added systemd timer to rescan files from external share

4 files changed, 46 insertions, 15 deletions

diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml
index e76ace2e..837d3e3d 100644
--- a/roles/elevate/media/tasks/nextcloud-config.yml
+++ b/roles/elevate/media/tasks/nextcloud-config.yml
@@ -5,19 +5,22 @@
   changed_when: false
 
 
-- name: check if elevate group exists in nextcloud (1/2)
-  command: docker exec -u www-data nextcloud.service /var/www/html/occ group:list -n --output=json
-  register: nextcloud_group_list
+- name: check if _elevate_ user exists in nextcloud (1/2)
+  command: docker exec -u www-data nextcloud.service /var/www/html/occ user:list -n --output=json
+  register: nextcloud_user_list
   changed_when: false
   check_mode: false
 
-- name: check if elevate group exists in nextcloud (2/2)
+- name: check if _elevate_ user exists in nextcloud (2/2)
   set_fact:
-    nextcloud_group_list: "{{ nextcloud_group_list.stdout | from_json }}"
+    nextcloud_user_list: "{{ nextcloud_user_list.stdout | from_json }}"
 
-- name: create group elevate group in nextcloud
-  command: docker exec -u www-data nextcloud.service /var/www/html/occ group:add -n elevate
-  when: '"elevate" not in nextcloud_group_list'
+- name: create user _elevate_ together with group elevate in nextcloud
+  command: docker exec -u www-data -e OC_PASS={{ lookup('password', '/dev/null length=30') }} nextcloud.service /var/www/html/occ user:add -n --display-name='Dummy User for files:scan' --group=elevate --password-from-env _elevate_
+  when: '"_elevate_" not in nextcloud_user_list'
+
+- name: disable user _elevate_
+  command: docker exec -u www-data nextcloud.service /var/www/html/occ user:disable -n _elevate_
 
 
 - name: check if external storage is configured in nextcloud (1/2)
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index 9a278519..2c7863fe 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -112,17 +112,22 @@
 - name: basic nextcloud config
   import_tasks: nextcloud-config.yml
 
-- name: install nextcloud cron systemd units
+- name: install nextcloud systemd units
   with_items:
-    - service
-    - timer
+    - cron.service
+    - cron.timer
+    - rescan.service
+    - rescan.timer
   template:
-    src: "nextcloud-cron.{{ item }}.j2"
-    dest: "/etc/systemd/system/nextcloud-cron.{{ item }}"
+    src: "nextcloud-{{ item }}.j2"
+    dest: "/etc/systemd/system/nextcloud-{{ item }}"
 
-- name: make sure nextcloud cron is started and enabled
+- name: make sure nextcloud systemd timer are started and enabled
+  with_items:
+    - cron
+    - rescan
   systemd:
-    name: nextcloud-cron.timer
+    name: "nextcloud-{{ item }}.timer"
     state: started
     enabled: yes
     daemon_reload: yes
diff --git a/roles/elevate/media/templates/nextcloud-rescan.service.j2 b/roles/elevate/media/templates/nextcloud-rescan.service.j2
new file mode 100644
index 00000000..e1893b2b
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud-rescan.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Nextcloud files:scan job
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/docker exec -u www-data nextcloud.service /var/www/html/occ files:scan --path /_elevate_/files/Share
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX
diff --git a/roles/elevate/media/templates/nextcloud-rescan.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan.timer.j2
new file mode 100644
index 00000000..36d36322
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud-rescan.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Nextcloud files:scan job timer
+
+[Timer]
+OnCalendar=*:0/5
+
+[Install]
+WantedBy=timers.target