erik/nextcloud-aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add security group open to current public IP. Fix problem with mariadb.

Browse source
This commit is contained in:
Erik Stambaugh 2022-01-02 08:25:58 -08:00
parent 1077a5c160
commit c035ce9b54
3 changed files with 55 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
nextcloud.tf
View file

@ -5,11 +5,6 @@ provider "aws" {
resource "random_pet" "name" {} resource "random_pet" "name" {}
#resource "aws_s3_bucket" "bucket" {
# bucket = "nextcloud-${random_pet.name.id}"
# acl = "private"
#}
# https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws/latest # https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws/latest
module "s3_bucket" { module "s3_bucket" {
source = "terraform-aws-modules/s3-bucket/aws" source = "terraform-aws-modules/s3-bucket/aws"
@ -37,11 +32,6 @@ module "vpc" {
enable_nat_gateway = false enable_nat_gateway = false
enable_vpn_gateway = false enable_vpn_gateway = false
# tags = {
# Terraform = "true"
# Environment = "dev"
# }
} }
resource "tls_private_key" "n" { resource "tls_private_key" "n" {
@ -66,20 +56,42 @@ resource "aws_instance" "nextcloud" {
key_name = aws_key_pair.n.key_name key_name = aws_key_pair.n.key_name
iam_instance_profile = aws_iam_instance_profile.nextcloud.name iam_instance_profile = aws_iam_instance_profile.nextcloud.name
# user_data = <<EOF # associate_public_ip_address = false
##!/bin/bash
#sudo snap install amazon-ssm-agent --classic user_data = <<EOF
#EOF #!/bin/bash
sudo snap install amazon-ssm-agent --classic
EOF
tags = { tags = {
Name = "nextcloud" Name = "nextcloud"
} }
} }
#resource "aws_eip" "nextcloud" { # get my public IP address. For now, it's the only thing that should be able to access.
# vpc = true data "http" "myip" {
# instance = aws_instance.nextcloud.id url = "http://ipv4.icanhazip.com"
#} }
module "nextcloud_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "nextcloud"
description = "Nextcloud SG"
vpc_id = module.vpc.vpc_id
ingress_with_cidr_blocks = [
{
rule = "http-80-tcp"
cidr_blocks = "${chomp(data.http.myip.body)}/32"
},
]
}
resource "aws_eip" "nextcloud" {
vpc = true
instance = aws_instance.nextcloud.id
}
resource "aws_iam_instance_profile" "nextcloud" { resource "aws_iam_instance_profile" "nextcloud" {
name = "nextcloud" name = "nextcloud"

3
roles/nextcloud/files/docker-compose.yaml
View file

@ -8,18 +8,21 @@ volumes:
services: services:
db: db:
container_name: nextcloud_db
image: mariadb image: mariadb
restart: always restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes: volumes:
- db:/var/lib/mysql - db:/var/lib/mysql
environment: environment:
- MARIADB_ALLOW_EMPTY_ROOT_PASSWORD=true
- MYSQL_ROOT_PASSWORD= - MYSQL_ROOT_PASSWORD=
- MYSQL_PASSWORD= - MYSQL_PASSWORD=
- MYSQL_DATABASE=nextcloud - MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud - MYSQL_USER=nextcloud
app: app:
container_name: nextcloud
image: nextcloud image: nextcloud
restart: always restart: always
ports: ports:

22
roles/nextcloud/tasks/main.yaml
View file

@ -25,6 +25,28 @@
with_items: with_items:
- ubuntu - ubuntu
# ---
- name: nextcloud docker-compose
copy:
src: files/docker-compose.yaml
dest: /srv/nextcloud/docker-compose.yaml
register: dockercompose
- name: install nextcloud
command: docker-compose up -d
args:
chdir: /srv/nextcloud
- name: install nextcloud
command: docker-compose restart
args:
chdir: /srv/nextcloud
when: dockercompose.changed
# ---
- name: do some cleanup - name: do some cleanup
command: "{{item}}" command: "{{item}}"
with_items: with_items: