav" { + block return 301 "/remote.php/dav/" + } + + location "/.well-known/caldav" { + block return 301 "/remote.php/dav/" + } + + location match "/oc[ms]%-provider/*" { + directory index index.php + pass + } + + location "/.well-known/webfinger" { + block return 301 "/index.php$REQUEST_URI" + } + + location "/.well-known/nodeinfo" { + block return 301 "/index.php$REQUEST_URI" + } + + location "/.well-known/host-meta" { + block return 301 "/public.php?service=host-meta" + } + + location "/.well-known/host-meta.json" { + block return 301 "/public.php?service=host-meta-json" + } + + location "/*.php*" { + fastcgi socket "/run/php-fpm.sock" + } +} diff --git a/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2 b/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2 new file mode 100644 index 0000000..15df079 --- /dev/null +++ b/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2 @@ -0,0 +1,4 @@ +<?php +$CONFIG = array ( + 'datadirectory' => ((php_sapi_name() == 'cli') ? '/var/www' : '') . '/nextcloud/data', +); |