From f17372704aff042a90b6a56829e5f1216e16fc61 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Tue, 18 Feb 2020 00:50:57 +0100
Subject: ele-media  upgrade nextcloud and system

---
 ansible.cfg                                           | 9 ++++++++-
 inventory/host_vars/ele-media.yml                     | 2 +-
 roles/elevate/media/defaults/main.yml                 | 2 +-
 roles/elevate/media/tasks/nextcloud.yml               | 7 +++++--
 roles/elevate/media/templates/nextcloud-nginx.conf.j2 | 1 +
 roles/mysql/tasks/main.yml                            | 2 +-
 6 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/ansible.cfg b/ansible.cfg
index ae27edfa..372cd74a 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -22,7 +22,14 @@ var_compression_level = 9
 
 bin_ansible_callbacks = True
 
-interpreter_python = auto_silent
+### For we now force usage of python 2 on all operating systems.
+### Ansible 2.8 introduced a automatic discovery that raises a lot of
+### questions. This new discovery will become the new default in 2.12.
+### Until all problems with the discovery have been sorted out we can
+### start using it. For now it is way easier and safer to just force
+### /usr/bin/python which is always python2 on Debian and Ubuntu.
+interpreter_python = /usr/bin/python
+#interpreter_python = auto_silent
 
 ## https://github.com/ansible/ansible/issues/56930
 force_valid_group_names = ignore
diff --git a/inventory/host_vars/ele-media.yml b/inventory/host_vars/ele-media.yml
index 6afa87f9..d471683e 100644
--- a/inventory/host_vars/ele-media.yml
+++ b/inventory/host_vars/ele-media.yml
@@ -12,7 +12,7 @@ network:
     mask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
     gateway: "{{ network_zones.lan.gateway }}"
 
-network_setup: elevate-festival
+network_setup: r3-with-lan # elevate-festival
 
 
 dyndns:
diff --git a/roles/elevate/media/defaults/main.yml b/roles/elevate/media/defaults/main.yml
index 3ffd2d89..78107c42 100644
--- a/roles/elevate/media/defaults/main.yml
+++ b/roles/elevate/media/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
-nextcloud_version: 15
+nextcloud_version: 17.0.3
 
 nextcloud_hostnames:
   - wolke.example.com
diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml
index fbb6d9b6..4dcedf31 100644
--- a/roles/elevate/media/tasks/nextcloud.yml
+++ b/roles/elevate/media/tasks/nextcloud.yml
@@ -29,8 +29,11 @@
     state: present
     name: nextcloud
     tag: "{{ inventory_hostname }}"
-    path: /srv/nextcloud/docker/
-    force: "{{ nextcloud_dockerfile.changed }}"
+    source: build
+    build:
+      path: /srv/nextcloud/docker/
+      pull: no
+    force_source: "{{ nextcloud_dockerfile.changed }}"
 
 ### TODO: set mysql variables:
 ###   <snip>
diff --git a/roles/elevate/media/templates/nextcloud-nginx.conf.j2 b/roles/elevate/media/templates/nextcloud-nginx.conf.j2
index 16d510eb..3033d449 100644
--- a/roles/elevate/media/templates/nextcloud-nginx.conf.j2
+++ b/roles/elevate/media/templates/nextcloud-nginx.conf.j2
@@ -25,6 +25,7 @@ server {
     ssl_certificate_key /var/lib/acme/live/{{ nextcloud_hostnames[0] }}/privkey;
     include snippets/hsts.conf;
 
+    add_header X-Frame-Options "SAMEORIGIN";
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";
     add_header X-Robots-Tag none;
diff --git a/roles/mysql/tasks/main.yml b/roles/mysql/tasks/main.yml
index 22b37fcf..402cb55a 100644
--- a/roles/mysql/tasks/main.yml
+++ b/roles/mysql/tasks/main.yml
@@ -7,7 +7,7 @@
   apt:
     name:
       - "{{ mysql_pkg_name }}"
-      - python-mysqldb
+      - python-pymysql
     state: present
     force: yes
 
-- 
cgit v1.2.3