diff --git a/README.md b/README.md index 253fc46..c17ee1c 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,6 @@ TODO Dependencies ------------ -- Collection: community.docker - Example Playbook ---------------- diff --git a/defaults/main.yml b/defaults/main.yml index 6a4693b..ba6347e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,40 +1,36 @@ --- # defaults file for nextcloud -mariadb_root_password: changeme -mysql_host: mysqldb -mysql_database: nextcloud +nextcloud_install_user: '{{ ansible_user }}' # This user must be present on the host +nextcloud_install_path: '/home/{{ nextcloud_install_user }}' +nextcloud_mariadb_root_password: changeme +nextcloud_mysql_host: mysqldb +nextcloud_mysql_database: nextcloud nextcloud_mariadb_user: nextcloud nextcloud_mariadb_password: nextcloud nextcloud_admin_user: admin nextcloud_admin_password: mynextcloud nextcloud_trusted_domains: localhost -nextcloud_trusted_proxies: [ '172.18.0.0/16' ] -nextcloud_default_phone_region: DE -nextcloud_database_utils: - - nextcloud-mysql-innodb-convert-row-format.sh -virtual_host: localhost -letsencrypt_host: -letsencrypt_email: -docker_user: deploy -smtp_host: -smtp_secure: -smtp_port: 25 -smtp_authtype: PLAIN -smtp_name: -smtp_password: -mail_from_address: -mail_domain: +nextcloud_virtual_host: localhost +nextcloud_letsencrypt_host: +nextcloud_letsencrypt_email: +nextcloud_smtp_host: +nextcloud_smtp_secure: +nextcloud_smtp_port: 25 +nextcloud_smtp_authtype: PLAIN +nextcloud_smtp_name: +nextcloud_smtp_password: +nextcloud_mail_from_address: +nextcloud_mail_domain: nextcloud_overwrite_cli_url: nextcloud_overwrite_host: nextcloud_overwrite_protocol: nextcloud_enable_restic_compose_backup: False -nextcloud_app_list_to_install: [] -restic_aws_access_key_id: -restic_aws_secret_access_key: -restic_repository: -restic_password: -restic_keep_daily: 7 -restic_keep_weekly: 4 -restic_keep_monthly: 12 -restic_keep_yearly: 3 -restic_cron_schedule: "0 1 * * *" +nextcloud_restic_aws_access_key_id: +nextcloud_restic_aws_secret_access_key: +nextcloud_restic_repository: +nextcloud_restic_password: +nextcloud_restic_keep_daily: 7 +nextcloud_restic_keep_weekly: 4 +nextcloud_restic_keep_monthly: 12 +nextcloud_restic_keep_yearly: 3 +nextcloud_restic_cron_schedule: "0 1 * * *" diff --git a/files/docker/proxy/Dockerfile b/files/docker/proxy/Dockerfile new file mode 100644 index 0000000..0c066d0 --- /dev/null +++ b/files/docker/proxy/Dockerfile @@ -0,0 +1,3 @@ +FROM jwilder/nginx-proxy:alpine + +COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf \ No newline at end of file diff --git a/files/docker/proxy/uploadsize.conf b/files/docker/proxy/uploadsize.conf new file mode 100644 index 0000000..70a739d --- /dev/null +++ b/files/docker/proxy/uploadsize.conf @@ -0,0 +1,2 @@ +client_max_body_size 10G; +proxy_request_buffering off; \ No newline at end of file diff --git a/files/nextcloud-mysql-innodb-convert-row-format.sh b/files/nextcloud-mysql-innodb-convert-row-format.sh deleted file mode 100755 index e6360c4..0000000 --- a/files/nextcloud-mysql-innodb-convert-row-format.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Source: https://help.nextcloud.com/t/upgrade-to-nextcloud-hub-10-31-0-0-incorrect-row-format-found-in-your-database/218366/13 - -# # Prompt for database credentials -# read -p "Enter Database Name: " MYSQL_DATABASE -# read -p "Enter Username: " MYSQL_USER -# read -s -p "Enter Password: " MYSQL_PASSWORD -# echo - -mysql -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -Bse " -SELECT CONCAT('ALTER TABLE \`', TABLE_NAME, '\` ROW_FORMAT=DYNAMIC;') -FROM INFORMATION_SCHEMA.TABLES -WHERE TABLE_SCHEMA = '$MYSQL_DATABASE' -AND ENGINE = 'InnoDB' -" | mysql -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" \ No newline at end of file diff --git a/files/nginx.conf b/files/nginx.conf deleted file mode 100644 index 31a5023..0000000 --- a/files/nginx.conf +++ /dev/null @@ -1,206 +0,0 @@ -worker_processes auto; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - types { - application/javascript js mjs; - } - - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - send_timeout 3600; - tcp_nopush on; - tcp_nodelay on; - - open_file_cache max=500 inactive=10m; - open_file_cache_errors on; - reset_timedout_connection on; - - set_real_ip_from revproxy; - real_ip_header X-Forwarded-For; - real_ip_recursive on; - - # Prevent nginx HTTP Server Detection - server_tokens off; - - keepalive_timeout 65; - - #gzip on; - - upstream php-handler { - server nextcloud-app:9000; - } - - server { - listen 80; - - # HSTS settings - # WARNING: Only add the preload option once you read about - # the consequences in https://hstspreload.org/. This option - # will add the domain to a hardcoded list that is shipped - # in all major browsers and getting removed from this list - # could take several months. - #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; - - # set max upload size - client_max_body_size 512M; - - # Do not limit download file size (default: 1G) - fastcgi_max_temp_file_size 0; - - #fastcgi_buffers 64 4K; - fastcgi_buffers 64 64K; - fastcgi_buffer_size 256k; - fastcgi_busy_buffers_size 3840K; - fastcgi_read_timeout 3600; - fastcgi_send_timeout 3600; - fastcgi_connect_timeout 3600; - fastcgi_cache_key $http_cookie$request_method$host$request_uri; - fastcgi_cache_use_stale error timeout invalid_header http_500; - fastcgi_ignore_headers Cache-Control Expires Set-Cookie; - - - # Enable gzip but do not remove ETag headers - gzip on; - gzip_vary on; - gzip_comp_level 4; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; - gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - gzip_disable "MSIE [1-6]\." - - # Pagespeed is not supported by Nextcloud, so if your server is built - # with the `ngx_pagespeed` module, uncomment this line to disable it. - #pagespeed off; - - # HTTP response headers borrowed from Nextcloud `.htaccess` - add_header Referrer-Policy "no-referrer" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "noindex, nofollow" always; - add_header X-XSS-Protection "1; mode=block" always; - - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; - - # Path to the root of your installation - root /var/www/html; - - # Specify how to handle directories -- specifying `/index.php$request_uri` - # here as the fallback means that Nginx always exhibits the desired behaviour - # when a client requests a path that corresponds to a directory that exists - # on the server. In particular, if that directory contains an index.php file, - # that file is correctly served; if it doesn't, then the request is passed to - # the front-end controller. This consistent behaviour means that we don't need - # to specify custom rules for certain paths (e.g. images and other assets, - # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus - # `try_files $uri $uri/ /index.php$request_uri` - # always provides the desired behaviour. - index index.php index.html /index.php$request_uri; - - # Rule borrowed from `.htaccess` to handle Microsoft DAV clients - location = / { - if ( $http_user_agent ~ ^DavClnt ) { - return 302 /remote.php/webdav/$is_args$args; - } - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Make a regex exception for `/.well-known` so that clients can still - # access it despite the existence of the regex rule - # `location ~ /(\.|autotest|...)` which would otherwise handle requests - # for `/.well-known`. - location ^~ /.well-known { - # The rules in this block are an adaptation of the rules - # in `.htaccess` that concern `/.well-known`. - - location = /.well-known/carddav { return 301 /remote.php/dav/; } - location = /.well-known/caldav { return 301 /remote.php/dav/; } - - location /.well-known/acme-challenge { try_files $uri $uri/ =404; } - location /.well-known/pki-validation { try_files $uri $uri/ =404; } - - # Let Nextcloud's API for `/.well-known` URIs handle all other - # requests by passing them to the front-end controller. - return 301 /index.php$request_uri; - } - - # Rules borrowed from `.htaccess` to hide certain paths from clients - location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } - - # Ensure this block, which passes PHP files to the PHP process, is above the blocks - # which handle static assets (as seen below). If this block is not declared first, - # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` - # to the URI, resulting in a HTTP 500 error response. - location ~ \.php(?:$|/) { - # Required for legacy support - rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; - - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - set $path_info $fastcgi_path_info; - - try_files $fastcgi_script_name =404; - - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - #fastcgi_param HTTPS on; - - fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice - fastcgi_param front_controller_active true; # Enable pretty urls - - fastcgi_cache_valid 404 1m; - fastcgi_cache_valid any 1h; - fastcgi_cache_methods GET HEAD; - - fastcgi_pass php-handler; - - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ \.(?:css|js|svg|gif)$ { - try_files $uri /index.php$request_uri; - expires 6M; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - location ~ \.woff2?$ { - try_files $uri /index.php$request_uri; - expires 7d; # Cache-Control policy borrowed from `.htaccess` - access_log off; # Optional: Don't log access to assets - } - - # Rule borrowed from `.htaccess` - location /remote { - return 301 /remote.php$request_uri; - } - - location / { - try_files $uri $uri/ /index.php$request_uri; - } - } -} diff --git a/meta/main.yml b/meta/main.yml index 9461006..a52e2b3 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -49,6 +49,7 @@ galaxy_info: dependencies: - geerlingguy.pip + - geerlingguy.docker # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml index 2fc162d..7b0930e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,48 +2,21 @@ # tasks file for nextcloud - name: Ensure nextcloud config directory exists file: - path: /home/{{ docker_user }}/nextcloud + path: "{{ nextcloud_install_path }}/nextcloud" state: directory - owner: '{{ docker_user }}' - group: '{{ docker_user }}' - -- name: Provide nginx.conf - copy: - src: nginx.conf - dest: /home/{{ docker_user }}/nextcloud/nginx.conf - owner: "{{ docker_user }}" - group: "{{ docker_user }}" - mode: '0644' - -- name: Ensure database utils scripts directory exists - file: - path: /home/{{ docker_user }}/nextcloud/utils - state: directory - owner: '{{ docker_user }}' - group: '{{ docker_user }}' - -- name: Provide database utils scripts - copy: - src: "{{ item }}" - dest: /home/{{ docker_user }}/nextcloud/utils/ - owner: "{{ docker_user }}" - group: "{{ docker_user }}" - mode: '0644' - loop: "{{ nextcloud_database_utils }}" - when: - - nextcloud_database_utils is defined - - nextcloud_database_utils | length > 0 + owner: '{{ nextcloud_install_user }}' + group: '{{ nextcloud_install_user }}' - name: Provide docker-compose.yml template: src: templates/docker-compose.nextcloud.yml.j2 - dest: /home/{{ docker_user }}/nextcloud/docker-compose.yml - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ nextcloud_install_path }}/nextcloud/docker-compose.yml" + owner: "{{ nextcloud_install_user }}" + group: "{{ nextcloud_install_user }}" mode: '0644' - name: Output docker-compose.yml - shell: cat /home/{{ docker_user }}/nextcloud/docker-compose.yml + shell: cat {{ nextcloud_install_path }}/nextcloud/docker-compose.yml register: output - debug: @@ -51,85 +24,73 @@ - name: Provide database env vars copy: - dest: /home/{{ docker_user }}/nextcloud/db.env - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ nextcloud_install_path }}/nextcloud/db.env" + owner: "{{ nextcloud_install_user }}" + group: "{{ nextcloud_install_user }}" mode: '0640' content: | # See https://github.com/docker-library/mariadb/issues/262 MYSQL_INITDB_SKIP_TZINFO=1 - MYSQL_ROOT_PASSWORD={{ mariadb_root_password }} - MYSQL_DATABASE={{ mysql_database }} + MYSQL_ROOT_PASSWORD={{ nextcloud_mariadb_root_password }} + MYSQL_DATABASE={{ nextcloud_mysql_database }} MYSQL_PASSWORD={{ nextcloud_mariadb_password }} MYSQL_USER={{ nextcloud_mariadb_user }} - name: Provide Nextcloud env vars copy: - dest: /home/{{ docker_user }}/nextcloud/nextcloud.env - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ nextcloud_install_path }}/nextcloud/nextcloud.env" + owner: "{{ nextcloud_install_user }}" + group: "{{ nextcloud_install_user }}" mode: '0640' content: | - VIRTUAL_HOST={{ virtual_host }} - LETSENCRYPT_HOST={{ letsencrypt_host }} - LETSENCRYPT_EMAIL={{ letsencrypt_email }} - MYSQL_HOST={{ mysql_host }} - MYSQL_DATABASE={{ mysql_database }} + VIRTUAL_HOST={{ nextcloud_virtual_host }} + LETSENCRYPT_HOST={{ nextcloud_letsencrypt_host }} + LETSENCRYPT_EMAIL={{ nextcloud_letsencrypt_email }} + MYSQL_HOST={{ nextcloud_mysql_host }} + MYSQL_DATABASE={{ nextcloud_mysql_database }} MYSQL_PASSWORD={{ nextcloud_mariadb_password }} MYSQL_USER={{ nextcloud_mariadb_user }} NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }} NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_password }} NEXTCLOUD_TRUSTED_DOMAINS={{ nextcloud_trusted_domains }} - SMTP_HOST={{ smtp_host }} - SMTP_SECURE={{ smtp_secure }} - SMTP_PORT={{ smtp_port }} - SMTP_AUTHTYPE={{ smtp_authtype }} - SMTP_NAME={{ smtp_name }} - SMTP_PASSWORD={{ smtp_password }} - MAIL_FROM_ADDRESS={{ mail_from_address }} - MAIL_DOMAIN={{ mail_domain }} - REDIS_HOST=redis - REDIS_HOST_PASSWORD={{ redis_host_password }} - -- name: Provide Redis env vars - copy: - dest: /home/{{ docker_user }}/nextcloud/redis.env - owner: "{{ docker_user }}" - group: "{{ docker_user }}" - mode: '0640' - content: | - REDIS_PASSWORD={{ redis_host_password }} + SMTP_HOST={{ nextcloud_smtp_host }} + SMTP_SECURE={{ nextcloud_smtp_secure }} + SMTP_PORT={{ nextcloud_smtp_port }} + SMTP_AUTHTYPE={{ nextcloud_smtp_authtype }} + SMTP_NAME={{ nextcloud_smtp_name }} + SMTP_PASSWORD={{ nextcloud_smtp_password }} + MAIL_FROM_ADDRESS={{ nextcloud_mail_from_address }} + MAIL_DOMAIN={{ nextcloud_mail_domain }} - name: Provide restic-compose-backup env vars copy: - dest: /home/{{ docker_user }}/nextcloud/restic-compose-backup.env - owner: "{{ docker_user }}" - group: "{{ docker_user }}" + dest: "{{ nextcloud_install_path }}/nextcloud/restic-compose-backup.env" + owner: "{{ nextcloud_install_user }}" + group: "{{ nextcloud_install_user }}" mode: '0640' content: | - AWS_ACCESS_KEY_ID={{ restic_aws_access_key_id }} - AWS_SECRET_ACCESS_KEY={{ restic_aws_secret_access_key }} - RESTIC_REPOSITORY={{ restic_repository }} - RESTIC_PASSWORD={{ restic_password }} + AWS_ACCESS_KEY_ID={{ nextcloud_restic_aws_access_key_id }} + AWS_SECRET_ACCESS_KEY={{ nextcloud_restic_aws_secret_access_key }} + RESTIC_REPOSITORY={{ nextcloud_restic_repository }} + RESTIC_PASSWORD={{ nextcloud_restic_password }} # snapshot prune rules - RESTIC_KEEP_DAILY={{ restic_keep_daily}} - RESTIC_KEEP_WEEKLY={{ restic_keep_weekly }} - RESTIC_KEEP_MONTHLY={{ restic_keep_monthly }} - RESTIC_KEEP_YEARLY={{ restic_keep_yearly }} + RESTIC_KEEP_DAILY={{ nextcloud_restic_keep_daily}} + RESTIC_KEEP_WEEKLY={{ nextcloud_restic_keep_weekly }} + RESTIC_KEEP_MONTHLY={{ nextcloud_restic_keep_monthly }} + RESTIC_KEEP_YEARLY={{ nextcloud_restic_keep_yearly }} # Cron schedule. Run every day at 1am - CRON_SCHEDULE="{{ restic_cron_schedule }}" + CRON_SCHEDULE="{{ nextcloud_restic_cron_schedule }}" when: nextcloud_enable_restic_compose_backup == true -- name: "docker-compose: Teardown existing Nextcloud service (will keep your volumes)" +- name: "docker-compose: Teardown existing Nextcloud service" docker_compose: - project_src: "/home/{{ docker_user }}/nextcloud/" + project_src: "{{ nextcloud_install_path }}/nextcloud/" state: absent - tags: ['teardown'] + tags: ['never', 'teardown'] - name: "docker-compose: Start Nextcloud service" docker_compose: - project_src: "/home/{{ docker_user }}/nextcloud/" - pull: true + project_src: "{{ nextcloud_install_path }}/nextcloud/" register: output tags: service_start @@ -138,12 +99,11 @@ - assert: that: - - "output.services['nextcloud-app']['nextcloud-app'].state.running" - - "output.services['web']['nextcloud_web_1'].state.running" + - "output.ansible_facts['nextcloud-app']['nextcloud-app'].state.running" - name: Get container IP set_fact: - nextcloud_ip: "{{ output.services['web']['nextcloud_web_1'].networks.nextcloud_default.IPAddress }}" + nextcloud_ip: "{{ output.ansible_facts['nextcloud-app']['nextcloud-app'].networks.nextcloud_default.IPAddress }}" - name: "Waiting for Nextcloud container to become available" become: false @@ -151,128 +111,36 @@ host: "{{ nextcloud_ip }}" port: 80 -- name: "docker-compose: Enable maintenance mode using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:mode --on' - - name: "docker-compose: Set overwriteprotocol using occ" shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"' + chdir: "{{ nextcloud_install_path }}/nextcloud/" + cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"' - name: "docker-compose: Set overwrite.cli.url using occ" shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"' + chdir: "{{ nextcloud_install_path }}/nextcloud/" + cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"' - name: "docker-compose: Set overwritehost using occ" shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"' - -- name: "docker-compose: Set trusted_proxies using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set trusted_proxies {{ idx }} --value="{{ item }}"' - loop: "{{ nextcloud_trusted_proxies }}" - loop_control: - index_var: idx - -- name: "docker-compose: Fix ownership of /var/www/html" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: "docker-compose exec -T --user root nextcloud-app /bin/sh -c 'chown -R www-data: /var/www/html'" - -- name: "docker-compose: Install Nextcloud apps (will not fail)" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ app:install "{{ item }}"' - loop: "{{ nextcloud_app_list_to_install }}" - when: nextcloud_app_list_to_install | count - failed_when: false - register: nextcloud_app_install_result - -- name: "Output app install result" - debug: - var: "{{ nextcloud_app_install_result }}" - -- name: "docker-compose: Set default_phone_region using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set default_phone_region --value="{{ nextcloud_default_phone_region }}"' - -- name: "docker-compose: Set maintenance_window_start to 1 using occ (This will run maintenance tasks between 01:00-05:00 UTC)" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set maintenance_window_start --value=1 --type=integer' - -- name: "docker-compose: Update all apps using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ app:update --all' - -- name: "docker-compose: Add missing indices using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ db:add-missing-indices' - -- name: "docker-compose: Run maintenance:repair --include-expensive using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:repair --include-expensive' - -- name: "docker-compose: Run database utils" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T mysqldb /bin/sh '/opt/utils/{{ item }}' - loop: "{{ nextcloud_database_utils }}" - when: - - nextcloud_database_utils is defined - - nextcloud_database_utils | length > 0 - -- name: Run background jobs - tags: ['never', 'run_background_jobs'] - block: - - name: Get list of background jobs - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ background-job:list --output=json' - register: background_jobs - - - name: Output background jobs - debug: - msg: "{{ background_jobs.stdout }}" - - - name: Run background jobs - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ background-job:execute --force-execute {{ item.id }}' - loop: "{{ background_jobs.stdout }}" - register: background_jobs_execution_result - - - name: Output background jobs execution result - debug: - msg: "{{ background_jobs_execution_result }}" - -- name: "docker-compose: Disable maintenance mode using occ" - shell: - chdir: /home/{{ docker_user }}/nextcloud/ - cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:mode --off' + cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"' + chdir: "{{ nextcloud_install_path }}/nextcloud/" - name: "Test whether Nextcloud is healthy from the outside" when: not ansible_check_mode become: false uri: url: "{{ nextcloud_overwrite_cli_url }}/login" + return_content: yes + timeout: 300 + validate_certs: no register: url_check delegate_to: localhost + until: "'Nextcloud' in url_check.content" retries: 5 delay: 10 tags: health - debug: var: url_check - tags: - - never - - debug + tags: debug diff --git a/templates/docker-compose.nextcloud.yml.j2 b/templates/docker-compose.nextcloud.yml.j2 index fc48522..d419b56 100644 --- a/templates/docker-compose.nextcloud.yml.j2 +++ b/templates/docker-compose.nextcloud.yml.j2 @@ -12,7 +12,6 @@ services: volumes: - mysqldb:/var/lib/mysql - /etc/localtime:/etc/localtime:ro - - ./utils/:/opt/utils:ro env_file: - db.env {% if nextcloud_enable_restic_compose_backup %} @@ -22,38 +21,18 @@ services: restart: unless-stopped nextcloud-app: - image: nextcloud:31-fpm-alpine - restart: unless-stopped + image: nextcloud:apache container_name: nextcloud-app + networks: + - public + - default depends_on: - mysqldb - - redis volumes: - nextcloud:/var/www/html - /etc/localtime:/etc/localtime:ro env_file: - nextcloud.env - - redis: - image: bitnami/redis:latest - restart: unless-stopped - volumes: - - redis:/data - env_file: - - redis.env - - web: - image: nginx - restart: unless-stopped - depends_on: - - nextcloud-app - volumes: - - ./nginx.conf:/etc/nginx/nginx.conf:ro - - /etc/localtime:/etc/localtime:ro - - nextcloud:/var/www/html - networks: - - public - - default labels: - "traefik.enable=true" - "traefik.docker.network=traefik_public" @@ -72,7 +51,6 @@ services: - "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true" - "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'" - - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer" - "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN" #- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content" - "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers" @@ -97,7 +75,6 @@ services: volumes: mysqldb: - redis: nextcloud: {% if nextcloud_enable_restic_compose_backup %} backup-cache: