From 6001626d2ebfa9c251d52186d53006c38e89a4c6 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Thu, 7 Jul 2022 13:29:33 +0200 Subject: ele-media: add systemd timer for files:resscan --- roles/elevate/media/tasks/nextcloud.yml | 26 +++++++++++----------- .../media/templates/nextcloud-cron-.timer.j2 | 2 +- roles/elevate/media/templates/nextcloud-occ.j2 | 7 +++++- .../media/templates/nextcloud-rescan-.service.j2 | 17 ++++++++++++++ .../media/templates/nextcloud-rescan-.timer.j2 | 8 +++++++ .../media/templates/nextcloud-rescan.service.j2 | 15 ------------- .../media/templates/nextcloud-rescan.timer.j2 | 8 ------- 7 files changed, 45 insertions(+), 38 deletions(-) create mode 100644 roles/elevate/media/templates/nextcloud-rescan-.service.j2 create mode 100644 roles/elevate/media/templates/nextcloud-rescan-.timer.j2 delete mode 100644 roles/elevate/media/templates/nextcloud-rescan.service.j2 delete mode 100644 roles/elevate/media/templates/nextcloud-rescan.timer.j2 (limited to 'roles/elevate/media') diff --git a/roles/elevate/media/tasks/nextcloud.yml b/roles/elevate/media/tasks/nextcloud.yml index 0062bfd6..306148df 100644 --- a/roles/elevate/media/tasks/nextcloud.yml +++ b/roles/elevate/media/tasks/nextcloud.yml @@ -6,17 +6,17 @@ # - name: basic nextcloud config # import_tasks: nextcloud-config.yml -# - name: install nextcloud rescan systemd units -# loop: -# - service -# - timer -# template: -# src: "nextcloud-rescan.{{ item }}.j2" -# dest: "/etc/systemd/system/nextcloud-rescan.{{ item }}" +- name: install systemd service/timer unit for files:rescan + loop: + - service + - timer + template: + src: "nextcloud-rescan-.{{ item }}.j2" + dest: "/etc/systemd/system/nextcloud-rescan-{{ elevate_media_nextcloud_instance_name }}.{{ item }}" -# - name: make sure nextcloud rescan systemd timer are started and enabled -# systemd: -# name: "nextcloud-rescan.timer" -# state: started -# enabled: yes -# daemon_reload: yes +- name: make sure nextcloud rescan systemd timer are started and enabled + systemd: + daemon_reload: yes + name: "nextcloud-rescan-{{ elevate_media_nextcloud_instance_name }}.timer" + state: started + enabled: yes diff --git a/roles/elevate/media/templates/nextcloud-cron-.timer.j2 b/roles/elevate/media/templates/nextcloud-cron-.timer.j2 index b8caa377..9e7917ba 100644 --- a/roles/elevate/media/templates/nextcloud-cron-.timer.j2 +++ b/roles/elevate/media/templates/nextcloud-cron-.timer.j2 @@ -1,5 +1,5 @@ [Unit] -Description=Nextcloud cron.php job timer for %i +Description=Nextcloud cron.php job timer for {{ elevate_media_nextcloud_instance_name }} [Timer] OnCalendar=*:{{ 5 | random(seed=elevate_media_nextcloud_instance_name) }}/5 diff --git a/roles/elevate/media/templates/nextcloud-occ.j2 b/roles/elevate/media/templates/nextcloud-occ.j2 index f12f1259..2abde307 100755 --- a/roles/elevate/media/templates/nextcloud-occ.j2 +++ b/roles/elevate/media/templates/nextcloud-occ.j2 @@ -8,6 +8,11 @@ if [ -z "$INST_NAME" ]; then exit 1 fi +CRICTL_EXEC_ARGS="-it" +if [ -n "${NEXTCLOUD_OCC_NON_INTERACTIVE}" ]; then + CRICTL_EXEC_ARGS="" +fi + set -eu pod_id=$(crictl pods -q --state ready --name "^nextcloud-$INST_NAME-{{ ansible_nodename }}$") @@ -16,4 +21,4 @@ if [ -z "$pod_id" ]; then echo "Pod not found"; exit 1; fi container_id=$(crictl ps -q --name '^nextcloud$' -p "$pod_id") if [ -z "$container_id" ]; then echo "Container not found"; exit 1; fi -exec crictl exec -it "$container_id" php /var/www/html/occ $@ +exec crictl exec $CRICTL_EXEC_ARGS "$container_id" php /var/www/html/occ $@ diff --git a/roles/elevate/media/templates/nextcloud-rescan-.service.j2 b/roles/elevate/media/templates/nextcloud-rescan-.service.j2 new file mode 100644 index 00000000..a09139dd --- /dev/null +++ b/roles/elevate/media/templates/nextcloud-rescan-.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Nextcloud files:scan job timer for {{ elevate_media_nextcloud_instance_name }} + +[Service] +Type=oneshot +Environment=NEXTCLOUD_OCC_NON_INTERACTIVE=1 +{# TODO: make path(s) configurable and add one ExecStart per path #} +ExecStart=/usr/local/bin/nextcloud-occ {{ elevate_media_nextcloud_instance_name }} files:scan --path /_elevate_/files/Share +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=strict +ProtectHome=yes +ProtectKernelTunables=yes +ProtectControlGroups=yes +RestrictRealtime=yes +RestrictAddressFamilies=AF_UNIX AF_INET diff --git a/roles/elevate/media/templates/nextcloud-rescan-.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan-.timer.j2 new file mode 100644 index 00000000..aa6f7f19 --- /dev/null +++ b/roles/elevate/media/templates/nextcloud-rescan-.timer.j2 @@ -0,0 +1,8 @@ +[Unit] +Description=Nextcloud files:scan job timer for {{ elevate_media_nextcloud_instance_name }} + +[Timer] +OnCalendar=*:{{ 10 | random(seed=elevate_media_nextcloud_instance_name) }}/10 + +[Install] +WantedBy=timers.target diff --git a/roles/elevate/media/templates/nextcloud-rescan.service.j2 b/roles/elevate/media/templates/nextcloud-rescan.service.j2 deleted file mode 100644 index e1893b2b..00000000 --- a/roles/elevate/media/templates/nextcloud-rescan.service.j2 +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Nextcloud files:scan job - -[Service] -Type=oneshot -ExecStart=/usr/bin/docker exec -u www-data nextcloud.service /var/www/html/occ files:scan --path /_elevate_/files/Share -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -ProtectSystem=strict -ProtectHome=yes -ProtectKernelTunables=yes -ProtectControlGroups=yes -RestrictRealtime=yes -RestrictAddressFamilies=AF_UNIX diff --git a/roles/elevate/media/templates/nextcloud-rescan.timer.j2 b/roles/elevate/media/templates/nextcloud-rescan.timer.j2 deleted file mode 100644 index 92a8fd18..00000000 --- a/roles/elevate/media/templates/nextcloud-rescan.timer.j2 +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=Nextcloud files:scan job timer - -[Timer] -OnCalendar=*:0/10 - -[Install] -WantedBy=timers.target -- cgit v1.2.3