nextcloud: refactor installation:

- determine appropriate setup procedure depending on whether nextcloud is already installed or not, installed version and current role version - use ansible local fact file to store nextcloud installed version - use temporary extraction directory and replace the old copy with the new one instead of unpacking directly into the documentroot - installation is now idempotent - ensure correct/restrictive permissions are set - nextcloud: move apache configuration steps to separate file, add automatic virtualhost configuration for nextcloud, group previous CSP settings in vhost configuration file - reorder setup procedure (setup apache last) - enable additional php modules https://docs.nextcloud.com/server/16/admin_manual/installation/source_installation.html#apache-web-server-configuration - Note: 'become' is not a valid attribute for a TaskInclude, use include - https://docs.ansible.com/ansible/latest/modules/include_module.html - reload apache instead of restarting when possible - fix Module did not set no_log for update_password (mysql_user) - update documentation, add screenshots - use ansible-vault to manage secret variables by default - templatize nextcloud domain name/install directory/full URL - make app enable/disable task idempotent - nextcloud/server#19514, nextcloud/server#17789 - require manual configuration of nextcloud FQDN - update calendar app to 2.0.2 - https://docs.nextcloud.com/server/16/admin_manual/maintenance/manual_upgrade.html
nodiscc · Jul 14, 2020 · beca18f · beca18f
1 parent c7216dd
commit beca18f
Show file tree

Hide file tree

Showing 9 changed files with 253 additions and 140 deletions.
diff --git a/playbooks/xsrv/host_vars/my.example.org/my.example.org.yml b/playbooks/xsrv/host_vars/my.example.org/my.example.org.yml
@@ -2,6 +2,7 @@
 ### configuration variables for my.example.org
 ### vault_* variables are stored encrypted in my.example.org.vault.yml
 
+
 # administrator/sudo account username/password
 ansible_user: "{{ vault_ansible_user }}"
 ansible_become_pass: "{{ vault_ansible_become_pass }}"
@@ -13,6 +14,7 @@ xsrv_admin_password: "{{ vault_xsrv_admin_password }}"
 
 ##### NEXTCLOUD #####
 # see roles/nextcloud/defaults/main.yml
+nextcloud_fqdn: "cloud.CHANGEME.org"
 nextcloud_user: "{{ xsrv_admin_username }}"
 nextcloud_password: "{{ xsrv_admin_password }}"
 

diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md
@@ -19,6 +19,14 @@ Default installed applications include:
 
 Nextcloud is an alternative to services such as Dropbox, Google Drive/Agenda... See the [comparison page](https://nextcloud.com/compare/).
 
+[![](https://i.imgur.com/kQyXV9S.png)](https://i.imgur.com/nCXJMus.png)
+[![](https://i.imgur.com/lXroRsI.png)](https://i.imgur.com/XlDrlS4.png)
+[![](https://i.imgur.com/cCg6HgB.png)](https://i.imgur.com/iuWdvKG.png)
+[![](https://i.imgur.com/URs7XH5.png)](https://i.imgur.com/V6CR3we.png)
+[![](https://i.imgur.com/0ALCk1W.png)](https://i.imgur.com/qRYPBdU.png)
+[![](https://i.imgur.com/PPVIb6V.png)](https://i.imgur.com/1YaT357.png)
+[![](https://i.imgur.com/Co3DHUr.png)](https://i.imgur.com/Tu1lVHo.png)
+[![](https://i.imgur.com/TJTvqtd.png)](https://i.imgur.com/ztI0rJz.png)
 
 Requirements
 ------------
@@ -35,7 +43,7 @@ See [defaults/main.yml](defaults/main.yml)
 Dependencies
 ------------
 
-The [`lamp`](https://gitlab.com/nodiscc/ansible-xsrv-lamp) role
+The [`lamp`](../lamp/README.md) role
 
 
 Example Playbook
@@ -47,6 +55,13 @@ Example Playbook
     - common
     - lamp
     - nextcloud
+  vars:
+    nextcloud_fqdn: "cloud.CHANGEME.org"
+    nextcloud_user: "CHANGEME"
+
+# ansible-vault edit host_vars/my.example.org/my.example.org.vault.yml
+vault_nextcloud_password: "CHANGEME"
+vault_nextcloud_db_password: "CHANGEME"
 ```
 
 
@@ -78,7 +93,7 @@ Other:
 
 ### Backups
 
-See the included [rsnapshot configuration](templates/etc_rsnapshot.d_nextcloud.conf.j2) for the [backup](https://gitlab.com/nodiscc/ansible-xsrv-backup) role.
+See the included [rsnapshot configuration](templates/etc_rsnapshot.d_nextcloud.conf.j2) for the [backup](../backup/README.md) role.
 
 To restore a backup:
 
@@ -94,10 +109,10 @@ rm -rv /var/nextcloud/data
 
 # Reinstall nextcloud by running the playbook/nextcloud role, then
 # Restore the database
-mysql -u root -p nextcloud < /var/backups/xsrv/daily.0/localhost/var/backups/mysql/nextcloud/nextcloud.sql
+mysql -u root -p nextcloud < /var/backups/rsnapshot/daily.0/localhost/var/backups/mysql/nextcloud/nextcloud.sql
 
 # Restore the data directory
-rsync -avP --delete /var/backups/xsrv/daily.0/localhost/var/nextcloud/data /var/nextcloud/
+rsync -avP --delete /var/backups/rsnapshot/daily.0/localhost/var/nextcloud/data /var/nextcloud/
 
 # Rescan files
 sudo -u www-data /usr/bin/php /var/www/my.example.org/nextcloud/occ files:scan

diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
@@ -3,11 +3,15 @@
 ##### NEXTCLOUD #####
 
 # Nextcloud admin username/password
-# nextcloud_user: "CHANGEME"
-# nextcloud_password: "CHANGEME"
+nextcloud_user: "{{ vault_nextcloud_user }}" # CHANGEME
+nextcloud_password: "{{ vault_nextcloud_password }}" # CHANGEME
 
 # Fully Qualified Domain Name for the nextcloud instance
-nextcloud_fqdn: "{{ inventory_hostname }}"
+# nextcloud_fqdn: "cloud.CHANGEME.org"
+# Nextcloud installation directory (must be under a valid documentroot)
+nextcloud_install_dir: "/var/www/{{ nextcloud_fqdn }}"
+# full public URL of your tt-rss installation (update this if you changed the install location to a subdirectory)
+nextcloud_full_url: "https://{{ nextcloud_fqdn }}/"
 
 # nextcloud data storage directory
 nextcloud_data_dir: "/var/nextcloud/data"
@@ -17,16 +21,14 @@ nextcloud_db_name: "nextcloud"
 nextcloud_db_user: "nextcloud"
 nextcloud_db_table_prefix: "oc_"
 nextcloud_db_host: "localhost"
-nextcloud_db_password: "{{ lookup('password', 'secrets/' + inventory_hostname + '.nextcloud_db_password length=18') }}"
+nextcloud_db_password: "{{ vault_nextcloud_db_password }}" # CHANGEME
 
-# Nextcloud installation directory (must be under a valid documentroot)
-nextcloud_install_dir: "/var/www/{{ nextcloud_fqdn }}/nextcloud"
 
 # Nextcloud and applications versions
 # https://github.com/nextcloud/server/releases.atom, remove leading v
 nextcloud_version: '17.0.2'
 # https://github.com/nextcloud/calendar/releases.atom
-nextcloud_calendar_version: 'v2.0.0'
+nextcloud_calendar_version: 'v2.0.2'
 # https://github.com/nextcloud/contacts/releases.atom
 nextcloud_contacts_version: 'v3.1.7'
 # https://github.com/nextcloud/tasks/releases.atom

diff --git a/roles/nextcloud/tasks/apache.yml b/roles/nextcloud/tasks/apache.yml
@@ -0,0 +1,25 @@
+---
+
+- name: enable apache2 modules
+  command: a2enmod {{ item }}
+  with_items:
+    - 'rewrite'
+    - 'headers'
+    - 'env'
+    - 'dir'
+    - 'mime'
+  args:
+    creates: "/etc/apache2/mods-enabled/{{ item }}.load"
+  notify: reload apache
+
+- name: copy apache2 virtualhost configuration
+  template:
+    src: etc_apache2_sites-available_nextcloud.conf.j2
+    dest: /etc/apache2/sites-available/nextcloud.conf
+  notify: reload apache
+
+- name: enable apache2 virtualhost
+  command: a2ensite nextcloud
+  args:
+    creates: "/etc/apache2/sites-enabled/nextcloud.conf"
+  notify: restart apache
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
@@ -4,3 +4,8 @@
   become: yes
   tags:
     - nextcloud
+
+- include: apache.yml
+  become: yes
+  tags:
+    - nextcloud