Setup fine tuning and app installation.

2020-01-14 21:09:24 +01:00 · 2020-01-14 21:09:24 +01:00 · e069171539
commit e069171539
parent 23605d6962
4 changed files with 84 additions and 28 deletions
--- a/roles/nextcloud/files/htaccess
+++ b/roles/nextcloud/files/htaccess
@ -0,0 +1,8 @@
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
+  RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
+  RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
+  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
+  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
+</IfModule>
--- a/roles/nextcloud/files/krb5-nextcloud.conf
+++ b/roles/nextcloud/files/krb5-nextcloud.conf
@ -25,3 +25,11 @@ Alias /nextcloud "/var/www/nextcloud/"
  SetEnv HTTP_HOME /var/www/nextcloud

 </Directory>
+
+<Directory /var/www/html>
+  AllowOverride FileInfo
+</Directory>
+
+<IfModule mod_headers.c>
+  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+</IfModule>
--- a/roles/nextcloud/files/nextcloud.conf
+++ b/roles/nextcloud/files/nextcloud.conf
@ -13,3 +13,11 @@ Alias /nextcloud "/var/www/nextcloud/"
  SetEnv HTTP_HOME /var/www/nextcloud

 </Directory>
+
+<Directory /var/www/html>
+  AllowOverride FileInfo
+</Directory>
+
+<IfModule mod_headers.c>
+  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+</IfModule>
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -35,6 +35,8 @@
  with_items:
    - proxy_fcgi
    - mpm_event
+    - rewrite
+    - headers
    - ssl
    - http2
  notify: "restart apache2"
@ -74,6 +76,11 @@
    src: nextcloud.conf
    dest: /etc/apache2/sites-available/nextcloud.conf

+- name: provide htaccess file
+  copy:
+    src: htaccess
+    dest: /var/www/html/.htaccess
+
 - name: enable https
  command: a2ensite default-ssl.conf
  args:
@ -86,11 +93,26 @@
    creates: /etc/apache2/sites-enabled/nextcloud.conf
  notify: "restart apache2"

- name: create a new database with name 'nextcloud'
+- name: make sure data directory exists
+  file:
+    path: "{{ data_dir }}"
+    state: directory
+    owner: www-data
+    group: www-data
+    recurse: Yes
+
+
+## install nextcloud:
+- name: check if we are installing
+  stat: path="{{ nc_dir }}"
+  register: nextcloud
+
+- name: create database with name 'nextcloud'
  mysql_db:
    login_unix_socket: /var/run/mysqld/mysqld.sock
    name: nextcloud
    state: present
+  when: not nextcloud.stat.exists

 - name: create database user 'nextcloud'
  mysql_user:
@ -99,10 +121,7 @@
    password: "{{ db_nextcloud_pwd }}"
    priv: 'nextcloud.*:ALL'
    state: present
-
- name: check if we are installing
-  stat: path="{{ nc_dir }}"
-  register: nextcloud
+  when: not nextcloud.stat.exists

 - name: unpack nextcloud archive
  unarchive:
@ -110,15 +129,7 @@
    dest: "{{ www_root }}"
    owner: www-data
    group: www-data
-    creates: "{{ nc_dir }}"
-
- name: make sure data directory exists
-  file:
-    path: "{{ data_dir }}"
-    state: directory
-    owner: www-data
-    group: www-data
-    recurse: Yes
+  when: not nextcloud.stat.exists

 - name: initialize nextcloud
  command:
@ -133,14 +144,13 @@
      --data-dir "{{ data_dir }}"
  args:
    chdir: "{{ nc_dir }}"
-    creates: "{{ nc_dir }}/config/config.php"
  no_log: True
+  when: not nextcloud.stat.exists

 - name: dump nc-admin password
  shell: echo -n "{{ nc_admin_pwd }}" > "{{ nc_admin_pwd_file }}" ; chmod 0600 "{{ nc_admin_pwd_file }}"
  no_log: True
-  args:
-    creates: "{{ nc_admin_pwd_file }}"
+  when: not nextcloud.stat.exists

 - name: enable APCu memcache
  command: sudo -u www-data php ./occ config:system:set memcache.local --value='\OC\Memcache\APCu'
@ -156,4 +166,26 @@
    warn: False
  when: not nextcloud.stat.exists

-## ToDo: enable apps etc., update
+
+## app installations:
+- name: check if calendar app is installed
+  stat: path="{{ nc_dir }}/apps/calendar"
+  register: calendar
+
+- name: install calendar app
+  command: sudo -u www-data php ./occ app:install calendar
+  args:
+    chdir: "{{ nc_dir }}"
+    warn: False
+  when: not calendar.stat.exists
+
+- name: check if notes app is installed
+  stat: path="{{ nc_dir }}/apps/notes"
+  register: notes
+
+- name: install notes app
+  command: sudo -u www-data php ./occ app:install notes
+  args:
+    chdir: "{{ nc_dir }}"
+    warn: False
+  when: not notes.stat.exists