diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2019-10-12 19:51:56 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2019-10-12 19:51:56 +0200 |
| commit | cc533015e4a66f89789002704c7c131fb56539ba (patch) | |
| tree | be379697195f9b1fee69511e457d817030b27dc3 /roles/nextcloud | |
| parent | improve sshd config (diff) | |
nextcloud role ~50% done
Diffstat (limited to 'roles/nextcloud')
| -rw-r--r-- | roles/nextcloud/defaults/main.yml | 26 | ||||
| -rw-r--r-- | roles/nextcloud/tasks/main.yml | 89 | ||||
| -rw-r--r-- | roles/nextcloud/templates/pod-with-mariadb.yml.j2 | 52 |
3 files changed, 167 insertions, 0 deletions
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml new file mode 100644 index 00000000..0cd84485 --- /dev/null +++ b/roles/nextcloud/defaults/main.yml @@ -0,0 +1,26 @@ +--- +nextcloud_app_uid: "950" +nextcloud_app_gid: "950" + +nextcloud_db_uid: "951" +nextcloud_db_gid: "951" + +# nextcloud_base_path: /srv/nextcloud + +# nextcloud_zfs: +# pool: storage +# name: nextcloud +# size: 500G + +# nextcloud_instances: +# example: +# version: 17.0.0 +# port: 8100 +# hostnames: +# - wolke.example.com +# - cloud.example.com +# quota: 100G +# database: +# type: mariadb +# version: 10.4.8 +# password: "{{ vault_nextcloud_database_passwords['example'] }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 00000000..8453ce65 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,89 @@ +--- +- name: create zfs datasets + when: nextcloud_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}" + state: present + extra_zfs_properties: + quota: "{{ nextcloud_zfs.size }}" + + - name: create zfs volumes for instances + loop: "{{ nextcloud_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ item.value.quota }})" + zfs: + name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: + quota: "{{ item.value.quota }}" + + - name: configure nextcloud base bath + set_fact: + nextcloud_base_path: "{{ zfs_zpools[nextcloud_zfs.pool].mountpoint }}/{{ nextcloud_zfs.name }}" + + +- name: create instance subdirectories + when: nextcloud_zfs is not defined + loop: "{{ nextcloud_instances | list }}" + file: + path: "{{ nextcloud_base_path }}/{{ item }}" + state: directory + + + +- name: add group for nextcloud app + group: + name: nc-app + gid: "{{ nextcloud_app_gid }}" + +- name: add user for nextcloud app + user: + name: nc-app + uid: "{{ nextcloud_app_uid }}" + group: nc-app + password: "!" + +- name: create nextcloud app subdirectory + loop: "{{ nextcloud_instances | list }}" + loop_control: + label: "{{ item }}" + file: + path: "{{ nextcloud_base_path }}/{{ item }}/nextcloud" + owner: "{{ nextcloud_app_uid }}" + group: "{{ nextcloud_app_gid }}" + state: directory + + +- name: add group for nextcloud db + group: + name: nc-db + gid: "{{ nextcloud_db_gid }}" + +- name: add user for nextcloud db + user: + name: nc-db + uid: "{{ nextcloud_db_uid }}" + group: nc-db + password: "!" + +- name: create nextcloud database subdirectory + loop: "{{ nextcloud_instances | dict2items}}" + loop_control: + label: "{{ item.key }} ({{ item.value.database.type }})" + file: + path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + owner: "{{ nextcloud_db_uid }}" + group: "{{ nextcloud_db_gid }}" + state: directory + + +- name: generate pod manifests + loop: "{{ nextcloud_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "pod-with-{{ item.value.database.type }}.yml.j2" + dest: "/etc/kubernetes/manifests/{{ item.key }}.yml" + mode: 0600 diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 new file mode 100644 index 00000000..4e2f6baa --- /dev/null +++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ item.key }}" +spec: + securityContext: + allowPrivilegeEscalation: false + containers: + - name: nextcloud + image: debian:buster + command: + - /bin/bash + - -c + - "sleep 7200" + # securityContext: + # runAsUser: {{ nextcloud_app_uid }} + # runAsGroup: {{ nextcloud_app_gid }} + volumeMounts: + - name: nextcloud + mountPath: /var/www/html + ports: + - containerPort: 8080 + hostPort: {{ item.value.port }} + - name: database + image: "mariadb:{{ item.value.database.version }}" + args: + - --transaction-isolation=READ-COMMITTED + - --binlog-format=ROW + securityContext: + runAsUser: {{ nextcloud_db_uid }} + runAsGroup: {{ nextcloud_db_gid }} + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "true" + - name: MYSQL_PASSWORD + value: "{{ item.value.database.password }}" + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + volumeMounts: + - name: database + mountPath: /var/lib/mysql + volumes: + - name: nextcloud + hostPath: + path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud" + type: Directory + - name: database + hostPath: + path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + type: Directory |