Initialize repo for Nextcloud container role.

README.md

@@ -0,0 +1,59 @@
+# Ansible Role: nextcloud
+
+This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/docker) container using Podman. It is intended to be composed with separate roles for Podman and any database backend such as PostgreSQL or Mariadb.
+
+## Requirements
+
+* [containers.podman](https://github.com/containers/ansible-podman-collections)
+
+## Dependencies
+
+* [podman](docs/PODMAN.md)
+* [mariadb](docs/DATABASE.md) (optional)
+* postgresql (optional)
+
+## Role Variables
+
+```yaml
+nextcloud_config.NEXTCLOUD_ADMIN_USER: adminotaur
+nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_ADMIN') }}"
+nextcloud_config.MYSQL_PASSWORD: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
+```
+
+See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables).
+
+## Example Playbook
+
+```yaml
+- hosts: nextcloud
+  roles:
+    - role: fauust.mariadb
+      become: true
+    - role: alvistack.podman
+      become: true
+    - role: bleetube.nextcloud
+```
+
+## Example Deployment
+
+```bash
+export NEXTCLOUD_ADMIN=$(pass generate -n NEXTCLOUD_ADMIN | tail -n1)
+export NEXTCLOUD_MARIADB=$(pass generate -n NEXTCLOUD_MARIADB | tail -n1)
+ansible-playbook playbooks/nextcloud.yml
+```
+
+## Backups
+
+TODO
+
+## Monitoring
+
+TODO
+
+## Resources
+
+* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
+
+## Thanks
+
+Based on the original role created by [Joerg Kastning](https://www.my-it-brain.de/wordpress/zu-meiner-person/). Thank you!

defaults/main.yml

@@ -0,0 +1,52 @@
+---
+nextcloud_ports:
+  - "{{ nextcloud_fpm_upstream|default(9000) }}:9000"
+
+nextcloud_create_volumes:
+  - nc_html
+  - nc_apps
+  - nc_config
+  - nc_data
+
+nextcloud_volumes:
+  - nc_html:/var/www/html:Z # Main folder, needed for updating
+  - nc_apps:/var/www/html/custom_apps:Z # Volume for installed/modified apps
+  - nc_config:/var/www/html/config:Z # Volume for local configuration
+  - nc_data:/var/www/html/data:Z # Volume for the actual data of Nextcloud
+# - /var/run/postgresql:/var/run/postgresql
+
+# Vars for Nextcloud container
+nextcloud_pidfile: /tmp/nextcloud.pid
+nextcloud_image: docker.io/library/nextcloud
+nextcloud_version: fpm-alpine # https://hub.docker.com/_/nextcloud
+nextcloud_name: nextcloud
+
+# https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables
+nextcloud_config: []
+# NEXTCLOUD_ADMIN_USER: admin
+# NEXTCLOUD_ADMIN_PASSWORD: ""
+# NEXTCLOUD_DATA_DIR: /var/www/html/data
+# NEXTCLOUD_TRUSTED_DOMAINS: ""
+
+# SQLITE_DATABASE: nextcloud
+
+# MYSQL_DATABASE: nextcloud
+# MYSQL_USER: nextcloud
+# MYSQL_PASSWORD: ""
+# MYSQL_HOST: host.containers.internal
+
+# POSTGRES_HOST: /var/run/postgresql
+# POSTGRES_DB: nextcloud
+# POSTGRES_USER: nextcloud
+# POSTGRES_PASSWORD: ""
+
+# REDIS_HOST: host.containers.internal
+
+# SMTP_HOST: ""
+# SMTP_SECURE: ""  # ssl to use SSL, or tls zu use STARTTLS
+# SMTP_PORT: "" # (25, 465 for SSL, 587 for STARTTLS)
+# SMTP_AUTHTYPE: ""
+# SMTP_NAME: ""
+# SMTP_PASSWORD: ""
+# MAIL_FROM_ADDRESS: ""
+# MAIL_DOMAIN: ""

docs/MARIADB.md

@@ -0,0 +1,33 @@
+# Mariadb
+
+This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb)
+
+## Example Playbook
+
+```yaml
+  roles:
+    - fauust.mariadb
+```
+
+## Example Variables
+
+```yaml
+mariadb_databases:
+  - name: nextcloud
+    collation: utf8_general_ci
+    encoding: utf8
+    replicate: false
+
+mariadb_users:
+  - name: nextcloud
+    host: localhost
+    password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
+    priv: "nextcloud.*:ALL"
+    state: present
+  - name: nextcloud
+    host: '%'
+    password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
+    priv: "nextcloud.*:ALL"
+    state: present
+```
+In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to  separate secret stores from the repository.

docs/PODMAN.md

@@ -0,0 +1,18 @@
+# Podman
+
+Example using [alvistack/ansible-role-podman](https://github.com/alvistack/ansible-role-podman):
+
+
+```yaml
+- hosts: podman
+  become: true
+
+  roles:
+    - alvistack.podman
+
+  tasks:
+    - name: "Ensure loginctl enable-linger is set for {{ sysadmin_username }}"
+      command:
+        cmd: "loginctl enable-linger {{ sysadmin_username }}"
+        creates: "/var/lib/systemd/linger/{{ sysadmin_username }}"
+```

meta/main.yml

@@ -0,0 +1 @@
+dependencies: []

tasks/main.yml

@@ -0,0 +1,43 @@
+---
+#- name: Nextcloud | Assert all secrets have been configured.
+#  ansible.builtin.assert:
+#    that:
+#      - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD is defined
+#      - nextcloud_config.NEXTCLOUD_ADMIN_PASSWORD | length > 0
+#    fail_msg: "NEXTCLOUD_ADMIN_PASSWORD is not configured"
+#    quiet: true
+#  no_log: true
+
+- name: Ensure that only one database backend is defined
+  ansible.builtin.assert:
+    that: 
+      - "'{{ [nextcloud_config.SQLITE_DATABASE is defined, 
+                nextcloud_config.POSTGRES_PASSWORD is defined, 
+                nextcloud_config.MYSQL_PASSWORD is defined] 
+                | select('equalto', true) 
+                | list 
+                | count }}' == '1'"
+    fail_msg: "Only one of SQLITE_DATABASE, POSTGRES_PASS or MYSQL_PASSWORD should be defined"
+  no_log: true
+
+- name: Nextcloud | Create volumes
+  containers.podman.podman_volume:
+    state: present
+    name: "{{ item }}"
+    recreate: no
+    debug: no
+  loop: "{{ nextcloud_create_volumes }}"
+
+# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+- name: Nextcloud | Create container
+  containers.podman.podman_container:
+    debug: no 
+    conmon_pidfile: "{{ nextcloud_pidfile }}"
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
+    image_strict: yes
+    recreate: yes
+    state: started
+    name: "{{ nextcloud_name }}"
+    env: "{{ nextcloud_config }}"
+    volume: "{{ nextcloud_volumes }}"
+    ports: "{{ nextcloud_ports }}"

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,6 @@
+---
+- hosts: localhost
+  remote_user: root
+  connection: local
+  roles:
+    - bleetube.nextcloud