Implemented Nextcloud Plugin Routine

2025-08-29 15:06:26 +02:00 · 2025-02-27 15:28:43 +01:00
parent 3d096f1fc7
commit 1756babbc2
12 changed files with 262 additions and 67 deletions
--- a/roles/docker-nextcloud/handlers/main.yml
+++ b/roles/docker-nextcloud/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: restart docker nginx service
  command:
-    cmd: "docker exec {{nextcloud_nginx_container_name}} nginx -s reload"
+    cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
  listen: restart docker nginx service
  ignore_errors: true # Ignoring if container is restarting
--- a/roles/docker-nextcloud/tasks/ldap.yml
+++ b/roles/docker-nextcloud/tasks/ldap.yml
@@ -1,14 +1,6 @@
 # @See https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
 # @See https://chatgpt.com/c/67aa2d21-cb4c-800f-b1be-8629b6bd3f55
 # @todo implement
-
- name: install LDAP plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install user_ldap"
-  ignore_errors: true
-
- name: Activate Nextcloud LDAP App
-  command: "docker exec -u www-data {{ nextcloud_application_container_name }} php occ app:enable user_ldap"
-
 - name: Load LDAP Nextcloud configuration variables
  include_vars:
    file: ldap.yml
@@ -16,10 +8,10 @@
 - name: Set Nextcloud LDAP config
  loop: "{{ nextcloud_ldap_configuration }}"
  command: >
-    docker exec -u www-data {{ nextcloud_application_container_name }}
+    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value "{{ item.configvalue }}"

 - name: Set Nextcloud LDAP bind password
  command: >
-    docker exec -u www-data {{ nextcloud_application_container_name }}
+    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ ldap:set-config s01 ldapAgentPassword "{{ ldap.bind_credential }}"
--- a/roles/docker-nextcloud/tasks/legacy_login_mask.yml
+++ b/roles/docker-nextcloud/tasks/legacy_login_mask.yml
@@ -1,5 +1,5 @@
 - name: Set hide_login_form to true
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"
+  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{ (not applications[application_id].legacy_login_mask.enabled) | lower }} hide_login_form"

 - name: "Set auth.webauthn.enabled to false"
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
+  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ config:system:set --type boolean --value {{applications[application_id].legacy_login_mask.enabled | lower}} auth.webauthn.enabled"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@@ -13,7 +13,7 @@

 - name: Remove OIDC configuration lines from config.php if present (container)
  command: >
-    docker exec -u www-data {{ nextcloud_application_container_name }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
+    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c "sed -i '/CONFIG_EXTRA = include.*oidc\.config\.php/d' /var/www/html/config/config.php && sed -i '/CONFIG = array_merge(\\$CONFIG, \\$CONFIG_EXTRA)/d' /var/www/html/config/config.php"
  when: applications[application_id].oidc.flavor == "sociallogin" and mode_cleanup | bool 

 - name: "include role for {{application_id}} to recieve certs & do modification routines"
@@ -35,6 +35,18 @@
 - name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml

+- name: Flush all handlers immediately so that occ can be used
+  meta: flush_handlers
+
+- name: Setup Nextcloud Plugins
+  include_tasks: plugin.yml
+  loop: "{{applications[application_id].plugins | dict2items }}"
+  loop_control:
+    loop_var: plugin_item
+  vars:
+    plugin_name: "{{ plugin_item.key }}"
+    plugin_configuration: "{{ plugin_item.value }}"
+
 - name: "Include OIDC-specific tasks with flavor {{applications[application_id].oidc.flavor}}"
  include_tasks: "{{applications[application_id].oidc.flavor}}.yml"
  when: applications[application_id].oidc.enabled | bool
--- a/roles/docker-nextcloud/tasks/oidc_login.yml
+++ b/roles/docker-nextcloud/tasks/oidc_login.yml
@@ -1,13 +1,3 @@
- name: enable sociallogin plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable sociallogin"
-  ignore_errors: true
-  when: 
-    - mode_cleanup | bool
-
- name: install oidc_login plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install oidc_login"
-  ignore_errors: true
-
 - name: Add OIDC configuration if not implemented yet
  command: >
-    docker exec -u www-data {{ nextcloud_application_container_name }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
+    docker exec -u www-data {{ applications.nextcloud.container.application }} sh -c 'grep -q "CONFIG_EXTRA = include" ./config/config.php || echo -e "\n\$CONFIG_EXTRA = include '\''{{nextcloud_docker_oidc_login_config_path}}'\'';\n\$CONFIG = array_merge(\$CONFIG, \$CONFIG_EXTRA);" >> ./config/config.php'
--- a/roles/docker-nextcloud/tasks/plugin.yml
+++ b/roles/docker-nextcloud/tasks/plugin.yml
@@ -0,0 +1,14 @@
+- name: "Disable incompatible plugins for {{plugin_name}}."
+  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:disable {{incompatible_plugin}}"
+  loop: "{{plugin_configuration.incompatible_plugins}}"
+  loop_control: 
+    loop_var: incompatible_plugin
+  when: plugin_configuration.incompatible_plugins is defined and plugin_configuration.incompatible_plugins | length > 0
+
+- name: install {{ plugin_name }} nextcloud plugin
+  command: "docker exec -u www-data {{ applications.nextcloud.container.application }} {{ nextcloud_docker_path }}occ app:install {{ plugin_name }}"
+  register: install_result
+  failed_when: install_result.rc != 0 and ("already installed" not in install_result.stdout)
+
+- name: enable {{plugin_name}} nextcloud plugin
+  command: "docker exec -u www-data {{applications.nextcloud.container.application}} {{nextcloud_docker_path}}occ app:enable {{plugin_name}}"
--- a/roles/docker-nextcloud/tasks/sociallogin.yml
+++ b/roles/docker-nextcloud/tasks/sociallogin.yml
@@ -1,21 +1,4 @@
 # @See https://chatgpt.com/share/6798189e-9c00-800f-923c-5ce3cfbdf405
-
- name: Flush all handlers immediately so that occ can be used
-  meta: flush_handlers
-
- name: disable oidc_login plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:disable oidc_login"
-  ignore_errors: true
-  when: 
-    - mode_cleanup | bool  
-
- name: install sociallogin plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:install sociallogin"
-  ignore_errors: true
-
- name: enable sociallogin plugin
-  command: "docker exec -u www-data {{nextcloud_application_container_name}} {{nextcloud_docker_path}}occ app:enable sociallogin"
-
 - name: Load Sociallogin configuration variables
  include_vars:
    file: sociallogin.yml
@@ -24,5 +7,5 @@
  loop: "{{ nextcloud_sociallogin_configuration}}"
  # The | to_json function is necessary to escape custom_providers correct.
  command: >
-    docker exec -u www-data {{ nextcloud_application_container_name }}
+    docker exec -u www-data {{ applications.nextcloud.container.application }}
    php occ config:app:set {{ item.appid }} {{ item.configkey }} --value '{{ item.configvalue | to_json if item.configvalue is mapping else item.configvalue }}'
--- a/roles/docker-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2
@@ -6,7 +6,7 @@ services:

  application:
    image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
-    container_name: {{nextcloud_application_container_name}}
+    container_name: {{applications.nextcloud.container.application}}
    volumes:
      - data:{{nextcloud_docker_path}}
 {% if applications[application_id].oidc.flavor == "oidc_login" %}
@@ -24,7 +24,7 @@ services:

  web:
    image: nginx:alpine
-    container_name: {{nextcloud_nginx_container_name}}
+    container_name: {{applications.nextcloud.container.proxy}}
    logging:
      driver: journald
    restart: {{docker_restart_policy}}
--- a/roles/docker-nextcloud/vars/main.yml
+++ b/roles/docker-nextcloud/vars/main.yml
@@ -2,11 +2,9 @@
 application_id:                           "nextcloud"
 database_password:  	                    "{{applications.nextcloud.credentials.database_password}}"
 database_type:                            "mariadb"
-nextcloud_application_container_name:     "nextcloud-application"
-nextcloud_nginx_container_name:           "nextcloud-web"
 nextcloud_config_file_host_path:          "/var/lib/docker/volumes/nextcloud_data/_data/config/config.php"
 domain:                                   "{{domains[application_id]}}"
 http_port:                                "{{ ports.localhost.http[application_id] }}"
 nextcloud_docker_path:                    "/var/www/html/"
 nextcloud_docker_oidc_login_config_path:  "{{nextcloud_docker_path}}config/oidc.config.php"
-nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
+nextcloud_host_oidc_login_path:           "{{docker_compose.directories.volumes}}/oidc.config.php"
--- a/roles/nginx-https-get-cert/tasks/main.yml
+++ b/roles/nginx-https-get-cert/tasks/main.yml
@@ -35,7 +35,9 @@
      # AND: The domain is a direct first-level subdomain of the primary domain
    - domain != primary_domain  
      # The domain is not the primary domain
-  ignore_errors: true
+  register: certbot_result
+  failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
+  changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr)

 - name: run the recieve_certificate tasks once
  set_fact:
--- a/roles/nginx-modifier-css/templates/global.css.j2
+++ b/roles/nginx-modifier-css/templates/global.css.j2
@@ -503,6 +503,10 @@ div#mastodon, div#admin-wrapper {
  --overlay-icon-shadow: drop-shadow(0 0 8px rgba(var(--color-rgb-01), 0.25));
 }

+.swal2-popup {
+    color: #000;
+}
+
 /* Modal Overwrittes */ 
 div.modal div.modal-content {
  /* Colors – adjusted to the existing scheme */