aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/nextcloud/defaults/main.yml11
-rw-r--r--roles/nextcloud/meta/main.yml24
-rw-r--r--roles/nextcloud/tasks/main.yml80
-rw-r--r--roles/nextcloud/templates/etc-php-7.3.ini.j2198
-rw-r--r--roles/nextcloud/templates/nextcloud.conf.httpd.j287
-rw-r--r--roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j24
6 files changed, 404 insertions, 0 deletions
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 0000000..f1835cf
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+
+nextcloud__package_name: nextcloud-27.1.5
+nextcloud__package_dependencies:
+ - php-pgsql-8.1.27
+ - php-pdo_pgsql-8.1.27
+
+nextcloud__user: nextcloud
+nextcloud__group: nextcloud
+
+nextcloud__php_service_name: php81_fpm
diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml
new file mode 100644
index 0000000..246fc09
--- /dev/null
+++ b/roles/nextcloud/meta/main.yml
@@ -0,0 +1,24 @@
+---
+
+dependencies:
+ - role: httpd_pre
+
+argument_specs:
+ main:
+ short_description: nextcloud main entrypoint.
+ options:
+
+ nextcloud__listen_port:
+ type: int
+ required: true
+ description: Listen port
+
+ nextcloud__package_name:
+ type: str
+ required: true
+ description: Package name to be installed
+
+ nextcloud__domain_name:
+ type: str
+ required: true
+ description: Domain name
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..bb744e7
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,80 @@
+---
+
+- name: install nextcloud
+ ansible.builtin.package:
+ name: "{{ nextcloud__package_name }}"
+ state: present
+ register: nextcloud__result_install
+ failed_when:
+ - nextcloud__result_install.failed
+ - not nextcloud__result_install.msg is defined
+ - not "because of conflicts" in nextcloud__result_install.msg
+
+- name: update nextcloud
+ ansible.builtin.package:
+ name: nextcloud
+ state: latest
+
+- name: install nextcloud extra dependencies
+ package:
+ name: "{{ nextcloud__package_dependencies }}"
+ state: present
+
+- name: start and enable php-service
+ ansible.builtin.service:
+ name: "{{ nextcloud__php_service_name }}"
+ state: started
+ enabled: true
+
+- name: generate nextcloud httpd configuration
+ template:
+ src: nextcloud.conf.httpd.j2
+ dest: "{{ httpd_pre__configuration_dir }}/nextcloud.conf"
+ owner: 0
+ group: 0
+ mode: "0644"
+
+# - name: generate nextcloud php config
+# template:
+# src: etc-php-7.3.ini.j2
+# dest: /etc/php-7.3.ini
+# owner: "www"
+# group: "www"
+# mode: "0644"
+
+# - name: generate nextcloud custom config
+# template:
+# src: var-www-nextcloud-config-custom.config.php.j2
+# dest: /var/www/nextcloud/config/custom.config.php
+# owner: "www"
+# group: "www"
+# mode: "0644"
+
+# - name: copy configuration for domain name and tls in chroot
+# shell: |
+# mkdir -p /var/www/etc/ssl
+# install -m 444 -o root -g bin /etc/resolv.conf /var/www/etc
+# install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl/
+
+# - name: enable cron job for nextcloud indexing and housekeeping
+# cron:
+# name: "nextcloud indexing"
+# minute: "*/5"
+# job: "php -f /var/www/nextcloud/cron.php"
+# user: www
+
+# - name: ensure directories are chown to www
+# file:
+# path: "/var/www/nextcloud/{{ item }}"
+# owner: "www"
+# group: "www"
+# recurse: true
+# loop:
+# - "apps"
+# - "updater"
+#
+# - name: ensure php-fpm is restarted and enabled
+# service:
+# name: php73_fpm
+# state: restarted
+# enabled: true
diff --git a/roles/nextcloud/templates/etc-php-7.3.ini.j2 b/roles/nextcloud/templates/etc-php-7.3.ini.j2
new file mode 100644
index 0000000..0e79971
--- /dev/null
+++ b/roles/nextcloud/templates/etc-php-7.3.ini.j2
@@ -0,0 +1,198 @@
+[PHP]
+auto_append_file=
+auto_globals_jit=On
+auto_prepend_file=
+default_charset="UTF-8"
+default_mimetype="text/html"
+disable_classes=
+disable_functions=
+display_errors=Off
+display_startup_errors=Off
+doc_root=
+enable_dl=Off
+engine=On
+error_reporting=E_ALL & ~E_DEPRECATED & ~E_STRICT
+expose_php=On
+extension_dir="/usr/local/lib/php-7.3/modules"
+html_errors=On
+ignore_repeated_errors=Off
+ignore_repeated_source=Off
+implicit_flush=Off
+include_path=".:/pear/lib:/var/www/pear/lib"
+log_errors=On
+log_errors_max_len=1024
+max_execution_time=30
+output_buffering=4096
+precision=14
+register_argc_argv=Off
+report_memleaks=On
+request_order="GP"
+serialize_precision=-1
+short_open_tag=Off
+unserialize_callback_func=
+user_dir=
+variables_order="GPCS"
+zend.enable_gc=On
+zlib.output_compression=Off
+
+allow_url_fopen=On
+allow_url_include=Off
+default_socket_timeout=60
+file_uploads=On
+max_file_uploads=20
+
+memory_limit={{ nextcloud_php_memory_limit }}
+max_input_time={{ nextcloud_php_max_inputtime }}
+post_max_size={{ nextcloud_php_upload_maxsize }}
+upload_max_filesize={{ nextcloud_php_upload_maxsize }}
+
+pm=dynamic
+pm.maxchildren=120
+pm.start_servers=12
+pm.min_spare_servers=6
+pm.max_spare_servers=18
+
+extension=curl
+extension=gd
+extension=intl
+extension=pdo_pgsql
+extension=zip
+
+[CLI Server]
+cli_server.color=On
+
+[Date]
+date.timezone=UTC
+
+[iconv]
+
+[imap]
+
+[intl]
+
+[sqlite3]
+
+[Pcre]
+
+[Pdo]
+
+[Pdo_mysql]
+pdo_mysql.default_socket=
+
+[Phar]
+
+[mail function]
+SMTP=localhost
+smtp_port=25
+mail.add_x_header=Off
+
+[ODBC]
+odbc.allow_persistent=On
+odbc.check_persistent=On
+odbc.max_persistent=-1
+odbc.max_links=-1
+odbc.defaultlrl=4096
+odbc.defaultbinmode=1
+
+[Interbase]
+ibase.allow_persistent=1
+ibase.max_persistent=-1
+ibase.max_links=-1
+ibase.timestampformat="%Y-%m-%d %H:%M:%S"
+ibase.dateformat="%Y-%m-%d"
+ibase.timeformat="%H:%M:%S"
+
+[MySQLi]
+mysqli.max_persistent=-1
+mysqli.allow_persistent=On
+mysqli.max_links=-1
+mysqli.default_port=3306
+mysqli.default_socket=
+mysqli.default_host=
+mysqli.default_user=
+mysqli.default_pw=
+mysqli.reconnect=Off
+
+[mysqlnd]
+mysqlnd.collect_statistics=On
+mysqlnd.collect_memory_statistics=Off
+
+[OCI8]
+
+[PostgreSQL]
+pgsql.allow_persistent=On
+pgsql.auto_reset_persistent=Off
+pgsql.max_persistent=-1
+pgsql.max_links=-1
+pgsql.ignore_notice=0
+pgsql.log_notice=0
+
+[bcmath]
+bcmath.scale=0
+
+[browscap]
+
+[Session]
+session.save_handler=files
+session.use_strict_mode=0
+session.use_cookies=1
+session.use_only_cookies=1
+session.name=PHPSESSID
+session.auto_start=0
+session.cookie_lifetime=0
+session.cookie_path=/
+session.cookie_domain=
+session.cookie_httponly=
+session.cookie_samesite=
+session.serialize_handler=php
+session.gc_probability=1
+session.gc_divisor=1000
+session.gc_maxlifetime=1440
+session.referer_check=
+session.cache_limiter=nocache
+session.cache_expire=180
+session.use_trans_sid=0
+session.sid_length=26
+session.trans_sid_tags="a=href,area=href,frame=src,form="
+session.sid_bits_per_character=5
+
+[Assertion]
+zend.assertions=-1
+
+[COM]
+
+[mbstring]
+
+[gd]
+
+[exif]
+
+[Tidy]
+
+tidy.clean_output=Off
+
+[soap]
+soap.wsdl_cache_enabled=1
+soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_ttl=86400
+soap.wsdl_cache_limit=5
+
+[sysvshm]
+
+[ldap]
+ldap.max_links=-1
+
+[dba]
+
+[opcache]
+opcache.enable=1
+opcache.enable_cli=1
+opcache.memory_consumption=128
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.revalidate_freq=1
+opcache.save_comments=1
+
+[curl]
+
+[openssl]
diff --git a/roles/nextcloud/templates/nextcloud.conf.httpd.j2 b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
new file mode 100644
index 0000000..ffae130
--- /dev/null
+++ b/roles/nextcloud/templates/nextcloud.conf.httpd.j2
@@ -0,0 +1,87 @@
+# managed by Ansible
+# see: https://x61.sh/log/2023/02/20230217T112354-nextcloud_openbsd.html
+
+
+server "{{ nextcloud__domain_name }}" {
+ listen on * port {{ nextcloud__listen_port }}
+
+ root "/nextcloud"
+
+ hsts max-age 15768000
+
+ # set max upload size
+ connection max request body 537919488
+ connection max requests 1000
+ connection request timeout 3600
+ connection timeout 3600
+ tcp nodelay
+
+ gzip-static
+
+ # deny access to the specified files
+ location "/db_structure.xml" { block }
+ location "/README" { block }
+ location "/config*" { block }
+ location "/build*" { block }
+ location "/tests*" { block }
+ location "/lib*" { block }
+ location "/3rdparty*" { block }
+ location "/templates*" { block }
+ location "/data*" { block }
+ location "/.ht*" { block }
+ location "/.user*" { block }
+ location "/autotest*" { block }
+ location "/occ*" { block }
+ location "/issue*" { block }
+ location "/indie*" { block }
+ location "/db_*" { block }
+ location "/console*" { block }
+
+ location "/core/*" {
+ gzip-static
+ pass
+ }
+
+ location "/apps/*" {
+ gzip-static
+ pass
+ }
+
+ location "/dist/*" {
+ gzip-static
+ pass
+ }
+
+ location "/.well-known/carddav" {
+ block return 301 "/remote.php/dav/"
+ }
+
+ location "/.well-known/caldav" {
+ block return 301 "/remote.php/dav/"
+ }
+
+ location match "/oc[ms]%-provider/*" {
+ directory index index.php
+ pass
+ }
+
+ location "/.well-known/webfinger" {
+ block return 301 "/index.php$REQUEST_URI"
+ }
+
+ location "/.well-known/nodeinfo" {
+ block return 301 "/index.php$REQUEST_URI"
+ }
+
+ location "/.well-known/host-meta" {
+ block return 301 "/public.php?service=host-meta"
+ }
+
+ location "/.well-known/host-meta.json" {
+ block return 301 "/public.php?service=host-meta-json"
+ }
+
+ location "/*.php*" {
+ fastcgi socket "/run/php-fpm.sock"
+ }
+}
diff --git a/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2 b/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2
new file mode 100644
index 0000000..15df079
--- /dev/null
+++ b/roles/nextcloud/templates/var-www-nextcloud-config-custom.config.php.j2
@@ -0,0 +1,4 @@
+<?php
+$CONFIG = array (
+ 'datadirectory' => ((php_sapi_name() == 'cli') ? '/var/www' : '') . '/nextcloud/data',
+);
remember that computers suck.