erik/nextcloud-aws
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Autoconfigure admin password; Fix MariaDB encryption problem

Browse source
This commit is contained in:
Erik Stambaugh 2022-01-02 18:32:29 -08:00
parent 53a369fba5
commit eda567fc81
6 changed files with 76 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -4,3 +4,4 @@ terraform.tfstate*
.infracost .infracost
privkey.pem privkey.pem
inventory.ini inventory.ini
roles/nextcloud/files/adminpass

2
Makefile
View file

@ -11,9 +11,9 @@ setup:
$(eval INSTANCE := $(shell terraform output instance_id | sed -e 's/"//g')) $(eval INSTANCE := $(shell terraform output instance_id | sed -e 's/"//g'))
$(eval PUBLIC_IP := $(shell terraform output public_ip | sed -e 's/"//g')) $(eval PUBLIC_IP := $(shell terraform output public_ip | sed -e 's/"//g'))
chmod 600 privkey.pem chmod 600 privkey.pem
timeout --foreground 300 bash -c -- 'until $(SSH) $(INSTANCE) "/bin/true"; do sleep 0.5; done'
ansible: setup ansible: setup
timeout --foreground 300 bash -c -- 'until $(SSH) $(INSTANCE) "/bin/true"; do sleep 0.5; done'
$(SSH) $(INSTANCE) "which -a ansible || (sudo apt-get update && sudo apt-get -y install ansible)" $(SSH) $(INSTANCE) "which -a ansible || (sudo apt-get update && sudo apt-get -y install ansible)"
sed \ sed \
-e 's/{{INSTANCE}}/$(INSTANCE)/' \ -e 's/{{INSTANCE}}/$(INSTANCE)/' \

18
nextcloud.tf
View file

@ -179,6 +179,23 @@ module "records" {
depends_on = [module.zone] depends_on = [module.zone]
} }
## generate admin password
resource "random_password" "admin" {
length = 20
special = true
lower = true
upper = true
number = true
}
resource "local_file" "adminpass" {
content = random_password.admin.result
filename = "roles/nextcloud/files/adminpass"
}
## outputs
output "instance_id" { output "instance_id" {
value = aws_instance.nextcloud.id value = aws_instance.nextcloud.id
} }
@ -189,3 +206,4 @@ output "nameservers" {
value = module.zone.route53_zone_name_servers value = module.zone.route53_zone_name_servers
} }

9
roles/nextcloud/files/nginx.conf
View file

@ -10,9 +10,9 @@ events { worker_connections 1024; }
http { http {
upstream backend { # upstream backend {
server app; # server nextcloud;
} # }
server { server {
listen 80; listen 80;
@ -75,11 +75,12 @@ http {
gunzip on; gunzip on;
location @nextcloud { location @nextcloud {
proxy_pass http://backend; proxy_pass http://nextcloud;
} }
location / { location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;

34
roles/nextcloud/tasks/main.yaml
View file

@ -80,10 +80,40 @@
# --- # ---
#- name: adminpass file
# copy:
# src: files/adminpass
# dest: /tmp/adminpass
#
#- name: create docker secrets
# shell: docker secret create nextcloud_admin_password - < /tmp/adminpass
#
#- name: create other docker secrets
# shell: "echo '{item.value}' | docker secret create {item.key} -"
# with_items:
# - key: nextcloud_admin_user
# value: b4rry
# - key: mysql_user
# value: nextcloud
# - key: mysql_host
# value: db
# - key: mysql_db
# value: nextcloud
# - key: mysql_root_password
# value: s00p3rs3krit
- name: nextcloud docker-compose - name: nextcloud docker-compose
copy: template:
src: files/docker-compose.yaml src: templates/docker-compose.yaml
dest: /srv/nextcloud/docker-compose.yaml dest: /srv/nextcloud/docker-compose.yaml
vars:
nextcloud_admin_password: "{{ lookup('file', 'files/adminpass') }}"
nextcloud_admin_user: b4rry
mysql_host: nextcloud_db
mysql_db: nextcloud
mysql_user: nextcloud
mysql_password: s00p3rs3krit
mysql_root_password: s00p3rs3krit
register: dockercompose register: dockercompose
- name: nextcloud nginx.conf - name: nextcloud nginx.conf

40
roles/nextcloud/files/docker-compose.yaml → roles/nextcloud/templates/docker-compose.yaml
View file

@ -2,39 +2,39 @@
version: '2' version: '2'
volumes:
nextcloud:
db:
services: services:
db: db:
container_name: nextcloud_db container_name: nextcloud_db
image: mariadb image: mariadb
restart: unless-stopped restart: unless-stopped
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb_read_only_compressed=OFF
volumes: volumes:
- db:/var/lib/mysql - /srv/nextcloud/db:/var/lib/mysql
environment: environment:
- MYSQL_ROOT_PASSWORD=s00p3rs3krit - "MYSQL_ROOT_PASSWORD={{mysql_root_password}}"
- MYSQL_PASSWORD=s00p3rs3krit - "MYSQL_USER={{mysql_user}}"
- MYSQL_DATABASE=nextcloud - "MYSQL_PASSWORD={{mysql_password}}"
- MYSQL_USER=nextcloud - "MYSQL_DATABASE={{mysql_db}}"
app: app:
container_name: nextcloud container_name: nextcloud
image: nextcloud image: nextcloud
restart: unless-stopped restart: unless-stopped
ports:
- 8080:80
links:
- db
volumes: volumes:
- nextcloud:/var/www/html - /srv/nextcloud/www:/var/www/html
environment: environment:
- MYSQL_PASSWORD=s00p3rs3krit - "NEXTCLOUD_ADMIN_USER={{nextcloud_admin_user}}"
- MYSQL_DATABASE=nextcloud - "NEXTCLOUD_ADMIN_PASSWORD={{nextcloud_admin_password | replace("$","$$") }}"
- MYSQL_USER=nextcloud - "MYSQL_DATABASE={{mysql_db}}"
- MYSQL_HOST=db - "MYSQL_PASSWORD={{mysql_password}}"
- "MYSQL_USER={{mysql_user}}"
- "MYSQL_HOST={{mysql_host}}"
- "TRUSTED_PROXIES=172.0.0.0/8"
- "NEXTCLOUD_TRUSTED_DOMAINS=cloud.stoopid.club nextcloud"
- "NEXTCLOUD_UPDATE=1"
# entrypoint: sh -c "sleep 5; /entrypoint.sh php-fpm"
depends_on:
- db
web: web:
container_name: nginx container_name: nginx
@ -43,8 +43,6 @@ services:
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"
links:
- app
volumes: volumes:
- /srv/nextcloud/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - /srv/nextcloud/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /srv/nextcloud/nginx/conf.d:/etc/nginx/conf.d:ro - /srv/nextcloud/nginx/conf.d:/etc/nginx/conf.d:ro