jotbe/ansible-role-nextcloud-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Adjusted variables and docker-compose file to account for multitenancy setups.

Browse source
This commit is contained in:
Joschka Seydell 2020-11-30 13:39:29 -08:00
parent 67abd4ae45
commit 4992e21ecf
2 changed files with 33 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
defaults/main.yml
View file

@ -2,6 +2,7 @@
# defaults file for nextcloud # defaults file for nextcloud
nextcloud_install_user: '{{ ansible_user }}' # This user must be present on the host nextcloud_install_user: '{{ ansible_user }}' # This user must be present on the host
nextcloud_install_path: '/home/{{ nextcloud_install_user }}' nextcloud_install_path: '/home/{{ nextcloud_install_user }}'
nextcloud_multitenant_label:
nextcloud_mariadb_root_password: changeme nextcloud_mariadb_root_password: changeme
nextcloud_mysql_host: mysqldb nextcloud_mysql_host: mysqldb
nextcloud_mysql_database: nextcloud nextcloud_mysql_database: nextcloud
@ -34,3 +35,5 @@ nextcloud_restic_keep_weekly: 4
nextcloud_restic_keep_monthly: 12 nextcloud_restic_keep_monthly: 12
nextcloud_restic_keep_yearly: 3 nextcloud_restic_keep_yearly: 3
nextcloud_restic_cron_schedule: "0 1 * * *" nextcloud_restic_cron_schedule: "0 1 * * *"
# Internal variables
nextcloud_multitenant_postfix: "{{ '_' + nextcloud_multitenant_label if (nextcloud_multitenant_label) else '' }}"

55
templates/docker-compose.nextcloud.yml.j2
View file

@ -8,9 +8,11 @@ networks:
services: services:
mysqldb: mysqldb:
image: mariadb:10.4.11 image: mariadb:10.4.11
container_name: mysqldb{{ nextcloud_multitenant_postfix }}
hostname: mysqldb{{ nextcloud_multitenant_postfix }}
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes: volumes:
- mysqldb:/var/lib/mysql - mysqldb{{ nextcloud_multitenant_postfix }}:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
env_file: env_file:
- db.env - db.env
@ -22,38 +24,39 @@ services:
nextcloud-app: nextcloud-app:
image: nextcloud:apache image: nextcloud:apache
container_name: nextcloud-app container_name: nextcloud-app{{ nextcloud_multitenant_postfix }}
hostname: nextcloud-app{{ nextcloud_multitenant_postfix }}
networks: networks:
- public - public
- default - default
depends_on: depends_on:
- mysqldb - mysqldb
volumes: volumes:
- nextcloud:/var/www/html - nextcloud{{ nextcloud_multitenant_postfix }}:/var/www/html
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
env_file: env_file:
- nextcloud.env - nextcloud.env
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=traefik_public" - "traefik.docker.network=traefik_public"
- "traefik.http.routers.nextcloud.rule=Host(`{{ nextcloud_virtual_host }}`)" - "traefik.http.routers.nextcloud{{ nextcloud_multitenant_postfix }}.rule=Host(`{{ nextcloud_virtual_host }}`)"
- "traefik.http.routers.nextcloud.entrypoints=websecure" - "traefik.http.routers.nextcloud{{ nextcloud_multitenant_postfix }}.entrypoints=websecure"
- "traefik.http.routers.nextcloud.tls=true" - "traefik.http.routers.nextcloud{{ nextcloud_multitenant_postfix }}.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=defaultresolver" - "traefik.http.routers.nextcloud{{ nextcloud_multitenant_postfix }}.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.nextcloud-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-rep.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
- "traefik.http.middlewares.nextcloud-rep.redirectregex.replacement=https://$$1/remote.php/dav/" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-rep.redirectregex.replacement=https://$$1/remote.php/dav/"
- "traefik.http.middlewares.nextcloud-rep.redirectregex.permanent=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-rep.redirectregex.permanent=true"
- "traefik.http.middlewares.nextcloud-headers.headers.SSLRedirect=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.nextcloud-headers.headers.browserXSSFilter=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.nextcloud-headers.headers.forceSTSHeader=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.nextcloud-headers.headers.STSSeconds=315360000" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.STSPreload=true"
- "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.featurePolicy=payment 'none'"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN" - "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}.headers.customFrameOptionsValue=SAMEORIGIN"
#- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content" #- "traefik.http.middlewares.nextcloud{{ nextcloud_multitenant_postfix }}-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers" - "traefik.http.routers.nextcloud{{ nextcloud_multitenant_postfix }}.middlewares=nextcloud{{ nextcloud_multitenant_postfix }}-rep,nextcloud{{ nextcloud_multitenant_postfix }}-headers"
{% if nextcloud_enable_restic_compose_backup %} {% if nextcloud_enable_restic_compose_backup %}
- "restic-compose-backup.volumes=true" - "restic-compose-backup.volumes=true"
- "restic-compose-backup.volumes.include=nextcloud" - "restic-compose-backup.volumes.include=nextcloud"
@ -64,18 +67,20 @@ services:
# The backup service # The backup service
backup: backup:
image: zettaio/restic-compose-backup:0.4.2 image: zettaio/restic-compose-backup:0.4.2
container_name: backup{{ nextcloud_multitenant_postfix }}
hostname: backup{{ nextcloud_multitenant_postfix }}
env_file: env_file:
- restic-compose-backup.env - restic-compose-backup.env
volumes: volumes:
# We need to communicate with docker # We need to communicate with docker
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
# Persistent storage of restic cache (greatly speeds up all restic operations) # Persistent storage of restic cache (greatly speeds up all restic operations)
- backup-cache:/cache - backup-cache{{ nextcloud_multitenant_postfix }}:/cache
{% endif %} {% endif %}
volumes: volumes:
mysqldb: mysqldb{{ nextcloud_multitenant_postfix }}:
nextcloud: nextcloud{{ nextcloud_multitenant_postfix }}:
{% if nextcloud_enable_restic_compose_backup %} {% if nextcloud_enable_restic_compose_backup %}
backup-cache: backup-cache{{ nextcloud_multitenant_postfix }}:
{% endif %} {% endif %}