nextcloud-aws/roles/nextcloud/tasks/main.yaml

---

- name: create paths
  file:
    path: /srv/nextcloud/{item}
    state: directory
    recurse: true
  with_items:
    - db
    - data
    - nginx/conf.d

- name: install docker
  apt:
    force_apt_get: yes
    name: "{{ packages }}"
  vars:
    packages:
      - docker.io
      - docker-compose
      - openssl

- name: Add users to docker group
  user:
    name: "{{ item }}"
    groups: docker
    append: yes
  with_items:
    - ubuntu

# --

- name: check for existing cert
  stat:
    path: /srv/nextcloud/letsencrypt/etc/live/cloud.stoopid.club
  register: certpath

- name: seed initial cert data
  command: |
    docker run -it --rm --name certbot \
                -v "/srv/nextcloud/letsencrypt/etc:/etc/letsencrypt" \
                -v "/srv/nextcloud/letsencrypt/var:/var/lib/letsencrypt" \
                -p 80:80 \
                certbot/certbot:arm64v8-latest certonly \
                -m erik@erikstambaugh.com \
                --agree-tos \
                -n \
                --standalone \
                -d cloud.stoopid.club
  when: certpath.stat.isdir is not defined

#docker run -it --rm --name certbot \
#            -v "/etc/letsencrypt:/etc/letsencrypt" \
#            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
#            certbot/certbot:arm32v6-latest certonly \
#            -m erik@erikstambaugh.com \
#            --agree-tos \
#            --standalone \
#            --dry-run \
#            -p 80:80 \
#            -d cloud.stoopid.club
##            certbot/certbot:arm32v6-latest certonly --help

- name: pick up latest nginx ssl config
  get_url:
    url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
    dest: /srv/nextcloud/letsencrypt/etc/options-ssl-nginx.conf
  register: certbotnginx

- name: check for dhparams
  stat:
    path: /srv/nextcloud/letsencrypt/etc/ssl-dhparams.pem
  register: dhparams

- name: "create dhparams (this could take up to an hour)"
  command: openssl dhparam -out ssl-dhparams.pem 4096
  args:
    chdir: /srv/nextcloud/letsencrypt/etc
  when: dhparams.stat.exists == False

# ---

#- name: adminpass file
#  copy:
#    src: files/adminpass
#    dest: /tmp/adminpass
#
#- name: create docker secrets
#  shell: docker secret create nextcloud_admin_password - < /tmp/adminpass
#
#- name: create other docker secrets
#  shell: "echo '{item.value}' | docker secret create {item.key} -"
#  with_items:
#    - key: nextcloud_admin_user
#      value: b4rry
#    - key: mysql_user
#      value: nextcloud
#    - key: mysql_host
#      value: db
#    - key: mysql_db
#      value: nextcloud
#    - key: mysql_root_password
#      value: s00p3rs3krit

- name: nextcloud docker-compose
  template:
    src: templates/docker-compose.yaml
    dest: /srv/nextcloud/docker-compose.yaml
  vars:
    nextcloud_admin_password: "{{ lookup('file', 'files/adminpass') }}"
    nextcloud_admin_user: b4rry
    mysql_host: nextcloud_db
    mysql_db: nextcloud
    mysql_user: nextcloud
    mysql_password: s00p3rs3krit
    mysql_root_password: s00p3rs3krit
  register: dockercompose

- name: nextcloud nginx.conf
  copy:
    src: files/nginx.conf
    dest: /srv/nextcloud/nginx/nginx.conf
  register: nginxconf

- name: install nextcloud
  command: docker-compose up -d
  args:
    chdir: /srv/nextcloud

- name: restart nextcloud
  command: docker-compose restart
  args:
    chdir: /srv/nextcloud
  when: nginxconf.changed or certbotnginx.changed


# ---

- name: do some cleanup
  command: "{{item}}"
  with_items:
    - "docker image prune -a --force"
    - "docker system prune --volumes --force"
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00			`---`

			`- name: create paths`
			`file:`
			`path: /srv/nextcloud/{item}`
			`state: directory`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`recurse: true`
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00			`with_items:`
			`- db`
			`- data`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- nginx/conf.d`
Add AWS Session manager control plane and ansible playbook 2021-12-27 08:58:52 -08:00
Add common role and docker install 2022-01-01 14:55:44 -08:00			`- name: install docker`
			`apt:`
			`force_apt_get: yes`
			`name: "{{ packages }}"`
			`vars:`
			`packages:`
			`- docker.io`
			`- docker-compose`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- openssl`
Add common role and docker install 2022-01-01 14:55:44 -08:00
			`- name: Add users to docker group`
			`user:`
			`name: "{{ item }}"`
			`groups: docker`
			`append: yes`
			`with_items:`
			`- ubuntu`

Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`# --`

			`- name: check for existing cert`
			`stat:`
			`path: /srv/nextcloud/letsencrypt/etc/live/cloud.stoopid.club`
			`register: certpath`

			`- name: seed initial cert data`
			`command: \|`
			`docker run -it --rm --name certbot \`
			`-v "/srv/nextcloud/letsencrypt/etc:/etc/letsencrypt" \`
			`-v "/srv/nextcloud/letsencrypt/var:/var/lib/letsencrypt" \`
			`-p 80:80 \`
			`certbot/certbot:arm64v8-latest certonly \`
			`-m erik@erikstambaugh.com \`
			`--agree-tos \`
			`-n \`
			`--standalone \`
			`-d cloud.stoopid.club`
			`when: certpath.stat.isdir is not defined`

			`#docker run -it --rm --name certbot \`
			`# -v "/etc/letsencrypt:/etc/letsencrypt" \`
			`# -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \`
			`# certbot/certbot:arm32v6-latest certonly \`
			`# -m erik@erikstambaugh.com \`
			`# --agree-tos \`
			`# --standalone \`
			`# --dry-run \`
			`# -p 80:80 \`
			`# -d cloud.stoopid.club`
			`## certbot/certbot:arm32v6-latest certonly --help`

			`- name: pick up latest nginx ssl config`
			`get_url:`
			`url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf`
			`dest: /srv/nextcloud/letsencrypt/etc/options-ssl-nginx.conf`
			`register: certbotnginx`

			`- name: check for dhparams`
			`stat:`
			`path: /srv/nextcloud/letsencrypt/etc/ssl-dhparams.pem`
			`register: dhparams`

			`- name: "create dhparams (this could take up to an hour)"`
			`command: openssl dhparam -out ssl-dhparams.pem 4096`
			`args:`
			`chdir: /srv/nextcloud/letsencrypt/etc`
			`when: dhparams.stat.exists == False`

Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`# ---`

Autoconfigure admin password; Fix MariaDB encryption problem 2022-01-02 18:32:29 -08:00			`#- name: adminpass file`
			`# copy:`
			`# src: files/adminpass`
			`# dest: /tmp/adminpass`
			`#`
			`#- name: create docker secrets`
			`# shell: docker secret create nextcloud_admin_password - < /tmp/adminpass`
			`#`
			`#- name: create other docker secrets`
			`# shell: "echo '{item.value}' \| docker secret create {item.key} -"`
			`# with_items:`
			`# - key: nextcloud_admin_user`
			`# value: b4rry`
			`# - key: mysql_user`
			`# value: nextcloud`
			`# - key: mysql_host`
			`# value: db`
			`# - key: mysql_db`
			`# value: nextcloud`
			`# - key: mysql_root_password`
			`# value: s00p3rs3krit`

Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`- name: nextcloud docker-compose`
Autoconfigure admin password; Fix MariaDB encryption problem 2022-01-02 18:32:29 -08:00			`template:`
			`src: templates/docker-compose.yaml`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`dest: /srv/nextcloud/docker-compose.yaml`
Autoconfigure admin password; Fix MariaDB encryption problem 2022-01-02 18:32:29 -08:00			`vars:`
			`nextcloud_admin_password: "{{ lookup('file', 'files/adminpass') }}"`
			`nextcloud_admin_user: b4rry`
			`mysql_host: nextcloud_db`
			`mysql_db: nextcloud`
			`mysql_user: nextcloud`
			`mysql_password: s00p3rs3krit`
			`mysql_root_password: s00p3rs3krit`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`register: dockercompose`

Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- name: nextcloud nginx.conf`
			`copy:`
			`src: files/nginx.conf`
			`dest: /srv/nextcloud/nginx/nginx.conf`
			`register: nginxconf`

Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`- name: install nextcloud`
			`command: docker-compose up -d`
			`args:`
			`chdir: /srv/nextcloud`

Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`- name: restart nextcloud`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00			`command: docker-compose restart`
			`args:`
			`chdir: /srv/nextcloud`
Get basic nextcloud up and running with SSL 2022-01-02 13:01:20 -08:00			`when: nginxconf.changed or certbotnginx.changed`
Add security group open to current public IP. Fix problem with mariadb. 2022-01-02 08:25:58 -08:00

			`# ---`

Add common role and docker install 2022-01-01 14:55:44 -08:00			`- name: do some cleanup`
			`command: "{{item}}"`
			`with_items:`
			`- "docker image prune -a --force"`
			`- "docker system prune --volumes --force"`