diff --git a/README b/README
index e3506a9..490c984 100644
--- a/README
+++ b/README
@@ -63,7 +63,7 @@ Kerberox
• run ansible:
ssh-copy-id ansible@1.2.3.4
- ansible-playbook installbox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
+ ansible-playbook kerberox.yml -v --become --ask-become-pass -u ansible -i 1.2.3.4,
Kerberox and installbox provide a local ansible configuration space
which can be used to install clients and/or to check/modify the local
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 0000000..4b8122f
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,6 @@
+db_nextcloud_pwd: "{{ lookup('password', '/tmp/db-nextcloud.pwd length=24') }}"
+nc_admin_pwd: "{{ lookup('password', '/tmp/nc-admin.pwd length=24') }}"
+nc_admin_pwd_file: "/root/nc-admin.pwd"
+www_root: "/var/www"
+nc_dir: "{{ www_root }}/nextcloud"
+data_dir: "/var/nc-data"
diff --git a/roles/nextcloud/files/krb5-nextcloud.conf b/roles/nextcloud/files/krb5-nextcloud.conf
new file mode 100644
index 0000000..3b84912
--- /dev/null
+++ b/roles/nextcloud/files/krb5-nextcloud.conf
@@ -0,0 +1,27 @@
+Alias /nextcloud "/var/www/nextcloud/"
+
+
+ AuthType GSSAPI
+ AuthName "Login to NextCloud"
+ GssapiAllowedMech krb5
+ GssapiLocalName On
+ GssapiCredStore keytab:/etc/krb5.keytab.http
+ GssapiUseSessions On
+ GssapiNegotiateOnce On
+ GssapiBasicAuth On
+ require valid-user
+
+
+
+ Require all granted
+ Options FollowSymlinks MultiViews
+ AllowOverride All
+
+
+ Dav off
+
+
+ SetEnv HOME /var/www/nextcloud
+ SetEnv HTTP_HOME /var/www/nextcloud
+
+
diff --git a/roles/nextcloud/files/nextcloud.conf b/roles/nextcloud/files/nextcloud.conf
new file mode 100644
index 0000000..8996eac
--- /dev/null
+++ b/roles/nextcloud/files/nextcloud.conf
@@ -0,0 +1,15 @@
+Alias /nextcloud "/var/www/nextcloud/"
+
+
+ Require all granted
+ Options FollowSymlinks MultiViews
+ AllowOverride All
+
+
+ Dav off
+
+
+ SetEnv HOME /var/www/nextcloud
+ SetEnv HTTP_HOME /var/www/nextcloud
+
+
diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml
new file mode 100644
index 0000000..9d2f7c6
--- /dev/null
+++ b/roles/nextcloud/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: restart apache2
+ systemd:
+ name: apache2
+ state: restarted
+ listen: "restart apache2"
+
+- name: restart php-fpm
+ systemd:
+ name: php{{ php_ver.stdout }}-fpm
+ state: restarted
+ listen: "restart php-fpm"
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..d88f095
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,151 @@
+## Install and configure nextcloud
+
+- name: install apache, php- and db-packages
+ apt:
+ name:
+ - apache2
+ - mariadb-server
+ - python3-pymysql
+ - php-apcu
+ - php-fpm
+ - php-curl
+ - php-gd
+ - php-imagick
+ - php-intl
+ - php-json
+ - php-ldap
+ - php-mbstring
+ - php-mysql
+ - php-xml
+ - php-zip
+ state: latest
+
+- name: disable apache modules
+ apache2_module:
+ state: absent
+ name: "{{ item }}"
+ with_items:
+ - mpm_prefork
+ - mpm_worker
+ notify: "restart apache2"
+
+- name: enable apache modules
+ apache2_module:
+ name: "{{ item }}"
+ with_items:
+ - proxy_fcgi
+ - mpm_event
+ - ssl
+ - http2
+ notify: "restart apache2"
+
+- name: find php version
+ shell: ls /etc/php/ | sort | tail -1
+ register: php_ver
+ changed_when: False
+
+- name: enable php-fpm conf
+ command: a2enconf php{{ php_ver.stdout }}-fpm
+ args:
+ creates: /etc/apache2/conf-enabled/php{{ php_ver.stdout }}-fpm.conf
+ notify: "restart apache2"
+
+- name: tune php-fpm
+ replace:
+ dest: /etc/php/{{ php_ver.stdout }}/fpm/pool.d/www.conf
+ regexp: "{{ item.regex }}"
+ replace: "{{ item.replace }}"
+ with_items:
+ - { regex: "^pm.max_children = .*$", replace: "pm.max_children = 120" }
+ - { regex: "^pm.start_servers = .*$", replace: "pm.start_servers = 12" }
+ - { regex: "^pm.min_spare_servers = .*$", replace: "pm.min_spare_servers = 6" }
+ - { regex: "^pm.max_spare_servers = .*$", replace: "pm.max_spare_servers = 18" }
+ notify: "restart php-fpm"
+
+- name: increase php memory limit
+ replace:
+ dest: "/etc/php/{{ php_ver.stdout }}/fpm/php.ini"
+ regexp: "^memory_limit = .*"
+ replace: "memory_limit = 512M"
+ notify: "restart apache2"
+
+- name: provide nextcloud site
+ copy:
+ src: nextcloud.conf
+ dest: /etc/apache2/sites-available/nextcloud.conf
+
+- name: enable https
+ command: a2ensite default-ssl.conf
+ args:
+ creates: /etc/apache2/sites-enabled/default-ssl.conf
+ notify: "restart apache2"
+
+- name: enable nextcloud site
+ command: a2ensite nextcloud.conf
+ args:
+ creates: /etc/apache2/sites-enabled/nextcloud.conf
+ notify: "restart apache2"
+
+- name: create a new database with name 'nextcloud'
+ mysql_db:
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+ name: nextcloud
+ state: present
+
+- name: create database user 'nextcloud'
+ mysql_user:
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+ name: nextcloud
+ password: "{{ db_nextcloud_pwd }}"
+ priv: 'nextcloud.*:ALL'
+ state: present
+
+- name: unpack nextcloud archive
+ unarchive:
+ src: nextcloud.tar.bz2
+ dest: "{{ www_root }}"
+ owner: www-data
+ group: www-data
+ creates: "{{ nc_dir }}"
+
+- name: make sure data directory exists
+ file:
+ path: "{{ data_dir }}"
+ state: directory
+ owner: www-data
+ group: www-data
+ recurse: yes
+
+- name: initialize nextcloud
+ command:
+ cmd: >
+ sudo -u www-data php occ maintenance:install
+ --database "mysql"
+ --database-name "nextcloud"
+ --database-user "nextcloud"
+ --database-pass "{{ db_nextcloud_pwd }}"
+ --admin-user "nc-admin"
+ --admin-pass "{{ nc_admin_pwd }}"
+ --data-dir "{{ data_dir }}"
+ args:
+ chdir: "{{ nc_dir }}"
+ creates: "{{ nc_dir }}/config/config.php"
+ no_log: true
+
+- name: dump nc-admin password
+ shell: echo -n "{{ nc_admin_pwd }}" > "{{ nc_admin_pwd_file }}" ; chmod 0600 "{{ nc_admin_pwd_file }}"
+ no_log: true
+ args:
+ creates: "{{ nc_admin_pwd_file }}"
+
+- name: enable APCu memcache
+ lineinfile:
+ dest: "{{ nc_dir }}/config/config.php"
+ line: " 'memcache.local' => '\\OC\\Memcache\\APCu',"
+ insertbefore: "'installed' => true,"
+
+- name: allow access from LAN
+ lineinfile:
+ dest: "{{ nc_dir }}/config/config.php"
+ line: " 1 => '192.168.*.*',"
+ insertafter: "0 => 'localhost',"