Add notes and examples for nginx and ugprades.
This commit is contained in:
parent
ede0473ede
commit
e46a54800c
27
README.md
27
README.md
@ -10,33 +10,42 @@ This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/d
|
||||
## Dependencies
|
||||
|
||||
* [mariadb](docs/DATABASE.md) (optional)
|
||||
* postgresql (optional)
|
||||
* [postgresql](docs/POSTGRES.md) (optional)
|
||||
* [nginx_conf](docs/examples/nginx_conf.yml) (optional)
|
||||
|
||||
## Role Variables
|
||||
|
||||
See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables). For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
|
||||
See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables) documentation. For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
|
||||
|
||||
## Example Playbook
|
||||
|
||||
```yaml
|
||||
- hosts: nextcloud
|
||||
become: true
|
||||
roles:
|
||||
- role: nginxinc.nginx_core.nginx
|
||||
- role: fauust.mariadb
|
||||
become: true
|
||||
- role: alvistack.podman
|
||||
become: true
|
||||
- role: bleetube.redis
|
||||
- role: bleetube.nextcloud
|
||||
become: false
|
||||
tasks:
|
||||
- import_tasks: nginx_conf.yml
|
||||
```
|
||||
|
||||
## Example Deployment
|
||||
## Upgrades
|
||||
|
||||
Configure `nextcloud_version`.
|
||||
|
||||
```bash
|
||||
ansible-playbook playbooks/nextcloud.yml
|
||||
ansible-playbook playbooks/nextcloud.yml --tags nextcloud
|
||||
podman exec -it -u www-data nextcloud /var/www/html/occ app:update --all
|
||||
podman exec -it -u www-data nextcloud /var/www/html/occ upgrade
|
||||
```
|
||||
|
||||
## Backups
|
||||
|
||||
TODO
|
||||
See the [postgres example](docs/examples/postgres-backup.sh).
|
||||
|
||||
## Monitoring
|
||||
|
||||
@ -45,6 +54,10 @@ TODO
|
||||
## Resources
|
||||
|
||||
* [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
|
||||
* [Apps](https://apps.nextcloud.com/)
|
||||
* [Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/)
|
||||
* [User Manual](https://docs.nextcloud.com/server/latest/user_manual/)
|
||||
|
||||
|
||||
## Thanks
|
||||
|
||||
|
38
docs/POSTGRES.md
Normal file
38
docs/POSTGRES.md
Normal file
@ -0,0 +1,38 @@
|
||||
# Mariadb
|
||||
|
||||
This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb)
|
||||
|
||||
## Example Playbook
|
||||
|
||||
```yaml
|
||||
roles:
|
||||
- fauust.mariadb
|
||||
```
|
||||
|
||||
## Example Variables
|
||||
|
||||
```yaml
|
||||
mariadb_databases:
|
||||
- name: nextcloud
|
||||
collation: utf8_general_ci
|
||||
encoding: utf8
|
||||
replicate: false
|
||||
|
||||
mariadb_users:
|
||||
- name: nextcloud
|
||||
host: localhost
|
||||
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||
priv: "nextcloud.*:ALL"
|
||||
state: present
|
||||
- name: nextcloud
|
||||
host: '%'
|
||||
password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
|
||||
priv: "nextcloud.*:ALL"
|
||||
state: present
|
||||
|
||||
mariadb_innodb_raw: |
|
||||
innodb_buffer_pool_size = 512M
|
||||
key_buffer_size = 10M
|
||||
transaction_isolation=READ-COMMITTED
|
||||
```
|
||||
In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to separate secret stores from the repository.
|
34
docs/examples/nginx_conf.yml
Normal file
34
docs/examples/nginx_conf.yml
Normal file
@ -0,0 +1,34 @@
|
||||
---
|
||||
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
|
||||
- name: Nextcloud | Configure nginx with the template
|
||||
ansible.builtin.template:
|
||||
src: templates/nginx.conf
|
||||
dest: /etc/nginx/nextcloud_template.conf
|
||||
|
||||
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
|
||||
- name: Nextcloud | Configure nginx to include the template
|
||||
ansible.builtin.import_role:
|
||||
name: nginxinc.nginx_core.nginx_config
|
||||
vars:
|
||||
nginx_config_http_template_enable: true
|
||||
nginx_config_http_template:
|
||||
- template_file: http/default.conf.j2
|
||||
deployment_location: "/etc/nginx/conf.d/nextcloud_{{ inventory_hostname }}.conf"
|
||||
backup: false
|
||||
config:
|
||||
upstreams:
|
||||
- name: php-handler
|
||||
servers:
|
||||
- address: "{{ nextcloud_fpm_upstream }}"
|
||||
servers:
|
||||
- core:
|
||||
listen:
|
||||
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nextcloud_https_port|default(4440) }} ssl"
|
||||
http2: true
|
||||
include:
|
||||
- "/etc/nginx/acme_{{ inventory_hostname }}.conf"
|
||||
- /etc/nginx/nextcloud_template.conf
|
||||
headers:
|
||||
add_headers:
|
||||
- name: X-Real-IP
|
||||
value: $remote_addr
|
14
docs/examples/postgres-backup.sh
Executable file
14
docs/examples/postgres-backup.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
TARGET=example
|
||||
TIMESTAMP=$(date +%m-%d-%Y)
|
||||
|
||||
# nextcloud files
|
||||
rsync --delete-after -ta ${TARGET}:/var/compose/nextcloud $HOME/archive/${TARGET}/
|
||||
|
||||
# nextcloud postgresql
|
||||
BACKUP_DIR=$HOME/archive/${TARGET}/postgresql
|
||||
DUMP_FILE=/var/lib/postgresql/nextcloud_${TIMESTAMP}.dump.bz2
|
||||
ssh root@${TARGET} "doas -u postgres /usr/bin/pg_dump -Fc nextcloud | /usr/bin/bzip2 > ${DUMP_FILE}"
|
||||
mkdir -p $HOME/archive/${TARGET}/postgresql/
|
||||
rsync -tav ${TARGET}:${DUMP_FILE} $HOME/archive/${TARGET}/postgresql/
|
||||
ssh root@${TARGET} rm -v ${DUMP_FILE}
|
26
tasks/podman.yml
Normal file
26
tasks/podman.yml
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: Nextcloud | Create volumes
|
||||
containers.podman.podman_volume:
|
||||
state: present
|
||||
name: "{{ item }}"
|
||||
recreate: no
|
||||
debug: no
|
||||
loop: "{{ nextcloud_create_volumes }}"
|
||||
|
||||
# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
|
||||
- name: Nextcloud | Create container
|
||||
containers.podman.podman_container:
|
||||
debug: no
|
||||
# conmon_pidfile: "{{ nextcloud_pidfile }}"
|
||||
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
|
||||
image_strict: yes
|
||||
recreate: yes
|
||||
state: present
|
||||
name: "{{ nextcloud_name }}"
|
||||
env: "{{ nextcloud_config }}"
|
||||
volume: "{{ nextcloud_volumes }}"
|
||||
ports: "{{ nextcloud_ports }}"
|
||||
register: podman_output
|
||||
|
||||
- ansible.builtin.debug:
|
||||
var: podman_output
|
41
tasks/systemd.yml
Normal file
41
tasks/systemd.yml
Normal file
@ -0,0 +1,41 @@
|
||||
---
|
||||
- name: Nextcloud | Generate systemd unit file for the container(s)
|
||||
containers.podman.podman_generate_systemd:
|
||||
name: nextcloud
|
||||
dest: ~/.config/systemd/user/
|
||||
restart_policy: on-failure
|
||||
restart_sec: 60
|
||||
|
||||
- name: Nextcloud | Ensure container(s) are enabled in systemd, but stop it now because we wanted to use "recreate" in the podman_container task before this.
|
||||
ansible.builtin.systemd:
|
||||
name: container-nextcloud
|
||||
scope: user
|
||||
daemon_reload: true
|
||||
state: stopped
|
||||
enabled: true
|
||||
|
||||
- name: Nextcloud | Start the container(s) with systemd, so systemd will know the state of the container(s) moving forward.
|
||||
ansible.builtin.systemd:
|
||||
name: container-nextcloud
|
||||
scope: user
|
||||
state: started
|
||||
register: systemd_result
|
||||
until: systemd_result is succeeded
|
||||
retries: 1
|
||||
|
||||
- name: Nextcloud | Install systemd timer to run cron jobs
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: "~/.config/systemd/user/{{ item }}"
|
||||
loop:
|
||||
- nextcloud-cron.service
|
||||
- nextcloud-cron.timer
|
||||
|
||||
- name: Nextcloud | Install systemd timer to run cron jobs
|
||||
ansible.builtin.systemd:
|
||||
name: nextcloud-cron.timer
|
||||
scope: user
|
||||
daemon_reload: true
|
||||
state: started
|
||||
enabled: true
|
||||
tags: test
|
6
templates/nextcloud-cron.service.j2
Normal file
6
templates/nextcloud-cron.service.j2
Normal file
@ -0,0 +1,6 @@
|
||||
[Unit]
|
||||
Description=Nextcloud cron.php job
|
||||
|
||||
[Service]
|
||||
ExecStart=podman exec -u www-data {{ nextcloud_name }} /usr/local/bin/php -f /var/www/html/cron.php
|
||||
KillMode=process
|
10
templates/nextcloud-cron.timer.j2
Normal file
10
templates/nextcloud-cron.timer.j2
Normal file
@ -0,0 +1,10 @@
|
||||
[Unit]
|
||||
Description=Run Nextcloud cron.php every 5 minutes
|
||||
|
||||
[Timer]
|
||||
OnBootSec=5m
|
||||
OnUnitActiveSec=5m
|
||||
Unit=nextcloud-cron.service
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
Loading…
Reference in New Issue
Block a user