From cc533015e4a66f89789002704c7c131fb56539ba Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 12 Oct 2019 19:51:56 +0200
Subject: nextcloud role ~50% done

---
 roles/nextcloud/defaults/main.yml                 | 26 +++++++
 roles/nextcloud/tasks/main.yml                    | 89 +++++++++++++++++++++++
 roles/nextcloud/templates/pod-with-mariadb.yml.j2 | 52 +++++++++++++
 3 files changed, 167 insertions(+)
 create mode 100644 roles/nextcloud/defaults/main.yml
 create mode 100644 roles/nextcloud/tasks/main.yml
 create mode 100644 roles/nextcloud/templates/pod-with-mariadb.yml.j2

(limited to 'roles/nextcloud')

diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
new file mode 100644
index 00000000..0cd84485
--- /dev/null
+++ b/roles/nextcloud/defaults/main.yml
@@ -0,0 +1,26 @@
+---
+nextcloud_app_uid: "950"
+nextcloud_app_gid: "950"
+
+nextcloud_db_uid: "951"
+nextcloud_db_gid: "951"
+
+# nextcloud_base_path: /srv/nextcloud
+
+# nextcloud_zfs:
+#   pool: storage
+#   name: nextcloud
+#   size: 500G
+
+# nextcloud_instances:
+#   example:
+#     version: 17.0.0
+#     port: 8100
+#     hostnames:
+#       - wolke.example.com
+#       - cloud.example.com
+#    quota: 100G
+#    database:
+#      type: mariadb
+#      version: 10.4.8
+#      password: "{{ vault_nextcloud_database_passwords['example'] }}"
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 00000000..8453ce65
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,89 @@
+---
+- name: create zfs datasets
+  when: nextcloud_zfs is defined
+  block:
+  - name: create zfs base dataset
+    zfs:
+      name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}"
+      state: present
+      extra_zfs_properties:
+        quota: "{{ nextcloud_zfs.size }}"
+
+  - name: create zfs volumes for instances
+    loop: "{{ nextcloud_instances | dict2items }}"
+    loop_control:
+      label: "{{ item.key }} ({{ item.value.quota }})"
+    zfs:
+      name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}"
+      state: present
+      extra_zfs_properties:
+        quota: "{{ item.value.quota }}"
+
+  - name: configure nextcloud base bath
+    set_fact:
+      nextcloud_base_path: "{{ zfs_zpools[nextcloud_zfs.pool].mountpoint }}/{{ nextcloud_zfs.name }}"
+
+
+- name: create instance subdirectories
+  when: nextcloud_zfs is not defined
+  loop: "{{ nextcloud_instances | list }}"
+  file:
+    path: "{{ nextcloud_base_path }}/{{ item }}"
+    state: directory
+
+
+
+- name: add group for nextcloud app
+  group:
+    name: nc-app
+    gid: "{{ nextcloud_app_gid }}"
+
+- name: add user for nextcloud app
+  user:
+    name: nc-app
+    uid: "{{ nextcloud_app_uid }}"
+    group: nc-app
+    password: "!"
+
+- name: create nextcloud app subdirectory
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  file:
+    path: "{{ nextcloud_base_path }}/{{ item }}/nextcloud"
+    owner: "{{ nextcloud_app_uid }}"
+    group: "{{ nextcloud_app_gid }}"
+    state: directory
+
+
+- name: add group for nextcloud db
+  group:
+    name: nc-db
+    gid: "{{ nextcloud_db_gid }}"
+
+- name: add user for nextcloud db
+  user:
+    name: nc-db
+    uid: "{{ nextcloud_db_uid }}"
+    group: nc-db
+    password: "!"
+
+- name: create nextcloud database subdirectory
+  loop: "{{ nextcloud_instances | dict2items}}"
+  loop_control:
+    label: "{{ item.key }} ({{ item.value.database.type }})"
+  file:
+    path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+    owner: "{{ nextcloud_db_uid }}"
+    group: "{{ nextcloud_db_gid }}"
+    state: directory
+
+
+- name: generate pod manifests
+  loop: "{{ nextcloud_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  template:
+    src: "pod-with-{{ item.value.database.type }}.yml.j2"
+    dest: "/etc/kubernetes/manifests/{{ item.key }}.yml"
+    mode: 0600
diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
new file mode 100644
index 00000000..4e2f6baa
--- /dev/null
+++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ item.key }}"
+spec:
+  securityContext:
+    allowPrivilegeEscalation: false
+  containers:
+  - name: nextcloud
+    image: debian:buster
+    command:
+    - /bin/bash
+    - -c
+    - "sleep 7200"
+    # securityContext:
+    #   runAsUser: {{ nextcloud_app_uid }}
+    #   runAsGroup: {{ nextcloud_app_gid }}
+    volumeMounts:
+    - name: nextcloud
+      mountPath: /var/www/html
+    ports:
+    - containerPort: 8080
+      hostPort: {{ item.value.port }}
+  - name: database
+    image: "mariadb:{{ item.value.database.version }}"
+    args:
+    - --transaction-isolation=READ-COMMITTED
+    - --binlog-format=ROW
+    securityContext:
+      runAsUser: {{ nextcloud_db_uid }}
+      runAsGroup: {{ nextcloud_db_gid }}
+    env:
+    - name: MYSQL_RANDOM_ROOT_PASSWORD
+      value: "true"
+    - name: MYSQL_PASSWORD
+      value: "{{ item.value.database.password }}"
+    - name: MYSQL_DATABASE
+      value: nextcloud
+    - name: MYSQL_USER
+      value: nextcloud
+    volumeMounts:
+    - name: database
+      mountPath: /var/lib/mysql
+  volumes:
+  - name: nextcloud
+    hostPath:
+      path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
+      type: Directory
+  - name: database
+    hostPath:
+      path: "{{ nextcloud_base_path }}/{{ item.key }}/{{ item.value.database.type }}"
+      type: Directory
-- 
cgit v1.2.3