nextcloud-aws/roles/nextcloud/tasks/main.yaml

---

- name: create paths
  file:
    path: "/srv/nextcloud/{{item}}"
    state: directory
    recurse: true
  with_items:
    - db
    - data
    - nginx/conf.d

- name: install dependencies
  apt:
    force_apt_get: yes
    name: "{{ packages }}"
  vars:
    packages:
      - openssl

# --

- name: check for existing cert
  stat:
    path: /srv/nextcloud/letsencrypt/etc/live/cloud.stoopid.club
  register: certpath

- name: seed initial cert data
  command: |
    docker run -it --rm --name certbot \
                -v "/srv/nextcloud/letsencrypt/etc:/etc/letsencrypt" \
                -v "/srv/nextcloud/letsencrypt/var:/var/lib/letsencrypt" \
                -p 80:80 \
                certbot/certbot:arm64v8-latest certonly \
                -m erik@erikstambaugh.com \
                --agree-tos \
                -n \
                --standalone \
                -d cloud.stoopid.club
  when: certpath.stat.isdir is not defined

- name: pick up latest nginx ssl config
  get_url:
    url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
    dest: /srv/nextcloud/letsencrypt/etc/options-ssl-nginx.conf
  register: certbotnginx

- name: check for dhparams
  stat:
    path: /srv/nextcloud/letsencrypt/etc/ssl-dhparams.pem
  register: dhparams

- name: "create dhparams (this could take up to an hour)"
  command: openssl dhparam -out ssl-dhparams.pem 4096
  args:
    chdir: /srv/nextcloud/letsencrypt/etc
  when: dhparams.stat.exists == False

# ---

- name: nextcloud docker-compose
  template:
    src: templates/docker-compose.yaml
    dest: /srv/nextcloud/docker-compose.yaml
  vars:
    nextcloud_admin_password: "{{ lookup('file', 'files/adminpass') }}"
    nextcloud_admin_user: b4rry
    mysql_host: nextcloud_db
    mysql_db: nextcloud
    mysql_user: nextcloud
    mysql_password: s00p3rs3krit
    mysql_root_password: s00p3rs3krit
  register: dockercompose

- name: nextcloud nginx.conf
  copy:
    src: files/nginx.conf
    dest: /srv/nextcloud/nginx/nginx.conf
  register: nginxconf

- name: install nextcloud
  command: docker-compose up -d
  args:
    chdir: /srv/nextcloud

- name: restart via docker-compose
  command: docker-compose restart
  args:
    chdir: /srv/nextcloud
  when: nginxconf.changed or certbotnginx.changed

# ---

- name: edit config.php
  lineinfile:
    path: /srv/nextcloud/www/config/config.php
    insertbefore: '^\);'
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  with_items:
    - regexp: "  'overwrite.cli.url' => .*"
      line: "  'overwrite.cli.url' => 'https://cloud.stoopid.club',"
    - regexp: "  'overwriteprotocol' => .*"
      line: "  'overwriteprotocol' => 'https',"
    - regexp: "  'overwritehost' => .*"
      line: "  'overwritehost' => 'cloud.stoopid.club',"
  register: configphp

- name: restart nextcloud
  command: docker restart nextcloud
  when: configphp.changed

# ---

- name: do some cleanup
  command: "{{item}}"
  with_items:
    - "docker image prune -a --force"
    - "docker system prune --volumes --force"
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00			`---`

			`- name: create paths`
			`file:`
Oops, fixing syntax for "{item}" 2022-01-08 11:06:17 -08:00			`path: "/srv/nextcloud/{{item}}"`
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00			`state: directory`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`recurse: true`
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00			`with_items:`
			`- db`
			`- data`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- nginx/conf.d`
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00
Break out docker installation to its own role 2022-01-03 07:41:24 -08:00			`- name: install dependencies`
Add common role and docker install 2022-01-01 14:55:44 -08:00			`apt:`
			`force_apt_get: yes`
			`name: "{{ packages }}"`
			`vars:`
			`packages:`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- openssl`
Add common role and docker install 2022-01-01 14:55:44 -08:00
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`# --`

			`- name: check for existing cert`
			`stat:`
			`path: /srv/nextcloud/letsencrypt/etc/live/cloud.stoopid.club`
			`register: certpath`

			`- name: seed initial cert data`
			`command: \|`
			`docker run -it --rm --name certbot \`
			`-v "/srv/nextcloud/letsencrypt/etc:/etc/letsencrypt" \`
			`-v "/srv/nextcloud/letsencrypt/var:/var/lib/letsencrypt" \`
			`-p 80:80 \`
			`certbot/certbot:arm64v8-latest certonly \`
			`-m erik@erikstambaugh.com \`
			`--agree-tos \`
			`-n \`
			`--standalone \`
			`-d cloud.stoopid.club`
			`when: certpath.stat.isdir is not defined`

			`- name: pick up latest nginx ssl config`
			`get_url:`
			`url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf`
			`dest: /srv/nextcloud/letsencrypt/etc/options-ssl-nginx.conf`
			`register: certbotnginx`

			`- name: check for dhparams`
			`stat:`
			`path: /srv/nextcloud/letsencrypt/etc/ssl-dhparams.pem`
			`register: dhparams`

			`- name: "create dhparams (this could take up to an hour)"`
			`command: openssl dhparam -out ssl-dhparams.pem 4096`
			`args:`
			`chdir: /srv/nextcloud/letsencrypt/etc`
			`when: dhparams.stat.exists == False`

Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`# ---`

			`- name: nextcloud docker-compose`
Autoconfigure admin password; Fix MariaDB encryption problem 2022-01-02 18:32:29 -08:00			`template:`
			`src: templates/docker-compose.yaml`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`dest: /srv/nextcloud/docker-compose.yaml`
Autoconfigure admin password; Fix MariaDB encryption problem 2022-01-02 18:32:29 -08:00			`vars:`
			`nextcloud_admin_password: "{{ lookup('file', 'files/adminpass') }}"`
			`nextcloud_admin_user: b4rry`
			`mysql_host: nextcloud_db`
			`mysql_db: nextcloud`
			`mysql_user: nextcloud`
			`mysql_password: s00p3rs3krit`
			`mysql_root_password: s00p3rs3krit`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`register: dockercompose`

Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- name: nextcloud nginx.conf`
			`copy:`
			`src: files/nginx.conf`
			`dest: /srv/nextcloud/nginx/nginx.conf`
			`register: nginxconf`

Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`- name: install nextcloud`
			`command: docker-compose up -d`
			`args:`
			`chdir: /srv/nextcloud`

Get S3 working and add configuration edits to support desktop clients 2022-01-02 20:07:34 -08:00			`- name: restart via docker-compose`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`command: docker-compose restart`
			`args:`
			`chdir: /srv/nextcloud`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`when: nginxconf.changed or certbotnginx.changed`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00
Get S3 working and add configuration edits to support desktop clients 2022-01-02 20:07:34 -08:00			`# ---`

			`- name: edit config.php`
			`lineinfile:`
			`path: /srv/nextcloud/www/config/config.php`
			`insertbefore: '^\);'`
			`regexp: "{{ item.regexp }}"`
			`line: "{{ item.line }}"`
			`with_items:`
			`- regexp: " 'overwrite.cli.url' => .*"`
			`line: " 'overwrite.cli.url' => 'https://cloud.stoopid.club',"`
			`- regexp: " 'overwriteprotocol' => .*"`
			`line: " 'overwriteprotocol' => 'https',"`
			`- regexp: " 'overwritehost' => .*"`
			`line: " 'overwritehost' => 'cloud.stoopid.club',"`
			`register: configphp`

			`- name: restart nextcloud`
			`command: docker restart nextcloud`
			`when: configphp.changed`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00
			`# ---`

Add common role and docker install 2022-01-01 14:55:44 -08:00			`- name: do some cleanup`
			`command: "{{item}}"`
			`with_items:`
			`- "docker image prune -a --force"`
			`- "docker system prune --volumes --force"`