From b523cf86c8cbedb43cf625a1a847ca828afd5fba Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sun, 13 Oct 2019 17:29:11 +0200 Subject: nextcloud basic installation is finally working properly --- roles/nextcloud/tasks/main.yml | 73 ++++++++++++++++++++++++++++++------------ 1 file changed, 53 insertions(+), 20 deletions(-) (limited to 'roles/nextcloud/tasks/main.yml') diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 190afb47..0f9413b9 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -77,7 +77,7 @@ state: directory -- name: create image config dir +- name: create auxiliary config directory loop: "{{ nextcloud_instances | list }}" file: path: "{{ nextcloud_base_path }}/{{ item }}/config" @@ -85,33 +85,47 @@ - name: create apache vhost config loop: "{{ nextcloud_instances | list }}" - copy: - content: | - - ServerAdmin webmaster@localhost - DocumentRoot /var/www/html - - # SetEnv HTTPS on - # SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - + template: + src: apache-site.conf.j2 dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf" -- name: configure apache to run on port 8080 only +- name: configure apache to run on port 8443 only loop: "{{ nextcloud_instances | list }}" copy: content: | - Listen 8080 + Listen 8443 dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf" -- name: install cron trigger script + +- name: create tls cert/key directory loop: "{{ nextcloud_instances | list }}" - template: - src: run-cron.sh.j2 - dest: "{{ nextcloud_base_path }}/{{ item }}/config/run-cron.sh" - mode: 0755 + file: + path: "{{ nextcloud_base_path }}/{{ item }}/config/tls" + state: directory + +- name: generate tls private key for apache + loop: "{{ nextcloud_instances | list }}" + openssl_privatekey: + path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key" + mode: 0640 + owner: root + group: nc-app + +- name: generate csr for selfsigned certifacate + loop: "{{ nextcloud_instances | list }}" + openssl_csr: + path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.csr" + privatekey_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key" + common_name: "nextcloud-{{ item }}" + +## TODO: fix idempotence +- name: generate tls self-signed certificate for apache + loop: "{{ nextcloud_instances | list }}" + openssl_certificate: + path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.crt" + privatekey_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key" + csr_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.csr" + provider: selfsigned - name: generate pod manifests @@ -124,6 +138,13 @@ mode: 0600 +- name: install cron trigger script + loop: "{{ nextcloud_instances | list }}" + template: + src: run-cron.sh.j2 + dest: "{{ nextcloud_base_path }}/{{ item }}/config/run-cron.sh" + mode: 0755 + - name: install template systemd unit for cron trigger template: src: cron@.service.j2 @@ -142,3 +163,15 @@ name: "nextcloud-cron-{{ item }}.timer" state: started enabled: yes + + +- name: configure nginx vhost + loop: "{{ nextcloud_instances | dict2items }}" + include_role: + name: nginx/vhost + vars: + nginx_vhost: + name: "{{ item.key }}" + content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" + acme: true + hostnames: "{{ item.value.hostnames }}" -- cgit v1.2.3