DTSV/Ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

initial ansible code

Browse Source
This commit is contained in:
Oli
2022-10-09 21:41:56 +00:00
parent 4a64eab4a0
commit feaec34dd2
103 changed files with 4473 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/nextcloud/defaults/main.yml Normal file
View File

@@ -0,0 +1,2 @@
---
nextcloud_updater: false # update Nextcloud via updater.phar

44
roles/nextcloud/handlers/main.yml Normal file
View File

@@ -0,0 +1,44 @@
---
- name: restart rclone_mount_nextcloud
systemd:
daemon_reload: true
enabled: true
name: rclone_mount_nextcloud.service
state: restarted
- name: restart nextcloudcron
systemd:
daemon_reload: true
enabled: true
name: "{{ item }}"
state: restarted
loop: [nextcloudcron.service, nextcloudcron.timer]
- name: restart nextcloud_nightlycron
systemd:
daemon_reload: true
enabled: true
name: nextcloud_nightlycron.timer
state: restarted
- name: restart nextcloud_notify_push
systemd:
daemon_reload: true
enabled: true
name: nextcloud_notify_push.service
state: restarted
- name: restart nextcloud_exporter
systemd:
daemon_reload: true
enabled: true
name: nextcloud_exporter.service
state: restarted
- name: restart nextcloud_backup_timer
systemd:
daemon_reload: true
enabled: true
name: nextcloud_backup.timer
state: restarted

8
roles/nextcloud/meta/main.yml Normal file
View File

@@ -0,0 +1,8 @@
---
dependencies:
- role: rclone
- role: systemd_exporter
vars:
systemd_exporter_include: '^rclone.*\.service|^nextcloud.*(cron|push)\..+'
- role: webserver
- role: redis

145
roles/nextcloud/tasks/configure.yml Normal file
View File

@@ -0,0 +1,145 @@
---
- name: Configure .user.ini
lineinfile:
path: "{{ nextcloud_dir }}/.user.ini"
line: '{{ item.type }} {{ item.option }} {{ item.value }}'
create: true
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
loop: "{{ nextcloud_user_ini }}"
- name: Install apps
become: true
become_user: "{{ webserver_user }}"
command: php occ app:install {{ item }}
args:
chdir: "{{ nextcloud_dir }}"
creates: "{{ nextcloud_dir }}/apps/{{ item }}"
with_items: "{{ nextcloud_apps }}"
- name: Set configs via occ
become: true
become_user: "{{ webserver_user }}"
command: php occ config:app:set {{ item }}
args:
chdir: "{{ nextcloud_dir }}"
loop:
- "preview jpeg_quality --value=60"
- "previewgenerator squareSizes --value='256 1024'"
- "previewgenerator widthSizes --value=2048"
- "previewgenerator heightSizes --value=2048"
- "files_trashbin background_job_expire_trash --value=no"
- "files_versions background_job_expire_versions --value=no"
when: not nextcloud_dir_stat.stat.exists
- name: Get latest nextcloud_exporter version
github_release:
user: xperimental
repo: nextcloud-exporter
action: latest_release
token: "{{ vault_github_token }}"
delegate_to: localhost
run_once: true
register: nextcloud_exporter_version
- name: "{{ nextcloud_exporter_version }}"
set_fact:
nextcloud_exporter_version: "{{ nextcloud_exporter_version | replace ('v', '', 1) | trim }}"
run_once: true
- name: download nextcloud_exporter {{ nextcloud_exporter_version.tag }} from GitHub
get_url:
url: "https://github.com/xperimental/nextcloud-exporter/releases/download/\
v{{ nextcloud_exporter_version.tag }}/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}\
-{{ deb_architecture }}.bz2"
dest: "/tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}.bz2"
register: _download_archive
until: _download_archive is succeeded
retries: 3
delay: 5
- name: decompress nextcloud_exporter binaries
command:
cmd: "bzip2 -dk nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}.bz2"
chdir: /tmp
creates: /tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}
- name: Copy nextcloud_exporter
copy:
src: "/tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}"
dest: "{{ nextcloud_exporter_install_dir }}/nextcloud_exporter"
remote_src: true
owner: "{{ nextcloud_exporter_system_user }}"
group: "{{ nextcloud_exporter_system_group }}"
mode: 0755
notify: restart nextcloud_exporter
- name: Get latest nextcloud_notify_push version
github_release:
user: nextcloud
repo: notify_push
action: latest_release
token: "{{ vault_github_token }}"
delegate_to: localhost
run_once: true
register: nextcloud_notify_push_version
- name: "{{ nextcloud_notify_push_version }}"
set_fact:
nextcloud_notify_push_version: "{{ nextcloud_notify_push_version | replace ('v', '', 1) | trim }}"
run_once: true
- name: "set deb_architecture alias"
set_fact:
deb_architecture_alias: "x86_64"
when: deb_architecture == "amd64"
- name: "set deb_architecture alias"
set_fact:
deb_architecture_alias: "{{ deb_architecture }}"
when: deb_architecture != "amd64"
- name: download nextcloud_notify_push {{ nextcloud_notify_push_version.tag }} from GitHub
get_url:
url: "https://github.com/nextcloud/notify_push/releases/download/v{{ nextcloud_notify_push_version.tag }}\
/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
dest: "/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
register: _download_archive
until: _download_archive is succeeded
retries: 3
delay: 5
- name: Copy nextcloud_notify_push
copy:
src: "/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
dest: "{{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push-{{ deb_architecture_alias }}"
remote_src: true
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0700
notify: restart nextcloud_notify_push
- name: Copy nextcloud_nightlycron
template:
src: nextcloud_nightlycron.sh.j2
dest: "{{ nextcloud_background_script_dir }}/nextcloud_nightlycron.sh"
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0700
- name: Copy the Nextcloud systemd service file
template:
src: "{{ item }}.j2"
dest: "/etc/systemd/system/{{ item }}"
owner: root
group: root
mode: 0644
loop:
- nextcloudcron.service
- nextcloudcron.timer
- nextcloud_notify_push.service
- nextcloud_exporter.service
- nextcloud_nightlycron.service
- nextcloud_nightlycron.timer
notify:
- restart {{ item | regex_replace ('\..*', '') }}
- restart systemd_exporter

25
roles/nextcloud/tasks/dependencies.yml Normal file
View File

@@ -0,0 +1,25 @@
---
- name: Install required system packages
apt:
name:
- python3-pip
state: latest
update_cache: true
cache_valid_time: 3600
- name: Install required python packages
pip:
name: gtar # needed for latest nextcloud tar.bz archive
state: latest
- name: Enable APCu
lineinfile:
path: /etc/php/{{ php_version }}/cli/conf.d/20-apcu.ini
line: apc.enable_cli=1
notify: restart php-fpm
- name: "Add {{ webserver_user }} user to redis group"
user:
name: "{{ webserver_user }}"
groups: redis
append: true

13
roles/nextcloud/tasks/main.yml Normal file
View File

@@ -0,0 +1,13 @@
---
- name: Configure rclone
import_tasks: rclone.yml
- name: Configure dependencies
import_tasks: dependencies.yml
- name: Check nextcloud
import_tasks: nextcloud.yml
- name: Configure nextcloud
import_tasks: configure.yml

104
roles/nextcloud/tasks/nextcloud.yml Normal file
View File

@@ -0,0 +1,104 @@
---
# flush handlers to restart code-server before install extensions
- name: Flush handlers befor continue
meta: flush_handlers
- name: Check nextcloud directory
stat:
path: '{{ nextcloud_dir }}'
register: nextcloud_dir_stat
- name: Install Nextcloud
block:
- name: Create nextcloud directory
file:
path: "{{ nextcloud_dir }}"
state: directory
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
mode: 0775
force: false
- name: unpack nextcloud latest from nextcloud.com
unarchive:
remote_src: true
src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
dest: "{{ nextcloud_dir }}"
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
extra_opts:
- --strip-components=1
- name: Change directory ownership to webserver user
file:
path: "{{ item }}"
state: directory
recurse: true
owner: "{{ webserver_user }}"
group: "{{ webserver_group }}"
loop:
- "{{ nextcloud_dir }}"
- "{{ nextcloud_cache_dir }}"
- "{{ nextcloud_log_dir }}"
- name: Copy default config
template:
src: "nextcloud.config.json.j2"
dest: /tmp/nextcloud.config.json
owner: "{{ webserver_user }}"
mode: 0600
- name: Ensure nextcloud installation is finished
become: true
become_user: "{{ webserver_user }}"
command: >
php occ maintenance:install
--database "pgsql"
--database-host "{{ nextcloud_db_host }}:{{ nextcloud_db_port }}"
--database-name "{{ nextcloud_db_name }}"
--database-user "{{ nextcloud_db_user }}"
--database-pass "{{ vault_nextcloud_db_pass }}"
--admin-user "{{ nexcloud_admin_user }}"
--admin-pass "{{ vault_nexcloud_admin_pass }}"
--data-dir "{{ nextcloud_data_dir }}"
args:
chdir: "{{ nextcloud_dir }}"
changed_when: true
- name: Set default config
become: true
become_user: "{{ webserver_user }}"
command: php occ config:import /tmp/nextcloud.config.json
args:
chdir: "{{ nextcloud_dir }}"
when: not nextcloud_dir_stat.stat.exists
- name: Update Nextcloud
block:
- name: Run nextcloud's updater.phar in non-interactive way
become: true
become_user: "{{ webserver_user }}"
command: 'php updater/updater.phar --no-interaction'
args:
chdir: "{{ nextcloud_dir }}"
register: nextcloud_update_result
changed_when: "'Start update' in nextcloud_update_result.stdout"
- name: Update result
debug:
msg: "{{ nextcloud_update_result.stdout_lines }}"
when: nextcloud_update_result.changed
- name: DB tuning after update
become: true
become_user: "{{ webserver_user }}"
command: php occ {{ item }}
args:
chdir: "{{ nextcloud_dir }}"
loop:
- db:add-missing-indices
- db:convert-filecache-bigint
- integrity:check-core
when: nextcloud_update_result.changed
when: nextcloud_updater

30
roles/nextcloud/tasks/rclone.yml Normal file
View File

@@ -0,0 +1,30 @@
---
# ensure rclone.conf is present (meta role dependencies)
- name: Create rclone mount dir
file:
path: "{{ nextcloud_rclone_mount_dir }}"
mode: 0755
state: directory
# Touch rclone log file to set permissions
- name: Touch rclone mount log file
file:
path: "{{ rclone_log_dir }}/mount_nextcloud.log"
state: touch
mode: 0644
access_time: preserve
modification_time: preserve
- name: Copy rclone mount nextcloud systemd service
template:
src: rclone_mount_nextcloud.service.j2
dest: /etc/systemd/system/rclone_mount_nextcloud.service
mode: 0644
notify: restart rclone_mount_nextcloud
- name: "Add {{ webserver_user }} user to rclone group"
user:
name: "{{ webserver_user }}"
groups: rclone
append: true

54
roles/nextcloud/templates/nextcloud.config.json.j2 Normal file
View File

@@ -0,0 +1,54 @@
{
"system": {
"trusted_proxies": {{ trusted_proxies | to_json }},
"trusted_domains": [
"{{ nextcloud_domain_name }}"
],
"overwrite.cli.url": "https:\/\/{{ nextcloud_domain_name }}",
"datadirectory": "{{ nextcloud_data_dir }}",
"dbtype": "pgsql",
"dbname": "{{ nextcloud_db_name }}",
"dbhost": "{{ nextcloud_db_host }}",
"dbport": "{{ nextcloud_db_port }}",
"dbtableprefix": "oc_",
"dbuser": "{{ nextcloud_db_user }}",
"dbpassword": "{{ vault_nextcloud_db_pass }}",
"skeletondirectory": "",
"default_language": "de",
"default_phone_region": "DE",
"mail_smtpmode": "smtp",
"mail_smtphost": "{{ nextcloud_smtp_host }}",
"mail_smtpport": "{{ nextcloud_smtp_port }}",
"mail_smtptimeout": 10,
"mail_smtpauthtype": "LOGIN",
"mail_from_address": "{{ nextcloud_smtp_from_address }}",
"mail_sendmailmode": "smtp",
"mail_domain": "{{ nextcloud_smtp_from_domain }}",
"mail_smtpauth": 1,
"mail_smtpname": "{{ nextcloud_smtp_user }}",
"mail_smtppassword": "{{ nextcloud_smtp_pass }}",
"mail_smtpsecure": "ssl",
"loglevel": 1,
"logfile": {{ nextcloud_log_file | to_json }},
"logtimezone": "Europe\/Berlin",
"memcache.local": "\\OC\\Memcache\\APCu",
"filelocking.enabled": true,
"memcache.distributed": "\\OC\\Memcache\\Redis",
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": {{ redis_unixsocket | to_json }},
"port": 0,
"timeout": 0,
"dbindex": 0
},
"trashbin_retention_obligation": "auto, 90",
"versions_retention_obligation": "auto, 180",
"tempdirectory": {{ nextcloud_temp_dir | to_json }},
"cache_path": {{ nextcloud_cache_dir | to_json }},
"localstorage.allowsymlinks": true,
"enable_previews": "true",
"preview_max_x": "2048",
"preview_max_y": "2048",
"preview_max_scale_factor": 1
}
}

15
roles/nextcloud/templates/nextcloud_exporter.service.j2 Normal file
View File

@@ -0,0 +1,15 @@
## Managed by Ansible ##
[Unit]
Description=Nextcloud Exporter
After=network-online.target
[Service]
User={{ nextcloud_exporter_system_user }}
Group={{ nextcloud_exporter_system_group }}
Type=simple
ExecStart={{ nextcloud_exporter_install_dir }}/nextcloud_exporter --server https://{{ nextcloud_domain_name }} --auth-token {{ vault_nextcloud_exporter_token }}
Restart=always
[Install]
WantedBy=multi-user.target

12
roles/nextcloud/templates/nextcloud_nightlycron.service.j2 Normal file
View File

@@ -0,0 +1,12 @@
## Managed by Ansible ##
[Unit]
Description = Nextcloud nightly background job
[Service]
Type=simple
User={{ webserver_user }}
ExecStart=/usr/local/bin/nextcloud_nightlycron.sh
[Install]
WantedBy=multi-user.target

10
roles/nextcloud/templates/nextcloud_nightlycron.sh.j2 Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
## Managed by Ansible ##
cd {{ nextcloud_dir }}
# Print start status message.
echo "delete expired versions"
/usr/bin/php occ versions:expire --quiet
echo "permanently delete trashed files"
/usr/bin/php occ trashbin:expire --quiet

12
roles/nextcloud/templates/nextcloud_nightlycron.timer.j2 Normal file
View File

@@ -0,0 +1,12 @@
## Managed by Ansible ##
[Unit]
Description=Run Nextcloud nightly background job every night
[Timer]
OnCalendar=02:00:00
RandomizedDelaySec=600
Unit=nextcloud_nightlycron.service
[Install]
WantedBy=timers.target

17
roles/nextcloud/templates/nextcloud_notify_push.service.j2 Normal file
View File

@@ -0,0 +1,17 @@
## Managed by Ansible ##
[Unit]
Description = Push daemon for Nextcloud clients
[Service]
Environment = SOCKET_PATH={{ nextcloud_notify_push_socket }} METRICS_PORT=9206
User={{ webserver_user }}
Group={{ webserver_user }}
RuntimeDirectory=nextcloud
RuntimeDirectoryMode=0750
PIDFile=/run/nextcloud/notify_push.pid
ExecStart = {{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push-{{ deb_architecture_alias }} {{ nextcloud_dir }}/config/config.php
Restart=always
[Install]
WantedBy = multi-user.target

9
roles/nextcloud/templates/nextcloudcron.service.j2 Normal file
View File

@@ -0,0 +1,9 @@
## Managed by Ansible ##
[Unit]
Description=Nextcloud background job (cron.php)
[Service]
User={{ webserver_user }}
ExecStart=/usr/bin/php -f /var/www/nextcloud/cron.php
KillMode=process

12
roles/nextcloud/templates/nextcloudcron.timer.j2 Normal file
View File

@@ -0,0 +1,12 @@
## Managed by Ansible ##
[Unit]
Description=Run Nextcloud background job (cron.php) every 5min
[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=nextcloudcron.service
[Install]
WantedBy=timers.target

47
roles/nextcloud/templates/rclone_mount_nextcloud.service.j2 Normal file
View File

@@ -0,0 +1,47 @@
## Managed by Ansible ##
[Unit]
Description = rclone crypt mount {{ nextcloud_rclone_mount_dir }}
After = network-online.target
[Service]
Environment=RCLONE_RCD_USER=rclone
Environment=RCLONE_RCD_PASSWORD={{ vault_rclone_rcd_pass }}
Type=notify
ExecStart=/usr/bin/rclone mount GD3_crypt:cloud_data {{ nextcloud_rclone_mount_dir }} \
--devname rclone \
--use-mmap \
--allow-other \
--uid {{ created_rclone_user.uid }} \
--gid {{ created_rclone_group.gid }} \
--umask 002 \
--dir-perms 775 \
--file-perms 664 \
--dir-cache-time 8760h \
--poll-interval 1h \
--buffer-size 32M \
--drive-chunk-size 256M \
--drive-pacer-min-sleep 10ms \
--drive-pacer-burst 1000 \
--vfs-cache-max-age 720h \
--vfs-cache-mode full \
--vfs-cache-max-size 100G \
--vfs-read-chunk-size 128M \
--vfs-read-chunk-size-limit off \
--vfs-write-back 20s \
--cache-dir={{ rclone_cache_dir }} \
--log-file={{ rclone_log_dir }}/mount_nextcloud.log \
--log-level=INFO \
--rc \
--rc-addr "0.0.0.0:5572" \
--rc-enable-metrics \
--rc-user $RCLONE_RCD_USER \
--rc-pass $RCLONE_RCD_PASSWORD \
--user-agent "{{ rclone_user_agent_gd }}"
ExecStop=/bin/fusermount -u -z {{ nextcloud_rclone_mount_dir }}
Restart=on-failure
RestartSec=20s
User=root
[Install]
WantedBy=multi-user.target

87
roles/nextcloud/vars/main.yml Normal file
View File

@@ -0,0 +1,87 @@
---
# Rclone
nextcloud_rclone_mount_dir: "/mnt/cloud_data"
nextcloud_scripts_path: "/root/.scripts"
# Nextcloud
nextcloud_dir: "/var/www/nextcloud"
nextcloud_data_dir: "{{ hcloud_webserver_volume_path }}/nextcloud_data"
nextcloud_temp_dir: "/tmp"
nextcloud_cache_dir: "/var/cache/nextcloud"
nextcloud_log_dir: "/var/log/nextcloud"
nextcloud_log_file: "{{ nextcloud_log_dir }}/nextcloud.log"
nextcloud_domain_name: "cloud.{{ webserver_domain }}"
nexcloud_admin_user: "admin-{{ lookup('community.general.random_string', length=6, upper=false, special=false) }}"
vault_nexcloud_admin_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;dtsv-dev
64373333336533333764643235613338306437306134333831393434326631306165653336383732
3537313164663762373636316462346438663634393237340a613565633865663665396531616133
39373637653839623736653531636361633739643137386537633464653332373066366336336532
6566313533383031310a663863616164633331313431396362373161646531663134313637626263
6562
trusted_proxies:
- "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
- "{{ hostvars[inventory_hostname]['ansible_default_ipv6']['address'] }}"
nextcloud_trashbin_retention_obligation: "auto, 90"
nextcloud_versions_retention_obligation: "auto, 30"
nextcloud_max_upload_size: "50G"
# database
nextcloud_db_host: "{{ pgsql_server_ip }}"
nextcloud_db_port: "{{ pgsql_server_port }}"
nextcloud_db_name: "nextcloud_db"
nextcloud_db_user: "nextcloud_db_user"
vault_nextcloud_db_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;dtsv-dev
61393238366632366635373432343739373830393635656139643532663737313661643062626566
6538383561323332313231313235666437636631363030630a386665373562613936303038626638
63303861306461353734316530653231343132376130373835643236653836303031626431326265
3461333932626438630a393134653333323431323631653235643639316634383938666264623339
66323964336436303934373833353161313163353734343637303165393431376262323065306362
6664303132626565316665306263373761626139316432666333
# mailer
nextcloud_smtp_host: "{{ smtp_hostname }}"
nextcloud_smtp_port: "{{ smtp_port }}"
nextcloud_smtp_from_address: "cloud"
nextcloud_smtp_from_domain: "twirling.de"
nextcloud_smtp_user: !vault |
$ANSIBLE_VAULT;1.2;AES256;dtsv-dev
37323762356630343133346634653965303530363966646236383962313163623637326165346439
3234303935353134633238396365363036313363663031310a663339363665376564306565393538
33663566663534383133623965316362383731303565326632623430303565343134393939343734
3930376165653536310a656632373336623663356431333136303165653162333137626632333033
35363439346237666662333537613363386266653865656238323638666533356535
nextcloud_smtp_pass: !vault |
$ANSIBLE_VAULT;1.2;AES256;dtsv-dev
61303737376466646164313766373639376133633935313433356637323038626437663736363631
3864616433353737666137663663666333366463626337630a643034323935613833633439306236
36373763393762376533393663303436373939356561363036366535666134613731316530626536
6231626666643937340a326134636337666130356639383864346639316535663638636266323535
6562
nextcloud_user_ini:
- {type: php_value, option: upload_max_filesize, value: 50GB}
- {type: php_value, option: post_max_size, value: 50GB}
- {type: php_value, option: max_input_time, value: 3600}
- {type: php_value, option: max_execution_time, value: 3600}
nextcloud_apps:
- breezedark
- calendar
- contacts
- external
- extract
- files_external
- groupfolders
- notes
- notify_push
- tasks
- twofactor_totp
nextcloud_exporter_install_dir: "/usr/local/bin"
nextcloud_exporter_system_group: "node-exporter"
nextcloud_exporter_system_user: "{{ nextcloud_exporter_system_group }}"
vault_nextcloud_exporter_token: secret
nextcloud_notify_push_install_dir: "/usr/local/bin"
nextcloud_notify_push_socket: "/run/nextcloud/notify_push.sock"
nextcloud_background_script_dir: "/usr/local/bin"