From 93d118dcc07a2e1c9b48d4b56a1b30d096b5cee2 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 13 Jan 2019 02:16:31 +0100
Subject: nextcloud is now running as share:share

---
 roles/elevate/media/defaults/main.yml              |  3 +++
 roles/elevate/media/tasks/nextcloud-config.yml     | 13 ++++-------
 roles/elevate/media/tasks/nextcloud.yml            | 27 ++++++++++++++++++----
 roles/elevate/media/tasks/samba.yml                |  4 ++--
 .../media/templates/nextcloud-Dockerfile.j2        |  8 +++++++
 roles/elevate/media/templates/nextcloud.service.j2 |  2 +-
 6 files changed, 41 insertions(+), 16 deletions(-)
 create mode 100644 roles/elevate/media/templates/nextcloud-Dockerfile.j2

diff --git a/roles/elevate/media/defaults/main.yml b/roles/elevate/media/defaults/main.yml
index 344d0aba..7756bcd5 100644
--- a/roles/elevate/media/defaults/main.yml
+++ b/roles/elevate/media/defaults/main.yml
@@ -14,3 +14,6 @@ nextcloud_admin:
   password: changeme
 
 nextcloud_lvm: {}
+
+share_uid: 800
+share_gid: 800
diff --git a/roles/elevate/media/tasks/nextcloud-config.yml b/roles/elevate/media/tasks/nextcloud-config.yml
index 40545326..271aa33f 100644
--- a/roles/elevate/media/tasks/nextcloud-config.yml
+++ b/roles/elevate/media/tasks/nextcloud-config.yml
@@ -1,12 +1,6 @@
 ---
-  # TODO: fix idempotence
-- name: set up permission for external storage
-  command: docker exec -u root nextcloud.service bash -c "chown root:www-data /srv/external && chmod 02775 /srv/external"
-  changed_when: false
-
-
   ## TODO: this is idempotent but flagging change would be nice
-- name: set up permission for external storage
+- name: enable files_external app
   command: docker exec -u www-data nextcloud.service /var/www/html/occ app:enable files_external
   changed_when: false
 
@@ -37,8 +31,9 @@
     nextcloud_files_external_list: "{{ nextcloud_files_external_list.stdout | from_json }}"
 
 - name: configure external storage in nextcloud
-  command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external" Fileserver local null::null
-  when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Fileserver'))
+  command: docker exec -u www-data nextcloud.service /var/www/html/occ files_external:create -n --output=json --config="datadir=/srv/external/share" Share local null::null
+  when: not (nextcloud_files_external_list | nextcloud_mountpoint_exists('/Share'))
+
 
   ## TODO: this is idempotent but flagging change would be nice
 - name: set up permission for external storage
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index 8531699c..ca9a2572 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -13,6 +13,25 @@
     dest: /srv/nextcloud/config/nextcloud-fpm.conf
 
 
+- name: create docker build-context for patched nextcloud image
+  file:
+    path: /srv/nextcloud/docker/
+    state: directory
+
+- name: install Dockerfile for patched nextcloud image
+  template:
+    src: nextcloud-Dockerfile.j2
+    dest: /srv/nextcloud/docker/Dockerfile
+  register: nextcloud_dockerfile
+
+- name: build patched nextcloud image
+  docker_image:
+    state: present
+    name: nextcloud
+    tag: "{{ inventory_hostname }}"
+    path: /srv/nextcloud/docker/
+    force: "{{ nextcloud_dockerfile.changed }}"
+
 - name: create nextcloud database
   mysql_db:
     login_user: root
@@ -36,7 +55,7 @@
 #
 # systemctl disable nextcloud-cron.timer
 # systemctl stop nextcloud-cron.timer
-# systemctl disable nextcloud.serivce
+# systemctl disable nextcloud.service
 # systemctl stop nextcloud.service
 # rm -rf /srv/nextcloud/config/nextcloud
 # rm -rf /srv/ncdata/nextcloud
@@ -51,8 +70,8 @@
 - name: running nextcloud installer
   when: not nextcloud_config_file.stat.exists
   docker_container:
-    name: nextcloud
-    image: nextcloud:{{ nextcloud_version }}-fpm
+    name: nextcloud-installer
+    image: "nextcloud:{{ inventory_hostname }}"
     ## for some reasons a newly created database schema is not up to date with the recommended settings...
     ## in case this is not needed anymore using '/bin/true' here.
     command: 'su -p www-data -s /bin/sh -c "php /var/www/html/occ db:convert-filecache-bigint"'
@@ -64,7 +83,7 @@
       - /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf
       - /srv/nextcloud/config/nextcloud:/var/www/html/config
       - /srv/ncdata/nextcloud:/var/www/html/data
-      - /srv/ncdata/share:/srv/external
+      - /srv/smbdata/share:/srv/external/share
     env:
       NEXTCLOUD_UPDATE: '1'
       NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_hostnames | join(' ') }}"
diff --git a/roles/elevate/media/tasks/samba.yml b/roles/elevate/media/tasks/samba.yml
index acf81c1f..65cc1d1b 100644
--- a/roles/elevate/media/tasks/samba.yml
+++ b/roles/elevate/media/tasks/samba.yml
@@ -2,12 +2,12 @@
 - name: create group for shared access
   group:
     name: share
-    gid: 800
+    gid: "{{ share_gid }}"
 
 - name: create guest user for samba
   user:
     name: share
-    uid: 800
+    uid: "{{ share_uid }}"
     home: /var/lib/share
     group: share
     shell: /bin/false
diff --git a/roles/elevate/media/templates/nextcloud-Dockerfile.j2 b/roles/elevate/media/templates/nextcloud-Dockerfile.j2
new file mode 100644
index 00000000..33b817f1
--- /dev/null
+++ b/roles/elevate/media/templates/nextcloud-Dockerfile.j2
@@ -0,0 +1,8 @@
+FROM nextcloud:{{ nextcloud_version }}-fpm
+
+RUN set -x \
+    && bash -c 'cd / && find -user www-data -exec chown {{ share_uid }} {} \; || true' \
+    && bash -c 'cd / && find -group www-data -exec chown {{ share_gid }} {} \; || true' \
+    && sed -e 's/^www-data:\([^:]*\):[0-9]*:[0-9]*:\(.*\)/www-data:\1:{{ share_uid }}:{{ share_gid }}:\2/' -i /etc/passwd \
+    && sed -e 's/^www-data:\([^:]*\):[0-9]*:\(.*\)/www-data:\1:800:\2/' -i /etc/group \
+    && sed -e 's/^\(exec.*\)$/umask 002\n\1/' -i /entrypoint.sh
diff --git a/roles/elevate/media/templates/nextcloud.service.j2 b/roles/elevate/media/templates/nextcloud.service.j2
index 4eacf476..66395fe9 100644
--- a/roles/elevate/media/templates/nextcloud.service.j2
+++ b/roles/elevate/media/templates/nextcloud.service.j2
@@ -4,7 +4,7 @@ After=docker.service
 Requires=docker.service
 
 [Service]
-ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/ncdata/share:/srv/external -v /srv/nextcloud/www:/var/www/html nextcloud:{{ nextcloud_version }}-fpm
+ExecStart=/usr/bin/systemd-docker --cgroups name=systemd run --rm --network host --name %n -v /srv/nextcloud/config/nextcloud-fpm.conf:/usr/local/etc/php-fpm.d/zzzzz.conf -v /srv/nextcloud/config/nextcloud:/var/www/html/config -v /srv/ncdata/nextcloud:/var/www/html/data -v /srv/smbdata/share:/srv/external/share -v /srv/nextcloud/www:/var/www/html nextcloud:{{ inventory_hostname }}
 Restart=always
 RestartSec=10
 Type=notify
-- 
cgit v1.2.3