## Install and configure nextcloud. - name: check if we are installing stat: path="{{ nc_dir }}" register: nextcloud - name: check for nextcloud archive local_action: stat path=nextcloud.tar.bz2 become: No register: nc_archive when: not nextcloud.stat.exists - name: stop if nextcloud archive is unavailable fail: msg: > The nextcloud archive nextcloud.tar.bz2 is not available. Download the latest stable release from 'nextcloud.com', check the signature, rename it and copy it next to 'cloudbox.yml'. when: not nextcloud.stat.exists and not nc_archive.stat.exists ## We can start with the installation now: - name: install apache, firewalld, php- and db-packages apt: name: - apache2 - firewalld - mariadb-server - python3-pymysql - php-apcu - php-fpm - php-curl - php-gd - php-imagick - php-intl - php-json - php-ldap - php-mbstring - php-mysql - php-xml - php-zip - unzip state: latest - name: disable apache modules apache2_module: state: absent name: "{{ item }}" with_items: - mpm_prefork - mpm_worker notify: "restart apache2" - name: enable apache modules apache2_module: name: "{{ item }}" with_items: - proxy_fcgi - mpm_event - rewrite - headers - ssl - http2 notify: "restart apache2" - name: find php version shell: ls /etc/php/ | sort | tail -1 register: php_ver changed_when: False - name: enable php-fpm conf command: a2enconf php{{ php_ver.stdout }}-fpm args: creates: /etc/apache2/conf-enabled/php{{ php_ver.stdout }}-fpm.conf notify: "restart apache2" - name: tune php-fpm replace: dest: /etc/php/{{ php_ver.stdout }}/fpm/pool.d/www.conf regexp: "{{ item.regex }}" replace: "{{ item.replace }}" with_items: - { regex: "^pm.max_children = .*$", replace: "pm.max_children = 120" } - { regex: "^pm.start_servers = .*$", replace: "pm.start_servers = 12" } - { regex: "^pm.min_spare_servers = .*$", replace: "pm.min_spare_servers = 6" } - { regex: "^pm.max_spare_servers = .*$", replace: "pm.max_spare_servers = 18" } notify: "restart php-fpm" - name: increase php memory limit replace: dest: "/etc/php/{{ php_ver.stdout }}/fpm/php.ini" regexp: "^memory_limit = .*" replace: "memory_limit = 512M" notify: "restart apache2" - name: provide nextcloud site copy: src: nextcloud.conf dest: /etc/apache2/sites-available/nextcloud.conf notify: "restart apache2" - name: provide kerberos SSO config copy: src: krb5-nextcloud.conf dest: /etc/apache2/sites-available/krb5-nextcloud.conf when: "'kerberize' in role_names" notify: "restart apache2" - name: enable nextcloud site command: a2ensite nextcloud.conf args: creates: /etc/apache2/sites-enabled/nextcloud.conf notify: "restart apache2" - name: enable kerberos access to nextcloud site command: a2ensite krb5-nextcloud.conf args: creates: /etc/apache2/sites-enabled/krb5-nextcloud.conf notify: "restart apache2" when: "'kerberize' in role_names" - name: enable https shell: 'grep -q "VirtualHost .*:443" * || a2ensite default-ssl.conf' args: chdir: /etc/apache2/sites-enabled/ creates: default-ssl.conf notify: "restart apache2" register: cmd_result changed_when: cmd_result.stdout != '' and cmd_result.stdout is not search('skipped') - name: make sure data directory exists file: path: "{{ data_dir }}" state: directory owner: www-data group: www-data ## install nextcloud: - name: create database with name 'nextcloud' mysql_db: login_unix_socket: /var/run/mysqld/mysqld.sock name: nextcloud state: present when: not nextcloud.stat.exists - name: create database user 'nextcloud' mysql_user: login_unix_socket: /var/run/mysqld/mysqld.sock name: nextcloud password: "{{ db_nextcloud_pwd }}" priv: 'nextcloud.*:ALL' state: present when: not nextcloud.stat.exists - name: unpack nextcloud archive unarchive: src: nextcloud.tar.bz2 dest: "{{ www_root }}" owner: www-data group: www-data when: not nextcloud.stat.exists - name: initialize nextcloud command: cmd: > sudo -u www-data php ./occ maintenance:install --database "mysql" --database-name "nextcloud" --database-user "nextcloud" --database-pass "{{ db_nextcloud_pwd }}" --admin-user "nc-admin" --admin-pass "{{ nc_admin_pwd }}" --data-dir "{{ data_dir }}" args: chdir: "{{ nc_dir }}" no_log: True when: not nextcloud.stat.exists - name: dump nc-admin password shell: echo -n "{{ nc_admin_pwd }}" > "{{ nc_admin_pwd_file }}" ; chmod 0600 "{{ nc_admin_pwd_file }}" no_log: True when: not nextcloud.stat.exists - name: enable APCu memcache command: sudo -u www-data php ./occ config:system:set memcache.local --value='\OC\Memcache\APCu' args: chdir: "{{ nc_dir }}" warn: False when: not nextcloud.stat.exists - name: allow access from LAN command: sudo -u www-data php ./occ config:system:set trusted_domains 1 --value='192.168.*.*' args: chdir: "{{ nc_dir }}" warn: False when: not nextcloud.stat.exists ## nextcloudcron - name: provide nextcloudcron.service and .timer copy: src: "{{ item }}" dest: "/etc/systemd/system/{{ item }}" with_items: - nextcloudcron.service - nextcloudcron.timer notify: "enable nextcloudcron.timer" - name: check/run upgrade command: sudo -u www-data php updater.phar --no-interaction args: chdir: "{{ nc_dir }}/updater" warn: False register: cmd_result changed_when: cmd_result.stdout is not search('Nothing to do.') when: allow_download ## app installations: - name: install extra apps command: "sudo -u www-data php ./occ app:install {{ item }}" args: chdir: "{{ nc_dir }}" warn: False with_items: "{{ nc_apps }}" register: cmd_result changed_when: cmd_result.stdout is not search('already installed') failed_when: cmd_result.stdout is not search('already installed') and cmd_result.rc != 0 when: allow_download - name: allow https in firewalld firewalld: service: https permanent: Yes immediate: Yes state: enabled ## ToDo kerberox integration: # sudo -u www-data php ./occ app:enable user_ldap # sudo -u www-data php ./occ app:install user_saml # sudo -u www-data php ./occ ldap