diff options
| -rw-r--r-- | dan/host_vars/sk-cloudia.yml | 26 | ||||
| -rw-r--r-- | inventory/host_vars/sk-cloudia/nextcloud.yml | 27 | ||||
| -rw-r--r-- | inventory/host_vars/sk-cloudia/vars.yml (renamed from inventory/host_vars/sk-cloudia.yml) | 0 | ||||
| -rw-r--r-- | roles/elevate/media/tasks/nextcloud.yml | 7 | ||||
| -rw-r--r-- | roles/nextcloud/defaults/main.yml | 26 | ||||
| -rw-r--r-- | roles/nextcloud/tasks/main.yml | 89 | ||||
| -rw-r--r-- | roles/nextcloud/templates/pod-with-mariadb.yml.j2 | 52 |
7 files changed, 218 insertions, 9 deletions
diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml index 7bb3860d..ad74b95f 100644 --- a/dan/host_vars/sk-cloudia.yml +++ b/dan/host_vars/sk-cloudia.yml @@ -1,10 +1,18 @@ $ANSIBLE_VAULT;1.2;AES256;dan -66326237393963643938383265396133366166376563616436303365353661366232616539373163 -6139613939613033626635616564613463663333376130350a386262326435303164346234666536 -31373463396433366661356461663439303437393738336331346465333530373332623530656561 -6464656633633865620a323839386230626532303639356164613264333565633863306438363866 -37393234656630333034346233653730333837323833313838653536343161623963643162633936 -31636264356664613236313439616630366133653038396165613561613237656534353839666135 -36396133306565343861323237316237383330383734666164343766306130373233373930653738 -63393363653863613137613637313030353765643966343132363230636536303163663262326234 -3237 +33366333343230333238326362323033386138396538356463333632653032616233646261396363 +3639373065636132363236376331636662313164316264350a643662353830326162353438363137 +30393863613763383934653061353337633831626664336132313137616638346235313239656661 +3732643534646338380a336231336134323936363135393862336462643664356231656565373337 +34336165323839653166333231363862356263623539323437336439633937663363356164613035 +63356139386335353666653664626236306439663062363033396532363364386338383538356364 +35353561366666356661653235623233303037623731313166393832633938396536303534363036 +30373866393738316461383762353263386666396333306137303434366265336534666630326537 +64323264633432316234386665643436643262626264373165363534313838666433363937323961 +66613839663866633231613538366534383836653431353131356436306632666564643663383730 +62333831313639353966343961373032303766356637626335363465343062396565363662353435 +65306362306464363437303238643831643937313031303130656330303032636666353266633431 +39396634316362326333646530326637396336623130376261373831323131373338623966396461 +61646530666638373434666432333563666363626133646539356165383536313532333832346133 +31386438633262666239643139633366303765353235613530646435343665636630303061313039 +32396364313333373932623236356263343837646534633333313335393565643537663333623438 +3235 diff --git a/inventory/host_vars/sk-cloudia/nextcloud.yml b/inventory/host_vars/sk-cloudia/nextcloud.yml new file mode 100644 index 00000000..a39c21dd --- /dev/null +++ b/inventory/host_vars/sk-cloudia/nextcloud.yml @@ -0,0 +1,27 @@ +--- +nextcloud_zfs: + pool: storage + name: nextcloud + size: 800G + +nextcloud_instances: + wolke.elevate.at: + version: 15.0.11 + port: 8100 + hostnames: + - wolke.elevate.at + quota: 300G + database: + type: mariadb + version: 10.4.8 + password: "{{ vault_nextcloud_database_passwords['wolke.elevate.at'] }}" + insomnia.skillz.biz: + version: 16.0.5 + port: 8101 + hostnames: + - insomnia.skillz.biz + quota: 200G + database: + type: mariadb + version: 10.4.8 + password: "{{ vault_nextcloud_database_passwords['insomnia.skillz.biz'] }}" diff --git a/inventory/host_vars/sk-cloudia.yml b/inventory/host_vars/sk-cloudia/vars.yml index 9b7e0306..9b7e0306 100644 --- a/inventory/host_vars/sk-cloudia.yml +++ b/inventory/host_vars/sk-cloudia/vars.yml diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index 65094261..fbb6d9b6 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -32,6 +32,13 @@ path: /srv/nextcloud/docker/ force: "{{ nextcloud_dockerfile.changed }}" +### TODO: set mysql variables: +### <snip> +### [mysqld] +### transaction_isolation = READ-COMMITTED +### binlog_format = ROW +### </snip> + - name: create nextcloud database mysql_db: login_user: root diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml new file mode 100644 index 00000000..0cd84485 --- /dev/null +++ b/roles/nextcloud/defaults/main.yml @@ -0,0 +1,26 @@ +--- +nextcloud_app_uid: "950" +nextcloud_app_gid: "950" + +nextcloud_db_uid: "951" +nextcloud_db_gid: "951" + +# nextcloud_base_path: /srv/nextcloud + +# nextcloud_zfs: +# pool: storage +# name: nextcloud +# size: 500G + +# nextcloud_instances: +# example: +# version: 17.0.0 +# port: 8100 +# hostnames: +# - wolke.example.com +# - cloud.example.com +# quota: 100G +# database: +# type: mariadb +# version: 10.4.8 +# password: "{{ vault_nextcloud_database_passwords['example'] }}" diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 00000000..8453ce65 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,89 @@ +--- +- name: create zfs datasets + when: nextcloud_zfs is defined + block: + - name: create zfs base dataset + zfs: + name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}" + state: present + extra_zfs_properties: + quota: "{{ nextcloud_zfs.size }}" + + - name: create zfs volumes for instances + loop: "{{ nextcloud_instances | dict2items }}" + loop_control: + label: "{{ item.key }} ({{ item.value.quota }})" + zfs: + name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}" + state: present + extra_zfs_properties: + quota: "{{ item.value.quota }}" + + - name: configure nextcloud base bath + set_fact: + nextcloud_base_path: "{{ zfs_zpools[nextcloud_zfs.pool].mountpoint }}/{{ nextcloud_zfs.name }}" + + +- name: create instance subdirectories + when: nextcloud_zfs is not defined + loop: "{{ nextcloud_instances | list }}" + file: + path: "{{ nextcloud_base_path }}/{{ item }}" + state: directory + + + +- name: add group for nextcloud app + group: + name: nc-app + gid: "{{ nextcloud_app_gid }}" + +- name: add user for nextcloud app + user: + name: nc-app + uid: "{{ nextcloud_app_uid }}" + group: nc-app + password: "!" + +- name: create nextcloud app subdirectory + loop: "{{ nextcloud_instances | list }}" + loop_control: + label: "{{ item }}" + file: + path: "{{ nextcloud_base_path }}/{{ item }}/nextcloud" + owner: "{{ nextcloud_app_uid }}" + group: "{{ nextcloud_app_gid }}" + state: directory + + +- name: add group for nextcloud db + group: + name: nc-db + gid: "{{ nextcloud_db_gid }}" + +- name: add user for nextcloud db + user: + name: nc-db + uid: "{{ nextcloud_db_uid }}" + group: nc-db + password: "!" + +- name: create nextcloud database subdirectory + loop: "{{ nextcloud_instances | dict2items}}" + loop_control: + label: "{{ item.key }} ({{ item.value.database.type }})" + file: + path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + owner: "{{ nextcloud_db_uid }}" + group: "{{ nextcloud_db_gid }}" + state: directory + + +- name: generate pod manifests + loop: "{{ nextcloud_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "pod-with-{{ item.value.database.type }}.yml.j2" + dest: "/etc/kubernetes/manifests/{{ item.key }}.yml" + mode: 0600 diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 new file mode 100644 index 00000000..4e2f6baa --- /dev/null +++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2 @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ item.key }}" +spec: + securityContext: + allowPrivilegeEscalation: false + containers: + - name: nextcloud + image: debian:buster + command: + - /bin/bash + - -c + - "sleep 7200" + # securityContext: + # runAsUser: {{ nextcloud_app_uid }} + # runAsGroup: {{ nextcloud_app_gid }} + volumeMounts: + - name: nextcloud + mountPath: /var/www/html + ports: + - containerPort: 8080 + hostPort: {{ item.value.port }} + - name: database + image: "mariadb:{{ item.value.database.version }}" + args: + - --transaction-isolation=READ-COMMITTED + - --binlog-format=ROW + securityContext: + runAsUser: {{ nextcloud_db_uid }} + runAsGroup: {{ nextcloud_db_gid }} + env: + - name: MYSQL_RANDOM_ROOT_PASSWORD + value: "true" + - name: MYSQL_PASSWORD + value: "{{ item.value.database.password }}" + - name: MYSQL_DATABASE + value: nextcloud + - name: MYSQL_USER + value: nextcloud + volumeMounts: + - name: database + mountPath: /var/lib/mysql + volumes: + - name: nextcloud + hostPath: + path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud" + type: Directory + - name: database + hostPath: + path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}" + type: Directory |