diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-08-25 17:26:23 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-08-25 17:26:23 +0200 |
commit | 1b677375d1b629eb848ac34d428c6e5dcacda507 (patch) | |
tree | a03ea510f0a4b11b8ce19734e110b5b7daf6f752 /roles/apps/nextcloud/instance | |
parent | nextcloud/office: move test instances to new sk-cloudio (diff) |
nextcloud: move to generic storage
Diffstat (limited to 'roles/apps/nextcloud/instance')
5 files changed, 287 insertions, 0 deletions
diff --git a/roles/apps/nextcloud/instance/tasks/custom-image.yml b/roles/apps/nextcloud/instance/tasks/custom-image.yml new file mode 100644 index 00000000..f9e130a2 --- /dev/null +++ b/roles/apps/nextcloud/instance/tasks/custom-image.yml @@ -0,0 +1,31 @@ +--- +- name: create build directory for custom image + file: + path: "{{ nextcloud_instance_basepath }}/build" + state: directory + +- name: generate Dockerfile for custom image + copy: + content: | + FROM {{ nextcloud_instances[nextcloud_instance].custom_image.from | default('nextcloud:' + nextcloud_instances[nextcloud_instance].version) }} + + RUN set -x \ + && addgroup --gid {{ nextcloud_app_gid }} nc-app \ + && adduser --uid {{ nextcloud_app_uid }} --gid {{ nextcloud_app_gid }} --system --no-create-home --home /var/www/html --disabled-login --disabled-password nc-app + {% if 'custom_image' in nextcloud_instances[nextcloud_instance] %} + + {{ nextcloud_instances[nextcloud_instance].custom_image.dockerfile }} + {% endif %} + dest: "{{ nextcloud_instance_basepath }}/build/Dockerfile" + register: nextcloud_custom_image_docker + +- name: build custom image + docker_image: + name: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}" + state: present + force_source: "{{ nextcloud_custom_image_docker is changed }}" + source: build + build: + path: "{{ nextcloud_instance_basepath }}/build" + network: host + pull: yes diff --git a/roles/apps/nextcloud/instance/tasks/main.yml b/roles/apps/nextcloud/instance/tasks/main.yml new file mode 100644 index 00000000..65c4f5e3 --- /dev/null +++ b/roles/apps/nextcloud/instance/tasks/main.yml @@ -0,0 +1,136 @@ +--- +- name: prepare storage volume + vars: + storage_volume: "{{ nextcloud_instances[nextcloud_instance].storage }}" + include_role: + name: "storage/{{ nextcloud_instances[nextcloud_instance].storage.type }}/volume" + +- set_fact: + nextcloud_instance_basepath: "{{ storage_volume_mountpoint }}" + +- name: create nextcloud app subdirectory + file: + path: "{{ nextcloud_instance_basepath }}/nextcloud" + owner: "{{ nextcloud_app_uid }}" + group: "{{ nextcloud_app_gid }}" + state: directory + +- name: create nextcloud database subdirectory + file: + path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}" + owner: "{{ nextcloud_db_uid }}" + group: "{{ nextcloud_db_gid }}" + state: directory + +- name: create nextcloud redis subdirectory + file: + path: "{{ nextcloud_instance_basepath }}/redis" + owner: "{{ nextcloud_redis_uid }}" + group: "{{ nextcloud_redis_gid }}" + state: directory + + +- name: create auxiliary config directory + file: + path: "{{ nextcloud_instance_basepath }}/config" + state: directory + +- name: create apache vhost config + template: + src: apache-site.conf.j2 + dest: "{{ nextcloud_instance_basepath }}/config/apache-site.conf" + +- name: configure apache to run on port 8080 only + copy: + content: | + Listen 8080 + dest: "{{ nextcloud_instance_basepath }}/config/ports.conf" + + +- name: build custom image + # when: "'custom_image' in nextcloud_instances[nextcloud_instance]" + include_tasks: custom-image.yml + +- name: install pod manifest + vars: + kubernetes_standalone_pod: + name: "nextcloud-{{ nextcloud_instance }}" + spec: "{{ lookup('template', 'pod-spec-with-{{ nextcloud_instances[nextcloud_instance].database.type }}.yml.j2') }}" + mode: "0600" + config_hash_items: + - path: "{{ nextcloud_instance_basepath }}/config/apache-site.conf" + properties: + - checksum + - path: "{{ nextcloud_instance_basepath }}/config/ports.conf" + properties: + - checksum + - path: "{{ nextcloud_instance_basepath }}/build/Dockerfile" + properties: + - checksum + include_role: + name: kubernetes/standalone/pod + + +- name: install systemd timer unit + template: + src: cron-.timer.j2 + dest: "/etc/systemd/system/nextcloud-cron-{{ nextcloud_instance }}.timer" + +- name: start/enable cron trigger systemd timer + systemd: + daemon_reload: yes + name: "nextcloud-cron-{{ nextcloud_instance }}.timer" + state: started + enabled: yes + + +- name: configure nginx vhost + vars: + nginx_vhost: + name: "nextcloud-{{ nextcloud_instance }}" + template: generic + tls: + certificate_provider: "{{ acme_client }}" + hostnames: "{{ nextcloud_instances[nextcloud_instance].hostnames }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ nextcloud_instances[nextcloud_instance].port }}" + proxy_redirect: + - redirect: "http://$host/" + replacement: "https://$host/" + - redirect: "http://$host:8080/" + replacement: "https://$host/" + extra_directives: |- + client_max_body_size 0; + types { + text/javascript js mjs; + } + include_role: + name: nginx/vhost + + +# TODO: +# do this automatically! +- name: print info for new instance + when: "'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new" + pause: + seconds: 5 + prompt: | + ************* {{ nextcloud_instance }} is a new instance + ** + ** Go to https://{{ nextcloud_instances[nextcloud_instance].hostnames[0] }} and finalize the + ** installation. After that run the following commands: + ** + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set default_phone_region --value='at' + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set memcache.locking --value '\OC\Memcache\Redis' + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis host --value '127.0.0.1' + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis port --type integer --value 6379 + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis timeout --type float --value 0.0 + ** $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis password + ** + ** in case you want to use an exteranl collabora/code server: + ** + ** $ nextcloud-occ {{ nextcloud_instance }} app:disable richdocumentscode + ** $ nextcloud-occ {{ nextcloud_instance }} app:remove richdocumentscode + ** + **************************************** diff --git a/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 new file mode 100644 index 00000000..a52a7fc5 --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 @@ -0,0 +1,10 @@ +<VirtualHost *:8080> + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + UseCanonicalName Off + UseCanonicalPhysicalPort Off + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> diff --git a/roles/apps/nextcloud/instance/templates/cron-.timer.j2 b/roles/apps/nextcloud/instance/templates/cron-.timer.j2 new file mode 100644 index 00000000..eead0fd0 --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/cron-.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Nextcloud cron.php job timer for {{ nextcloud_instance }} + +[Timer] +OnCalendar=*:{{ 5 | random(seed=nextcloud_instance) }}/5 +Unit=nextcloud-cron@{{ nextcloud_instance }}.service + +[Install] +WantedBy=timers.target diff --git a/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 new file mode 100644 index 00000000..b6c6137d --- /dev/null +++ b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 @@ -0,0 +1,101 @@ +securityContext: + allowPrivilegeEscalation: false +containers: +- name: nextcloud +{# image: "nextcloud{% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}/{{ nextcloud_instance }}{% endif %}:{{ nextcloud_instances[nextcloud_instance].version }}" #} + image: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}" + securityContext: + runAsUser: {{ nextcloud_app_uid }} + runAsGroup: {{ nextcloud_app_gid }} + resources: + limits: + memory: "4Gi" +{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %} + env: + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: "{{ nextcloud_instances[nextcloud_instance].hostnames | join(' ') }}" + - name: OVERWRITEPROTOCOL + value: "https" + - name: MYSQL_HOST + value: 127.0.0.1 + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_PASSWORD + value: "{{ nextcloud_instances[nextcloud_instance].database.password }}" +{% endif %} + volumeMounts: + - name: nextcloud + mountPath: /var/www/html + - name: config + mountPath: /etc/apache2/sites-available/000-default.conf + subPath: apache-site.conf + readOnly: true + - name: config + mountPath: /etc/apache2/ports.conf + subPath: ports.conf + readOnly: true + ports: + - containerPort: 8080 + hostPort: {{ nextcloud_instances[nextcloud_instance].port }} + hostIP: 127.0.0.1 +- name: redis + image: "redis:{{ nextcloud_instances[nextcloud_instance].redis.version }}" + args: + - --bind 127.0.0.1 + securityContext: + runAsUser: {{ nextcloud_redis_uid }} + runAsGroup: {{ nextcloud_redis_gid }} + resources: + limits: + memory: "512Mi" + volumeMounts: + - name: redis + mountPath: /data +- name: database + image: "mariadb:{{ nextcloud_instances[nextcloud_instance].database.version }}" + args: + - --transaction-isolation=READ-COMMITTED + - --log-bin=binlog + - --binlog-format=ROW +{% for arg in (nextcloud_instances[nextcloud_instance].database.extra_args | default([])) %} + - {{ arg }} +{% endfor %} + securityContext: + runAsUser: {{ nextcloud_db_uid }} + runAsGroup: {{ nextcloud_db_gid }} + resources: + limits: + memory: "2Gi" +{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %} + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "true" + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + - name: MYSQL_PASSWORD + value: "{{ nextcloud_instances[nextcloud_instance].database.password }}" +{% endif %} + volumeMounts: + - name: database + mountPath: /var/lib/mysql +volumes: +- name: config + hostPath: + path: "{{ nextcloud_instance_basepath }}/config/" + type: Directory +- name: nextcloud + hostPath: + path: "{{ nextcloud_instance_basepath }}/nextcloud" + type: Directory +- name: redis + hostPath: + path: "{{ nextcloud_instance_basepath }}/redis" + type: Directory +- name: database + hostPath: + path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}" + type: Directory |