ele-media: add systemd timer for files:resscan

author: Christian Pointner <equinox@spreadspace.org> 2022-07-07 13:29:33 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2022-07-07 13:29:33 +0200
commit: 6001626d2ebfa9c251d52186d53006c38e89a4c6 (patch)
tree: 67a794db02daf1555e9487b995d339c6fa3fa413 /roles/elevate
parent: ele-media: configure nextcloud memory and upload limit (diff)
7 files changed, 45 insertions, 38 deletions
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index 0062bfd6..306148df 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -6,17 +6,17 @@
 # - name: basic nextcloud config
 #   import_tasks: nextcloud-config.yml
 
-# - name: install nextcloud rescan systemd units
-#   loop:
-#   - service
-#   - timer
-#   template:
-#     src: "nextcloud-rescan.{{ item }}.j2"
-#     dest: "/etc/systemd/system/nextcloud-rescan.{{ item }}"
+- name: install systemd service/timer unit for files:rescan
+  loop:
+  - service
+  - timer
+  template:
+    src: "nextcloud-rescan-.{{ item }}.j2"
+    dest: "/etc/systemd/system/nextcloud-rescan-{{ elevate_media_nextcloud_instance_name }}.{{ item }}"
 
-# - name: make sure nextcloud rescan systemd timer are started and enabled
-#   systemd:
-#     name: "nextcloud-rescan.timer"
-#     state: started
-#     enabled: yes
-#     daemon_reload: yes
+- name: make sure nextcloud rescan systemd timer are started and enabled
+  systemd:
+    daemon_reload: yes
+    name: "nextcloud-rescan-{{ elevate_media_nextcloud_instance_name }}.timer"
+    state: started
+    enabled: yes
diff --git a/roles/elevate/media/templates/nextcloud-cron-.timer.j2 b/roles/elevate/media/templates/nextcloud-cron-.timer.j2
index b8caa377..9e7917ba 100644
--- a/roles/elevate/media/templates/nextcloud-cron-.timer.j2
+++ b/roles/elevate/media/templates/nextcloud-cron-.timer.j2
@@ -1,5 +1,5 @@
 [Unit]
-Description=Nextcloud cron.php job timer for %i
+Description=Nextcloud cron.php job timer for {{ elevate_media_nextcloud_instance_name }}
 
 [Timer]
 OnCalendar=*:{{ 5 | random(seed=elevate_media_nextcloud_instance_name) }}/5
diff --git a/roles/elevate/media/templates/nextcloud-occ.j2 b/roles/elevate/media/templates/nextcloud-occ.j2
index f12f1259..2abde307 100755
--- a/roles/elevate/media/templates/nextcloud-occ.j2
+++ b/roles/elevate/media/templates/nextcloud-occ.j2
@@ -8,6 +8,11 @@ if [ -z "$INST_NAME" ]; then
   exit 1
 fi
 
+CRICTL_EXEC_ARGS="-it"
+if [ -n "${NEXTCLOUD_OCC_NON_INTERACTIVE}" ]; then
+  CRICTL_EXEC_ARGS=""
+fi
+
 set -eu
 
 pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
@@ -16,4 +21,4 @@ if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
 container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
 if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
 
-exec crictl exec -it "$container_id" php /var/www/html/occ $@
+exec crictl exec $CRICTL_EXEC_ARGS "$container_id" php /var/www/html/occ $@
diff --git a/roles/elevate/media/templates/nextcloud-rescan-.service.j2 b/roles/elevate/media/templates/nextcloud-rescan-.service.j2
new file mode 100644
index 00000000..a09139dd
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud-rescan-.service.j2
@@ -0,0 +1,17 @@
+[Unit]
+Description=Nextcloud files:scan job timer for {{ elevate_media_nextcloud_instance_name }}
+
+[Service]
+Type=oneshot
+Environment=NEXTCLOUD_OCC_NON_INTERACTIVE=1
+{# TODO: make path(s) configurable and add one ExecStart per path #}
+ExecStart=/usr/local/bin/nextcloud-occ {{ elevate_media_nextcloud_instance_name }} files:scan --path /_elevate_/files/Share
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX AF_INET
diff --git a/roles/elevate/media/templates/nextcloud-rescan-.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan-.timer.j2
new file mode 100644
index 00000000..aa6f7f19
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud-rescan-.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Nextcloud files:scan job timer for {{ elevate_media_nextcloud_instance_name }}
+
+[Timer]
+OnCalendar=*:{{ 10 | random(seed=elevate_media_nextcloud_instance_name) }}/10
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/elevate/media/templates/nextcloud-rescan.service.j2 b/roles/elevate/media/templates/nextcloud-rescan.service.j2
deleted file mode 100644
index e1893b2b..00000000
--- a/roles/elevate/media/templates/nextcloud-rescan.service.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Nextcloud files:scan job
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/docker exec -u www-data nextcloud.service /var/www/html/occ files:scan --path /_elevate_/files/Share
-NoNewPrivileges=yes
-PrivateTmp=yes
-PrivateDevices=yes
-ProtectSystem=strict
-ProtectHome=yes
-ProtectKernelTunables=yes
-ProtectControlGroups=yes
-RestrictRealtime=yes
-RestrictAddressFamilies=AF_UNIX
diff --git a/roles/elevate/media/templates/nextcloud-rescan.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan.timer.j2
deleted file mode 100644
index 92a8fd18..00000000
--- a/roles/elevate/media/templates/nextcloud-rescan.timer.j2
+++ /dev/null
@@ -1,8 +0,0 @@
-[Unit]
-Description=Nextcloud files:scan job timer
-
-[Timer]
-OnCalendar=*:0/10
-
-[Install]
-WantedBy=timers.target
author	Christian Pointner <equinox@spreadspace.org>	2022-07-07 13:29:33 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2022-07-07 13:29:33 +0200
commit	6001626d2ebfa9c251d52186d53006c38e89a4c6 (patch)
tree	67a794db02daf1555e9487b995d339c6fa3fa413 /roles/elevate
parent	ele-media: configure nextcloud memory and upload limit (diff)