Initialize repo for Nextcloud container role.
This commit is contained in:
commit
d4978f44dd
0
.gitignore
vendored
Normal file
0
.gitignore
vendored
Normal file
59
README.md
Normal file
59
README.md
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
# Ansible Role: nextcloud
|
||||||
|
|
||||||
|
This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/docker) container using Podman. It is intended to be composed with separate roles for Podman and any database backend such as PostgreSQL or Mariadb.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
* [containers.podman](https://github.com/containers/ansible-podman-collections)
|
||||||
|
|
||||||
|
## Dependencies
|
||||||
|
|
||||||
|
* [podman](docs/PODMAN.md)
|
||||||
|
* [mariadb](docs/DATABASE.md) (optional)
|
||||||
|
* postgresql (optional)
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
nextcloud_config.NEXTCLOUD_ADMIN_USER: adminotaur
|
||||||
|
nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_ADMIN') }}"
|
||||||
|
nextcloud_config.MYSQL_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||||
|
```
|
||||||
|
|
||||||
|
See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables).
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- hosts: nextcloud
|
||||||
|
roles:
|
||||||
|
- role: fauust.mariadb
|
||||||
|
become: true
|
||||||
|
- role: alvistack.podman
|
||||||
|
become: true
|
||||||
|
- role: bleetube.nextcloud
|
||||||
|
```
|
||||||
|
|
||||||
|
## Example Deployment
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export NEXTCLOUD_ADMIN=$(pass generate -n NEXTCLOUD_ADMIN | tail -n1)
|
||||||
|
export NEXTCLOUD_MARIADB=$(pass generate -n NEXTCLOUD_MARIADB | tail -n1)
|
||||||
|
ansible-playbook playbooks/nextcloud.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
## Backups
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
## Monitoring
|
||||||
|
|
||||||
|
TODO
|
||||||
|
|
||||||
|
## Resources
|
||||||
|
|
||||||
|
* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
|
||||||
|
|
||||||
|
## Thanks
|
||||||
|
|
||||||
|
Based on the original role created by [Joerg Kastning](https://www.my-it-brain.de/wordpress/zu-meiner-person/). Thank you!
|
52
defaults/main.yml
Normal file
52
defaults/main.yml
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
nextcloud_ports:
|
||||||
|
- "{{ nextcloud_fpm_upstream|default(9000) }}:9000"
|
||||||
|
|
||||||
|
nextcloud_create_volumes:
|
||||||
|
- nc_html
|
||||||
|
- nc_apps
|
||||||
|
- nc_config
|
||||||
|
- nc_data
|
||||||
|
|
||||||
|
nextcloud_volumes:
|
||||||
|
- nc_html:/var/www/html:Z # Main folder, needed for updating
|
||||||
|
- nc_apps:/var/www/html/custom_apps:Z # Volume for installed/modified apps
|
||||||
|
- nc_config:/var/www/html/config:Z # Volume for local configuration
|
||||||
|
- nc_data:/var/www/html/data:Z # Volume for the actual data of Nextcloud
|
||||||
|
# - /var/run/postgresql:/var/run/postgresql
|
||||||
|
|
||||||
|
# Vars for Nextcloud container
|
||||||
|
nextcloud_pidfile: /tmp/nextcloud.pid
|
||||||
|
nextcloud_image: docker.io/library/nextcloud
|
||||||
|
nextcloud_version: fpm-alpine # https://hub.docker.com/_/nextcloud
|
||||||
|
nextcloud_name: nextcloud
|
||||||
|
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables
|
||||||
|
nextcloud_config: []
|
||||||
|
# NEXTCLOUD_ADMIN_USER: admin
|
||||||
|
# NEXTCLOUD_ADMIN_PASSWORD: ""
|
||||||
|
# NEXTCLOUD_DATA_DIR: /var/www/html/data
|
||||||
|
# NEXTCLOUD_TRUSTED_DOMAINS: ""
|
||||||
|
|
||||||
|
# SQLITE_DATABASE: nextcloud
|
||||||
|
|
||||||
|
# MYSQL_DATABASE: nextcloud
|
||||||
|
# MYSQL_USER: nextcloud
|
||||||
|
# MYSQL_PASSWORD: ""
|
||||||
|
# MYSQL_HOST: host.containers.internal
|
||||||
|
|
||||||
|
# POSTGRES_HOST: /var/run/postgresql
|
||||||
|
# POSTGRES_DB: nextcloud
|
||||||
|
# POSTGRES_USER: nextcloud
|
||||||
|
# POSTGRES_PASSWORD: ""
|
||||||
|
|
||||||
|
# REDIS_HOST: host.containers.internal
|
||||||
|
|
||||||
|
# SMTP_HOST: ""
|
||||||
|
# SMTP_SECURE: "" # ssl to use SSL, or tls zu use STARTTLS
|
||||||
|
# SMTP_PORT: "" # (25, 465 for SSL, 587 for STARTTLS)
|
||||||
|
# SMTP_AUTHTYPE: ""
|
||||||
|
# SMTP_NAME: ""
|
||||||
|
# SMTP_PASSWORD: ""
|
||||||
|
# MAIL_FROM_ADDRESS: ""
|
||||||
|
# MAIL_DOMAIN: ""
|
33
docs/MARIADB.md
Normal file
33
docs/MARIADB.md
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# Mariadb
|
||||||
|
|
||||||
|
This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb)
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
roles:
|
||||||
|
- fauust.mariadb
|
||||||
|
```
|
||||||
|
|
||||||
|
## Example Variables
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
mariadb_databases:
|
||||||
|
- name: nextcloud
|
||||||
|
collation: utf8_general_ci
|
||||||
|
encoding: utf8
|
||||||
|
replicate: false
|
||||||
|
|
||||||
|
mariadb_users:
|
||||||
|
- name: nextcloud
|
||||||
|
host: localhost
|
||||||
|
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||||
|
priv: "nextcloud.*:ALL"
|
||||||
|
state: present
|
||||||
|
- name: nextcloud
|
||||||
|
host: '%'
|
||||||
|
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||||
|
priv: "nextcloud.*:ALL"
|
||||||
|
state: present
|
||||||
|
```
|
||||||
|
In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to separate secret stores from the repository.
|
18
docs/PODMAN.md
Normal file
18
docs/PODMAN.md
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Podman
|
||||||
|
|
||||||
|
Example using [alvistack/ansible-role-podman](https://github.com/alvistack/ansible-role-podman):
|
||||||
|
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
- hosts: podman
|
||||||
|
become: true
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- alvistack.podman
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: "Ensure loginctl enable-linger is set for {{ sysadmin_username }}"
|
||||||
|
command:
|
||||||
|
cmd: "loginctl enable-linger {{ sysadmin_username }}"
|
||||||
|
creates: "/var/lib/systemd/linger/{{ sysadmin_username }}"
|
||||||
|
```
|
1
meta/main.yml
Normal file
1
meta/main.yml
Normal file
@ -0,0 +1 @@
|
|||||||
|
dependencies: []
|
43
tasks/main.yml
Normal file
43
tasks/main.yml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
#- name: Nextcloud | Assert all secrets have been configured.
|
||||||
|
# ansible.builtin.assert:
|
||||||
|
# that:
|
||||||
|
# - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD is defined
|
||||||
|
# - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD | length > 0
|
||||||
|
# fail_msg: "NEXTCLOUD_ADMIN_PASSWORD is not configured"
|
||||||
|
# quiet: true
|
||||||
|
# no_log: true
|
||||||
|
|
||||||
|
- name: Ensure that only one database backend is defined
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that:
|
||||||
|
- "'{{ [nextcloud_config.SQLITE_DATABASE is defined,
|
||||||
|
nextcloud_config.POSTGRES_PASSWORD is defined,
|
||||||
|
nextcloud_config.MYSQL_PASSWORD is defined]
|
||||||
|
| select('equalto', true)
|
||||||
|
| list
|
||||||
|
| count }}' == '1'"
|
||||||
|
fail_msg: "Only one of SQLITE_DATABASE, POSTGRES_PASS or MYSQL_PASSWORD should be defined"
|
||||||
|
no_log: true
|
||||||
|
|
||||||
|
- name: Nextcloud | Create volumes
|
||||||
|
containers.podman.podman_volume:
|
||||||
|
state: present
|
||||||
|
name: "{{ item }}"
|
||||||
|
recreate: no
|
||||||
|
debug: no
|
||||||
|
loop: "{{ nextcloud_create_volumes }}"
|
||||||
|
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
|
||||||
|
- name: Nextcloud | Create container
|
||||||
|
containers.podman.podman_container:
|
||||||
|
debug: no
|
||||||
|
conmon_pidfile: "{{ nextcloud_pidfile }}"
|
||||||
|
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
|
||||||
|
image_strict: yes
|
||||||
|
recreate: yes
|
||||||
|
state: started
|
||||||
|
name: "{{ nextcloud_name }}"
|
||||||
|
env: "{{ nextcloud_config }}"
|
||||||
|
volume: "{{ nextcloud_volumes }}"
|
||||||
|
ports: "{{ nextcloud_ports }}"
|
2
tests/inventory
Normal file
2
tests/inventory
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
localhost
|
||||||
|
|
6
tests/test.yml
Normal file
6
tests/test.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
connection: local
|
||||||
|
roles:
|
||||||
|
- bleetube.nextcloud
|
Loading…
Reference in New Issue
Block a user