From 520ee33b0e24895e72b15e650acfd0c95007922b Mon Sep 17 00:00:00 2001 From: Joschka Seydell Date: Sun, 14 Jan 2024 16:40:45 +0100 Subject: [PATCH] Fixed file permissions and multitenancy feature (manually tested). --- LICENSE | 0 README.md | 0 defaults/main.yml | 2 +- files/docker/proxy/Dockerfile | 0 files/docker/proxy/uploadsize.conf | 0 handlers/main.yml | 0 meta/main.yml | 0 tasks/main.yml | 71 ++++++++--------------- templates/db.env.j2 | 6 ++ templates/docker-compose.nextcloud.yml.j2 | 6 -- templates/env.j2 | 5 ++ templates/nextcloud.env.j2 | 21 +++++++ templates/restic-compose-backup.env.j2 | 11 ++++ tests/inventory | 0 tests/test.yml | 0 vars/main.yml | 0 16 files changed, 68 insertions(+), 54 deletions(-) mode change 100644 => 100755 LICENSE mode change 100644 => 100755 README.md mode change 100644 => 100755 defaults/main.yml mode change 100644 => 100755 files/docker/proxy/Dockerfile mode change 100644 => 100755 files/docker/proxy/uploadsize.conf mode change 100644 => 100755 handlers/main.yml mode change 100644 => 100755 meta/main.yml mode change 100644 => 100755 tasks/main.yml create mode 100755 templates/db.env.j2 mode change 100644 => 100755 templates/docker-compose.nextcloud.yml.j2 create mode 100755 templates/env.j2 create mode 100755 templates/nextcloud.env.j2 create mode 100755 templates/restic-compose-backup.env.j2 mode change 100644 => 100755 tests/inventory mode change 100644 => 100755 tests/test.yml mode change 100644 => 100755 vars/main.yml diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/defaults/main.yml b/defaults/main.yml old mode 100644 new mode 100755 index d77de5f..d35f859 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -10,8 +10,8 @@ nextcloud_mariadb_user: nextcloud nextcloud_mariadb_password: nextcloud nextcloud_admin_user: admin nextcloud_admin_password: mynextcloud -nextcloud_trusted_domains: localhost nextcloud_virtual_host: localhost +nextcloud_trusted_domains: "localhost {{ ansible_host }} {{ nextcloud_virtual_host }}" nextcloud_letsencrypt_host: nextcloud_letsencrypt_email: nextcloud_smtp_host: diff --git a/files/docker/proxy/Dockerfile b/files/docker/proxy/Dockerfile old mode 100644 new mode 100755 diff --git a/files/docker/proxy/uploadsize.conf b/files/docker/proxy/uploadsize.conf old mode 100644 new mode 100755 diff --git a/handlers/main.yml b/handlers/main.yml old mode 100644 new mode 100755 diff --git a/meta/main.yml b/meta/main.yml old mode 100644 new mode 100755 diff --git a/tasks/main.yml b/tasks/main.yml old mode 100644 new mode 100755 index 7b0930e..8f08c4d --- a/tasks/main.yml +++ b/tasks/main.yml @@ -22,64 +22,41 @@ - debug: var: output +- name: Provide compose project env vars + template: + src: templates/env.j2 + dest: "{{ nextcloud_install_path }}/nextcloud/.env" + owner: "{{ nextcloud_install_user }}" + group: "{{ nextcloud_install_user }}" + mode: '0640' + tags: config + - name: Provide database env vars - copy: + template: + src: templates/db.env.j2 dest: "{{ nextcloud_install_path }}/nextcloud/db.env" owner: "{{ nextcloud_install_user }}" group: "{{ nextcloud_install_user }}" mode: '0640' - content: | - # See https://github.com/docker-library/mariadb/issues/262 - MYSQL_INITDB_SKIP_TZINFO=1 - MYSQL_ROOT_PASSWORD={{ nextcloud_mariadb_root_password }} - MYSQL_DATABASE={{ nextcloud_mysql_database }} - MYSQL_PASSWORD={{ nextcloud_mariadb_password }} - MYSQL_USER={{ nextcloud_mariadb_user }} + tags: config - name: Provide Nextcloud env vars - copy: + template: + src: templates/nextcloud.env.j2 dest: "{{ nextcloud_install_path }}/nextcloud/nextcloud.env" owner: "{{ nextcloud_install_user }}" group: "{{ nextcloud_install_user }}" mode: '0640' - content: | - VIRTUAL_HOST={{ nextcloud_virtual_host }} - LETSENCRYPT_HOST={{ nextcloud_letsencrypt_host }} - LETSENCRYPT_EMAIL={{ nextcloud_letsencrypt_email }} - MYSQL_HOST={{ nextcloud_mysql_host }} - MYSQL_DATABASE={{ nextcloud_mysql_database }} - MYSQL_PASSWORD={{ nextcloud_mariadb_password }} - MYSQL_USER={{ nextcloud_mariadb_user }} - NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }} - NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_password }} - NEXTCLOUD_TRUSTED_DOMAINS={{ nextcloud_trusted_domains }} - SMTP_HOST={{ nextcloud_smtp_host }} - SMTP_SECURE={{ nextcloud_smtp_secure }} - SMTP_PORT={{ nextcloud_smtp_port }} - SMTP_AUTHTYPE={{ nextcloud_smtp_authtype }} - SMTP_NAME={{ nextcloud_smtp_name }} - SMTP_PASSWORD={{ nextcloud_smtp_password }} - MAIL_FROM_ADDRESS={{ nextcloud_mail_from_address }} - MAIL_DOMAIN={{ nextcloud_mail_domain }} + tags: config - name: Provide restic-compose-backup env vars - copy: + template: + src: templates/restic-compose-backup.env.j2 dest: "{{ nextcloud_install_path }}/nextcloud/restic-compose-backup.env" owner: "{{ nextcloud_install_user }}" group: "{{ nextcloud_install_user }}" mode: '0640' - content: | - AWS_ACCESS_KEY_ID={{ nextcloud_restic_aws_access_key_id }} - AWS_SECRET_ACCESS_KEY={{ nextcloud_restic_aws_secret_access_key }} - RESTIC_REPOSITORY={{ nextcloud_restic_repository }} - RESTIC_PASSWORD={{ nextcloud_restic_password }} - # snapshot prune rules - RESTIC_KEEP_DAILY={{ nextcloud_restic_keep_daily}} - RESTIC_KEEP_WEEKLY={{ nextcloud_restic_keep_weekly }} - RESTIC_KEEP_MONTHLY={{ nextcloud_restic_keep_monthly }} - RESTIC_KEEP_YEARLY={{ nextcloud_restic_keep_yearly }} - # Cron schedule. Run every day at 1am - CRON_SCHEDULE="{{ nextcloud_restic_cron_schedule }}" + tags: config when: nextcloud_enable_restic_compose_backup == true - name: "docker-compose: Teardown existing Nextcloud service" @@ -99,11 +76,11 @@ - assert: that: - - "output.ansible_facts['nextcloud-app']['nextcloud-app'].state.running" + - "output.ansible_facts['nextcloud-app']['nextcloud{{ nextcloud_multitenant_postfix }}_nextcloud-app_1'].state.running" -- name: Get container IP +- name: "Get container IP" set_fact: - nextcloud_ip: "{{ output.ansible_facts['nextcloud-app']['nextcloud-app'].networks.nextcloud_default.IPAddress }}" + nextcloud_ip: "{{ output.ansible_facts['nextcloud-app']['nextcloud' + nextcloud_multitenant_postfix + '_nextcloud-app_1'].networks['nextcloud' + nextcloud_multitenant_postfix + '_default'].IPAddress }}" - name: "Waiting for Nextcloud container to become available" become: false @@ -114,16 +91,16 @@ - name: "docker-compose: Set overwriteprotocol using occ" shell: chdir: "{{ nextcloud_install_path }}/nextcloud/" - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"' + cmd: docker-compose exec -T -u www-data nextcloud{{ nextcloud_multitenant_postfix }}_nextcloud-app_1 /bin/bash -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"' - name: "docker-compose: Set overwrite.cli.url using occ" shell: chdir: "{{ nextcloud_install_path }}/nextcloud/" - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"' + cmd: docker-compose exec -T -u www-data nextcloud{{ nextcloud_multitenant_postfix }}_nextcloud-app_1 /bin/bash -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"' - name: "docker-compose: Set overwritehost using occ" shell: - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"' + cmd: docker-compose exec -T -u www-data nextcloud{{ nextcloud_multitenant_postfix }}_nextcloud-app_1 /bin/bash -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"' chdir: "{{ nextcloud_install_path }}/nextcloud/" - name: "Test whether Nextcloud is healthy from the outside" diff --git a/templates/db.env.j2 b/templates/db.env.j2 new file mode 100755 index 0000000..33d6e25 --- /dev/null +++ b/templates/db.env.j2 @@ -0,0 +1,6 @@ +# See https://github.com/docker-library/mariadb/issues/262 +MYSQL_INITDB_SKIP_TZINFO=1 +MYSQL_ROOT_PASSWORD={{ nextcloud_mariadb_root_password }} +MYSQL_DATABASE={{ nextcloud_mysql_database }} +MYSQL_PASSWORD={{ nextcloud_mariadb_password }} +MYSQL_USER={{ nextcloud_mariadb_user }} \ No newline at end of file diff --git a/templates/docker-compose.nextcloud.yml.j2 b/templates/docker-compose.nextcloud.yml.j2 old mode 100644 new mode 100755 index 5c7a142..e0ec9f0 --- a/templates/docker-compose.nextcloud.yml.j2 +++ b/templates/docker-compose.nextcloud.yml.j2 @@ -8,8 +8,6 @@ networks: services: mysqldb: image: mariadb:10.4.11 - container_name: mysqldb{{ nextcloud_multitenant_postfix }} - hostname: mysqldb{{ nextcloud_multitenant_postfix }} command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW volumes: - mysqldb{{ nextcloud_multitenant_postfix }}:/var/lib/mysql @@ -24,8 +22,6 @@ services: nextcloud-app: image: nextcloud:apache - container_name: nextcloud-app{{ nextcloud_multitenant_postfix }} - hostname: nextcloud-app{{ nextcloud_multitenant_postfix }} networks: - public - default @@ -67,8 +63,6 @@ services: # The backup service backup: image: zettaio/restic-compose-backup:0.4.2 - container_name: backup{{ nextcloud_multitenant_postfix }} - hostname: backup{{ nextcloud_multitenant_postfix }} env_file: - restic-compose-backup.env volumes: diff --git a/templates/env.j2 b/templates/env.j2 new file mode 100755 index 0000000..afce52c --- /dev/null +++ b/templates/env.j2 @@ -0,0 +1,5 @@ +# +# Docker Compose configuration +# +# Project name for this Docker Compose setup +COMPOSE_PROJECT_NAME=nextcloud{{ nextcloud_multitenant_postfix }} \ No newline at end of file diff --git a/templates/nextcloud.env.j2 b/templates/nextcloud.env.j2 new file mode 100755 index 0000000..4494642 --- /dev/null +++ b/templates/nextcloud.env.j2 @@ -0,0 +1,21 @@ +# See https://github.com/nextcloud/docker/ for available env vars +VIRTUAL_HOST={{ nextcloud_virtual_host }} +LETSENCRYPT_HOST={{ nextcloud_letsencrypt_host }} +LETSENCRYPT_EMAIL={{ nextcloud_letsencrypt_email }} +MYSQL_HOST={{ nextcloud_mysql_host }} +MYSQL_DATABASE={{ nextcloud_mysql_database }} +MYSQL_PASSWORD={{ nextcloud_mariadb_password }} +MYSQL_USER={{ nextcloud_mariadb_user }} +NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }} +NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_password }} +NEXTCLOUD_TRUSTED_DOMAINS={{ nextcloud_trusted_domains }} +OVERWRITEPROTOCOL=https +OVERWRITECLIURL=https://{{ nextcloud_virtual_host }} +SMTP_HOST={{ nextcloud_smtp_host }} +SMTP_SECURE={{ nextcloud_smtp_secure }} +SMTP_PORT={{ nextcloud_smtp_port }} +SMTP_AUTHTYPE={{ nextcloud_smtp_authtype }} +SMTP_NAME={{ nextcloud_smtp_name }} +SMTP_PASSWORD={{ nextcloud_smtp_password }} +MAIL_FROM_ADDRESS={{ nextcloud_mail_from_address }} +MAIL_DOMAIN={{ nextcloud_mail_domain }} \ No newline at end of file diff --git a/templates/restic-compose-backup.env.j2 b/templates/restic-compose-backup.env.j2 new file mode 100755 index 0000000..574fe94 --- /dev/null +++ b/templates/restic-compose-backup.env.j2 @@ -0,0 +1,11 @@ +AWS_ACCESS_KEY_ID={{ nextcloud_restic_aws_access_key_id }} +AWS_SECRET_ACCESS_KEY={{ nextcloud_restic_aws_secret_access_key }} +RESTIC_REPOSITORY={{ nextcloud_restic_repository }} +RESTIC_PASSWORD={{ nextcloud_restic_password }} +# snapshot prune rules +RESTIC_KEEP_DAILY={{ nextcloud_restic_keep_daily}} +RESTIC_KEEP_WEEKLY={{ nextcloud_restic_keep_weekly }} +RESTIC_KEEP_MONTHLY={{ nextcloud_restic_keep_monthly }} +RESTIC_KEEP_YEARLY={{ nextcloud_restic_keep_yearly }} +# Cron schedule. Run every day at 1am +CRON_SCHEDULE="{{ nextcloud_restic_cron_schedule }}" \ No newline at end of file diff --git a/tests/inventory b/tests/inventory old mode 100644 new mode 100755 diff --git a/tests/test.yml b/tests/test.yml old mode 100644 new mode 100755 diff --git a/vars/main.yml b/vars/main.yml old mode 100644 new mode 100755