From 2a1b90c8f6e00f593ca3afaf97a09249fa750adf Mon Sep 17 00:00:00 2001 From: Hollis Wu Date: Mon, 7 Oct 2024 16:27:16 +0800 Subject: [PATCH] Fix nextcloud role --- docker/nextcloud/fpm/Dockerfile | 2 +- main.yml | 14 ++++++- roles/nextcloud/README.md | 49 ++++++++++++++++-------- roles/nextcloud/defaults/main.yml | 15 +++++++- roles/nextcloud/meta/main.yml | 18 ++------- roles/nextcloud/tasks/main.yml | 63 ++++++++++++++++++++++++------- 6 files changed, 113 insertions(+), 48 deletions(-) diff --git a/docker/nextcloud/fpm/Dockerfile b/docker/nextcloud/fpm/Dockerfile index d1588a5..584e7d9 100644 --- a/docker/nextcloud/fpm/Dockerfile +++ b/docker/nextcloud/fpm/Dockerfile @@ -41,4 +41,4 @@ RUN set -ex; \ COPY www.conf /usr/local/etc/php-fpm.d/www.conf COPY php.ini /usr/local/etc/php/ -ENV NEXTCLOUD_UPDATE 1 +ENV NEXTCLOUD_UPDATE=1 diff --git a/main.yml b/main.yml index c412d75..868650c 100644 --- a/main.yml +++ b/main.yml @@ -161,7 +161,15 @@ tags: "nextcloud" roles: - role: "nextcloud" - postgres_password: !vault | + postgres_admin_password: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 38616339366639383639343335323330653536663836633437313333313730663139326465616464 + 3436336632653837353566363634316430326130323635390a623061336266633862333235396336 + 39396435313337313035616131333438663663643735316135323132343864323565636538643136 + 6134393331616563640a333035383635643061373336393362373163356233646533393862626633 + 3766 + + nextcloud_pg_password: !vault | $ANSIBLE_VAULT;1.1;AES256 64356636643033376438646161346566353062363264313832383865306237653263333864363562 3337386262353433353430663434396639396561333338390a386136396638326434396261613866 @@ -169,6 +177,10 @@ 3835306134343063360a313162343730323637663664343633383764376161623261336331333932 3437 + # HACK: Nextcloud docker image does not allow configuring redis virtual + # host. The db number must be 0. + nextcloud_redict_db: "0" + - name: "Setup syncthing" hosts: "uranus" tags: "syncthing" diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index 18f69e5..9b196ea 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -6,16 +6,13 @@ Setup [nextcloud] service in docker ## Synopsis -- Create postgres database with postgres role -- Create redis cache with redis role -- Build customized nextcloud docker images -- Create nextcloud service in docker +- Create postgres database and role for nextcloud +- Create nextcloud web and cron service in docker - Expose the nextcloud web GUI with traefik ## Requirements -- Should be distribution agnostic -- Ansible >= 2.10 (Tested on 2.10) +- Ansible >= 2.16 - traefik role should be started somewhere else ## Role Variables @@ -25,27 +22,47 @@ Setup [nextcloud] service in docker - Type: `string` - Required: Yes -(Inherited from bootstrap role) Path prefix for all persistent data. +Path prefix for all persistent data. -### `postgres_password` +### `postgres_admin_password` - Type: `string` - Required: Yes -(Inherited from postgres role) Password for the postgres database +Admin (role `postgres`) password for postgres cluster, for managing db and role for +service. + +### `nextcloud_pg_password` + +- Type: `string` +- Required: Yes + +Password for the postgres database, nextcloud_user + +### `nextcloud_redict_db` + +- Type: `string (with integer in it)` +- Required: Yes + +Redict (redis fork) database (virtual host) number. + +> [NOTE!] +> This has to be `0`. Nextcloud docker image does not allow configuring redis virtual host ### `nextcloud_domain` - Type: `string` -- Default: `git.holi0317.net` +- Default: `nc.holi0317.net` -Domain for hosting gitlab +Domain for hosting nextcloud ## Dependencies -- bootstrap role -- postgres role -- redis role +Following roles should be applied somewhere else + +- traefik +- postgres +- redict ## Example Playbook @@ -54,7 +71,9 @@ Domain for hosting gitlab roles: - role: "nextcloud" vars: - postgres_password: "hunter2" + postgres_admin_password: "hunter2" + nextcloud_pg_password: "hunter2" + redict_db: "0" ``` ## License diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index a7eab32..ae182be 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,6 +1,17 @@ # vim: ft=yaml.ansible --- # defaults file for nextcloud -nextcloud_asset_path: "{{ (service_base_path, 'asset') | path_join }}" -nextcloud_data_path: "{{ (service_base_path, 'data') | path_join }}" +nextcloud_base_path: "{{ (storage_root, 'nextcloud') | path_join }}" +nextcloud_asset_path: "{{ (nextcloud_base_path, 'asset') | path_join }}" +nextcloud_data_path: "{{ (nextcloud_base_path, 'data') | path_join }}" + +nextcloud_fpm_image: "registry.gitlab.com/holi0317/homeserver-compose/nextcloud/fpm" +nextcloud_web_image: "registry.gitlab.com/holi0317/homeserver-compose/nextcloud/web" + +nextcloud_pg_password: "" +postgres_admin_password: "" + +nextcloud_network: "nextcloud" nextcloud_domain: "nc.holi0317.net" + +nextcloud_redict_db: "0" diff --git a/roles/nextcloud/meta/main.yml b/roles/nextcloud/meta/main.yml index d5e476a..7a79885 100644 --- a/roles/nextcloud/meta/main.yml +++ b/roles/nextcloud/meta/main.yml @@ -2,20 +2,8 @@ --- galaxy_info: license: "MIT" - min_ansible_version: "2.10" + min_ansible_version: "2.16" platforms: - - name: "ArchLinux" + - name: "Fedora" versions: - - "any" - -dependencies: - - role: "bootstrap" - vars: - service_name: "nextcloud" - - role: "postgres" - vars: - service_name: "nextcloud" - postgres_user: "nextcloud" - - role: "redis" - vars: - service_name: "nextcloud" + - "39" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 9e8df52..14a02a1 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -4,21 +4,49 @@ - name: "Create directories for nextcloud" become: true loop: + - "{{ nextcloud_base_path }}" - "{{ nextcloud_data_path }}" - "{{ nextcloud_asset_path }}" - file: + ansible.builtin.file: path: "{{ item }}" owner: "82" group: "82" mode: "700" state: "directory" -- name: "create fpm container" +- name: "Create postgres user for nextcloud" + community.postgresql.postgresql_user: + name: "nextcloud" + password: "{{ nextcloud_pg_password }}" + login_host: "127.0.0.1" + login_user: "postgres" + login_password: "{{ postgres_admin_password }}" + db: "nextcloud" + role_attr_flags: "NOINHERIT" + +- name: "Create postgres database for nextcloud" + community.postgresql.postgresql_db: + name: "nextcloud" + owner: "nextcloud" + encoding: "UTF8" + login_host: "127.0.0.1" + login_user: "postgres" + login_password: "{{ postgres_admin_password }}" + +- name: "Create docker network for nextcloud" + become: true + community.docker.docker_network: + name: "{{ nextcloud_network }}" + driver: "bridge" + scope: "local" + state: "present" + +- name: "Create fpm container" become: true docker_container: &fpm state: "started" - name: "{{ service_name }}_fpm" - image: "registry.gitlab.com/holi0317/homeserver-compose/nextcloud/fpm" + name: "nextcloud_fpm" + image: "{{ nextcloud_fpm_image }}" pull: true comparisons: image: "strict" @@ -39,19 +67,23 @@ tty: false restart_policy: "always" - network_mode: "{{ service_network }}" + network_mode: "{{ nextcloud_network }}" networks: - - name: "authentik" - - name: "{{ service_network }}" + - name: "{{ nextcloud_network }}" aliases: - "nextcloud-fpm" + - name: "authentik" + - name: "postgres" + - name: "redict" env: POSTGRES_DB: "nextcloud" POSTGRES_USER: "nextcloud" - POSTGRES_PASSWORD: "{{ postgres_password }}" + POSTGRES_PASSWORD: "{{ nextcloud_pg_password }}" POSTGRES_HOST: "postgres:5432" NEXTCLOUD_DATA_DIR: "/var/data" - REDIS_HOST: "redis" + REDIS_HOST: "redict" + # FIXME: Respect nextcloud_redict_db variable + REDIS_HOST_PORT: "6379" TRUSTED_PROXIES: "0.0.0.0/0" mounts: - source: "{{ nextcloud_data_path }}" @@ -65,17 +97,20 @@ become: true docker_container: <<: *fpm - name: "{{ service_name }}_cron" + name: "nextcloud_cron" entrypoint: "/cron.sh" user: "root:root" networks: + - name: "{{ nextcloud_network }}" + - name: "postgres" + - name: "redict" - name: "Create web (nginx) container" become: true docker_container: state: "started" - name: "{{ service_name }}_web" - image: "registry.gitlab.com/holi0317/homeserver-compose/nextcloud/web" + name: "nextcloud_web" + image: "{{ nextcloud_web_image }}" pull: true comparisons: image: "strict" @@ -96,9 +131,9 @@ tty: false restart_policy: "always" - network_mode: "{{ service_network }}" + network_mode: "{{ nextcloud_network }}" networks: - - name: "{{ service_network }}" + - name: "{{ nextcloud_network }}" - name: "traefik" mounts: - source: "{{ nextcloud_asset_path }}"