Add notes and examples for nginx and ugprades.

README.md

@@ -10,33 +10,42 @@ This Ansible Role installs a rootless [Nextcloud](https://github.com/nextcloud/d
 ## Dependencies
 
 * [mariadb](docs/DATABASE.md) (optional)
-* postgresql (optional)
+* [postgresql](docs/POSTGRES.md) (optional)
+* [nginx_conf](docs/examples/nginx_conf.yml) (optional)
 
 ## Role Variables
 
-See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable documentation](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables). For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
+See the role [defaults](defaults/main.yml) and the Nextcloud [environment variable](https://github.com/nextcloud/docker/blob/master/README.md#auto-configuration-via-environment-variables) documentation. For a working example, see this [homelab stack](https://github.com/bleetube/satstack).
 
 ## Example Playbook
 
 ```yaml
 - hosts: nextcloud
+  become: true
   roles:
+    - role: nginxinc.nginx_core.nginx
     - role: fauust.mariadb
-      become: true
     - role: alvistack.podman
-      become: true
+    - role: bleetube.redis
     - role: bleetube.nextcloud
+      become: false
+  tasks:
+    - import_tasks: nginx_conf.yml
 ```
 
-## Example Deployment
+## Upgrades
+
+Configure `nextcloud_version`.
 
 ```bash
-ansible-playbook playbooks/nextcloud.yml
+ansible-playbook playbooks/nextcloud.yml --tags nextcloud
+podman exec -it -u www-data nextcloud /var/www/html/occ app:update --all
+podman exec -it -u www-data nextcloud /var/www/html/occ upgrade
 ```
 
 ## Backups
 
-TODO
+See the [postgres example](docs/examples/postgres-backup.sh).
 
 ## Monitoring
 
@@ -45,6 +54,10 @@ TODO
 ## Resources
 
 * [nextcloud.admin](https://github.com/nextcloud/ansible-collection-nextcloud-admin) collection
+* [Apps](https://apps.nextcloud.com/)
+* [Admin Manual](https://docs.nextcloud.com/server/latest/admin_manual/)
+* [User Manual](https://docs.nextcloud.com/server/latest/user_manual/)
+
 
 ## Thanks
 

docs/POSTGRES.md

@@ -0,0 +1,38 @@
+# Mariadb
+
+This variation of the [original role](https://github.com/Tronde/ansible_role_deploy_nextcloud_with_mariadb_pod) is intended to be composed with another role that sets up the database. Here is an example using [fauust.mariadb](https://github.com/fauust/ansible-role-mariadb)
+
+## Example Playbook
+
+```yaml
+  roles:
+    - fauust.mariadb
+```
+
+## Example Variables
+
+```yaml
+mariadb_databases:
+  - name: nextcloud
+    collation: utf8_general_ci
+    encoding: utf8
+    replicate: false
+
+mariadb_users:
+  - name: nextcloud
+    host: localhost
+    password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
+    priv: "nextcloud.*:ALL"
+    state: present
+  - name: nextcloud
+    host: '%'
+    password: "{{ lookup('ansible.builtin.env', 'NEXTCLOUD_MARIADB') }}"
+    priv: "nextcloud.*:ALL"
+    state: present
+
+mariadb_innodb_raw: |
+    innodb_buffer_pool_size = 512M
+    key_buffer_size = 10M
+    transaction_isolation=READ-COMMITTED
+```
+In this example, there are two users because both `localhost` and `%` (all-hosts wildcard) are [mutually exclusive](https://stackoverflow.com/q/10823854/9290). I am also using environment variables to  separate secret stores from the repository.

docs/examples/nginx_conf.yml

@@ -0,0 +1,34 @@
+---
+# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+- name: Nextcloud | Configure nginx with the template
+  ansible.builtin.template:
+    src: templates/nginx.conf
+    dest: /etc/nginx/nextcloud_template.conf
+
+# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/postgres/fpm/web/nginx.conf
+- name: Nextcloud | Configure nginx to include the template
+  ansible.builtin.import_role:
+    name: nginxinc.nginx_core.nginx_config
+  vars:
+    nginx_config_http_template_enable: true
+    nginx_config_http_template:
+      - template_file: http/default.conf.j2
+        deployment_location: "/etc/nginx/conf.d/nextcloud_{{ inventory_hostname }}.conf"
+        backup: false
+        config:
+          upstreams:
+            - name: php-handler
+              servers:
+                - address: "{{ nextcloud_fpm_upstream }}"
+          servers:
+            - core:
+                listen:
+                  - address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nextcloud_https_port|default(4440) }} ssl"
+                    http2: true
+                include:
+                  - "/etc/nginx/acme_{{ inventory_hostname }}.conf"
+                  - /etc/nginx/nextcloud_template.conf
+          headers:
+            add_headers:
+              - name: X-Real-IP
+                value: $remote_addr

docs/examples/postgres-backup.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+TARGET=example
+TIMESTAMP=$(date +%m-%d-%Y)
+
+# nextcloud files
+rsync --delete-after -ta ${TARGET}:/var/compose/nextcloud $HOME/archive/${TARGET}/
+
+# nextcloud postgresql
+BACKUP_DIR=$HOME/archive/${TARGET}/postgresql
+DUMP_FILE=/var/lib/postgresql/nextcloud_${TIMESTAMP}.dump.bz2
+ssh root@${TARGET} "doas -u postgres /usr/bin/pg_dump -Fc nextcloud | /usr/bin/bzip2 > ${DUMP_FILE}"
+mkdir -p $HOME/archive/${TARGET}/postgresql/
+rsync -tav ${TARGET}:${DUMP_FILE} $HOME/archive/${TARGET}/postgresql/
+ssh root@${TARGET} rm -v ${DUMP_FILE}

tasks/podman.yml

@@ -0,0 +1,26 @@
+---
+- name: Nextcloud | Create volumes
+  containers.podman.podman_volume:
+    state: present
+    name: "{{ item }}"
+    recreate: no
+    debug: no
+  loop: "{{ nextcloud_create_volumes }}"
+
+# https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb/fpm/docker-compose.yml
+- name: Nextcloud | Create container
+  containers.podman.podman_container:
+    debug: no 
+#   conmon_pidfile: "{{ nextcloud_pidfile }}"
+    image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
+    image_strict: yes
+    recreate: yes
+    state: present
+    name: "{{ nextcloud_name }}"
+    env: "{{ nextcloud_config }}"
+    volume: "{{ nextcloud_volumes }}"
+    ports: "{{ nextcloud_ports }}"
+  register: podman_output
+
+- ansible.builtin.debug:
+    var: podman_output

tasks/systemd.yml

@@ -0,0 +1,41 @@
+---
+- name: Nextcloud | Generate systemd unit file for the container(s)
+  containers.podman.podman_generate_systemd:
+    name: nextcloud
+    dest: ~/.config/systemd/user/
+    restart_policy: on-failure
+    restart_sec: 60
+
+- name: Nextcloud | Ensure container(s) are enabled in systemd, but stop it now because we wanted to use "recreate" in the podman_container task before this.
+  ansible.builtin.systemd:
+    name: container-nextcloud
+    scope: user
+    daemon_reload: true
+    state: stopped
+    enabled: true
+
+- name: Nextcloud | Start the container(s) with systemd, so systemd will know the state of the container(s) moving forward.
+  ansible.builtin.systemd:
+    name: container-nextcloud
+    scope: user
+    state: started
+  register: systemd_result
+  until: systemd_result is succeeded
+  retries: 1
+
+- name: Nextcloud | Install systemd timer to run cron jobs
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "~/.config/systemd/user/{{ item }}"
+  loop:
+    - nextcloud-cron.service
+    - nextcloud-cron.timer
+
+- name: Nextcloud | Install systemd timer to run cron jobs
+  ansible.builtin.systemd:
+    name: nextcloud-cron.timer
+    scope: user
+    daemon_reload: true
+    state: started
+    enabled: true
+  tags: test

templates/nextcloud-cron.service.j2

@@ -0,0 +1,6 @@
+[Unit]
+Description=Nextcloud cron.php job
+
+[Service]
+ExecStart=podman exec -u www-data {{ nextcloud_name }} /usr/local/bin/php -f /var/www/html/cron.php
+KillMode=process

templates/nextcloud-cron.timer.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description=Run Nextcloud cron.php every 5 minutes
+
+[Timer]
+OnBootSec=5m
+OnUnitActiveSec=5m
+Unit=nextcloud-cron.service
+
+[Install]
+WantedBy=timers.target