diff options
| -rw-r--r-- | roles/elevate/media/defaults/main.yml | 3 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/nextcloud-config.yml | 13 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/nextcloud.yml | 27 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/samba.yml | 4 | ||||
| -rw-r--r-- | roles/elevate/media/templates/nextcloud-Dockerfile.j2 | 8 | ||||
| -rw-r--r-- | roles/elevate/media/templates/nextcloud.service.j2 | 2 |
6 files changed, 41 insertions, 16 deletions
diff --git a/roles/elevate/media/defaults/main.yml b/roles/elevate/media/defaults/main.yml index 344d0aba..7756bcd5 100644 --- a/roles/elevate/media/defaults/main.yml +++ b/roles/elevate/media/defaults/main.yml @@ -14,3 +14,6 @@ nextcloud_admin: password: changeme nextcloud_lvm: {} + +share_uid: 800 +share_gid: 800 diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml index 40545326..271aa33f 100644 --- a/roles/elevate/media/tasks/nextcloud-config.yml +++ b/roles/elevate/media/tasks/nextcloud-config.yml @@ -1,12 +1,6 @@ --- - # TODO: fix idempotence -- name: set up permission for external storage - command: docker exec -u root nextcloud.service bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external" - changed_when: false - - ## TODO: this is idempotent but flagging change would be nice -- name: set up permission for external storage +- name: enable files_external app command: docker exec -u www-data nextcloud.service /var/www/html/occ app:enable files_external changed_when: false @@ -37,8 +31,9 @@ nextcloud_files_external_list: "{{ nextcloud_files_external_list.stdout | from_json }}" - name: configure external storage in nextcloud - command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null - when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Fileserver')) + command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external/share" Share local null::null + when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Share')) + ## TODO: this is idempotent but flagging change would be nice - name: set up permission for external storage diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index 8531699c..ca9a2572 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -13,6 +13,25 @@ dest: /srv/nextcloud/config/nextcloud-fpm.conf +- name: create docker build-context for patched nextcloud image + file: + path: /srv/nextcloud/docker/ + state: directory + +- name: install Dockerfile for patched nextcloud image + template: + src: nextcloud-Dockerfile.j2 + dest: /srv/nextcloud/docker/Dockerfile + register: nextcloud_dockerfile + +- name: build patched nextcloud image + docker_image: + state: present + name: nextcloud + tag: "{{ inventory_hostname }}" + path: /srv/nextcloud/docker/ + force: "{{ nextcloud_dockerfile.changed }}" + - name: create nextcloud database mysql_db: login_user: root @@ -36,7 +55,7 @@ # # systemctl disable nextcloud-cron.timer # systemctl stop nextcloud-cron.timer -# systemctl disable nextcloud.serivce +# systemctl disable nextcloud.service # systemctl stop nextcloud.service # rm -rf /srv/nextcloud/config/nextcloud # rm -rf /srv/ncdata/nextcloud @@ -51,8 +70,8 @@ - name: running nextcloud installer when: not nextcloud_config_file.stat.exists docker_container: - name: nextcloud - image: nextcloud:{{ nextcloud_version }}-fpm + name: nextcloud-installer + image: "nextcloud:{{ inventory_hostname }}" ## for some reasons a newly created database schema is not up to date with the recommended settings... ## in case this is not needed anymore using '/bin/true' here. command: 'su -p www-data -s /bin/sh -c "php /var/www/html/occ db:convert-filecache-bigint"' @@ -64,7 +83,7 @@ - /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf - /srv/nextcloud/config/nextcloud:/var/www/html/config - /srv/ncdata/nextcloud:/var/www/html/data - - /srv/ncdata/share:/srv/external + - /srv/smbdata/share:/srv/external/share env: NEXTCLOUD_UPDATE: '1' NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostnames | join(' ') }}" diff --git a/roles/elevate/media/tasks/samba.yml b/roles/elevate/media/tasks/samba.yml index acf81c1f..65cc1d1b 100644 --- a/roles/elevate/media/tasks/samba.yml +++ b/roles/elevate/media/tasks/samba.yml @@ -2,12 +2,12 @@ - name: create group for shared access group: name: share - gid: 800 + gid: "{{ share_gid }}" - name: create guest user for samba user: name: share - uid: 800 + uid: "{{ share_uid }}" home: /var/lib/share group: share shell: /bin/false diff --git a/roles/elevate/media/templates/nextcloud-Dockerfile.j2 b/roles/elevate/media/templates/nextcloud-Dockerfile.j2 new file mode 100644 index 00000000..33b817f1 --- /dev/null +++ b/roles/elevate/media/templates/nextcloud-Dockerfile.j2 @@ -0,0 +1,8 @@ +FROM nextcloud:{{ nextcloud_version }}-fpm + +RUN set -x \ + && bash -c 'cd / && find -user www-data -exec chown {{ share_uid }} {} \; || true' \ + && bash -c 'cd / && find -group www-data -exec chown {{ share_gid }} {} \; || true' \ + && sed -e 's/^www-data:\([^:]*\):[0-9]*:[0-9]*:\(.*\)/www-data:\1:{{ share_uid }}:{{ share_gid }}:\2/' -i /etc/passwd \ + && sed -e 's/^www-data:\([^:]*\):[0-9]*:\(.*\)/www-data:\1:800:\2/' -i /etc/group \ + && sed -e 's/^\(exec.*\)$/umask 002\n\1/' -i /entrypoint.sh diff --git a/roles/elevate/media/templates/nextcloud.service.j2 b/roles/elevate/media/templates/nextcloud.service.j2 index 4eacf476..66395fe9 100644 --- a/roles/elevate/media/templates/nextcloud.service.j2 +++ b/roles/elevate/media/templates/nextcloud.service.j2 @@ -4,7 +4,7 @@ After=docker.service Requires=docker.service [Service] -ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/ncdata/share:/srv/external -v /srv/nextcloud/www:/var/www/html nextcloud:{{ nextcloud_version }}-fpm +ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/smbdata/share:/srv/external/share -v /srv/nextcloud/www:/var/www/html nextcloud:{{ inventory_hostname }} Restart=always RestartSec=10 Type=notify |