##################################### ### someone"s ansible provisioner ### ##################################### # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2024 by someone # --- #- name: create postgres-db and user # include_role: # name: util/postgres-db-usr # vars: # pg_data: # db_server_delegate: "{{nextcloud_db_server_delegate}}" # dbname: "{{nextcloud_db_name}}" # pw: "{{nextcloud_db_pw}}" # when: nextcloud_db_create | default('True') - name: include vars_nginx_vhost_custom include_vars: file: "{{item}}" name: vars_nginx_vhost_custom with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{nextcloud_domain}}-vars_nginx_vhost_custom.yml" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{nextcloud_domain}}-vars_nginx_vhost_custom.yml" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{nextcloud_domain}}-vars_nginx_vhost_custom.yml" - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_nginx_vhost_custom.yml" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_nginx_vhost_custom.yml" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_nginx_vhost_custom.yml" - "default/vars_nginx_vhost_custom.yml" - name: configure gitweb vhost include_role: name: server/nginx/vhost-unified vars: vhost_type: "custom+php" vhost_name: "{{nextcloud_domain}}" vhost_php_custom: ["bzip2", "php8.2-apcu", "php8.2-bcmath", "php8.2-pgsql", "php8.2-curl", "php8.2-gd", "php8.2-gmp", "php8.2-intl", "php-imagick", "php8.2-mbstring", "php8.2-xml", "php8.2-zip"] vhost_dotfile_protection: False vhost_custom: vhost_custom_pre_server: "{{vars_nginx_vhost_custom.vhost_custom_pre_server}}" vhost_custom: "{{vars_nginx_vhost_custom.vhost_custom}}" - name: set up data-dir file: path: "{{nextcloud_data_dir_path}}" state: directory mode: 0750 owner: "www-data" group: "www-data" - name: download nextcloud release and check checksums get_url: url: "{{nextcloud_download_url}}" dest: "/var/www/{{nextcloud_domain}}-nextcloud.tar.bz2" mode: 0640 owner: "www-data" group: "www-data" checksum: "{{nextcloud_download_checksum}}" timeout: 30 tags: "online" register: download - name: set up new webroot-dir file: path: "/var/www/{{nextcloud_domain}}.tmp" state: directory mode: 0750 owner: "www-data" group: "www-data" when: download.changed - name: download and extract nextcloud files unarchive: src: "/var/www/{{nextcloud_domain}}-nextcloud.tar.bz2" dest: "/var/www/{{nextcloud_domain}}.tmp" remote_src: yes mode: "u=rwX,g=rX,o-rwx" owner: "www-data" group: "www-data" extra_opts: - '--strip-components=1' - '--show-stored-names' when: download.changed - name: use existing config file command: "mv /var/www/{{nextcloud_domain}}/config/config.php /var/www/{{nextcloud_domain}}.tmp/config/" args: removes: "/var/www/{{nextcloud_domain}}/config/config.php" when: download.changed - name: remove old files file: path: "/var/www/{{nextcloud_domain}}" state: absent when: download.changed - name: move newly extracted files to destination command: "mv /var/www/{{nextcloud_domain}}.tmp /var/www/{{nextcloud_domain}}" args: creates: "/var/www/{{nextcloud_domain}}" when: download.changed - name: remove possibly left over files file: path: "/var/www/{{nextcloud_domain}}.tmp" state: absent when: download.changed - name: install nextcloud become: true become_user: "www-data" command: > php occ maintenance:install --database=pgsql --database-host="{{nextcloud_db_host}}" --database-name="{{nextcloud_db_name}}" --database-user="{{nextcloud_db_name}}" --database-pass="{{nextcloud_db_pw}}" --admin-user="{{nextcloud_admin_user}}" --admin-pass="{{nextcloud_admin_pw}}" --data-dir="{{nextcloud_data_dir_path}}/data" args: chdir: "/var/www/{{nextcloud_domain}}" creates: "/var/www/{{nextcloud_domain}}/config/config.php" when: download.changed - name: write-unlock config become: true become_user: "www-data" lineinfile: path: "/var/www/{{nextcloud_domain}}/config/config.php" state: absent regexp: 'config_is_read_only' changed_when: False - name: finish nextcloud upgrade by running occ upgrade become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ upgrade' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'Nextcloud is already latest version' not in script_res.stdout" - name: ensure trusted domains are set become: true become_user: "www-data" shell: 'echo "prev-$(php --define apc.enable_cli=1 occ config:system:get trusted_domains {{ item.0 }})-"; php --define apc.enable_cli=1 occ config:system:set trusted_domains {{ item.0 }} --value "{{ item.1 }}"' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'prev-{{item.1}}-' not in script_res.stdout" with_indexed_items: - 'localhost' - "{{nextcloud_domain}}" - name: install apps become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ app:install -- "{{ item }}" || true' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'{{item}} already installed' not in script_res.stdout" with_items: - "{{nextcloud_installed_apps}}" tags: "online" - name: finish nextcloud upgrade by running occ db:add-missing-columns become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ db:add-missing-columns' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'Adding' in script_res.stdout" - name: finish nextcloud upgrade by running occ db:add-missing-indices become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ db:add-missing-indices' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'Adding' in script_res.stdout" - name: finish nextcloud upgrade by running occ db:add-missing-primary-keys become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ db:add-missing-primary-keys' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'Adding' in script_res.stdout" # Failcloud expects an unsafe config-key behavior # Therefore we must use # shell: 'echo "prev-$(php occ config:system:get {{ item.key }})-"; php occ config:system:set $(echo -n "{{ item.key }}" ) --value "{{ item.value }}"' # instead of # shell: 'echo "prev-$(php occ config:system:get {{ item.key }})-"; php occ config:system:set "{{ item.key }}"--value "{{ item.value }}"' - name: apply config options become: true become_user: "www-data" shell: 'echo "prev-$(php --define apc.enable_cli=1 occ config:system:get {{ item.key }})-"; php --define apc.enable_cli=1 occ config:system:set $(echo -n "{{ item.key }}" ) --value "{{ item.value }}"' args: chdir: "/var/www/{{nextcloud_domain}}" register: script_res changed_when: "'prev-{{item.value}}-' not in script_res.stdout" with_items: - "{{nextcloud_config_options[nextcloud_domain]}}" - name: write-lock config become: true become_user: "www-data" shell: 'php --define apc.enable_cli=1 occ config:system:set config_is_read_only --value true' args: chdir: "/var/www/{{nextcloud_domain}}" changed_when: False - name: copy nextcloud-cron@.service to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/nextcloud-cron@.service" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nextcloud-cron@.service" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nextcloud-cron@.service" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nextcloud-cron@.service" - "default/nextcloud-cron@.service" - name: copy nextcloud-cron@.timer to /etc/systemd/system/ copy: src: "{{item}}" dest: "/etc/systemd/system/nextcloud-cron@.timer" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nextcloud-cron@.timer" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nextcloud-cron@.timer" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nextcloud-cron@.timer" - "default/nextcloud-cron@.timer" - name: reload, enable and start nextcloud-cron@.timer. include_role: name="base/systemd/enable-and-start" vars: service_name: "nextcloud-cron@{{nextcloud_domain}}.timer"