initial ansible code

roles/nextcloud/tasks/configure.yml

@@ -0,0 +1,145 @@
+---
+
+- name: Configure .user.ini
+  lineinfile:
+    path: "{{ nextcloud_dir }}/.user.ini"
+    line: '{{ item.type }} {{ item.option }} {{ item.value }}'
+    create: true
+    owner: "{{ webserver_user }}"
+    group: "{{ webserver_group }}"
+  loop: "{{ nextcloud_user_ini }}"
+
+- name: Install apps
+  become: true
+  become_user: "{{ webserver_user }}"
+  command: php occ app:install {{ item }}
+  args:
+    chdir: "{{ nextcloud_dir }}"
+    creates: "{{ nextcloud_dir }}/apps/{{ item }}"
+  with_items: "{{ nextcloud_apps }}"
+
+- name: Set configs via occ
+  become: true
+  become_user: "{{ webserver_user }}"
+  command: php occ config:app:set {{ item }}
+  args:
+    chdir: "{{ nextcloud_dir }}"
+  loop:
+    - "preview jpeg_quality --value=60"
+    - "previewgenerator squareSizes --value='256 1024'"
+    - "previewgenerator widthSizes --value=2048"
+    - "previewgenerator heightSizes --value=2048"
+    - "files_trashbin background_job_expire_trash --value=no"
+    - "files_versions background_job_expire_versions --value=no"
+  when: not nextcloud_dir_stat.stat.exists
+
+- name: Get latest nextcloud_exporter version
+  github_release:
+    user: xperimental
+    repo: nextcloud-exporter
+    action: latest_release
+    token: "{{ vault_github_token }}"
+  delegate_to: localhost
+  run_once: true
+  register: nextcloud_exporter_version
+- name: "{{ nextcloud_exporter_version }}"
+  set_fact:
+    nextcloud_exporter_version: "{{ nextcloud_exporter_version | replace ('v', '', 1) | trim }}"
+  run_once: true
+
+- name: download nextcloud_exporter {{ nextcloud_exporter_version.tag }} from GitHub
+  get_url:
+    url: "https://github.com/xperimental/nextcloud-exporter/releases/download/\
+          v{{ nextcloud_exporter_version.tag }}/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}\
+          -{{ deb_architecture }}.bz2"
+    dest: "/tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}.bz2"
+  register: _download_archive
+  until: _download_archive is succeeded
+  retries: 3
+  delay: 5
+
+- name: decompress nextcloud_exporter binaries
+  command:
+    cmd: "bzip2 -dk nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}.bz2"
+    chdir: /tmp
+    creates: /tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}
+
+- name: Copy nextcloud_exporter
+  copy:
+    src: "/tmp/nextcloud-exporter-{{ nextcloud_exporter_version.tag }}-{{ deb_architecture }}"
+    dest: "{{ nextcloud_exporter_install_dir }}/nextcloud_exporter"
+    remote_src: true
+    owner: "{{ nextcloud_exporter_system_user }}"
+    group: "{{ nextcloud_exporter_system_group }}"
+    mode: 0755
+  notify: restart nextcloud_exporter
+
+- name: Get latest nextcloud_notify_push version
+  github_release:
+    user: nextcloud
+    repo: notify_push
+    action: latest_release
+    token: "{{ vault_github_token }}"
+  delegate_to: localhost
+  run_once: true
+  register: nextcloud_notify_push_version
+- name: "{{ nextcloud_notify_push_version }}"
+  set_fact:
+    nextcloud_notify_push_version: "{{ nextcloud_notify_push_version | replace ('v', '', 1) | trim }}"
+  run_once: true
+
+- name: "set deb_architecture alias"
+  set_fact:
+    deb_architecture_alias: "x86_64"
+  when: deb_architecture == "amd64"
+
+- name: "set deb_architecture alias"
+  set_fact:
+    deb_architecture_alias: "{{ deb_architecture }}"
+  when: deb_architecture != "amd64"
+
+- name: download nextcloud_notify_push {{ nextcloud_notify_push_version.tag }} from GitHub
+  get_url:
+    url: "https://github.com/nextcloud/notify_push/releases/download/v{{ nextcloud_notify_push_version.tag }}\
+          /notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
+    dest: "/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
+  register: _download_archive
+  until: _download_archive is succeeded
+  retries: 3
+  delay: 5
+
+- name: Copy nextcloud_notify_push
+  copy:
+    src: "/tmp/notify_push-{{ deb_architecture_alias }}-unknown-linux-musl"
+    dest: "{{ nextcloud_notify_push_install_dir }}/nextcloud_notify_push-{{ deb_architecture_alias }}"
+    remote_src: true
+    owner: "{{ webserver_user }}"
+    group: "{{ webserver_group }}"
+    mode: 0700
+  notify: restart nextcloud_notify_push
+
+- name: Copy nextcloud_nightlycron
+  template:
+    src: nextcloud_nightlycron.sh.j2
+    dest: "{{ nextcloud_background_script_dir }}/nextcloud_nightlycron.sh"
+    owner: "{{ webserver_user }}"
+    group: "{{ webserver_group }}"
+    mode: 0700
+
+- name: Copy the Nextcloud systemd service file
+  template:
+    src: "{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    owner: root
+    group: root
+    mode: 0644
+  loop:
+    - nextcloudcron.service
+    - nextcloudcron.timer
+    - nextcloud_notify_push.service
+    - nextcloud_exporter.service
+    - nextcloud_nightlycron.service
+    - nextcloud_nightlycron.timer
+  notify:
+    - restart {{ item | regex_replace ('\..*', '') }}
+    - restart systemd_exporter

roles/nextcloud/tasks/dependencies.yml

@@ -0,0 +1,25 @@
+---
+- name: Install required system packages
+  apt:
+    name:
+      - python3-pip
+    state: latest
+    update_cache: true
+    cache_valid_time: 3600
+
+- name: Install required python packages
+  pip:
+    name: gtar  # needed for latest nextcloud tar.bz archive
+    state: latest
+
+- name: Enable APCu
+  lineinfile:
+    path: /etc/php/{{ php_version }}/cli/conf.d/20-apcu.ini
+    line: apc.enable_cli=1
+  notify: restart php-fpm
+
+- name: "Add {{ webserver_user }} user to redis group"
+  user:
+    name: "{{ webserver_user }}"
+    groups: redis
+    append: true

roles/nextcloud/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Configure rclone
+  import_tasks: rclone.yml
+
+- name: Configure dependencies
+  import_tasks: dependencies.yml
+
+- name: Check nextcloud
+  import_tasks: nextcloud.yml
+
+- name: Configure nextcloud
+  import_tasks: configure.yml

roles/nextcloud/tasks/nextcloud.yml

@@ -0,0 +1,104 @@
+---
+# flush handlers to restart code-server before install extensions
+- name: Flush handlers befor continue
+  meta: flush_handlers
+
+- name: Check nextcloud directory
+  stat:
+    path: '{{ nextcloud_dir }}'
+  register: nextcloud_dir_stat
+
+- name: Install Nextcloud
+  block:
+    - name: Create nextcloud directory
+      file:
+        path: "{{ nextcloud_dir }}"
+        state: directory
+        owner: "{{ webserver_user }}"
+        group: "{{ webserver_group }}"
+        mode: 0775
+        force: false
+
+    - name: unpack nextcloud latest from nextcloud.com
+      unarchive:
+        remote_src: true
+        src: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
+        dest: "{{ nextcloud_dir }}"
+        owner: "{{ webserver_user }}"
+        group: "{{ webserver_group }}"
+        extra_opts:
+          - --strip-components=1
+
+    - name: Change directory ownership to webserver user
+      file:
+        path: "{{ item }}"
+        state: directory
+        recurse: true
+        owner: "{{ webserver_user }}"
+        group: "{{ webserver_group }}"
+      loop:
+        - "{{ nextcloud_dir }}"
+        - "{{ nextcloud_cache_dir }}"
+        - "{{ nextcloud_log_dir }}"
+
+    - name: Copy default config
+      template:
+        src: "nextcloud.config.json.j2"
+        dest: /tmp/nextcloud.config.json
+        owner: "{{ webserver_user }}"
+        mode: 0600
+
+    - name: Ensure nextcloud installation is finished
+      become: true
+      become_user: "{{ webserver_user }}"
+      command: >
+        php occ maintenance:install
+        --database "pgsql"
+        --database-host "{{ nextcloud_db_host }}:{{ nextcloud_db_port }}"
+        --database-name "{{ nextcloud_db_name }}"
+        --database-user "{{ nextcloud_db_user }}"
+        --database-pass "{{ vault_nextcloud_db_pass }}"
+        --admin-user "{{ nexcloud_admin_user }}"
+        --admin-pass "{{ vault_nexcloud_admin_pass }}"
+        --data-dir "{{ nextcloud_data_dir }}"
+      args:
+        chdir: "{{ nextcloud_dir }}"
+      changed_when: true
+
+    - name: Set default config
+      become: true
+      become_user: "{{ webserver_user }}"
+      command: php occ config:import /tmp/nextcloud.config.json
+      args:
+        chdir: "{{ nextcloud_dir }}"
+
+  when: not nextcloud_dir_stat.stat.exists
+
+- name: Update Nextcloud
+  block:
+    - name: Run nextcloud's updater.phar in non-interactive way
+      become: true
+      become_user: "{{ webserver_user }}"
+      command: 'php updater/updater.phar --no-interaction'
+      args:
+        chdir: "{{ nextcloud_dir }}"
+      register: nextcloud_update_result
+      changed_when: "'Start update' in nextcloud_update_result.stdout"
+
+    - name: Update result
+      debug:
+        msg: "{{ nextcloud_update_result.stdout_lines }}"
+      when: nextcloud_update_result.changed
+
+    - name: DB tuning after update
+      become: true
+      become_user: "{{ webserver_user }}"
+      command: php occ {{ item }}
+      args:
+        chdir: "{{ nextcloud_dir }}"
+      loop:
+        - db:add-missing-indices
+        - db:convert-filecache-bigint
+        - integrity:check-core
+      when: nextcloud_update_result.changed
+  when: nextcloud_updater

roles/nextcloud/tasks/rclone.yml

@@ -0,0 +1,30 @@
+---
+# ensure rclone.conf is present (meta role dependencies)
+
+- name: Create rclone mount dir
+  file:
+    path: "{{ nextcloud_rclone_mount_dir }}"
+    mode: 0755
+    state: directory
+
+# Touch rclone log file to set permissions
+- name: Touch rclone mount log file
+  file:
+    path: "{{ rclone_log_dir }}/mount_nextcloud.log"
+    state: touch
+    mode: 0644
+    access_time: preserve
+    modification_time: preserve
+
+- name: Copy rclone mount nextcloud systemd service
+  template:
+    src: rclone_mount_nextcloud.service.j2
+    dest: /etc/systemd/system/rclone_mount_nextcloud.service
+    mode: 0644
+  notify: restart rclone_mount_nextcloud
+
+- name: "Add {{ webserver_user }} user to rclone group"
+  user:
+    name: "{{ webserver_user }}"
+    groups: rclone
+    append: true