jotbe/ansible-role-nextcloud-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Compare commits

base: jotbe:master
Branches Tags
jotbe:master
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
jotbe:v1.0.2
jotbe:v1.0.1
jotbe:v1.0.0
..
compare: jotbe:feature/dict-vars-and-install-paths
Branches Tags
jotbe:master
jotbe:feature/multitenancy
jotbe:feature/dict-vars-and-install-paths
jotbe:v1.0.2
jotbe:v1.0.1
jotbe:v1.0.0

1 commit
master ... feature/di

Author SHA1 Message Date
Joschka Seydell
67abd4ae45 Consolidated var naming and added install path variable. 2020-11-29 03:35:16 -08:00
9 changed files with 92 additions and 469 deletions
Show stats Expand all files Collapse all files

2
README.md
View file

@ -17,8 +17,6 @@ TODO
Dependencies
------------
- Collection: community.docker
Example Playbook
----------------

54
defaults/main.yml
View file

@ -1,40 +1,36 @@
---
# defaults file for nextcloud
mariadb_root_password: changeme
mysql_host: mysqldb
mysql_database: nextcloud
nextcloud_install_user: '{{ ansible_user }}' # This user must be present on the host
nextcloud_install_path: '/home/{{ nextcloud_install_user }}'
nextcloud_mariadb_root_password: changeme
nextcloud_mysql_host: mysqldb
nextcloud_mysql_database: nextcloud
nextcloud_mariadb_user: nextcloud
nextcloud_mariadb_password: nextcloud
nextcloud_admin_user: admin
nextcloud_admin_password: mynextcloud
nextcloud_trusted_domains: localhost
nextcloud_trusted_proxies: [ '172.18.0.0/16' ]
nextcloud_default_phone_region: DE
nextcloud_database_utils:
- nextcloud-mysql-innodb-convert-row-format.sh
virtual_host: localhost
letsencrypt_host:
letsencrypt_email:
docker_user: deploy
smtp_host:
smtp_secure:
smtp_port: 25
smtp_authtype: PLAIN
smtp_name:
smtp_password:
mail_from_address:
mail_domain:
nextcloud_virtual_host: localhost
nextcloud_letsencrypt_host:
nextcloud_letsencrypt_email:
nextcloud_smtp_host:
nextcloud_smtp_secure:
nextcloud_smtp_port: 25
nextcloud_smtp_authtype: PLAIN
nextcloud_smtp_name:
nextcloud_smtp_password:
nextcloud_mail_from_address:
nextcloud_mail_domain:
nextcloud_overwrite_cli_url:
nextcloud_overwrite_host:
nextcloud_overwrite_protocol:
nextcloud_enable_restic_compose_backup: False
nextcloud_app_list_to_install: []
restic_aws_access_key_id:
restic_aws_secret_access_key:
restic_repository:
restic_password:
restic_keep_daily: 7
restic_keep_weekly: 4
restic_keep_monthly: 12
restic_keep_yearly: 3
restic_cron_schedule: "0 1 * * *"
nextcloud_restic_aws_access_key_id:
nextcloud_restic_aws_secret_access_key:
nextcloud_restic_repository:
nextcloud_restic_password:
nextcloud_restic_keep_daily: 7
nextcloud_restic_keep_weekly: 4
nextcloud_restic_keep_monthly: 12
nextcloud_restic_keep_yearly: 3
nextcloud_restic_cron_schedule: "0 1 * * *"

3
files/docker/proxy/Dockerfile Normal file
View file

@ -0,0 +1,3 @@
FROM jwilder/nginx-proxy:alpine
COPY uploadsize.conf /etc/nginx/conf.d/uploadsize.conf

2
files/docker/proxy/uploadsize.conf Normal file
View file

@ -0,0 +1,2 @@
client_max_body_size 10G;
proxy_request_buffering off;

16
files/nextcloud-mysql-innodb-convert-row-format.sh
View file

@ -1,16 +0,0 @@
#!/bin/sh
# Source: https://help.nextcloud.com/t/upgrade-to-nextcloud-hub-10-31-0-0-incorrect-row-format-found-in-your-database/218366/13
# # Prompt for database credentials
# read -p "Enter Database Name: " MYSQL_DATABASE
# read -p "Enter Username: " MYSQL_USER
# read -s -p "Enter Password: " MYSQL_PASSWORD
# echo
mysql -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE" -Bse "
SELECT CONCAT('ALTER TABLE \`', TABLE_NAME, '\` ROW_FORMAT=DYNAMIC;')
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_SCHEMA = '$MYSQL_DATABASE'
AND ENGINE = 'InnoDB'
" | mysql -u "$MYSQL_USER" -p"$MYSQL_PASSWORD" "$MYSQL_DATABASE"

206
files/nginx.conf
View file

@ -1,206 +0,0 @@
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
types {
application/javascript js mjs;
}
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
send_timeout 3600;
tcp_nopush on;
tcp_nodelay on;
open_file_cache max=500 inactive=10m;
open_file_cache_errors on;
reset_timedout_connection on;
set_real_ip_from revproxy;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
# Prevent nginx HTTP Server Detection
server_tokens off;
keepalive_timeout 65;
#gzip on;
upstream php-handler {
server nextcloud-app:9000;
}
server {
listen 80;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
# set max upload size
client_max_body_size 512M;
# Do not limit download file size (default: 1G)
fastcgi_max_temp_file_size 0;
#fastcgi_buffers 64 4K;
fastcgi_buffers 64 64K;
fastcgi_buffer_size 256k;
fastcgi_busy_buffers_size 3840K;
fastcgi_read_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_connect_timeout 3600;
fastcgi_cache_key $http_cookie$request_method$host$request_uri;
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
gzip_disable "MSIE [1-6]\."
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
# HTTP response headers borrowed from Nextcloud `.htaccess`
add_header Referrer-Policy "no-referrer" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
add_header X-Robots-Tag "noindex, nofollow" always;
add_header X-XSS-Protection "1; mode=block" always;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Path to the root of your installation
root /var/www/html;
# Specify how to handle directories -- specifying `/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html /index.php$request_uri;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = / {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 /remote.php/webdav/$is_args$args;
}
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Make a regex exception for `/.well-known` so that clients can still
# access it despite the existence of the regex rule
# `location ~ /(\.|autotest|...)` which would otherwise handle requests
# for `/.well-known`.
location ^~ /.well-known {
# The rules in this block are an adaptation of the rules
# in `.htaccess` that concern `/.well-known`.
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
location /.well-known/pki-validation { try_files $uri $uri/ =404; }
# Let Nextcloud's API for `/.well-known` URIs handle all other
# requests by passing them to the front-end controller.
return 301 /index.php$request_uri;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
# to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
# Required for legacy support
rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
#fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_cache_valid 404 1m;
fastcgi_cache_valid any 1h;
fastcgi_cache_methods GET HEAD;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri /index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Rule borrowed from `.htaccess`
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}
}
}

1
meta/main.yml
View file

@ -49,6 +49,7 @@ galaxy_info:
dependencies:
- geerlingguy.pip
- geerlingguy.docker
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

246
tasks/main.yml
View file

@ -2,48 +2,21 @@
# tasks file for nextcloud
- name: Ensure nextcloud config directory exists
file:
path: /home/{{ docker_user }}/nextcloud
path: "{{ nextcloud_install_path }}/nextcloud"
state: directory
owner: '{{ docker_user }}'
group: '{{ docker_user }}'
- name: Provide nginx.conf
copy:
src: nginx.conf
dest: /home/{{ docker_user }}/nextcloud/nginx.conf
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
mode: '0644'
- name: Ensure database utils scripts directory exists
file:
path: /home/{{ docker_user }}/nextcloud/utils
state: directory
owner: '{{ docker_user }}'
group: '{{ docker_user }}'
- name: Provide database utils scripts
copy:
src: "{{ item }}"
dest: /home/{{ docker_user }}/nextcloud/utils/
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
mode: '0644'
loop: "{{ nextcloud_database_utils }}"
when:
- nextcloud_database_utils is defined
- nextcloud_database_utils | length > 0
owner: '{{ nextcloud_install_user }}'
group: '{{ nextcloud_install_user }}'
- name: Provide docker-compose.yml
template:
src: templates/docker-compose.nextcloud.yml.j2
dest: /home/{{ docker_user }}/nextcloud/docker-compose.yml
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ nextcloud_install_path }}/nextcloud/docker-compose.yml"
owner: "{{ nextcloud_install_user }}"
group: "{{ nextcloud_install_user }}"
mode: '0644'
- name: Output docker-compose.yml
shell: cat /home/{{ docker_user }}/nextcloud/docker-compose.yml
shell: cat {{ nextcloud_install_path }}/nextcloud/docker-compose.yml
register: output
- debug:
@ -51,85 +24,73 @@
- name: Provide database env vars
copy:
dest: /home/{{ docker_user }}/nextcloud/db.env
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ nextcloud_install_path }}/nextcloud/db.env"
owner: "{{ nextcloud_install_user }}"
group: "{{ nextcloud_install_user }}"
mode: '0640'
content: |
# See https://github.com/docker-library/mariadb/issues/262
MYSQL_INITDB_SKIP_TZINFO=1
MYSQL_ROOT_PASSWORD={{ mariadb_root_password }}
MYSQL_DATABASE={{ mysql_database }}
MYSQL_ROOT_PASSWORD={{ nextcloud_mariadb_root_password }}
MYSQL_DATABASE={{ nextcloud_mysql_database }}
MYSQL_PASSWORD={{ nextcloud_mariadb_password }}
MYSQL_USER={{ nextcloud_mariadb_user }}
- name: Provide Nextcloud env vars
copy:
dest: /home/{{ docker_user }}/nextcloud/nextcloud.env
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ nextcloud_install_path }}/nextcloud/nextcloud.env"
owner: "{{ nextcloud_install_user }}"
group: "{{ nextcloud_install_user }}"
mode: '0640'
content: |
VIRTUAL_HOST={{ virtual_host }}
LETSENCRYPT_HOST={{ letsencrypt_host }}
LETSENCRYPT_EMAIL={{ letsencrypt_email }}
MYSQL_HOST={{ mysql_host }}
MYSQL_DATABASE={{ mysql_database }}
VIRTUAL_HOST={{ nextcloud_virtual_host }}
LETSENCRYPT_HOST={{ nextcloud_letsencrypt_host }}
LETSENCRYPT_EMAIL={{ nextcloud_letsencrypt_email }}
MYSQL_HOST={{ nextcloud_mysql_host }}
MYSQL_DATABASE={{ nextcloud_mysql_database }}
MYSQL_PASSWORD={{ nextcloud_mariadb_password }}
MYSQL_USER={{ nextcloud_mariadb_user }}
NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }}
NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_password }}
NEXTCLOUD_TRUSTED_DOMAINS={{ nextcloud_trusted_domains }}
SMTP_HOST={{ smtp_host }}
SMTP_SECURE={{ smtp_secure }}
SMTP_PORT={{ smtp_port }}
SMTP_AUTHTYPE={{ smtp_authtype }}
SMTP_NAME={{ smtp_name }}
SMTP_PASSWORD={{ smtp_password }}
MAIL_FROM_ADDRESS={{ mail_from_address }}
MAIL_DOMAIN={{ mail_domain }}
REDIS_HOST=redis
REDIS_HOST_PASSWORD={{ redis_host_password }}
- name: Provide Redis env vars
copy:
dest: /home/{{ docker_user }}/nextcloud/redis.env
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
mode: '0640'
content: |
REDIS_PASSWORD={{ redis_host_password }}
SMTP_HOST={{ nextcloud_smtp_host }}
SMTP_SECURE={{ nextcloud_smtp_secure }}
SMTP_PORT={{ nextcloud_smtp_port }}
SMTP_AUTHTYPE={{ nextcloud_smtp_authtype }}
SMTP_NAME={{ nextcloud_smtp_name }}
SMTP_PASSWORD={{ nextcloud_smtp_password }}
MAIL_FROM_ADDRESS={{ nextcloud_mail_from_address }}
MAIL_DOMAIN={{ nextcloud_mail_domain }}
- name: Provide restic-compose-backup env vars
copy:
dest: /home/{{ docker_user }}/nextcloud/restic-compose-backup.env
owner: "{{ docker_user }}"
group: "{{ docker_user }}"
dest: "{{ nextcloud_install_path }}/nextcloud/restic-compose-backup.env"
owner: "{{ nextcloud_install_user }}"
group: "{{ nextcloud_install_user }}"
mode: '0640'
content: |
AWS_ACCESS_KEY_ID={{ restic_aws_access_key_id }}
AWS_SECRET_ACCESS_KEY={{ restic_aws_secret_access_key }}
RESTIC_REPOSITORY={{ restic_repository }}
RESTIC_PASSWORD={{ restic_password }}
AWS_ACCESS_KEY_ID={{ nextcloud_restic_aws_access_key_id }}
AWS_SECRET_ACCESS_KEY={{ nextcloud_restic_aws_secret_access_key }}
RESTIC_REPOSITORY={{ nextcloud_restic_repository }}
RESTIC_PASSWORD={{ nextcloud_restic_password }}
# snapshot prune rules
RESTIC_KEEP_DAILY={{ restic_keep_daily}}
RESTIC_KEEP_WEEKLY={{ restic_keep_weekly }}
RESTIC_KEEP_MONTHLY={{ restic_keep_monthly }}
RESTIC_KEEP_YEARLY={{ restic_keep_yearly }}
RESTIC_KEEP_DAILY={{ nextcloud_restic_keep_daily}}
RESTIC_KEEP_WEEKLY={{ nextcloud_restic_keep_weekly }}
RESTIC_KEEP_MONTHLY={{ nextcloud_restic_keep_monthly }}
RESTIC_KEEP_YEARLY={{ nextcloud_restic_keep_yearly }}
# Cron schedule. Run every day at 1am
CRON_SCHEDULE="{{ restic_cron_schedule }}"
CRON_SCHEDULE="{{ nextcloud_restic_cron_schedule }}"
when: nextcloud_enable_restic_compose_backup == true
- name: "docker-compose: Teardown existing Nextcloud service (will keep your volumes)"
- name: "docker-compose: Teardown existing Nextcloud service"
docker_compose:
project_src: "/home/{{ docker_user }}/nextcloud/"
project_src: "{{ nextcloud_install_path }}/nextcloud/"
state: absent
tags: ['teardown']
tags: ['never', 'teardown']
- name: "docker-compose: Start Nextcloud service"
docker_compose:
project_src: "/home/{{ docker_user }}/nextcloud/"
pull: true
project_src: "{{ nextcloud_install_path }}/nextcloud/"
register: output
tags: service_start
@ -138,12 +99,11 @@
- assert:
that:
- "output.services['nextcloud-app']['nextcloud-app'].state.running"
- "output.services['web']['nextcloud_web_1'].state.running"
- "output.ansible_facts['nextcloud-app']['nextcloud-app'].state.running"
- name: Get container IP
set_fact:
nextcloud_ip: "{{ output.services['web']['nextcloud_web_1'].networks.nextcloud_default.IPAddress }}"
nextcloud_ip: "{{ output.ansible_facts['nextcloud-app']['nextcloud-app'].networks.nextcloud_default.IPAddress }}"
- name: "Waiting for Nextcloud container to become available"
become: false
@ -151,128 +111,36 @@
host: "{{ nextcloud_ip }}"
port: 80
- name: "docker-compose: Enable maintenance mode using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:mode --on'
- name: "docker-compose: Set overwriteprotocol using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"'
chdir: "{{ nextcloud_install_path }}/nextcloud/"
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwriteprotocol --value="{{ nextcloud_overwrite_protocol }}"'
- name: "docker-compose: Set overwrite.cli.url using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"'
chdir: "{{ nextcloud_install_path }}/nextcloud/"
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwrite.cli.url --value="{{ nextcloud_overwrite_cli_url }}"'
- name: "docker-compose: Set overwritehost using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"'
- name: "docker-compose: Set trusted_proxies using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set trusted_proxies {{ idx }} --value="{{ item }}"'
loop: "{{ nextcloud_trusted_proxies }}"
loop_control:
index_var: idx
- name: "docker-compose: Fix ownership of /var/www/html"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: "docker-compose exec -T --user root nextcloud-app /bin/sh -c 'chown -R www-data: /var/www/html'"
- name: "docker-compose: Install Nextcloud apps (will not fail)"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ app:install "{{ item }}"'
loop: "{{ nextcloud_app_list_to_install }}"
when: nextcloud_app_list_to_install | count
failed_when: false
register: nextcloud_app_install_result
- name: "Output app install result"
debug:
var: "{{ nextcloud_app_install_result }}"
- name: "docker-compose: Set default_phone_region using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set default_phone_region --value="{{ nextcloud_default_phone_region }}"'
- name: "docker-compose: Set maintenance_window_start to 1 using occ (This will run maintenance tasks between 01:00-05:00 UTC)"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ config:system:set maintenance_window_start --value=1 --type=integer'
- name: "docker-compose: Update all apps using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ app:update --all'
- name: "docker-compose: Add missing indices using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ db:add-missing-indices'
- name: "docker-compose: Run maintenance:repair --include-expensive using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:repair --include-expensive'
- name: "docker-compose: Run database utils"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T mysqldb /bin/sh '/opt/utils/{{ item }}'
loop: "{{ nextcloud_database_utils }}"
when:
- nextcloud_database_utils is defined
- nextcloud_database_utils | length > 0
- name: Run background jobs
tags: ['never', 'run_background_jobs']
block:
- name: Get list of background jobs
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ background-job:list --output=json'
register: background_jobs
- name: Output background jobs
debug:
msg: "{{ background_jobs.stdout }}"
- name: Run background jobs
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ background-job:execute --force-execute {{ item.id }}'
loop: "{{ background_jobs.stdout }}"
register: background_jobs_execution_result
- name: Output background jobs execution result
debug:
msg: "{{ background_jobs_execution_result }}"
- name: "docker-compose: Disable maintenance mode using occ"
shell:
chdir: /home/{{ docker_user }}/nextcloud/
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/sh -c './occ maintenance:mode --off'
cmd: docker-compose exec -T -u www-data nextcloud-app /bin/bash -c './occ config:system:set overwritehost --value="{{ nextcloud_overwrite_host }}"'
chdir: "{{ nextcloud_install_path }}/nextcloud/"
- name: "Test whether Nextcloud is healthy from the outside"
when: not ansible_check_mode
become: false
uri:
url: "{{ nextcloud_overwrite_cli_url }}/login"
return_content: yes
timeout: 300
validate_certs: no
register: url_check
delegate_to: localhost
until: "'Nextcloud' in url_check.content"
retries: 5
delay: 10
tags: health
- debug:
var: url_check
tags:
- never
- debug
tags: debug

31
templates/docker-compose.nextcloud.yml.j2
View file

@ -12,7 +12,6 @@ services:
volumes:
- mysqldb:/var/lib/mysql
- /etc/localtime:/etc/localtime:ro
- ./utils/:/opt/utils:ro
env_file:
- db.env
{% if nextcloud_enable_restic_compose_backup %}
@ -22,38 +21,18 @@ services:
restart: unless-stopped
nextcloud-app:
image: nextcloud:31-fpm-alpine
restart: unless-stopped
image: nextcloud:apache
container_name: nextcloud-app
networks:
- public
- default
depends_on:
- mysqldb
- redis
volumes:
- nextcloud:/var/www/html
- /etc/localtime:/etc/localtime:ro
env_file:
- nextcloud.env
redis:
image: bitnami/redis:latest
restart: unless-stopped
volumes:
- redis:/data
env_file:
- redis.env
web:
image: nginx
restart: unless-stopped
depends_on:
- nextcloud-app
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- /etc/localtime:/etc/localtime:ro
- nextcloud:/var/www/html
networks:
- public
- default
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik_public"
@ -72,7 +51,6 @@ services:
- "traefik.http.middlewares.nextcloud-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.nextcloud-headers.headers.STSPreload=true"
- "traefik.http.middlewares.nextcloud-headers.headers.featurePolicy=payment 'none'"
- "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=no-referrer"
- "traefik.http.middlewares.nextcloud.headers.customFrameOptionsValue=SAMEORIGIN"
#- "traefik.http.middlewares.nextcloud-headers.headers.contentSecurityPolicy=default-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; block-all-mixed-content"
- "traefik.http.routers.nextcloud.middlewares=nextcloud-rep,nextcloud-headers"
@ -97,7 +75,6 @@ services:
volumes:
mysqldb:
redis:
nextcloud:
{% if nextcloud_enable_restic_compose_backup %}
backup-cache: