diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-01-14 20:56:17 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-01-14 20:56:17 +0100 |
commit | 9e2413b45aaf620ca9ca7f016fdbbde34fbe0cea (patch) | |
tree | 7ad466e32b11d6a277b0e89657e5ad615700c84c /roles/elevate/media | |
parent | update admin password if it gets changed later (diff) |
added systemd timer to rescan files from external share
Diffstat (limited to 'roles/elevate/media')
-rw-r--r-- | roles/elevate/media/tasks/nextcloud-config.yml | 19 | ||||
-rw-r--r-- | roles/elevate/media/tasks/nextcloud.yml | 19 | ||||
-rw-r--r-- | roles/elevate/media/templates/nextcloud-rescan.service.j2 | 15 | ||||
-rw-r--r-- | roles/elevate/media/templates/nextcloud-rescan.timer.j2 | 8 |
4 files changed, 46 insertions, 15 deletions
diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml index e76ace2e..837d3e3d 100644 --- a/roles/elevate/media/tasks/nextcloud-config.yml +++ b/roles/elevate/media/tasks/nextcloud-config.yml @@ -5,19 +5,22 @@ changed_when: false -- name: check if elevate group exists in nextcloud (1/2) - command: docker exec -u www-data nextcloud.service /var/www/html/occ group:list -n --output=json - register: nextcloud_group_list +- name: check if _elevate_ user exists in nextcloud (1/2) + command: docker exec -u www-data nextcloud.service /var/www/html/occ user:list -n --output=json + register: nextcloud_user_list changed_when: false check_mode: false -- name: check if elevate group exists in nextcloud (2/2) +- name: check if _elevate_ user exists in nextcloud (2/2) set_fact: - nextcloud_group_list: "{{ nextcloud_group_list.stdout | from_json }}" + nextcloud_user_list: "{{ nextcloud_user_list.stdout | from_json }}" -- name: create group elevate group in nextcloud - command: docker exec -u www-data nextcloud.service /var/www/html/occ group:add -n elevate - when: '"elevate" not in nextcloud_group_list' +- name: create user _elevate_ together with group elevate in nextcloud + command: docker exec -u www-data -e OC_PASS={{ lookup('password', '/dev/null length=30') }} nextcloud.service /var/www/html/occ user:add -n --display-name='Dummy User for files:scan' --group=elevate --password-from-env _elevate_ + when: '"_elevate_" not in nextcloud_user_list' + +- name: disable user _elevate_ + command: docker exec -u www-data nextcloud.service /var/www/html/occ user:disable -n _elevate_ - name: check if external storage is configured in nextcloud (1/2) diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index 9a278519..2c7863fe 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -112,17 +112,22 @@ - name: basic nextcloud config import_tasks: nextcloud-config.yml -- name: install nextcloud cron systemd units +- name: install nextcloud systemd units with_items: - - service - - timer + - cron.service + - cron.timer + - rescan.service + - rescan.timer template: - src: "nextcloud-cron.{{ item }}.j2" - dest: "/etc/systemd/system/nextcloud-cron.{{ item }}" + src: "nextcloud-{{ item }}.j2" + dest: "/etc/systemd/system/nextcloud-{{ item }}" -- name: make sure nextcloud cron is started and enabled +- name: make sure nextcloud systemd timer are started and enabled + with_items: + - cron + - rescan systemd: - name: nextcloud-cron.timer + name: "nextcloud-{{ item }}.timer" state: started enabled: yes daemon_reload: yes diff --git a/roles/elevate/media/templates/nextcloud-rescan.service.j2 b/roles/elevate/media/templates/nextcloud-rescan.service.j2 new file mode 100644 index 00000000..e1893b2b --- /dev/null +++ b/roles/elevate/media/templates/nextcloud-rescan.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Nextcloud files:scan job + +[Service] +Type=oneshot +ExecStart=/usr/bin/docker exec -u www-data nextcloud.service /var/www/html/occ files:scan --path /_elevate_/files/Share +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX diff --git a/roles/elevate/media/templates/nextcloud-rescan.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan.timer.j2 new file mode 100644 index 00000000..36d36322 --- /dev/null +++ b/roles/elevate/media/templates/nextcloud-rescan.timer.j2 @@ -0,0 +1,8 @@ +[Unit] +Description=Nextcloud files:scan job timer + +[Timer] +OnCalendar=*:0/5 + +[Install] +WantedBy=timers.target |