From eb98ae2bb7f5441c6c2bdc85158df0d40f633539 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 13 Oct 2019 03:19:34 +0200
Subject: nextcloud role almost done - some stuff still missing

---
 roles/nextcloud/tasks/main.yml                     | 37 ++++++++++++++++++
 roles/nextcloud/templates/pod-with-mariadb.yml.j2  | 45 +++++++++++++++++-----
 .../generic-proxy-no-buffering-with-acme.conf.j2   |  5 +++
 3 files changed, 77 insertions(+), 10 deletions(-)

(limited to 'roles')

diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 8453ce65..fe65d62b 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -79,6 +79,43 @@
     state: directory
 
 
+- name: create image config dir
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  file:
+    path: "{{ nextcloud_base_path }}/{{ item }}/config"
+    state: directory
+
+- name: create apache vhost config
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  copy:
+    content: |
+      <VirtualHost *:8080>
+        ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+        # SetEnv HTTPS on
+        # SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+      </VirtualHost>
+    dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf"
+
+- name: configure apache to run on port 8080 only
+  loop: "{{ nextcloud_instances | list }}"
+  loop_control:
+    label: "{{ item }}"
+  copy:
+    content: |
+      Listen 8080
+    dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf"
+
+
+
 - name: generate pod manifests
   loop: "{{ nextcloud_instances | dict2items }}"
   loop_control:
diff --git a/roles/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
index 4e2f6baa..7fa40cd4 100644
--- a/roles/nextcloud/templates/pod-with-mariadb.yml.j2
+++ b/roles/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -7,17 +7,35 @@ spec:
     allowPrivilegeEscalation: false
   containers:
   - name: nextcloud
-    image: debian:buster
-    command:
-    - /bin/bash
-    - -c
-    - "sleep 7200"
-    # securityContext:
-    #   runAsUser: {{ nextcloud_app_uid }}
-    #   runAsGroup: {{ nextcloud_app_gid }}
+    image: "nextcloud:{{ item.value.version }}"
+    securityContext:
+      runAsUser: {{ nextcloud_app_uid }}
+      runAsGroup: {{ nextcloud_app_gid }}
+    resources:
+      limits:
+        memory: "4Gi"
+    env:
+    - name: NEXTCLOUD_TRUSTED_DOMAINS
+      value: "{{ item.value.hostnames | join(' ') }}"
+    - name: MYSQL_HOST
+      value: 127.0.0.1
+    - name: MYSQL_DATABASE
+      value: nextcloud
+    - name: MYSQL_USER
+      value: nextcloud
+    - name: MYSQL_PASSWORD
+      value: "{{ item.value.database.password }}"
     volumeMounts:
     - name: nextcloud
       mountPath: /var/www/html
+    - name: config
+      mountPath: /etc/apache2/sites-available/000-default.conf
+      subPath: apache-site.conf
+      readOnly: true
+    - name: config
+      mountPath: /etc/apache2/ports.conf
+      subPath: ports.conf
+      readOnly: true
     ports:
     - containerPort: 8080
       hostPort: {{ item.value.port }}
@@ -29,19 +47,26 @@ spec:
     securityContext:
       runAsUser: {{ nextcloud_db_uid }}
       runAsGroup: {{ nextcloud_db_gid }}
+    resources:
+      limits:
+        memory: "2Gi"
     env:
     - name: MYSQL_RANDOM_ROOT_PASSWORD
       value: "true"
-    - name: MYSQL_PASSWORD
-      value: "{{ item.value.database.password }}"
     - name: MYSQL_DATABASE
       value: nextcloud
     - name: MYSQL_USER
       value: nextcloud
+    - name: MYSQL_PASSWORD
+      value: "{{ item.value.database.password }}"
     volumeMounts:
     - name: database
       mountPath: /var/lib/mysql
   volumes:
+  - name: config
+    hostPath:
+      path: "{{ nextcloud_base_path }}/{{ item.key }}/config/"
+      type: Directory
   - name: nextcloud
     hostPath:
       path: "{{ nextcloud_base_path }}/{{ item.key }}/nextcloud"
diff --git a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
index 8cad2994..9f165726 100644
--- a/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -23,11 +23,16 @@ server {
 
     location / {
         include snippets/proxy-nobuff.conf;
+{% if 'client_max_body_size' in item.value %}
+        client_max_body_size {{ item.value.client_max_body_size }};
+{% endif %}
 
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Ssl on;
+        proxy_set_header X-Forwarded-Port $server_port;
 
         # for websockets
         proxy_set_header Upgrade $http_upgrade;
-- 
cgit v1.2.3