summaryrefslogtreecommitdiff
path: root/roles/elevate/media
diff options
context:
space:
mode:
Diffstat (limited to 'roles/elevate/media')
-rw-r--r--roles/elevate/media/defaults/main.yml16
-rw-r--r--roles/elevate/media/filter_plugins/nextcloud.py38
-rw-r--r--roles/elevate/media/tasks/nextcloud-config.yml52
-rw-r--r--roles/elevate/media/tasks/nextcloud-lvm.yml42
-rw-r--r--roles/elevate/media/tasks/nextcloud.yml141
-rw-r--r--roles/elevate/media/templates/nextcloud.service.j216
6 files changed, 246 insertions, 59 deletions
diff --git a/roles/elevate/media/defaults/main.yml b/roles/elevate/media/defaults/main.yml
index a2c9c807..344d0aba 100644
--- a/roles/elevate/media/defaults/main.yml
+++ b/roles/elevate/media/defaults/main.yml
@@ -1,4 +1,16 @@
---
+nextcloud_version: 15
+
nextcloud_hostnames:
- - media.elevate.at
- - elevate-media.spreadspace.org
+ - wolke.example.com
+
+nextcloud_db:
+ db: nextcloud
+ user: nextcloud
+ password: changeme
+
+nextcloud_admin:
+ user: admin
+ password: changeme
+
+nextcloud_lvm: {}
diff --git a/roles/elevate/media/filter_plugins/nextcloud.py b/roles/elevate/media/filter_plugins/nextcloud.py
new file mode 100644
index 00000000..a1bcd63b
--- /dev/null
+++ b/roles/elevate/media/filter_plugins/nextcloud.py
@@ -0,0 +1,38 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible import errors
+
+
+def mountpoint_exists(data, mountpoint):
+ try:
+ for entry in data:
+ if entry['mount_point'] == mountpoint:
+ return True
+
+ return False
+ except Exception as e:
+ raise errors.AnsibleFilterError("mountpoint_exists(): %s" % str(e))
+
+
+def get_id_of_mountpoint(data, mountpoint):
+ try:
+ for entry in data:
+ if entry['mount_point'] == mountpoint:
+ return entry['mount_id']
+
+ raise KeyError
+ except Exception as e:
+ raise errors.AnsibleFilterError("get_id_of_mountpoint(): %s" % str(e))
+
+
+class FilterModule(object):
+
+ ''' extract values from nextcloud '''
+ filter_map = {
+ 'nextcloud_mountpoint_exists': mountpoint_exists,
+ 'nextcloud_get_id_of_mountpoint': get_id_of_mountpoint,
+ }
+
+ def filters(self):
+ return self.filter_map
diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml
new file mode 100644
index 00000000..1ce80860
--- /dev/null
+++ b/roles/elevate/media/tasks/nextcloud-config.yml
@@ -0,0 +1,52 @@
+---
+ # TODO: fix idempotence
+- name: set up permission for external storage
+ command: docker exec -u root nextcloud.service bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external"
+ changed_when: false
+
+
+ ## TODO: this is idempotent but flagging change would be nice
+- name: set up permission for external storage
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ app:enable files_external
+ changed_when: false
+
+
+- name: check if elevate group exists in nextcloud (1/2)
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ group:list -n --output=json
+ register: nextcloud_group_list
+ changed_when: false
+
+- name: check if elevate group exists in nextcloud (2/2)
+ set_fact:
+ nextcloud_group_list: "{{ nextcloud_group_list.stdout | from_json }}"
+
+- name: create group elevate group in nextcloud
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ group:add -n elevate
+ when: '"elevate" not in nextcloud_group_list'
+
+
+- name: check if external storage is configured in nextcloud (1/2)
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:list -n --output=json
+ register: nextcloud_files_external_list
+ changed_when: false
+
+- name: check if external storage is configured in nextcloud (2/2)
+ set_fact:
+ nextcloud_files_external_list: "{{ nextcloud_files_external_list.stdout | from_json }}"
+
+- debug:
+ var: nextcloud_files_external_list
+
+- name: configure external storage in nextcloud
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null
+ when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Fileserver'))
+
+ ## TODO: this is idempotent but flagging change would be nice
+- name: set up permission for external storage
+ command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:applicable -n --output=json 1 --add-group=elevate
+ changed_when: false
+
+
+### add this until tests have been done
+## 'overwriteprotocol' => 'http', -> /srv/nextcloud/config/nextcloud/config.php
+#
diff --git a/roles/elevate/media/tasks/nextcloud-lvm.yml b/roles/elevate/media/tasks/nextcloud-lvm.yml
new file mode 100644
index 00000000..d24326d3
--- /dev/null
+++ b/roles/elevate/media/tasks/nextcloud-lvm.yml
@@ -0,0 +1,42 @@
+---
+- name: prepare nextcloud system disk as LVM
+ when: nextcloud_lvm.system is defined
+ block:
+ - name: create logical volume
+ lvol:
+ vg: "{{ nextcloud_lvm.system.vg }}"
+ lv: "{{ nextcloud_lvm.system.lv }}"
+ size: "{{ nextcloud_lvm.system.size }}"
+
+ - name: create filesystem
+ filesystem:
+ fstype: "{{ nextcloud_lvm.system.fs }}"
+ dev: "/dev/mapper/{{ nextcloud_lvm.system.vg | replace('-', '--') }}-{{ nextcloud_lvm.system.lv | replace('-', '--') }}"
+
+ - name: mount filesytem
+ mount:
+ src: "/dev/mapper/{{ nextcloud_lvm.system.vg | replace('-', '--') }}-{{ nextcloud_lvm.system.lv | replace('-', '--') }}"
+ path: /srv/nextcloud
+ fstype: "{{ nextcloud_lvm.system.fs }}"
+ state: mounted
+
+- name: prepare nextcloud data disk as LVM
+ when: nextcloud_lvm.data is defined
+ block:
+ - name: create logical volume
+ lvol:
+ vg: "{{ nextcloud_lvm.data.vg }}"
+ lv: "{{ nextcloud_lvm.data.lv }}"
+ size: "{{ nextcloud_lvm.data.size }}"
+
+ - name: create filesystem
+ filesystem:
+ fstype: "{{ nextcloud_lvm.data.fs }}"
+ dev: "/dev/mapper/{{ nextcloud_lvm.data.vg | replace('-', '--') }}-{{ nextcloud_lvm.data.lv | replace('-', '--') }}"
+
+ - name: mount filesytem
+ mount:
+ src: "/dev/mapper/{{ nextcloud_lvm.data.vg | replace('-', '--') }}-{{ nextcloud_lvm.data.lv | replace('-', '--') }}"
+ path: /srv/ncdata
+ fstype: "{{ nextcloud_lvm.data.fs }}"
+ state: mounted
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index 6a3faf73..d827a28a 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -1,4 +1,7 @@
---
+- name: preare nextcloud disks
+ import_tasks: nextcloud-lvm.yml
+
- name: create nextcloud config directory
file:
path: /srv/nextcloud/config/
@@ -9,61 +12,85 @@
src: nextcloud-fpm.conf.j2
dest: /srv/nextcloud/config/nextcloud-fpm.conf
-##### TODO: implement the following steps
-### install
-#
-# docker run --rm --network host --name nextcloud \
-# -e NEXTCLOUD_UPDATE=1 -e NEXTCLOUD_TRUSTED_DOMAINS="media.elevate.at elevate-media.spreadspace.org 89.106.211.61" \
-# -e MYSQL_DATABASE="nextcloud" -e MYSQL_HOST="127.0.0.1:3306" -e MYSQL_USER="nextcloud" -e MYSQL_PASSWORD="testtest" \
-# -e NEXTCLOUD_ADMIN_USER="admin" -e NEXTCLOUD_ADMIN_PASSWORD="test" \
-# -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf \
-# -v /srv/nextcloud/config/nextcloud:/var/www/html/config \
-# -v /srv/data/nextcloud:/var/www/html/data \
-# -v /srv/data/share:/srv/external \
-# -v /srv/nextcloud/www:/var/www/html nextcloud:15-fpm /bin/true
-#
-#
-## for now we only support http (not needed when nginx and network config is fixed)
-##
-## 'overwriteprotocol' => 'http', -> /srv/nextcloud/config/nextcloud/config.php
-##
-#
-### run
-#
-# docker run --rm -d --network host --name nextcloud \
-# -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf \
-# -v /srv/nextcloud/config/nextcloud:/var/www/html/config \
-# -v /srv/data/nextcloud:/var/www/html/data \
-# -v /srv/data/share:/srv/external \
-# -v /srv/nextcloud/www:/var/www/html nextcloud:15-fpm
-#
-#
-### post -install
-#
-# docker exec -u root -it nextcloud bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external"
-#
-## this is idempotent
-# docker exec -u www-data -it nextcloud /var/www/html/occ app:enable files_external
-#
-## docker exec -u www-data -it nextcloud /var/www/html/occ group:list -n --output=json
-# docker exec -u www-data -it nextcloud /var/www/html/occ group:add -n Elevate
-#
-## docker exec -u www-data -it nextcloud /var/www/html/occ files_external:list --output=json
-# docker exec -u www-data -it nextcloud /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null
-#
-## this is idempotent
-# docker exec -u www-data -it nextcloud /var/www/html/occ files_external:applicable -n --output=json 1 --add-group=Elevate
-#
-#
-#
-##### not need to implement this...
-#
-### purge
-#
-# docker stop nextcloud
-# rm -rf /srv/nextcloud/config/nextcloud
-# rm -rf /srv/data/nextcloud
-# rm -rf /srv/nextcloud/www
-# echo "drop database nextcloud;" | mysql --defaults-extra-file=/etc/mysql/debian.cnf
-#
+- name: create nextcloud database
+ mysql_db:
+ login_user: root
+ login_password: "{{ mysql_root_password }}"
+ db: "{{ nextcloud_db.db }}"
+ encoding: utf8mb4
+ collation: utf8mb4_general_ci
+ state: present
+
+- name: create nextcloud database user
+ mysql_user:
+ login_user: root
+ login_password: "{{ mysql_root_password }}"
+ name: "{{ nextcloud_db.user }}"
+ password: "{{ nextcloud_db.password }}"
+ priv: "{{ nextcloud_db.db }}.*:SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,ALTER,CREATE TEMPORARY TABLES"
+ state: present
+
+
+- name: check if nextcloud is already configured
+ stat:
+ path: /srv/nextcloud/config/nextcloud/config.php
+ register: nextcloud_config_file
+
+- name: running nextcloud installer
+ when: not nextcloud_config_file.stat.exists
+ docker_container:
+ name: nextcloud
+ image: nextcloud:{{ nextcloud_version }}-fpm
+ command: /bin/true
+ network_mode: host
+ detach: no
+ auto_remove: yes
+ volumes:
+ - /srv/nextcloud/www:/var/www/html
+ - /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf
+ - /srv/nextcloud/config/nextcloud:/var/www/html/config
+ - /srv/ncdata/nextcloud:/var/www/html/data
+ - /srv/ncdata/share:/srv/external
+ env:
+ NEXTCLOUD_UPDATE: '1'
+ NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostnames | join(' ') }} 89.106.211.61" ## TODO remove ip when tests are done
+ MYSQL_DATABASE: "{{ nextcloud_db.db }}"
+ MYSQL_HOST: "127.0.0.1:3306"
+ MYSQL_USER: "{{ nextcloud_db.user }}"
+ MYSQL_PASSWORD: "{{ nextcloud_db.password }}"
+ NEXTCLOUD_ADMIN_USER: "{{ nextcloud_admin.username }}"
+ NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin.password }}"
+
+
+- name: install nextcloud service unit
+ template:
+ src: nextcloud.service.j2
+ dest: /etc/systemd/system/nextcloud.service
+ register: nextcloud_service
+
+- name: make sure nextcloud is started and enabled
+ systemd:
+ name: nextcloud.service
+ state: "{% if nextcloud_service.changed %}restarted{% else %}started{% endif %}"
+ enabled: yes
+ daemon_reload: yes
+
+- name: basic nextcloud config
+ import_tasks: nextcloud-config.yml
+
+- name: install nextcloud cron systemd units
+ with_items:
+ - service
+ - timer
+ template:
+ src: "nextcloud-cron.{{ item }}.j2"
+ dest: "/etc/systemd/system/nextcloud-cron.{{ item }}"
+
+- name: make sure nextcloud cron is started and enabled
+ systemd:
+ name: nextcloud-cron.timer
+ state: started
+ enabled: yes
+ daemon_reload: yes
+
diff --git a/roles/elevate/media/templates/nextcloud.service.j2 b/roles/elevate/media/templates/nextcloud.service.j2
new file mode 100644
index 00000000..4eacf476
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Nextcloud
+After=docker.service
+Requires=docker.service
+
+[Service]
+ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/ncdata/share:/srv/external -v /srv/nextcloud/www:/var/www/html nextcloud:{{ nextcloud_version }}-fpm
+Restart=always
+RestartSec=10
+Type=notify
+NotifyAccess=all
+TimeoutStartSec=30
+TimeoutStopSec=5
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-07 23:05:13 +0000