summaryrefslogtreecommitdiff
path: root/roles/apps/nextcloud/base
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/nextcloud/base')
-rw-r--r--roles/apps/nextcloud/base/defaults/main.yml9
-rw-r--r--roles/apps/nextcloud/base/tasks/main.yml51
-rw-r--r--roles/apps/nextcloud/base/templates/cron@.service.j215
-rwxr-xr-xroles/apps/nextcloud/base/templates/nextcloud-cron.j219
-rwxr-xr-xroles/apps/nextcloud/base/templates/nextcloud-occ.j219
-rwxr-xr-xroles/apps/nextcloud/base/templates/nextcloud-upgrade.j274
6 files changed, 187 insertions, 0 deletions
diff --git a/roles/apps/nextcloud/base/defaults/main.yml b/roles/apps/nextcloud/base/defaults/main.yml
new file mode 100644
index 00000000..1a8a6d52
--- /dev/null
+++ b/roles/apps/nextcloud/base/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+nextcloud_app_uid: "950"
+nextcloud_app_gid: "950"
+
+nextcloud_db_uid: "951"
+nextcloud_db_gid: "951"
+
+nextcloud_redis_uid: "952"
+nextcloud_redis_gid: "952"
diff --git a/roles/apps/nextcloud/base/tasks/main.yml b/roles/apps/nextcloud/base/tasks/main.yml
new file mode 100644
index 00000000..4c85a35c
--- /dev/null
+++ b/roles/apps/nextcloud/base/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+- name: add group for nextcloud app
+ group:
+ name: nc-app
+ gid: "{{ nextcloud_app_gid }}"
+
+- name: add user for nextcloud app
+ user:
+ name: nc-app
+ uid: "{{ nextcloud_app_uid }}"
+ group: nc-app
+ password: "!"
+
+- name: add group for nextcloud db
+ group:
+ name: nc-db
+ gid: "{{ nextcloud_db_gid }}"
+
+- name: add user for nextcloud db
+ user:
+ name: nc-db
+ uid: "{{ nextcloud_db_uid }}"
+ group: nc-db
+ password: "!"
+
+- name: add group for nextcloud redis
+ group:
+ name: nc-redis
+ gid: "{{ nextcloud_redis_gid }}"
+
+- name: add user for nextcloud redis
+ user:
+ name: nc-redis
+ uid: "{{ nextcloud_redis_uid }}"
+ group: nc-redis
+ password: "!"
+
+- name: install template systemd unit for cron trigger
+ template:
+ src: cron@.service.j2
+ dest: /etc/systemd/system/nextcloud-cron@.service
+
+- name: install management scripts
+ loop:
+ - nextcloud-upgrade
+ - nextcloud-occ
+ - nextcloud-cron
+ template:
+ src: "{{ item }}.j2"
+ dest: "/usr/local/bin/{{ item }}"
+ mode: 0755
diff --git a/roles/apps/nextcloud/base/templates/cron@.service.j2 b/roles/apps/nextcloud/base/templates/cron@.service.j2
new file mode 100644
index 00000000..d8cde0a3
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/cron@.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Nextcloud cron.php job for %i
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/nextcloud-cron %i
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=strict
+ProtectHome=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+RestrictRealtime=yes
+RestrictAddressFamilies=AF_UNIX AF_INET
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-cron.j2 b/roles/apps/nextcloud/base/templates/nextcloud-cron.j2
new file mode 100755
index 00000000..cf1d9715
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-cron.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+INST_NAME="$1"
+shift
+
+if [ -z "$INST_NAME" ]; then
+ echo "Usage: $0 <instance>"
+ exit 1
+fi
+
+set -eu
+
+pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
+if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
+
+container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
+if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
+
+exec crictl exec "$container_id" bash -c 'php -f /var/www/html/occ status -e; if [ $? -eq 0 ]; then php -f /var/www/html/cron.php; else echo "not running cron script when in maintenance mode"; fi'
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-occ.j2 b/roles/apps/nextcloud/base/templates/nextcloud-occ.j2
new file mode 100755
index 00000000..01383c95
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-occ.j2
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+INST_NAME="$1"
+shift
+
+if [ -z "$INST_NAME" ]; then
+ echo "Usage: $0 <instance> [ <arguments for occ.php> ... ]"
+ exit 1
+fi
+
+set -eu
+
+pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$")
+if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi
+
+container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id")
+if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi
+
+exec crictl exec -it "$container_id" php -f /var/www/html/occ $@
diff --git a/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2 b/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2
new file mode 100755
index 00000000..f6edcb44
--- /dev/null
+++ b/roles/apps/nextcloud/base/templates/nextcloud-upgrade.j2
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+INST_NAME="$1"
+VERSION="$2"
+if [ -z "$INST_NAME" ] || [ -z "$VERSION" ]; then
+ echo "Usage: $0 <instance> <version>"
+ exit 1
+fi
+
+set -eu
+
+CURRENT_VERSION=$(nextcloud-occ "$INST_NAME" status -n --no-warnings --output plain | tr -d '\r' | awk -F : '/versionstring/ { print($2) }' | tr -d ' ')
+if [ "$CURRENT_VERSION" = "$VERSION" ]; then
+ echo "The current running version of nextcloud is already $CURRENT_VERSION, nothing to do here."
+ exit 0
+fi
+echo "will upgrade nextcloud instance $INST_NAME from '$CURRENT_VERSION' to '$VERSION'"
+
+K8S_CONFIG_HASH_D="/etc/kubernetes/config-hashes/"
+K8S_CONFIG_HASH_FILE="$K8S_CONFIG_HASH_D/nextcloud-$INST_NAME.yml"
+K8S_MANIFEST_D="/etc/kubernetes/manifests/"
+K8S_MANIFEST_FILE="$K8S_MANIFEST_D/nextcloud-$INST_NAME.yml"
+if [ ! -e "$K8S_MANIFEST_FILE" ]; then
+ echo "could not find manifest file: $K8S_MANIFEST_FILE"
+ exit 2
+fi
+
+TMP_D=$(mktemp -d -t nextcloud-upgrade.XXXXXXX)
+function cleanup {
+ rm -rf "$TMP_D"
+}
+trap cleanup EXIT
+
+IMAGE_BUILD_D=$(cat "$K8S_CONFIG_HASH_FILE" | grep "build/Dockerfile:" | tr -d ":" | xargs dirname)
+IMAGE_NAME="nextcloud"
+if [ -e "$IMAGE_BUILD_D/Dockerfile" ]; then
+ ## this only works if docker is installed...
+ echo "*** Building custom image"
+ echo ""
+ sed "0,/FROM \(.*\):.*/s//FROM \1:$VERSION/" -i "$IMAGE_BUILD_D/Dockerfile"
+ IMAGE_NAME="nextcloud/$INST_NAME"
+ docker build --rm --network host -t "$IMAGE_NAME:$VERSION" "$IMAGE_BUILD_D"
+ echo ""
+else
+ echo "*** Pre-Pulling the image"
+ echo ""
+ crictl pull "docker.io/library/nextcloud:$VERSION"
+ echo ""
+fi
+
+INSTANCE_BASE_D=$(dirname "$IMAGE_BUILD_D")
+"$INSTANCE_BASE_D/upgrade.sh" prepare "$CURRENT_VERSION" "$VERSION"
+
+echo "*** Rebuilding config-hash file"
+echo ""
+cat "$K8S_CONFIG_HASH_FILE" | grep '^/.*:' | sed 's/:$//' | xargs sha256sum | awk '{ print($2":\n checksum: "$1) }' > "$TMP_D/config-hash.yml"
+CONFIG_HASH=$(sha256sum "$TMP_D/config-hash.yml" | awk '{ print($1) }')
+
+echo "*** Patching manifest file"
+echo ""
+sed -e "s#image: \"$IMAGE_NAME:.*\"#image: \"$IMAGE_NAME:$VERSION\"#" -e "s#config-hash: \".*\"#config-hash: \"$CONFIG_HASH\"#" "$K8S_MANIFEST_FILE" > "$TMP_D/manifest.yml"
+set +e
+diff -u "$K8S_MANIFEST_FILE" "$TMP_D/manifest.yml"
+if [ $? -eq 0 ]; then
+ echo "patching file failed?"
+ exit 2
+fi
+cat "$TMP_D/config-hash.yml" > "$K8S_CONFIG_HASH_FILE"
+cat "$TMP_D/manifest.yml" > "$K8S_MANIFEST_FILE"
+echo ""
+
+"$INSTANCE_BASE_D/upgrade.sh" finalize "$CURRENT_VERSION" "$VERSION"
+
+exit 0
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 19:07:26 +0000