nextcloud: move to generic storage

author: Christian Pointner <equinox@spreadspace.org> 2024-08-25 17:26:23 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-08-25 17:26:23 +0200
commit: 1b677375d1b629eb848ac34d428c6e5dcacda507 (patch)
tree: a03ea510f0a4b11b8ce19734e110b5b7daf6f752 /roles/apps/nextcloud
parent: nextcloud/office: move test instances to new sk-cloudio (diff)
12 files changed, 207 insertions, 247 deletions
diff --git a/roles/apps/nextcloud/defaults/main.yml b/roles/apps/nextcloud/defaults/main.yml
index f194a6f9..ac87de94 100644
--- a/roles/apps/nextcloud/defaults/main.yml
+++ b/roles/apps/nextcloud/defaults/main.yml
@@ -8,14 +8,6 @@ nextcloud_db_gid: "951"
 nextcloud_redis_uid: "952"
 nextcloud_redis_gid: "952"
 
-# nextcloud_base_path: /srv/nextcloud
-
-# nextcloud_zfs:
-#   pool: storage
-#   name: nextcloud
-#   properties:
-#     compression: lz4
-
 # nextcloud_instances:
 #   example:
 #     new: yes
@@ -24,8 +16,8 @@ nextcloud_redis_gid: "952"
 #     hostnames:
 #     - wolke.example.com
 #     - cloud.example.com
-#     zfs_properties:
-#       quota: 100G
+#     storage:
+#       type: ...
 #     database:
 #       type: mariadb
 #       version: 10.4.8
diff --git a/roles/apps/nextcloud/tasks/custom-image.yml b/roles/apps/nextcloud/instance/tasks/custom-image.yml
index 3d9e31d1..f9e130a2 100644
--- a/roles/apps/nextcloud/tasks/custom-image.yml
+++ b/roles/apps/nextcloud/instance/tasks/custom-image.yml
@@ -1,31 +1,31 @@
 ---
 - name: create build directory for custom image
   file:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/build"
+    path: "{{ nextcloud_instance_basepath }}/build"
     state: directory
 
 - name: generate Dockerfile for custom image
   copy:
     content: |
-      FROM {{ item.value.custom_image.from | default('nextcloud:' + item.value.version) }}
+      FROM {{ nextcloud_instances[nextcloud_instance].custom_image.from | default('nextcloud:' + nextcloud_instances[nextcloud_instance].version) }}
 
       RUN set -x \
           && addgroup --gid {{ nextcloud_app_gid }} nc-app \
           && adduser --uid {{ nextcloud_app_uid }} --gid {{ nextcloud_app_gid }} --system --no-create-home --home /var/www/html --disabled-login --disabled-password  nc-app
-      {% if 'custom_image' in item.value %}
+      {% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}
 
-      {{ item.value.custom_image.dockerfile }}
+      {{ nextcloud_instances[nextcloud_instance].custom_image.dockerfile }}
       {% endif %}
-    dest: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile"
+    dest: "{{ nextcloud_instance_basepath }}/build/Dockerfile"
   register: nextcloud_custom_image_docker
 
 - name: build custom image
   docker_image:
-    name: "nextcloud/{{ item.key }}:{{ item.value.version }}"
+    name: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}"
     state: present
     force_source: "{{ nextcloud_custom_image_docker is changed }}"
     source: build
     build:
-      path: "{{ nextcloud_base_path }}/{{ item.key }}/build"
+      path: "{{ nextcloud_instance_basepath }}/build"
       network: host
       pull: yes
diff --git a/roles/apps/nextcloud/instance/tasks/main.yml b/roles/apps/nextcloud/instance/tasks/main.yml
new file mode 100644
index 00000000..65c4f5e3
--- /dev/null
+++ b/roles/apps/nextcloud/instance/tasks/main.yml
@@ -0,0 +1,136 @@
+---
+- name: prepare storage volume
+  vars:
+    storage_volume: "{{ nextcloud_instances[nextcloud_instance].storage }}"
+  include_role:
+    name: "storage/{{ nextcloud_instances[nextcloud_instance].storage.type }}/volume"
+
+- set_fact:
+    nextcloud_instance_basepath: "{{ storage_volume_mountpoint }}"
+
+- name: create nextcloud app subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/nextcloud"
+    owner: "{{ nextcloud_app_uid }}"
+    group: "{{ nextcloud_app_gid }}"
+    state: directory
+
+- name: create nextcloud database subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}"
+    owner: "{{ nextcloud_db_uid }}"
+    group: "{{ nextcloud_db_gid }}"
+    state: directory
+
+- name: create nextcloud redis subdirectory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/redis"
+    owner: "{{ nextcloud_redis_uid }}"
+    group: "{{ nextcloud_redis_gid }}"
+    state: directory
+
+
+- name: create auxiliary config directory
+  file:
+    path: "{{ nextcloud_instance_basepath }}/config"
+    state: directory
+
+- name: create apache vhost config
+  template:
+    src: apache-site.conf.j2
+    dest: "{{ nextcloud_instance_basepath }}/config/apache-site.conf"
+
+- name: configure apache to run on port 8080 only
+  copy:
+    content: |
+      Listen 8080
+    dest: "{{ nextcloud_instance_basepath }}/config/ports.conf"
+
+
+- name: build custom image
+  # when: "'custom_image' in nextcloud_instances[nextcloud_instance]"
+  include_tasks: custom-image.yml
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "nextcloud-{{ nextcloud_instance }}"
+      spec: "{{ lookup('template', 'pod-spec-with-{{ nextcloud_instances[nextcloud_instance].database.type }}.yml.j2') }}"
+      mode: "0600"
+      config_hash_items:
+      - path: "{{ nextcloud_instance_basepath }}/config/apache-site.conf"
+        properties:
+        - checksum
+      - path: "{{ nextcloud_instance_basepath }}/config/ports.conf"
+        properties:
+        - checksum
+      - path: "{{ nextcloud_instance_basepath }}/build/Dockerfile"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
+
+
+- name: install systemd timer unit
+  template:
+    src: cron-.timer.j2
+    dest: "/etc/systemd/system/nextcloud-cron-{{ nextcloud_instance }}.timer"
+
+- name: start/enable cron trigger systemd timer
+  systemd:
+    daemon_reload: yes
+    name: "nextcloud-cron-{{ nextcloud_instance }}.timer"
+    state: started
+    enabled: yes
+
+
+- name: configure nginx vhost
+  vars:
+    nginx_vhost:
+      name: "nextcloud-{{ nextcloud_instance }}"
+      template: generic
+      tls:
+        certificate_provider: "{{ acme_client }}"
+      hostnames: "{{ nextcloud_instances[nextcloud_instance].hostnames }}"
+      locations:
+        '/':
+          proxy_pass: "http://127.0.0.1:{{ nextcloud_instances[nextcloud_instance].port }}"
+          proxy_redirect:
+          - redirect: "http://$host/"
+            replacement: "https://$host/"
+          - redirect: "http://$host:8080/"
+            replacement: "https://$host/"
+          extra_directives: |-
+            client_max_body_size 0;
+            types {
+                text/javascript js mjs;
+            }
+  include_role:
+    name: nginx/vhost
+
+
+# TODO:
+# do this automatically!
+- name: print info for new instance
+  when: "'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new"
+  pause:
+    seconds: 5
+    prompt: |
+      ************* {{ nextcloud_instance }} is a new instance
+      **
+      **  Go to https://{{ nextcloud_instances[nextcloud_instance].hostnames[0] }} and finalize the
+      **  installation. After that run the following commands:
+      **
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set default_phone_region --value='at'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set memcache.locking --value '\OC\Memcache\Redis'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis host --value '127.0.0.1'
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis port --type integer --value 6379
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis timeout --type float --value 0.0
+      **  $ nextcloud-occ {{ nextcloud_instance }} config:system:set redis password
+      **
+      **  in case you want to use an exteranl collabora/code server:
+      **
+      **  $ nextcloud-occ {{ nextcloud_instance }} app:disable richdocumentscode
+      **  $ nextcloud-occ {{ nextcloud_instance }} app:remove richdocumentscode
+      **
+      ****************************************
diff --git a/roles/apps/nextcloud/templates/apache-site.conf.j2 b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2
index a52a7fc5..a52a7fc5 100644
--- a/roles/apps/nextcloud/templates/apache-site.conf.j2
+++ b/roles/apps/nextcloud/instance/templates/apache-site.conf.j2
diff --git a/roles/apps/nextcloud/instance/templates/cron-.timer.j2 b/roles/apps/nextcloud/instance/templates/cron-.timer.j2
new file mode 100644
index 00000000..eead0fd0
--- /dev/null
+++ b/roles/apps/nextcloud/instance/templates/cron-.timer.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Nextcloud cron.php job timer for {{ nextcloud_instance }}
+
+[Timer]
+OnCalendar=*:{{ 5 | random(seed=nextcloud_instance) }}/5
+Unit=nextcloud-cron@{{ nextcloud_instance }}.service
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2 b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2
index a49bc3ea..b6c6137d 100644
--- a/roles/apps/nextcloud/templates/pod-spec-with-mariadb.yml.j2
+++ b/roles/apps/nextcloud/instance/templates/pod-spec-with-mariadb.yml.j2
@@ -2,18 +2,18 @@ securityContext:
   allowPrivilegeEscalation: false
 containers:
 - name: nextcloud
-{#  image: "nextcloud{% if 'custom_image' in item.value %}/{{ item.key }}{% endif %}:{{ item.value.version }}" #}
-  image: "nextcloud/{{ item.key }}:{{ item.value.version }}"
+{#  image: "nextcloud{% if 'custom_image' in nextcloud_instances[nextcloud_instance] %}/{{ nextcloud_instance }}{% endif %}:{{ nextcloud_instances[nextcloud_instance].version }}" #}
+  image: "nextcloud/{{ nextcloud_instance }}:{{ nextcloud_instances[nextcloud_instance].version }}"
   securityContext:
     runAsUser: {{ nextcloud_app_uid }}
     runAsGroup: {{ nextcloud_app_gid }}
   resources:
     limits:
       memory: "4Gi"
-{% if 'new' in item.value and item.value.new %}
+{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
   env:
   - name: NEXTCLOUD_TRUSTED_DOMAINS
-    value: "{{ item.value.hostnames | join(' ') }}"
+    value: "{{ nextcloud_instances[nextcloud_instance].hostnames | join(' ') }}"
   - name: OVERWRITEPROTOCOL
     value: "https"
   - name: MYSQL_HOST
@@ -23,7 +23,7 @@ containers:
   - name: MYSQL_USER
     value: nextcloud
   - name: MYSQL_PASSWORD
-    value: "{{ item.value.database.password }}"
+    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
 {% endif %}
   volumeMounts:
   - name: nextcloud
@@ -38,10 +38,10 @@ containers:
     readOnly: true
   ports:
   - containerPort: 8080
-    hostPort: {{ item.value.port }}
+    hostPort: {{ nextcloud_instances[nextcloud_instance].port }}
     hostIP: 127.0.0.1
 - name: redis
-  image: "redis:{{ item.value.redis.version }}"
+  image: "redis:{{ nextcloud_instances[nextcloud_instance].redis.version }}"
   args:
   - --bind 127.0.0.1
   securityContext:
@@ -54,12 +54,12 @@ containers:
   - name: redis
     mountPath: /data
 - name: database
-  image: "mariadb:{{ item.value.database.version }}"
+  image: "mariadb:{{ nextcloud_instances[nextcloud_instance].database.version }}"
   args:
   - --transaction-isolation=READ-COMMITTED
   - --log-bin=binlog
   - --binlog-format=ROW
-{% for arg in (item.value.database.extra_args | default([])) %}
+{% for arg in (nextcloud_instances[nextcloud_instance].database.extra_args | default([])) %}
   - {{ arg }}
 {% endfor %}
   securityContext:
@@ -68,7 +68,7 @@ containers:
   resources:
     limits:
       memory: "2Gi"
-{% if 'new' in item.value and item.value.new %}
+{% if 'new' in nextcloud_instances[nextcloud_instance] and nextcloud_instances[nextcloud_instance].new %}
   env:
   - name: MYSQL_RANDOM_ROOT_PASSWORD
     value: "true"
@@ -77,7 +77,7 @@ containers:
   - name: MYSQL_USER
     value: nextcloud
   - name: MYSQL_PASSWORD
-    value: "{{ item.value.database.password }}"
+    value: "{{ nextcloud_instances[nextcloud_instance].database.password }}"
 {% endif %}
   volumeMounts:
   - name: database
@@ -85,17 +85,17 @@ containers:
 volumes:
 - name: config
   hostPath:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
+    path: "{{ nextcloud_instance_basepath }}/config/"
     type: Directory
 - name: nextcloud
   hostPath:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
+    path: "{{ nextcloud_instance_basepath }}/nextcloud"
     type: Directory
 - name: redis
   hostPath:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/redis"
+    path: "{{ nextcloud_instance_basepath }}/redis"
     type: Directory
 - name: database
   hostPath:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+    path: "{{ nextcloud_instance_basepath }}/{{ nextcloud_instances[nextcloud_instance].database.type }}"
     type: Directory
diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml
index d1a11b19..69bbba6a 100644
--- a/roles/apps/nextcloud/tasks/main.yml
+++ b/roles/apps/nextcloud/tasks/main.yml
@@ -1,36 +1,4 @@
 ---
-- name: create zfs datasets
-  when: nextcloud_zfs is defined
-  block:
-  - name: create zfs base dataset
-    zfs:
-      name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}"
-      state: present
-      extra_zfs_properties: "{{ nextcloud_zfs.properties | dehumanize_zfs_properties | default(omit) }}"
-
-  - name: create zfs volumes for instances
-    loop: "{{ nextcloud_instances | dict2items }}"
-    loop_control:
-      label: "{{ item.key }} ({{ (item.value.zfs_properties | default({})).items() | map('join', '=') | join(', ') }})"
-    zfs:
-      name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}"
-      state: present
-      extra_zfs_properties: "{{ item.value.zfs_properties | dehumanize_zfs_properties | default(omit) }}"
-
-  - name: configure nextcloud base bath
-    set_fact:
-      nextcloud_base_path: "{{ (zfs_pools[nextcloud_zfs.pool].mountpoint, nextcloud_zfs.name) | path_join }}"
-
-
-- name: create instance subdirectories
-  when: nextcloud_zfs is not defined
-  loop: "{{ nextcloud_instances | list }}"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item }}"
-    state: directory
-
-
-
 - name: add group for nextcloud app
   group:
     name: nc-app
@@ -43,15 +11,6 @@
     group: nc-app
     password: "!"
 
-- name: create nextcloud app subdirectory
-  loop: "{{ nextcloud_instances | list }}"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item }}/nextcloud"
-    owner: "{{ nextcloud_app_uid }}"
-    group: "{{ nextcloud_app_gid }}"
-    state: directory
-
-
 - name: add group for nextcloud db
   group:
     name: nc-db
@@ -64,17 +23,6 @@
     group: nc-db
     password: "!"
 
-- name: create nextcloud database subdirectory
-  loop: "{{ nextcloud_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }} ({{ item.value.database.type }})"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
-    owner: "{{ nextcloud_db_uid }}"
-    group: "{{ nextcloud_db_gid }}"
-    state: directory
-
-
 - name: add group for nextcloud redis
   group:
     name: nc-redis
@@ -87,154 +35,24 @@
     group: nc-redis
     password: "!"
 
-- name: create nextcloud database subdirectory
-  loop: "{{ nextcloud_instances | list }}"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item }}/redis"
-    owner: "{{ nextcloud_redis_uid }}"
-    group: "{{ nextcloud_redis_gid }}"
-    state: directory
-
-
-- name: create auxiliary config directory
-  loop: "{{ nextcloud_instances | list }}"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item }}/config"
-    state: directory
-
-- name: create apache vhost config
-  loop: "{{ nextcloud_instances | list }}"
-  template:
-    src: apache-site.conf.j2
-    dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf"
-
-- name: configure apache to run on port 8080 only
-  loop: "{{ nextcloud_instances | list }}"
-  copy:
-    content: |
-      Listen 8080
-    dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf"
-
-
-- name: build custom image
-  loop: "{{ nextcloud_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  # when: "'custom_image' in item.value"
-  include_tasks: custom-image.yml
-
-- name: install pod manifest
-  loop: "{{ nextcloud_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  vars:
-    kubernetes_standalone_pod:
-      name: "nextcloud-{{ item.key }}"
-      spec: "{{ lookup('template', 'pod-spec-with-{{ item.value.database.type }}.yml.j2') }}"
-      mode: "0600"
-      config_hash_items:
-      - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/apache-site.conf"
-        properties:
-        - checksum
-      - path: "{{ nextcloud_base_path }}/{{ item.key }}/config/ports.conf"
-        properties:
-        - checksum
-      - path: "{{ nextcloud_base_path }}/{{ item.key }}/build/Dockerfile"
-        properties:
-        - checksum
-  include_role:
-    name: kubernetes/standalone/pod
-
-
-- name: install cron trigger script
-  loop: "{{ nextcloud_instances | list }}"
-  template:
-    src: run-cron.sh.j2
-    dest: "{{ nextcloud_base_path }}/{{ item }}/config/run-cron.sh"
-    mode: 0755
-
 - name: install template systemd unit for cron trigger
   template:
     src: cron@.service.j2
     dest: /etc/systemd/system/nextcloud-cron@.service
 
-- name: install systemd timer unit
-  loop: "{{ nextcloud_instances | list }}"
-  template:
-    src: cron-.timer.j2
-    dest: "/etc/systemd/system/nextcloud-cron-{{ item }}.timer"
-
-- name: start/enable cron trigger systemd timer
-  loop: "{{ nextcloud_instances | list }}"
-  systemd:
-    daemon_reload: yes
-    name: "nextcloud-cron-{{ item }}.timer"
-    state: started
-    enabled: yes
-
-
-- name: configure nginx vhost
-  loop: "{{ nextcloud_instances | dict2items }}"
-  loop_control:
-    label: "{{ item.key }}"
-  vars:
-    nginx_vhost:
-      name: "nextcloud-{{ item.key }}"
-      template: generic
-      tls:
-        certificate_provider: "{{ acme_client }}"
-      hostnames: "{{ item.value.hostnames }}"
-      locations:
-        '/':
-          proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
-          proxy_redirect:
-          - redirect: "http://$host/"
-            replacement: "https://$host/"
-          - redirect: "http://$host:8080/"
-            replacement: "https://$host/"
-          extra_directives: |-
-            client_max_body_size 0;
-            types {
-                text/javascript js mjs;
-            }
-  include_role:
-    name: nginx/vhost
-
-
 - name: install management scripts
   loop:
-    - nextcloud-upgrade
-    - nextcloud-occ
+  - nextcloud-upgrade
+  - nextcloud-occ
+  - nextcloud-cron
   template:
     src: "{{ item }}.j2"
     dest: "/usr/local/bin/{{ item }}"
     mode: 0755
 
-## TODO:
-# do this automatically!
-- name: print info for new instance
-  loop: "{{ nextcloud_instances | dict2items }}"
+- name: instance specific tasks
+  loop: "{{ nextcloud_instances | list }}"
   loop_control:
-    label: "{{ item.key }}"
-  when: "'new' in item.value and item.value.new"
-  pause:
-    seconds: 5
-    prompt: |
-      ************* {{ item.key }} is a new instance
-      **
-      **  Go to https://{{ item.value.hostnames[0] }} and finalize the
-      **  installation. After that run the following commands:
-      **
-      **  $ nextcloud-occ {{ item.key }} config:system:set default_phone_region --value='at'
-      **  $ nextcloud-occ {{ item.key }} config:system:set memcache.locking --value '\OC\Memcache\Redis'
-      **  $ nextcloud-occ {{ item.key }} config:system:set redis host --value '127.0.0.1'
-      **  $ nextcloud-occ {{ item.key }} config:system:set redis port --type integer --value 6379
-      **  $ nextcloud-occ {{ item.key }} config:system:set redis timeout --type float --value 0.0
-      **  $ nextcloud-occ {{ item.key }} config:system:set redis password
-      **
-      **  in case you want to use an exteranl collabora/code server:
-      **
-      **  $ nextcloud-occ {{ item.key }} app:disable richdocumentscode
-      **  $ nextcloud-occ {{ item.key }} app:remove richdocumentscode
-      **
-      ****************************************
+    loop_var: nextcloud_instance
+  include_role:
+    name: apps/nextcloud/instance
diff --git a/roles/apps/nextcloud/templates/cron-.timer.j2 b/roles/apps/nextcloud/templates/cron-.timer.j2
deleted file mode 100644
index 0c3f7cd7..00000000
--- a/roles/apps/nextcloud/templates/cron-.timer.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-[Unit]
-Description=Nextcloud cron.php job timer for %i
-
-[Timer]
-OnCalendar=*:{{ 5 | random(seed=item) }}/5
-Unit=nextcloud-cron@{{ item }}.service
-
-[Install]
-WantedBy=timers.target
diff --git a/roles/apps/nextcloud/templates/cron@.service.j2 b/roles/apps/nextcloud/templates/cron@.service.j2
index 822f64b4..d8cde0a3 100644
--- a/roles/apps/nextcloud/templates/cron@.service.j2
+++ b/roles/apps/nextcloud/templates/cron@.service.j2
@@ -3,7 +3,7 @@ Description=Nextcloud cron.php job for %i
 
 [Service]
 Type=oneshot
-ExecStart={{ nextcloud_base_path }}/%i/config/run-cron.sh
+ExecStart=/usr/local/bin/nextcloud-cron %i
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
diff --git a/roles/apps/nextcloud/templates/nextcloud-cron.j2 b/roles/apps/nextcloud/templates/nextcloud-cron.j2
new file mode 100755
index 00000000..355ae2c3
--- /dev/null
+++ b/roles/apps/nextcloud/templates/nextcloud-cron.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+INST_NAME="$1"
+shift
+
+if [ -z "$INST_NAME" ]; then
+  echo "Usage: $0 <instance>"
+  exit 1
+fi
+
+set -eu
+
+pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
+if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
+
+container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
+if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
+
+exec crictl exec "$container_id" php -f /var/www/html/cron.php
diff --git a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2 b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2
index f59f3be6..ffa912e8 100755
--- a/roles/apps/nextcloud/templates/nextcloud-upgrade.j2
+++ b/roles/apps/nextcloud/templates/nextcloud-upgrade.j2
@@ -24,7 +24,7 @@ function cleanup {
 }
 trap cleanup EXIT
 
-IMAGE_BUILD_D="{{ nextcloud_base_path }}/$INST_NAME/build"
+IMAGE_BUILD_D=$(cat "$K8S_CONFIG_HASH_FILE" | grep "build/Dockerfile:"  | tr -d ":" | xargs dirname)
 IMAGE_NAME="nextcloud"
 if [ -e "$IMAGE_BUILD_D/Dockerfile" ]; then
   ## this only works if docker is installed...
@@ -40,15 +40,17 @@ else
   crictl pull "docker.io/library/nextcloud:$VERSION"
   echo ""
 fi
-{% if nextcloud_zfs is defined %}
 
-echo "*** creating ZFS snapshot"
-echo ""
+STORAGE_TYPE=$(findmnt -no fstype -T "$IMAGE_BUILD_D")
+if [ $STORAGE_TYPE == "zfs" ]; then
+  echo "*** creating ZFS snapshot"
+  echo ""
 
-IMAGE_NAME_ESCAPED=${IMAGE_NAME/\//\\/}
-CURRENT_VERSION=$(cat "$K8S_MANIFEST_FILE" | awk '/image: "'"$IMAGE_NAME_ESCAPED"':.*"/ { print($2) }' | tr -d '"' | cut -d ':' -f 2)
-zfs snapshot "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/$INST_NAME@upgrade_$CURRENT_VERSION-to-$VERSION""_$(date '+%Y-%m-%m_%H:%M:%S')"
-{% endif %}
+  IMAGE_NAME_ESCAPED=${IMAGE_NAME/\//\\/}
+  CURRENT_VERSION=$(cat "$K8S_MANIFEST_FILE" | awk '/image: "'"$IMAGE_NAME_ESCAPED"':.*"/ { print($2) }' | tr -d '"' | cut -d ':' -f 2)
+  ZFS_VOLUME=$(findmnt -no source -T "$IMAGE_BUILD_D")
+  zfs snapshot "$ZFS_VOLUME@upgrade_$CURRENT_VERSION-to-$VERSION""_$(date '+%Y-%m-%m_%H:%M:%S')"
+fi
 
 echo "*** Rebuilding config-hash file"
 echo ""
diff --git a/roles/apps/nextcloud/templates/run-cron.sh.j2 b/roles/apps/nextcloud/templates/run-cron.sh.j2
deleted file mode 100644
index 455bc3ec..00000000
--- a/roles/apps/nextcloud/templates/run-cron.sh.j2
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-POD_NAME="{{ item }}-$(hostname)"
-POD_ID=$(crictl pods --name "$POD_NAME" --state ready -q)
-CONTAINER_ID=$(crictl ps --pod "$POD_ID" --name nextcloud -q)
-
-exec crictl exec "$CONTAINER_ID" php -f /var/www/html/cron.php
author	Christian Pointner <equinox@spreadspace.org>	2024-08-25 17:26:23 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-08-25 17:26:23 +0200
commit	1b677375d1b629eb848ac34d428c6e5dcacda507 (patch)
tree	a03ea510f0a4b11b8ce19734e110b5b7daf6f752 /roles/apps/nextcloud
parent	nextcloud/office: move test instances to new sk-cloudio (diff)