Added new role

This commit is contained in:
Jim Martens 2021-11-02 21:48:41 +01:00
parent 193eae637f
commit 30d3cf835d
26 changed files with 328 additions and 1 deletions

View File

@ -2,5 +2,6 @@
uberspace_user: yourUberspaceUser
domain: domainToService
node_version: 12
php_version: 7.4
mysql_user: yourMysqlUser
mysql_password: yourMysqlPassword

9
nextcloud.yml Normal file
View File

@ -0,0 +1,9 @@
---
- name: Set up Nextcloud
hosts: uberspace
vars_files:
- general_vars.yml
- nextcloud_vars.yml
remote_user: "{{ uberspace_user }}"
roles:
- nextcloud

View File

@ -0,0 +1,3 @@
---
nextcloud_admin_user: example
nextcloud_admin_password: notASafePW

View File

@ -3,4 +3,5 @@
command: supervisorctl reread
- name: update supervisorctl
command: supervisorctl update
- name: restart php
command: uberspace tools restart php

View File

@ -8,3 +8,12 @@
- name: update used version
command: uberspace tools version use node {{ node_version }}
when: used_node.stdout.find(node_version|string) == -1
- name: use PHP
when: php_version is defined
block:
- name: check used version
command: uberspace tools version show php
register: used_php
- name: update used version
command: uberspace tools version use php {{ php_version }}
when: used_php.stdout.find(php_version|string) == -1

View File

@ -0,0 +1,3 @@
---
phone_region: DE
use_sendmail: yes

View File

@ -0,0 +1,3 @@
---
- name: restart notify_push
ansible.builtin.command: supervisorctl restart notify_push

View File

@ -0,0 +1,4 @@
---
dependencies:
- role: common
- role: redis

View File

@ -0,0 +1,41 @@
---
- name: install notify_push
block:
- name: install app
ansible.builtin.command:
chdir: ~/html
cmd: php occ app:install notify_push
- name: set permissions
ansible.builtin.file:
path: ~/html/apps/notify_push/x86_64/notify_push
mode: 0744
- name: create symlink
ansible.builtin.file:
path: ~/bin/notify_push
src: ~/html/apps/notify_push/x86_64/notify_push
state: link
- name: create service
ansible.builtin.template:
src: notify_push_service.j2
dest: ~/etc/services.d/notify_push.ini
mode: 0644
notify:
- reload supervisorctl
- update supervisorctl
- name: get backend list
ansible.builtin.command: uberspace web backend list
register: backends
- name: add backend
when: backend.stdout.find('http:7867') == -1
ansible.builtin.command: uberspace web backend set /push --http --port 7867
- name: get ip route
ansible.builtin.command: ip route
register: ip
- name: set trusted proxies
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set trusted_proxies 0 --value="{{ ip.stdout.split().8 }}"
- name: configure notify_push app with backend
ansible.builtin.command:
chdir: ~/html
cmd: php occ notify_push:setup https://{{ domain }}/push

View File

@ -0,0 +1,90 @@
---
- name: configure email
when: use_sendmail
block:
- name: mail_domain
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set mail_domain --value="uber.space"
- name: mail_from_address
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set mail_from_address --value="{{ uberspace_user }}"
- name: smtp_mode
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set mail_smtpmode --value="sendmail"
- name: sendmail_mode
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set mail_sendmailmode --value="pipe"
- name: initialize URL rewriting
block:
- name: rewrite base
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set htaccess.RewriteBase --value='/'
- name: update htaccess
ansible.builtin.command:
chdir: ~/html
cmd: php occ maintenance:update:htaccess
- name: initialize cronjob
block:
- name: update crontab
ansible.builtin.cron:
name: nextcloud-cron
state: present
job: php -f $HOME/html/cron.php > $HOME/logs/nextcloud-cron.log 2>&1
minute: */5
- name: use cronjob for background
ansible.builtin.command:
chdir: ~/html
cmd: php occ background:cron
- name: set up redis
block:
- name: set redis host
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set redis host --value="/home/{{ uberspace_user }}/.redis/sock"
- name: set redis port
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set redis port --value=0
- name: set redis timeout
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set redis port --value=1.5
- name: enable file locking
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set filelocking.enabled --value='true'
- name: use Redis for memcache.locking
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
- name: use Redis for memcache.distributed
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
- name: set default phone region
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set default_phone_region --value='{{ phone_region }}'
- name: perform database maintenance
block:
- name: add missing indices
ansible.builtin.command:
chdir: ~/html
cmd: php occ db:add-missing-indices --no-interaction
- name: add missing columns
ansible.builtin.command:
chdir: ~/html
cmd: php occ db:add-missing-columns --no-interaction
- name: add missing primary keys
ansible.builtin.command:
chdir: ~/html
cmd: php occ db:add-missing-primary-keys --no-interaction
- name: convert filecache bigint
ansible.builtin.command:
chdir: ~/html
cmd: php occ db:convert-filecache-bigint --no-interaction

View File

@ -0,0 +1,17 @@
---
- name: download Nextcloud and extract archive
ansible.builtin.unarchive:
src: https://download.nextcloud.com/server/releases/latest.tar.bz2
dest: ~/
remote_src: yes
creates: ~/nextcloud
register: nextcloud_archive
- name: copy files to web root
ansible.builtin.copy:
src: ~/nextcloud/
dest: ~/html
remote_src: yes
- name: remove nocontent.html
ansible.builtin.file:
path: ~/html/nocontent.html
state: absent

View File

@ -0,0 +1,8 @@
---
- include: php.yml
- include: download.yml
- include: mysql.yml
- include: setup.yml
- include: config.yml
- include: apps.yml
- include: prepare_updates.yml

View File

@ -0,0 +1,4 @@
---
- name: create MySQL database
community.mysql.mysql_db:
name: {{ uberspace_user }}_nextcloud

View File

@ -0,0 +1,29 @@
---
- name: enable PHP opcache
ansible.builtin.template:
src: opcache.j2
dest: ~/etc/php.d/opcache.ini
mode: 0644
notify:
- restart php
- name: enable PHP APCu
ansible.builtin.template:
src: apcu.j2
dest: ~/etc/php.d/apcu.ini
mode: 0644
notify:
- restart php
- name: set PHP memory limit to 512 MB
ansible.builtin.template:
src: memory_limit.j2
dest: ~/etc/php.d/memory_limit.ini
mode: 0644
notify:
- restart php
- name: disable PHP output buffering
ansible.builtin.template:
src: output_buffering.j2
dest: ~/etc/php.d/output_buffering.ini
mode: 0644
notify:
- restart php

View File

@ -0,0 +1,12 @@
---
- name: create update script
ansible.builtin.template:
src: update.j2
dest: ~/bin/nextcloud-update
mode: 0744
- name: create cronjob for updates
ansible.builtin.cron:
name: nextcloud-update
state: present
job: $HOME/bin/nextcloud-update > $HOME/logs/nextcloud-update.log 2>&1
special_time: daily

View File

@ -0,0 +1,26 @@
---
- name: run installation script
ansible.builtin.command:
chdir: ~/html
cmd: php occ maintenance:install --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_password }}" --database 'mysql' --database-name "{{ uberspace_user }}_nextcloud" --database-user "{{ uberspace_user }}" --database-pass "{{ mysql_password }}" --data-dir "/home/{{ uberspace_user }}/nextcloud_data"
creates: ~/nextcloud_data
- name: set domain as trusted
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set trusted_domains 0 --value="{{ domain }}"
- name: set domain as overwrite cli url
ansible.builtin.command:
chdir: ~/html
cmd: php occ config:system:set overwrite.cli.url --value="https://{{ domain }}"
- name: create symlinks for logs
block:
- name: symlink for nextcloud log
ansible.builtin.file:
path: ~/logs/nextcloud.log
src: ~/nextcloud_data/nextcloud.log
state: link
- name: symlink for nextcloud updater log
ansible.builtin.file:
path: ~/logs/nextcloud-updater.log
src: ~/nextcloud_data/updater.log
state: link

View File

@ -0,0 +1 @@
apc.enable_cli=1

View File

@ -0,0 +1 @@
memory_limit=512M

View File

@ -0,0 +1,4 @@
[program:notify_push]
command=notify_push %(ENV_HOME)s/html/config/config.php
autostart=yes
autorestart=yes

View File

@ -0,0 +1,7 @@
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

View File

@ -0,0 +1 @@
output_buffering=off

View File

@ -0,0 +1,23 @@
#!/usr/bin/env bash
## Updater automatically works in maintenance:mode.
## Use the Uberspace backup system for files and database if you need to roll back.
## The Nextcloud updater creates backups only to safe base and app code data and config files
## so it takes ressources you might need for your productive data.
## Deactivate NC-updater Backups with --no-backup (works from 19.0.4, 18.0.10 and 17.0.10)
php ~/html/updater/updater.phar -vv --no-backup --no-interaction
## re-enable maintenance mode for occ commands
php ~/html/occ maintenance:mode --on
## database optimisations
php ~/html/occ db:add-missing-primary-keys --no-interaction
php ~/html/occ db:add-missing-columns --no-interaction
php ~/html/occ db:add-missing-indices --no-interaction
php ~/html/occ db:convert-filecache-bigint --no-interaction
php ~/html/occ app:update --all
php ~/html/occ maintenance:mode --off
/usr/sbin/restorecon -R ~/html
## If you have set up the notify_push service uncomment the following line by removing the #
supervisorctl restart notify_push

View File

@ -0,0 +1,3 @@
---
dependencies:
- role: common

View File

@ -0,0 +1,18 @@
---
- name: create redis directory
ansible.builtin.file:
path: ~/.redis
state: directory
- name: create config file
ansible.builtin.template:
src: config.j2
dest: ~/.redis/config
mode: 0644
- name: create service configuration
ansible.builtin.template:
src: redis_service.j2
dest: ~/etc/services.d/redis.ini
mode: 0644
notify:
- reload supervisorctl
- update supervisorctl

View File

@ -0,0 +1,4 @@
unixsocket /home/{{ uberspace_user }}/.redis/sock
daemonize no
port 0
save ""

View File

@ -0,0 +1,5 @@
[program:redis]
command=redis-server %(ENV_HOME)s/.redis/conf
directory=%(ENV_HOME)s/.redis
autostart=yes
autorestart=yes