nextcloud: move to generic storage

5 files changed, 287 insertions, 0 deletions

diff --git a/roles/apps/nextcloud/instance/tasks/custom-image.yml b/roles/apps/nextcloud/instance/tasks/custom-image.yml
new file mode 100644
index 00000000..f9e130a2
--- /dev/null
+++ b/roles/apps/nextcloud/instance/tasks/custom-image.yml
@@ -0,0 +1,31 @@
+---
+- name: create build directory for custom image
+  file:
+    path: "{{ nextcloud_instance_basepath }}/build"
+    state: directory
+
+- name: generate Dockerfile for custom image
+  copy:
+    content: |
+      FROM {{ nextcloud_instances[nextcloud_instance].custom_image.from | default('nextcloud:' + nextcloud_instances[nextcloud_instance].version) }}
+
+      RUN set -x \
+          && addgroup --gid {{ nextcloud_app_gid }} nc-app \
+          && adduser --uid {{ nextcloud_app_uid }} --gid {{ nextcloud_app_gid }} --system --no-create-home --home /var/www/html --disabled-login --disabled-password  nc-app
+      {% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}
+
+      {{ nextcloud_instances[nextcloud_instance].custom_image.dockerfile }}
+      {% endif %}
+    dest: "{{ nextcloud_instance_basepath }}/build/Dockerfile"
+  register: nextcloud_custom_image_docker
+
+- name: build custom image
+  docker_image:
+    name: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}"
+    state: present
+    force_source: "{{ nextcloud_custom_image_docker is changed }}"
+    source: build
+    build:
+      path: "{{ nextcloud_instance_basepath }}/build"
+      network: host
+      pull: yes
diff --git a/roles/apps/nextcloud/instance/tasks/main.yml b/roles/apps/nextcloud/instance/tasks/main.yml
new file mode 100644
index 00000000..65c4f5e3
--- /dev/null
+++ b/roles/apps/nextcloud/instance/tasks/main.yml
@@ -0,0 +1,136 @@
+---
+- name: prepare storage volume
+  vars:
+    storage_volume: "{{ nextcloud_instances[nextcloud_instance].storage }}"
+  include_role:
+    name: "storage/{{ nextcloud_instances[nextcloud_instance].storage.type }}/volume"
+
+- set_fact:
+    nextcloud_instance_basepath: "{{ storage_volume_mountpoint }}"
+
+- name: create nextcloud app subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/nextcloud"
+    owner: "{{ nextcloud_app_uid }}"
+    group: "{{ nextcloud_app_gid }}"
+    state: directory
+
+- name: create nextcloud database subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}"
+    owner: "{{ nextcloud_db_uid }}"
+    group: "{{ nextcloud_db_gid }}"
+    state: directory
+
+- name: create nextcloud redis subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/redis"
+    owner: "{{ nextcloud_redis_uid }}"
+    group: "{{ nextcloud_redis_gid }}"
+    state: directory
+
+
+- name: create auxiliary config directory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/config"
+    state: directory
+
+- name: create apache vhost config
+  template:
+    src: apache-site.conf.j2
+    dest: "{{ nextcloud_instance_basepath }}/config/apache-site.conf"
+
+- name: configure apache to run on port 8080 only
+  copy:
+    content: |
+      Listen 8080
+    dest: "{{ nextcloud_instance_basepath }}/config/ports.conf"
+
+
+- name: build custom image
+  # when: "'custom_image' in nextcloud_instances[nextcloud_instance]"
+  include_tasks: custom-image.yml
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "nextcloud-{{ nextcloud_instance }}"
+      spec: "{{ lookup('template', 'pod-spec-with-{{ nextcloud_instances[nextcloud_instance].database.type }}.yml.j2') }}"
+      mode: "0600"
+      config_hash_items:
+      - path: "{{ nextcloud_instance_basepath }}/config/apache-site.conf"
+        properties:
+        - checksum
+      - path: "{{ nextcloud_instance_basepath }}/config/ports.conf"
+        properties:
+        - checksum
+      - path: "{{ nextcloud_instance_basepath }}/build/Dockerfile"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
+
+
+- name: install systemd timer unit
+  template:
+    src: cron-.timer.j2
+    dest: "/etc/systemd/system/nextcloud-cron-{{ nextcloud_instance }}.timer"
+
+- name: start/enable cron trigger systemd timer
+  systemd:
+    daemon_reload: yes
+    name: "nextcloud-cron-{{ nextcloud_instance }}.timer"
+    state: started
+    enabled: yes
+
+
+- name: configure nginx vhost
+  vars:
+    nginx_vhost:
+      name: "nextcloud-{{ nextcloud_instance }}"
+      template: generic
+      tls:
+        certificate_provider: "{{ acme_client }}"
+      hostnames: "{{ nextcloud_instances[nextcloud_instance].hostnames }}"
+      locations:
+        '/':
+          proxy_pass: "http://127.0.0.1:{{ nextcloud_instances[nextcloud_instance].port }}"
+          proxy_redirect:
+          - redirect: "http://$host/"
+            replacement: "https://$host/"
+          - redirect: "http://$host:8080/"
+            replacement: "https://$host/"
+          extra_directives: |-
+            client_max_body_size 0;
+            types {
+                text/javascript js mjs;
+            }
+  include_role:
+    name: nginx/vhost
+
+
+# TODO:
+# do this automatically!
+- name: print info for new instance
+  when: "'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new"
+  pause:
+    seconds: 5
+    prompt: |
+      ************* {{ nextcloud_instance }} is a new instance
+      **
+      **  Go to https://{{ nextcloud_instances[nextcloud_instance].hostnames[0] }} and finalize the
+      **  installation. After that run the following commands:
+      **
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set default_phone_region --value='at'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set memcache.locking --value '\OC\Memcache\Redis'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis host --value '127.0.0.1'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis port --type integer --value 6379
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis timeout --type float --value 0.0
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis password
+      **
+      **  in case you want to use an exteranl collabora/code server:
+      **
+      **  $ nextcloud-occ {{ nextcloud_instance }} app:disable richdocumentscode
+      **  $ nextcloud-occ {{ nextcloud_instance }} app:remove richdocumentscode
+      **
+      ****************************************
diff --git a/roles/apps/nextcloud/instance/templates/apache-site.conf.j2 b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2
new file mode 100644
index 00000000..a52a7fc5
--- /dev/null
+++ b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2
@@ -0,0 +1,10 @@
+<VirtualHost *:8080>
+  ServerAdmin webmaster@localhost
+  DocumentRoot /var/www/html
+
+  UseCanonicalName Off
+  UseCanonicalPhysicalPort Off
+
+  ErrorLog ${APACHE_LOG_DIR}/error.log
+  CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
diff --git a/roles/apps/nextcloud/instance/templates/cron-.timer.j2 b/roles/apps/nextcloud/instance/templates/cron-.timer.j2
new file mode 100644
index 00000000..eead0fd0
--- /dev/null
+++ b/roles/apps/nextcloud/instance/templates/cron-.timer.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Nextcloud cron.php job timer for {{ nextcloud_instance }}
+
+[Timer]
+OnCalendar=*:{{ 5 | random(seed=nextcloud_instance) }}/5
+Unit=nextcloud-cron@{{ nextcloud_instance }}.service
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2
new file mode 100644
index 00000000..b6c6137d
--- /dev/null
+++ b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2
@@ -0,0 +1,101 @@
+securityContext:
+  allowPrivilegeEscalation: false
+containers:
+- name: nextcloud
+{#  image: "nextcloud{% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}/{{ nextcloud_instance }}{% endif %}:{{ nextcloud_instances[nextcloud_instance].version }}" #}
+  image: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}"
+  securityContext:
+    runAsUser: {{ nextcloud_app_uid }}
+    runAsGroup: {{ nextcloud_app_gid }}
+  resources:
+    limits:
+      memory: "4Gi"
+{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
+  env:
+  - name: NEXTCLOUD_TRUSTED_DOMAINS
+    value: "{{ nextcloud_instances[nextcloud_instance].hostnames | join(' ') }}"
+  - name: OVERWRITEPROTOCOL
+    value: "https"
+  - name: MYSQL_HOST
+    value: 127.0.0.1
+  - name: MYSQL_DATABASE
+    value: nextcloud
+  - name: MYSQL_USER
+    value: nextcloud
+  - name: MYSQL_PASSWORD
+    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
+{% endif %}
+  volumeMounts:
+  - name: nextcloud
+    mountPath: /var/www/html
+  - name: config
+    mountPath: /etc/apache2/sites-available/000-default.conf
+    subPath: apache-site.conf
+    readOnly: true
+  - name: config
+    mountPath: /etc/apache2/ports.conf
+    subPath: ports.conf
+    readOnly: true
+  ports:
+  - containerPort: 8080
+    hostPort: {{ nextcloud_instances[nextcloud_instance].port }}
+    hostIP: 127.0.0.1
+- name: redis
+  image: "redis:{{ nextcloud_instances[nextcloud_instance].redis.version }}"
+  args:
+  - --bind 127.0.0.1
+  securityContext:
+    runAsUser: {{ nextcloud_redis_uid }}
+    runAsGroup: {{ nextcloud_redis_gid }}
+  resources:
+    limits:
+      memory: "512Mi"
+  volumeMounts:
+  - name: redis
+    mountPath: /data
+- name: database
+  image: "mariadb:{{ nextcloud_instances[nextcloud_instance].database.version }}"
+  args:
+  - --transaction-isolation=READ-COMMITTED
+  - --log-bin=binlog
+  - --binlog-format=ROW
+{% for arg in (nextcloud_instances[nextcloud_instance].database.extra_args | default([])) %}
+  - {{ arg }}
+{% endfor %}
+  securityContext:
+    runAsUser: {{ nextcloud_db_uid }}
+    runAsGroup: {{ nextcloud_db_gid }}
+  resources:
+    limits:
+      memory: "2Gi"
+{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
+  env:
+  - name: MYSQL_RANDOM_ROOT_PASSWORD
+    value: "true"
+  - name: MYSQL_DATABASE
+    value: nextcloud
+  - name: MYSQL_USER
+    value: nextcloud
+  - name: MYSQL_PASSWORD
+    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
+{% endif %}
+  volumeMounts:
+  - name: database
+    mountPath: /var/lib/mysql
+volumes:
+- name: config
+  hostPath:
+    path: "{{ nextcloud_instance_basepath }}/config/"
+    type: Directory
+- name: nextcloud
+  hostPath:
+    path: "{{ nextcloud_instance_basepath }}/nextcloud"
+    type: Directory
+- name: redis
+  hostPath:
+    path: "{{ nextcloud_instance_basepath }}/redis"
+    type: Directory
+- name: database
+  hostPath:
+    path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}"
+    type: Directory