summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2019-10-13 03:19:34 +0200
committerChristian Pointner <equinox@spreadspace.org>2019-10-13 03:19:34 +0200
commiteb98ae2bb7f5441c6c2bdc85158df0d40f633539 (patch)
tree39fc1f66300b8cfaee47739a41b2e876f66c919c
parentkubernetes standalone cni variants (diff)
nextcloud role almost done - some stuff still missing
-rw-r--r--dan/sk-cloudia.yml1
-rw-r--r--inventory/host_vars/sk-cloudia/nextcloud.yml20
-rw-r--r--inventory/host_vars/sk-cloudia/vars.yml3
-rw-r--r--roles/nextcloud/tasks/main.yml37
-rw-r--r--roles/nextcloud/templates/pod-with-mariadb.yml.j245
-rw-r--r--roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j25
6 files changed, 91 insertions, 20 deletions
diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml
index 6e2f0f88..cd87c77e 100644
--- a/dan/sk-cloudia.yml
+++ b/dan/sk-cloudia.yml
@@ -12,3 +12,4 @@
- role: kubernetes/standalone
- role: acmetool/base
- role: nginx
+ - role: nextcloud
diff --git a/inventory/host_vars/sk-cloudia/nextcloud.yml b/inventory/host_vars/sk-cloudia/nextcloud.yml
index a39c21dd..9b14e709 100644
--- a/inventory/host_vars/sk-cloudia/nextcloud.yml
+++ b/inventory/host_vars/sk-cloudia/nextcloud.yml
@@ -15,13 +15,13 @@ nextcloud_instances:
type: mariadb
version: 10.4.8
password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}"
- insomnia.skillz.biz:
- version: 16.0.5
- port: 8101
- hostnames:
- - insomnia.skillz.biz
- quota: 200G
- database:
- type: mariadb
- version: 10.4.8
- password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
+ # insomnia.skillz.biz:
+ # version: 16.0.5
+ # port: 8101
+ # hostnames:
+ # - insomnia.skillz.biz
+ # quota: 200G
+ # database:
+ # type: mariadb
+ # version: 10.4.8
+ # password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}"
diff --git a/inventory/host_vars/sk-cloudia/vars.yml b/inventory/host_vars/sk-cloudia/vars.yml
index e4d1ddf3..cb5b47a8 100644
--- a/inventory/host_vars/sk-cloudia/vars.yml
+++ b/inventory/host_vars/sk-cloudia/vars.yml
@@ -38,9 +38,11 @@ kubernetes_standalone_cni_variant: with-localonly-portmap
acmetool_directory_server: "{{ acmetool_directory_server_le_live }}"
+### TODO: should this be done via the nextcloud role?
nginx_vhosts:
wolke.elevate.at:
template: generic-proxy-no-buffering-with-acme
+ client_max_body_size: 0
acme: true
hostnames:
- wolke.elev8.at
@@ -48,6 +50,7 @@ nginx_vhosts:
proxy_pass: "http://127.0.0.1:8100"
# insomnia.skillz.biz:
# template: generic-proxy-no-buffering-with-acme
+ # client_max_body_size: 0
# acme: true
# hostnames:
# - insomnia.skillz.biz
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 8453ce65..fe65d62b 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -79,6 +79,43 @@
state: directory
+- name: create image config dir
+ loop: "{{ nextcloud_instances | list }}"
+ loop_control:
+ label: "{{ item }}"
+ file:
+ path: "{{ nextcloud_base_path }}/{{ item }}/config"
+ state: directory
+
+- name: create apache vhost config
+ loop: "{{ nextcloud_instances | list }}"
+ loop_control:
+ label: "{{ item }}"
+ copy:
+ content: |
+ <VirtualHost *:8080>
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # SetEnv HTTPS on
+ # SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ </VirtualHost>
+ dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf"
+
+- name: configure apache to run on port 8080 only
+ loop: "{{ nextcloud_instances | list }}"
+ loop_control:
+ label: "{{ item }}"
+ copy:
+ content: |
+ Listen 8080
+ dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf"
+
+
+
- name: generate pod manifests
loop: "{{ nextcloud_instances | dict2items }}"
loop_control:
diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
index 4e2f6baa..7fa40cd4 100644
--- a/roles/nextcloud/templates/pod-with-mariadb.yml.j2
+++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -7,17 +7,35 @@ spec:
allowPrivilegeEscalation: false
containers:
- name: nextcloud
- image: debian:buster
- command:
- - /bin/bash
- - -c
- - "sleep 7200"
- # securityContext:
- # runAsUser: {{ nextcloud_app_uid }}
- # runAsGroup: {{ nextcloud_app_gid }}
+ image: "nextcloud:{{ item.value.version }}"
+ securityContext:
+ runAsUser: {{ nextcloud_app_uid }}
+ runAsGroup: {{ nextcloud_app_gid }}
+ resources:
+ limits:
+ memory: "4Gi"
+ env:
+ - name: NEXTCLOUD_TRUSTED_DOMAINS
+ value: "{{ item.value.hostnames | join(' ') }}"
+ - name: MYSQL_HOST
+ value: 127.0.0.1
+ - name: MYSQL_DATABASE
+ value: nextcloud
+ - name: MYSQL_USER
+ value: nextcloud
+ - name: MYSQL_PASSWORD
+ value: "{{ item.value.database.password }}"
volumeMounts:
- name: nextcloud
mountPath: /var/www/html
+ - name: config
+ mountPath: /etc/apache2/sites-available/000-default.conf
+ subPath: apache-site.conf
+ readOnly: true
+ - name: config
+ mountPath: /etc/apache2/ports.conf
+ subPath: ports.conf
+ readOnly: true
ports:
- containerPort: 8080
hostPort: {{ item.value.port }}
@@ -29,19 +47,26 @@ spec:
securityContext:
runAsUser: {{ nextcloud_db_uid }}
runAsGroup: {{ nextcloud_db_gid }}
+ resources:
+ limits:
+ memory: "2Gi"
env:
- name: MYSQL_RANDOM_ROOT_PASSWORD
value: "true"
- - name: MYSQL_PASSWORD
- value: "{{ item.value.database.password }}"
- name: MYSQL_DATABASE
value: nextcloud
- name: MYSQL_USER
value: nextcloud
+ - name: MYSQL_PASSWORD
+ value: "{{ item.value.database.password }}"
volumeMounts:
- name: database
mountPath: /var/lib/mysql
volumes:
+ - name: config
+ hostPath:
+ path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
+ type: Directory
- name: nextcloud
hostPath:
path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
diff --git a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
index 8cad2994..9f165726 100644
--- a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -23,11 +23,16 @@ server {
location / {
include snippets/proxy-nobuff.conf;
+{% if 'client_max_body_size' in item.value %}
+ client_max_body_size {{ item.value.client_max_body_size }};
+{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_set_header X-Forwarded-Port $server_port;
# for websockets
proxy_set_header Upgrade $http_upgrade;