commit d4978f44ddc32f0a2021a4f842f993fb860c19e2 Author: Brian Lee Date: Fri Jul 14 07:56:23 2023 -0700 Initialize repo for Nextcloud container role. diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md new file mode 100644 index 0000000..198d4dd --- /dev/null +++ b/README.md @@ -0,0 +1,59 @@ +# Ansible Role: nextcloud + +This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/docker) container using Podman. It is intended to be composed with separate roles for Podman and any database backend such as PostgreSQL or Mariadb. + +## Requirements + +* [containers.podman](https://github.com/containers/ansible-podman-collections) + +## Dependencies + +* [podman](docs/PODMAN.md) +* [mariadb](docs/DATABASE.md) (optional) +* postgresql (optional) + +## Role Variables + +```yaml +nextcloud_config.NEXTCLOUD_ADMIN_USER: adminotaur +nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_ADMIN') }}" +nextcloud_config.MYSQL_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}" +``` + +See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables). + +## Example Playbook + +```yaml +- hosts: nextcloud + roles: + - role: fauust.mariadb + become: true + - role: alvistack.podman + become: true + - role: bleetube.nextcloud +``` + +## Example Deployment + +```bash +export NEXTCLOUD_ADMIN=$(pass generate -n NEXTCLOUD_ADMIN | tail -n1) +export NEXTCLOUD_MARIADB=$(pass generate -n NEXTCLOUD_MARIADB | tail -n1) +ansible-playbook playbooks/nextcloud.yml +``` + +## Backups + +TODO + +## Monitoring + +TODO + +## Resources + +* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection + +## Thanks + +Based on the original role created by [Joerg Kastning](https://www.my-it-brain.de/wordpress/zu-meiner-person/). Thank you! \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..0204069 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,52 @@ +--- +nextcloud_ports: + - "{{ nextcloud_fpm_upstream|default(9000) }}:9000" + +nextcloud_create_volumes: + - nc_html + - nc_apps + - nc_config + - nc_data + +nextcloud_volumes: + - nc_html:/var/www/html:Z # Main folder, needed for updating + - nc_apps:/var/www/html/custom_apps:Z # Volume for installed/modified apps + - nc_config:/var/www/html/config:Z # Volume for local configuration + - nc_data:/var/www/html/data:Z # Volume for the actual data of Nextcloud +# - /var/run/postgresql:/var/run/postgresql + +# Vars for Nextcloud container +nextcloud_pidfile: /tmp/nextcloud.pid +nextcloud_image: docker.io/library/nextcloud +nextcloud_version: fpm-alpine # https://hub.docker.com/_/nextcloud +nextcloud_name: nextcloud + +# https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables +nextcloud_config: [] +# NEXTCLOUD_ADMIN_USER: admin +# NEXTCLOUD_ADMIN_PASSWORD: "" +# NEXTCLOUD_DATA_DIR: /var/www/html/data +# NEXTCLOUD_TRUSTED_DOMAINS: "" + +# SQLITE_DATABASE: nextcloud + +# MYSQL_DATABASE: nextcloud +# MYSQL_USER: nextcloud +# MYSQL_PASSWORD: "" +# MYSQL_HOST: host.containers.internal + +# POSTGRES_HOST: /var/run/postgresql +# POSTGRES_DB: nextcloud +# POSTGRES_USER: nextcloud +# POSTGRES_PASSWORD: "" + +# REDIS_HOST: host.containers.internal + +# SMTP_HOST: "" +# SMTP_SECURE: "" # ssl to use SSL, or tls zu use STARTTLS +# SMTP_PORT: "" # (25, 465 for SSL, 587 for STARTTLS) +# SMTP_AUTHTYPE: "" +# SMTP_NAME: "" +# SMTP_PASSWORD: "" +# MAIL_FROM_ADDRESS: "" +# MAIL_DOMAIN: "" \ No newline at end of file diff --git a/docs/MARIADB.md b/docs/MARIADB.md new file mode 100644 index 0000000..0c59cc6 --- /dev/null +++ b/docs/MARIADB.md @@ -0,0 +1,33 @@ +# Mariadb + +This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb) + +## Example Playbook + +```yaml + roles: + - fauust.mariadb +``` + +## Example Variables + +```yaml +mariadb_databases: + - name: nextcloud + collation: utf8_general_ci + encoding: utf8 + replicate: false + +mariadb_users: + - name: nextcloud + host: localhost + password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}" + priv: "nextcloud.*:ALL" + state: present + - name: nextcloud + host: '%' + password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}" + priv: "nextcloud.*:ALL" + state: present +``` +In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to separate secret stores from the repository. \ No newline at end of file diff --git a/docs/PODMAN.md b/docs/PODMAN.md new file mode 100644 index 0000000..f644338 --- /dev/null +++ b/docs/PODMAN.md @@ -0,0 +1,18 @@ +# Podman + +Example using [alvistack/ansible-role-podman](https://github.com/alvistack/ansible-role-podman): + + +```yaml +- hosts: podman + become: true + + roles: + - alvistack.podman + + tasks: + - name: "Ensure loginctl enable-linger is set for {{ sysadmin_username }}" + command: + cmd: "loginctl enable-linger {{ sysadmin_username }}" + creates: "/var/lib/systemd/linger/{{ sysadmin_username }}" +``` \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..5514b6a --- /dev/null +++ b/meta/main.yml @@ -0,0 +1 @@ +dependencies: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..b21edb9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,43 @@ +--- +#- name: Nextcloud | Assert all secrets have been configured. +# ansible.builtin.assert: +# that: +# - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD is defined +# - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD | length > 0 +# fail_msg: "NEXTCLOUD_ADMIN_PASSWORD is not configured" +# quiet: true +# no_log: true + +- name: Ensure that only one database backend is defined + ansible.builtin.assert: + that: + - "'{{ [nextcloud_config.SQLITE_DATABASE is defined, + nextcloud_config.POSTGRES_PASSWORD is defined, + nextcloud_config.MYSQL_PASSWORD is defined] + | select('equalto', true) + | list + | count }}' == '1'" + fail_msg: "Only one of SQLITE_DATABASE, POSTGRES_PASS or MYSQL_PASSWORD should be defined" + no_log: true + +- name: Nextcloud | Create volumes + containers.podman.podman_volume: + state: present + name: "{{ item }}" + recreate: no + debug: no + loop: "{{ nextcloud_create_volumes }}" + +# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml +- name: Nextcloud | Create container + containers.podman.podman_container: + debug: no + conmon_pidfile: "{{ nextcloud_pidfile }}" + image: "{{ nextcloud_image }}:{{ nextcloud_version }}" + image_strict: yes + recreate: yes + state: started + name: "{{ nextcloud_name }}" + env: "{{ nextcloud_config }}" + volume: "{{ nextcloud_volumes }}" + ports: "{{ nextcloud_ports }}" \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..35aa48e --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,6 @@ +--- +- hosts: localhost + remote_user: root + connection: local + roles: + - bleetube.nextcloud