Added new role
This commit is contained in:
parent
193eae637f
commit
30d3cf835d
|
@ -2,5 +2,6 @@
|
|||
uberspace_user: yourUberspaceUser
|
||||
domain: domainToService
|
||||
node_version: 12
|
||||
php_version: 7.4
|
||||
mysql_user: yourMysqlUser
|
||||
mysql_password: yourMysqlPassword
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
- name: Set up Nextcloud
|
||||
hosts: uberspace
|
||||
vars_files:
|
||||
- general_vars.yml
|
||||
- nextcloud_vars.yml
|
||||
remote_user: "{{ uberspace_user }}"
|
||||
roles:
|
||||
- nextcloud
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
nextcloud_admin_user: example
|
||||
nextcloud_admin_password: notASafePW
|
|
@ -3,4 +3,5 @@
|
|||
command: supervisorctl reread
|
||||
- name: update supervisorctl
|
||||
command: supervisorctl update
|
||||
|
||||
- name: restart php
|
||||
command: uberspace tools restart php
|
||||
|
|
|
@ -8,3 +8,12 @@
|
|||
- name: update used version
|
||||
command: uberspace tools version use node {{ node_version }}
|
||||
when: used_node.stdout.find(node_version|string) == -1
|
||||
- name: use PHP
|
||||
when: php_version is defined
|
||||
block:
|
||||
- name: check used version
|
||||
command: uberspace tools version show php
|
||||
register: used_php
|
||||
- name: update used version
|
||||
command: uberspace tools version use php {{ php_version }}
|
||||
when: used_php.stdout.find(php_version|string) == -1
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
phone_region: DE
|
||||
use_sendmail: yes
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart notify_push
|
||||
ansible.builtin.command: supervisorctl restart notify_push
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: common
|
||||
- role: redis
|
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- name: install notify_push
|
||||
block:
|
||||
- name: install app
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ app:install notify_push
|
||||
- name: set permissions
|
||||
ansible.builtin.file:
|
||||
path: ~/html/apps/notify_push/x86_64/notify_push
|
||||
mode: 0744
|
||||
- name: create symlink
|
||||
ansible.builtin.file:
|
||||
path: ~/bin/notify_push
|
||||
src: ~/html/apps/notify_push/x86_64/notify_push
|
||||
state: link
|
||||
- name: create service
|
||||
ansible.builtin.template:
|
||||
src: notify_push_service.j2
|
||||
dest: ~/etc/services.d/notify_push.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload supervisorctl
|
||||
- update supervisorctl
|
||||
- name: get backend list
|
||||
ansible.builtin.command: uberspace web backend list
|
||||
register: backends
|
||||
- name: add backend
|
||||
when: backend.stdout.find('http:7867') == -1
|
||||
ansible.builtin.command: uberspace web backend set /push --http --port 7867
|
||||
- name: get ip route
|
||||
ansible.builtin.command: ip route
|
||||
register: ip
|
||||
- name: set trusted proxies
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set trusted_proxies 0 --value="{{ ip.stdout.split().8 }}"
|
||||
- name: configure notify_push app with backend
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ notify_push:setup https://{{ domain }}/push
|
|
@ -0,0 +1,90 @@
|
|||
---
|
||||
- name: configure email
|
||||
when: use_sendmail
|
||||
block:
|
||||
- name: mail_domain
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set mail_domain --value="uber.space"
|
||||
- name: mail_from_address
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set mail_from_address --value="{{ uberspace_user }}"
|
||||
- name: smtp_mode
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set mail_smtpmode --value="sendmail"
|
||||
- name: sendmail_mode
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set mail_sendmailmode --value="pipe"
|
||||
- name: initialize URL rewriting
|
||||
block:
|
||||
- name: rewrite base
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set htaccess.RewriteBase --value='/'
|
||||
- name: update htaccess
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ maintenance:update:htaccess
|
||||
- name: initialize cronjob
|
||||
block:
|
||||
- name: update crontab
|
||||
ansible.builtin.cron:
|
||||
name: nextcloud-cron
|
||||
state: present
|
||||
job: php -f $HOME/html/cron.php > $HOME/logs/nextcloud-cron.log 2>&1
|
||||
minute: */5
|
||||
- name: use cronjob for background
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ background:cron
|
||||
- name: set up redis
|
||||
block:
|
||||
- name: set redis host
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set redis host --value="/home/{{ uberspace_user }}/.redis/sock"
|
||||
- name: set redis port
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set redis port --value=0
|
||||
- name: set redis timeout
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set redis port --value=1.5
|
||||
- name: enable file locking
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set filelocking.enabled --value='true'
|
||||
- name: use Redis for memcache.locking
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set memcache.locking --value='\OC\Memcache\Redis'
|
||||
- name: use Redis for memcache.distributed
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set memcache.distributed --value='\OC\Memcache\Redis'
|
||||
- name: set default phone region
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set default_phone_region --value='{{ phone_region }}'
|
||||
- name: perform database maintenance
|
||||
block:
|
||||
- name: add missing indices
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ db:add-missing-indices --no-interaction
|
||||
- name: add missing columns
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ db:add-missing-columns --no-interaction
|
||||
- name: add missing primary keys
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ db:add-missing-primary-keys --no-interaction
|
||||
- name: convert filecache bigint
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ db:convert-filecache-bigint --no-interaction
|
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
- name: download Nextcloud and extract archive
|
||||
ansible.builtin.unarchive:
|
||||
src: https://download.nextcloud.com/server/releases/latest.tar.bz2
|
||||
dest: ~/
|
||||
remote_src: yes
|
||||
creates: ~/nextcloud
|
||||
register: nextcloud_archive
|
||||
- name: copy files to web root
|
||||
ansible.builtin.copy:
|
||||
src: ~/nextcloud/
|
||||
dest: ~/html
|
||||
remote_src: yes
|
||||
- name: remove nocontent.html
|
||||
ansible.builtin.file:
|
||||
path: ~/html/nocontent.html
|
||||
state: absent
|
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- include: php.yml
|
||||
- include: download.yml
|
||||
- include: mysql.yml
|
||||
- include: setup.yml
|
||||
- include: config.yml
|
||||
- include: apps.yml
|
||||
- include: prepare_updates.yml
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: create MySQL database
|
||||
community.mysql.mysql_db:
|
||||
name: {{ uberspace_user }}_nextcloud
|
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- name: enable PHP opcache
|
||||
ansible.builtin.template:
|
||||
src: opcache.j2
|
||||
dest: ~/etc/php.d/opcache.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart php
|
||||
- name: enable PHP APCu
|
||||
ansible.builtin.template:
|
||||
src: apcu.j2
|
||||
dest: ~/etc/php.d/apcu.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart php
|
||||
- name: set PHP memory limit to 512 MB
|
||||
ansible.builtin.template:
|
||||
src: memory_limit.j2
|
||||
dest: ~/etc/php.d/memory_limit.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart php
|
||||
- name: disable PHP output buffering
|
||||
ansible.builtin.template:
|
||||
src: output_buffering.j2
|
||||
dest: ~/etc/php.d/output_buffering.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart php
|
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
- name: create update script
|
||||
ansible.builtin.template:
|
||||
src: update.j2
|
||||
dest: ~/bin/nextcloud-update
|
||||
mode: 0744
|
||||
- name: create cronjob for updates
|
||||
ansible.builtin.cron:
|
||||
name: nextcloud-update
|
||||
state: present
|
||||
job: $HOME/bin/nextcloud-update > $HOME/logs/nextcloud-update.log 2>&1
|
||||
special_time: daily
|
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: run installation script
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ maintenance:install --admin-user "{{ nextcloud_admin_user }}" --admin-pass "{{ nextcloud_admin_password }}" --database 'mysql' --database-name "{{ uberspace_user }}_nextcloud" --database-user "{{ uberspace_user }}" --database-pass "{{ mysql_password }}" --data-dir "/home/{{ uberspace_user }}/nextcloud_data"
|
||||
creates: ~/nextcloud_data
|
||||
- name: set domain as trusted
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set trusted_domains 0 --value="{{ domain }}"
|
||||
- name: set domain as overwrite cli url
|
||||
ansible.builtin.command:
|
||||
chdir: ~/html
|
||||
cmd: php occ config:system:set overwrite.cli.url --value="https://{{ domain }}"
|
||||
- name: create symlinks for logs
|
||||
block:
|
||||
- name: symlink for nextcloud log
|
||||
ansible.builtin.file:
|
||||
path: ~/logs/nextcloud.log
|
||||
src: ~/nextcloud_data/nextcloud.log
|
||||
state: link
|
||||
- name: symlink for nextcloud updater log
|
||||
ansible.builtin.file:
|
||||
path: ~/logs/nextcloud-updater.log
|
||||
src: ~/nextcloud_data/updater.log
|
||||
state: link
|
|
@ -0,0 +1 @@
|
|||
apc.enable_cli=1
|
|
@ -0,0 +1 @@
|
|||
memory_limit=512M
|
|
@ -0,0 +1,4 @@
|
|||
[program:notify_push]
|
||||
command=notify_push %(ENV_HOME)s/html/config/config.php
|
||||
autostart=yes
|
||||
autorestart=yes
|
|
@ -0,0 +1,7 @@
|
|||
opcache.enable=1
|
||||
opcache.enable_cli=1
|
||||
opcache.interned_strings_buffer=8
|
||||
opcache.max_accelerated_files=10000
|
||||
opcache.memory_consumption=128
|
||||
opcache.save_comments=1
|
||||
opcache.revalidate_freq=1
|
|
@ -0,0 +1 @@
|
|||
output_buffering=off
|
|
@ -0,0 +1,23 @@
|
|||
#!/usr/bin/env bash
|
||||
## Updater automatically works in maintenance:mode.
|
||||
## Use the Uberspace backup system for files and database if you need to roll back.
|
||||
## The Nextcloud updater creates backups only to safe base and app code data and config files
|
||||
## so it takes ressources you might need for your productive data.
|
||||
## Deactivate NC-updater Backups with --no-backup (works from 19.0.4, 18.0.10 and 17.0.10)
|
||||
php ~/html/updater/updater.phar -vv --no-backup --no-interaction
|
||||
|
||||
## re-enable maintenance mode for occ commands
|
||||
php ~/html/occ maintenance:mode --on
|
||||
|
||||
## database optimisations
|
||||
php ~/html/occ db:add-missing-primary-keys --no-interaction
|
||||
php ~/html/occ db:add-missing-columns --no-interaction
|
||||
php ~/html/occ db:add-missing-indices --no-interaction
|
||||
php ~/html/occ db:convert-filecache-bigint --no-interaction
|
||||
|
||||
php ~/html/occ app:update --all
|
||||
php ~/html/occ maintenance:mode --off
|
||||
/usr/sbin/restorecon -R ~/html
|
||||
|
||||
## If you have set up the notify_push service uncomment the following line by removing the #
|
||||
supervisorctl restart notify_push
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- role: common
|
|
@ -0,0 +1,18 @@
|
|||
---
|
||||
- name: create redis directory
|
||||
ansible.builtin.file:
|
||||
path: ~/.redis
|
||||
state: directory
|
||||
- name: create config file
|
||||
ansible.builtin.template:
|
||||
src: config.j2
|
||||
dest: ~/.redis/config
|
||||
mode: 0644
|
||||
- name: create service configuration
|
||||
ansible.builtin.template:
|
||||
src: redis_service.j2
|
||||
dest: ~/etc/services.d/redis.ini
|
||||
mode: 0644
|
||||
notify:
|
||||
- reload supervisorctl
|
||||
- update supervisorctl
|
|
@ -0,0 +1,4 @@
|
|||
unixsocket /home/{{ uberspace_user }}/.redis/sock
|
||||
daemonize no
|
||||
port 0
|
||||
save ""
|
|
@ -0,0 +1,5 @@
|
|||
[program:redis]
|
||||
command=redis-server %(ENV_HOME)s/.redis/conf
|
||||
directory=%(ENV_HOME)s/.redis
|
||||
autostart=yes
|
||||
autorestart=yes
|
Loading…
Reference in New Issue