Add notes and examples for nginx and ugprades.
This commit is contained in:
parent
ede0473ede
commit
e46a54800c
27
README.md
27
README.md
@ -10,33 +10,42 @@ This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/d
|
|||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
* [mariadb](docs/DATABASE.md) (optional)
|
* [mariadb](docs/DATABASE.md) (optional)
|
||||||
* postgresql (optional)
|
* [postgresql](docs/POSTGRES.md) (optional)
|
||||||
|
* [nginx_conf](docs/examples/nginx_conf.yml) (optional)
|
||||||
|
|
||||||
## Role Variables
|
## Role Variables
|
||||||
|
|
||||||
See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables). For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
|
See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables) documentation. For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
|
||||||
|
|
||||||
## Example Playbook
|
## Example Playbook
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
- hosts: nextcloud
|
- hosts: nextcloud
|
||||||
|
become: true
|
||||||
roles:
|
roles:
|
||||||
|
- role: nginxinc.nginx_core.nginx
|
||||||
- role: fauust.mariadb
|
- role: fauust.mariadb
|
||||||
become: true
|
|
||||||
- role: alvistack.podman
|
- role: alvistack.podman
|
||||||
become: true
|
- role: bleetube.redis
|
||||||
- role: bleetube.nextcloud
|
- role: bleetube.nextcloud
|
||||||
|
become: false
|
||||||
|
tasks:
|
||||||
|
- import_tasks: nginx_conf.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
## Example Deployment
|
## Upgrades
|
||||||
|
|
||||||
|
Configure `nextcloud_version`.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
ansible-playbook playbooks/nextcloud.yml
|
ansible-playbook playbooks/nextcloud.yml --tags nextcloud
|
||||||
|
podman exec -it -u www-data nextcloud /var/www/html/occ app:update --all
|
||||||
|
podman exec -it -u www-data nextcloud /var/www/html/occ upgrade
|
||||||
```
|
```
|
||||||
|
|
||||||
## Backups
|
## Backups
|
||||||
|
|
||||||
TODO
|
See the [postgres example](docs/examples/postgres-backup.sh).
|
||||||
|
|
||||||
## Monitoring
|
## Monitoring
|
||||||
|
|
||||||
@ -45,6 +54,10 @@ TODO
|
|||||||
## Resources
|
## Resources
|
||||||
|
|
||||||
* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
|
* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
|
||||||
|
* [Apps](https://apps.nextcloud.com/)
|
||||||
|
* [Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/)
|
||||||
|
* [User Manual](https://docs.nextcloud.com/server/latest/user_manual/)
|
||||||
|
|
||||||
|
|
||||||
## Thanks
|
## Thanks
|
||||||
|
|
||||||
|
38
docs/POSTGRES.md
Normal file
38
docs/POSTGRES.md
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
# Mariadb
|
||||||
|
|
||||||
|
This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb)
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
roles:
|
||||||
|
- fauust.mariadb
|
||||||
|
```
|
||||||
|
|
||||||
|
## Example Variables
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
mariadb_databases:
|
||||||
|
- name: nextcloud
|
||||||
|
collation: utf8_general_ci
|
||||||
|
encoding: utf8
|
||||||
|
replicate: false
|
||||||
|
|
||||||
|
mariadb_users:
|
||||||
|
- name: nextcloud
|
||||||
|
host: localhost
|
||||||
|
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||||
|
priv: "nextcloud.*:ALL"
|
||||||
|
state: present
|
||||||
|
- name: nextcloud
|
||||||
|
host: '%'
|
||||||
|
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||||
|
priv: "nextcloud.*:ALL"
|
||||||
|
state: present
|
||||||
|
|
||||||
|
mariadb_innodb_raw: |
|
||||||
|
innodb_buffer_pool_size = 512M
|
||||||
|
key_buffer_size = 10M
|
||||||
|
transaction_isolation=READ-COMMITTED
|
||||||
|
```
|
||||||
|
In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to separate secret stores from the repository.
|
34
docs/examples/nginx_conf.yml
Normal file
34
docs/examples/nginx_conf.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
|
||||||
|
- name: Nextcloud | Configure nginx with the template
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/nginx.conf
|
||||||
|
dest: /etc/nginx/nextcloud_template.conf
|
||||||
|
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
|
||||||
|
- name: Nextcloud | Configure nginx to include the template
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: nginxinc.nginx_core.nginx_config
|
||||||
|
vars:
|
||||||
|
nginx_config_http_template_enable: true
|
||||||
|
nginx_config_http_template:
|
||||||
|
- template_file: http/default.conf.j2
|
||||||
|
deployment_location: "/etc/nginx/conf.d/nextcloud_{{ inventory_hostname }}.conf"
|
||||||
|
backup: false
|
||||||
|
config:
|
||||||
|
upstreams:
|
||||||
|
- name: php-handler
|
||||||
|
servers:
|
||||||
|
- address: "{{ nextcloud_fpm_upstream }}"
|
||||||
|
servers:
|
||||||
|
- core:
|
||||||
|
listen:
|
||||||
|
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nextcloud_https_port|default(4440) }} ssl"
|
||||||
|
http2: true
|
||||||
|
include:
|
||||||
|
- "/etc/nginx/acme_{{ inventory_hostname }}.conf"
|
||||||
|
- /etc/nginx/nextcloud_template.conf
|
||||||
|
headers:
|
||||||
|
add_headers:
|
||||||
|
- name: X-Real-IP
|
||||||
|
value: $remote_addr
|
14
docs/examples/postgres-backup.sh
Executable file
14
docs/examples/postgres-backup.sh
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
TARGET=example
|
||||||
|
TIMESTAMP=$(date +%m-%d-%Y)
|
||||||
|
|
||||||
|
# nextcloud files
|
||||||
|
rsync --delete-after -ta ${TARGET}:/var/compose/nextcloud $HOME/archive/${TARGET}/
|
||||||
|
|
||||||
|
# nextcloud postgresql
|
||||||
|
BACKUP_DIR=$HOME/archive/${TARGET}/postgresql
|
||||||
|
DUMP_FILE=/var/lib/postgresql/nextcloud_${TIMESTAMP}.dump.bz2
|
||||||
|
ssh root@${TARGET} "doas -u postgres /usr/bin/pg_dump -Fc nextcloud | /usr/bin/bzip2 > ${DUMP_FILE}"
|
||||||
|
mkdir -p $HOME/archive/${TARGET}/postgresql/
|
||||||
|
rsync -tav ${TARGET}:${DUMP_FILE} $HOME/archive/${TARGET}/postgresql/
|
||||||
|
ssh root@${TARGET} rm -v ${DUMP_FILE}
|
26
tasks/podman.yml
Normal file
26
tasks/podman.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
- name: Nextcloud | Create volumes
|
||||||
|
containers.podman.podman_volume:
|
||||||
|
state: present
|
||||||
|
name: "{{ item }}"
|
||||||
|
recreate: no
|
||||||
|
debug: no
|
||||||
|
loop: "{{ nextcloud_create_volumes }}"
|
||||||
|
|
||||||
|
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
|
||||||
|
- name: Nextcloud | Create container
|
||||||
|
containers.podman.podman_container:
|
||||||
|
debug: no
|
||||||
|
# conmon_pidfile: "{{ nextcloud_pidfile }}"
|
||||||
|
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
|
||||||
|
image_strict: yes
|
||||||
|
recreate: yes
|
||||||
|
state: present
|
||||||
|
name: "{{ nextcloud_name }}"
|
||||||
|
env: "{{ nextcloud_config }}"
|
||||||
|
volume: "{{ nextcloud_volumes }}"
|
||||||
|
ports: "{{ nextcloud_ports }}"
|
||||||
|
register: podman_output
|
||||||
|
|
||||||
|
- ansible.builtin.debug:
|
||||||
|
var: podman_output
|
41
tasks/systemd.yml
Normal file
41
tasks/systemd.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
---
|
||||||
|
- name: Nextcloud | Generate systemd unit file for the container(s)
|
||||||
|
containers.podman.podman_generate_systemd:
|
||||||
|
name: nextcloud
|
||||||
|
dest: ~/.config/systemd/user/
|
||||||
|
restart_policy: on-failure
|
||||||
|
restart_sec: 60
|
||||||
|
|
||||||
|
- name: Nextcloud | Ensure container(s) are enabled in systemd, but stop it now because we wanted to use "recreate" in the podman_container task before this.
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: container-nextcloud
|
||||||
|
scope: user
|
||||||
|
daemon_reload: true
|
||||||
|
state: stopped
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Nextcloud | Start the container(s) with systemd, so systemd will know the state of the container(s) moving forward.
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: container-nextcloud
|
||||||
|
scope: user
|
||||||
|
state: started
|
||||||
|
register: systemd_result
|
||||||
|
until: systemd_result is succeeded
|
||||||
|
retries: 1
|
||||||
|
|
||||||
|
- name: Nextcloud | Install systemd timer to run cron jobs
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: "{{ item }}.j2"
|
||||||
|
dest: "~/.config/systemd/user/{{ item }}"
|
||||||
|
loop:
|
||||||
|
- nextcloud-cron.service
|
||||||
|
- nextcloud-cron.timer
|
||||||
|
|
||||||
|
- name: Nextcloud | Install systemd timer to run cron jobs
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: nextcloud-cron.timer
|
||||||
|
scope: user
|
||||||
|
daemon_reload: true
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
tags: test
|
6
templates/nextcloud-cron.service.j2
Normal file
6
templates/nextcloud-cron.service.j2
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Nextcloud cron.php job
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=podman exec -u www-data {{ nextcloud_name }} /usr/local/bin/php -f /var/www/html/cron.php
|
||||||
|
KillMode=process
|
10
templates/nextcloud-cron.timer.j2
Normal file
10
templates/nextcloud-cron.timer.j2
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Run Nextcloud cron.php every 5 minutes
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnBootSec=5m
|
||||||
|
OnUnitActiveSec=5m
|
||||||
|
Unit=nextcloud-cron.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
Loading…
Reference in New Issue
Block a user