kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Restructure and cleaned up in preparation of new backup logic

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-15 23:51:51 +02:00
parent c8054ffbc3
commit af3ea9039c
106 changed files with 703 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
roles/web-app-nextcloud/config/main.yml
View File

@@ -10,34 +10,53 @@ csp:
- "data:"
domains:
canonical:
- "cloud.{{ primary_domain }}"
nextcloud: "cloud.{{ primary_domain }}"
# talk: "talk.{{ primary_domain }}" @todo needs to be activated
docker:
services:
redis:
enabled: true
database:
enabled: true
nextcloud:
name: "nextcloud"
image: "nextcloud"
version: "latest-fpm-alpine"
no_stop_required: true
proxy:
name: "nextcloud-proxy"
image: "nginx"
version: "alpine"
cron:
name: "nextcloud-cron"
talk:
name: "nextcloud-talk"
image: "nextcloud/aio-talk"
version: "latest"
enabled: false # Not enabled yet, because just implemented during refactoring and not tested yet. if tested activate
# Its in a own role. @todo remove it if it gets implemented via the other role
#collabora:
# name: "nextcloud-collabora"
# image: "nextcloud-collabora"
# version: "latest"
oidc:
enabled: "{{ applications.nextcloud.features.oidc | default(true) }}" # Activate OIDC for Nextcloud
enabled: "{{ applications | get_app_conf(application_id, 'features.oidc')" # Activate OIDC for Nextcloud
# floavor decides which OICD plugin should be used.
# Available options: oidc_login, sociallogin
# @see https://apps.nextcloud.com/apps/oidc_login
# @see https://apps.nextcloud.com/apps/sociallogin
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet
features:
matomo: true
css: false
port-ui-desktop: true
port-ui-desktop: true
ldap: true
oidc: true
central_database: true
default_quota: '1000000000' # Quota to assign if no quota is specified in the OIDC response (bytes)
legacy_login_mask:
enabled: False # If true, then legacy login mask is shown. Otherwise just SSO
container:
application: "nextcloud-application" # Nextcloud application container name
proxy: "nextcloud-web" # Nextcloud Proxy Container Name
collabora: "nextcloud-collabora"
performance:
php:
memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit
@@ -146,16 +165,16 @@ plugins:
enabled: true
integration_mastodon:
# Nextcloud Integration Mastodon: connects Nextcloud with the Mastodon social network (https://apps.nextcloud.com/apps/integration_mastodon)
enabled: "{{ 'mastodon' in group_names | lower }}"
enabled: "{{ 'web-app-mastodon' in group_names | lower }}"
integration_openai:
# Nextcloud Integration OpenAI: brings OpenAI functionalities into Nextcloud (https://apps.nextcloud.com/apps/integration_openai)
enabled: false
integration_openproject:
# Nextcloud Integration OpenProject: integrates project management features from OpenProject (https://apps.nextcloud.com/apps/integration_openproject)
enabled: "{{ 'openproject' in group_names | lower }}"
enabled: "{{ 'web-app-openproject' in group_names | lower }}"
integration_peertube:
# Nextcloud Integration PeerTube: connects to PeerTube for video sharing (https://apps.nextcloud.com/apps/integration_peertube)
enabled: "{{ 'peertube' in group_names | lower }}"
enabled: "{{ 'web-app-peertube' in group_names | lower }}"
#keeweb
# # Nextcloud KeeWeb: integrates the KeeWeb password manager within Nextcloud (https://apps.nextcloud.com/apps/keeweb)
# # This isn't maintained anymore. The alternatives don't support keepass files
@@ -216,13 +235,13 @@ plugins:
# enabled: false
twofactor_nextcloud_notification:
# Nextcloud two-factor notification: sends notifications for two-factor authentication events (https://apps.nextcloud.com/apps/twofactor_nextcloud_notification)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
twofactor_totp:
# Nextcloud two-factor TOTP: provides time-based one-time password authentication (https://apps.nextcloud.com/apps/twofactor_totp)
enabled: "{{ not applications.nextcloud.features.oidc | default(true) }}" # Deactivate 2FA if oidc is active
enabled: "{{ not applications | get_app_conf('web-app-nextcloud', 'features.oidc', False, True) }}" # Deactivate 2FA if oidc is active
user_ldap:
# Nextcloud user LDAP: integrates LDAP for user management and authentication (https://apps.nextcloud.com/apps/user_ldap)
enabled: "{{ applications.nextcloud.features.ldap | default(true) }}"
enabled: "{{ applications | get_app_conf('web-app-nextcloud', 'features.ldap', False, True) }}"
user_directory:
enabled: true # Enables the LDAP User Directory Search
user_oidc:

4
roles/web-app-nextcloud/docs/Update.md
View File

@@ -8,7 +8,7 @@ export DOCKER_CLIENT_TIMEOUT=600 &&
docker-compose down
```
Afterwards, update the ***applications.nextcloud.version*** variable to the next version and run this repository with this Ansible role.
Afterwards, update the ***applications.docker.services.*.version*** variable to the next version and run this repository with this Ansible role.
> **Note:**
> It is only possible to update from one to the next major version at a time.
@@ -25,7 +25,7 @@ docker-compose exec -it application top
If Nextcloud remains in maintenance mode after the update, try the following:
```bash
docker exec -it -u www-data nextcloud-application/var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --on
docker exec -it -u www-data nextcloud-application /var/www/html/occ upgrade
docker exec -it -u www-data nextcloud-application /var/www/html/occ maintenance:mode --off
```

2
roles/web-app-nextcloud/handlers/main.yml
View File

@@ -1,6 +1,6 @@
---
- name: restart nextcloud nginx service
command:
cmd: "docker exec {{applications.nextcloud.container.proxy}} nginx -s reload"
cmd: "docker exec {{ nextcloud_proxy_name }} nginx -s reload"
listen: restart nextcloud nginx service
ignore_errors: true # Ignoring if container is restarting

4
roles/web-app-nextcloud/tasks/01_config.yml
View File

@@ -8,11 +8,11 @@
- name: Copy include instructions to the container
command: >
docker cp {{ nextcloud_host_include_instructions_file }} {{ applications.nextcloud.container.application }}:{{nextcloud_docker_include_instructions_file}}
docker cp {{ nextcloud_host_include_instructions_file }} {{ nextcloud_name }}:{{nextcloud_docker_include_instructions_file}}
- name: Append generated config to config.php only if not present
command: >
docker exec -u {{nextcloud_docker_user}} {{ applications.nextcloud.container.application }} sh -c "
docker exec -u {{nextcloud_docker_user}} {{ nextcloud_name }} sh -c "
grep -q '{{ nextcloud_docker_config_additives_directory }}' {{ nextcloud_docker_config_file }} ||
cat {{nextcloud_docker_include_instructions_file}} >> {{ nextcloud_docker_config_file }}"
notify: docker compose restart

10
roles/web-app-nextcloud/tasks/main.yml
View File

@@ -32,7 +32,7 @@
- name: create internal nextcloud nginx configuration
template:
src: "nginx/docker.conf.j2"
dest: "{{docker_compose.directories.volumes}}nginx.conf"
dest: "{{ docker_compose.directories.volumes }}nginx.conf"
notify: restart nextcloud nginx service
- name: Setup config.php
@@ -43,7 +43,7 @@
- name: Setup Nextcloud Plugins
include_tasks: 02_plugin.yml
loop: "{{applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
loop: "{{ applications | get_app_conf(application_id, 'plugins', True) | dict2items }}"
loop_control:
loop_var: plugin_item
vars:
@@ -55,7 +55,7 @@
- name: Add missing database indices in Nextcloud
command: >
{{nextcloud_docker_exec_occ}} db:add-missing-indices
{{ nextcloud_docker_exec_occ }} db:add-missing-indices
register: db_indices_result
changed_when: >
'Adding additional' in db_indices_result.stdout or
@@ -65,8 +65,8 @@
- name: Ensure Nextcloud administrator is in the 'admin' group
command: >
docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}
php occ group:adduser admin {{ applications.nextcloud.users.administrator.username }}
docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}
php occ group:adduser admin {{ nextcloud_administrator_username }}
register: add_admin_to_group
changed_when: "'Added user' in add_admin_to_group.stdout"
failed_when: add_admin_to_group.rc != 0 and "'is already a member of' not in add_admin_to_group.stderr"

50
roles/web-app-nextcloud/templates/docker-compose.yml.j2
View File

@@ -1,8 +1,8 @@
{% include 'roles/docker-compose/templates/base.yml.j2' %}
application:
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
container_name: {{applications.nextcloud.container.application}}
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
container_name: {{ nextcloud_name }}
volumes:
- data:{{nextcloud_docker_work_directory}}
- {{nextcloud_host_config_additives_directory}}:{{nextcloud_docker_config_additives_directory}}:ro
@@ -16,31 +16,25 @@
{% include 'roles/docker-container/templates/networks.yml.j2' %}
ipv4_address: 192.168.102.69
# @Todo activate
#nc-talk:
# image: nextcloud/aio-talk:latest
# container_name: talk_hpb
# hostname: hpb_yt
# restart: unless-stopped
# init: true
# ports:
# - 3478:3478/tcp #TURN TCP
# - 3478:3478/udp #TURN UDP
# - 8181:8081/tcp #Signaling
# environment:
# - NC_DOMAIN=cloud.yourdomain.tld
# - TALK_HOST=signaling.yourdomain.tld
# - TURN_SECRET=${TURN_SECRET}
# - SIGNALING_SECRET=${SIGNALING_SECRET}
# - TZ=Europe/Berlin
# - TALK_PORT=3478
# - INTERNAL_SECRET=${INTERNAL_SECRET}
# networks:
# - nxnetwork_yt
{% if nextcloud_talk_enabled %}
talk:
{% include 'roles/docker-container/templates/base.yml.j2' %}
image: "{{ nextcloud_talk_image }}:{{ nextcloud_talk_version }}"
container_name: {{ nextcloud_talk_name }}
hostname: hpb_yt
init: true
ports:
- {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/tcp #TURN TCP
- {{ networks.internet.ip4 }}:{{ nextcloud_talk_stun_port }}:3478/udp #TURN UDP
- {{ networks.internet.ip4 }}:8181:8081/tcp #Signaling @todo needs to be optimized
networks:
default:
ipv4_address: 192.168.102.68
{% endif %}
web:
image: nginx:alpine
container_name: {{applications.nextcloud.container.proxy}}
proxy:
image: "{{ nextcloud_proxy_image }}:{{ nextcloud_proxy_version }}"
container_name: "{{ nextcloud_proxy_name }}"
logging:
driver: journald
restart: {{docker_restart_policy}}
@@ -57,8 +51,8 @@
ipv4_address: 192.168.102.67
cron:
container_name: nextcloud-cron
image: "nextcloud:{{applications.nextcloud.version}}-fpm-alpine"
container_name: "{{ nextcloud_cron_name }}"
image: "{{ nextcloud_image }}:{{ nextcloud_version }}"
restart: {{docker_restart_policy}}
logging:
driver: journald

19
roles/web-app-nextcloud/templates/env.j2
View File

@@ -21,7 +21,7 @@ SMTP_PASSWORD= {{ users['no-reply'].mailu_token }}
# Email from configuration
MAIL_FROM_ADDRESS= "{{ users['no-reply'].username }}"
MAIL_DOMAIN= "{{system_email.domain}}"
MAIL_DOMAIN= "{{ system_email.domain }}"
# Initial Admin Data
NEXTCLOUD_ADMIN_USER= "{{applications | get_app_conf(application_id, 'users.administrator.username', True)}}"
@@ -29,7 +29,7 @@ NEXTCLOUD_ADMIN_PASSWORD= "{{applications | get_app_conf(application_id, '
# Security
NEXTCLOUD_TRUSTED_DOMAINS= "{{domains | get_domain(application_id)}}"
NEXTCLOUD_TRUSTED_DOMAINS= "{{ nextcloud_domains }}"
# Whitelist local docker gateway in Nextcloud to prevent brute-force throtteling
TRUSTED_PROXIES= "{{ networks.internet.values() | select | join(',') }}"
OVERWRITECLIURL= "{{ domains | get_url(application_id, web_protocol) }}"
@@ -37,4 +37,17 @@ OVERWRITEPROTOCOL= "https"
# Redis Configuration
REDIS_HOST= redis
REDIS_PORT= 6379
REDIS_PORT= 6379
{% if nextcloud_talk_enabled %}
# Talk Configuration
# This code was just moved here during refactoring and isn't tested yet.
# @todo move it to an own env file for encapsulation reasons
NC_DOMAIN=cloud.yourdomain.tld
TALK_HOST=signaling.yourdomain.tld
TURN_SECRET=${TURN_SECRET}
SIGNALING_SECRET=${SIGNALING_SECRET}
TZ=Europe/Berlin
TALK_PORT=3478
INTERNAL_SECRET=${INTERNAL_SECRET}
{% endif %}

61
roles/web-app-nextcloud/vars/main.yml
View File

@@ -1,39 +1,62 @@
---
# General
application_id: "nextcloud" # Application identifier
container_port: 80
application_id: "web-app-nextcloud" # Application identifier
container_port: 80
# Database
database_password: "{{applications.nextcloud.credentials.database_password}}" # Database password
database_type: "mariadb" # Database flavor
database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password', True)}}"
database_type: "mariadb" # Database flavor
# Networking
domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable
http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network
domain: "{{ domains | get_domain(application_id) }}" # Public domain at which Nextcloud will be accessable
http_port: "{{ ports.localhost.http[application_id] }}" # Port at which nextcloud is reachable in the local network
nextcloud_administrator_username: "{{ applications | get_app_conf(application_id, 'users.administrator.username', True) }}"
# Control Node
nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored
nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks
nextcloud_control_node_plugin_vars_directory: "{{role_path}}/vars/plugins/" # Folder in which the files for the plugin configuration are stored
nextcloud_control_node_plugin_tasks_directory: "{{role_path}}/tasks/plugins/" # Folder which contains the files for extra plugin configuration tasks
# Host
## Host Paths
nextcloud_host_config_additives_directory: "{{docker_compose.directories.volumes}}cymais/" # This folder is the path to which the additive configurations will be copied
nextcloud_host_include_instructions_file: "{{docker_compose.directories.volumes}}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations
nextcloud_host_config_additives_directory: "{{docker_compose.directories.volumes}}cymais/" # This folder is the path to which the additive configurations will be copied
nextcloud_host_include_instructions_file: "{{docker_compose.directories.volumes}}includes.php" # Path to the instruction file on the host. Responsible for loading the additional configurations
nextcloud_domains: "{{ domains[application_id].nextcloud }}"
# Docker
nextcloud_version: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.version', True) }}"
nextcloud_image: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.image', True) }}"
nextcloud_name: "{{ applications | get_app_conf(application_id, 'docker.services.nextcloud.name', True) }}"
nextcloud_proxy_name: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.name', True) }}"
nextcloud_proxy_image: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.image', True) }}"
nextcloud_proxy_version: "{{ applications | get_app_conf(application_id, 'docker.services.proxy.version', True) }}"
nextcloud_cron_name: "{{ applications | get_app_conf(application_id, 'docker.services.cron.name', True) }}"
nextcloud_talk_name: "{{ applications | get_app_conf(application_id, 'docker.services.talk.name', True) }}"
nextcloud_talk_image: "{{ applications | get_app_conf(application_id, 'docker.services.talk.image', True) }}"
nextcloud_talk_version: "{{ applications | get_app_conf(application_id, 'docker.services.talk.version', True) }}"
nextcloud_talk_enabled: "{{ applications | get_app_conf(application_id, 'docker.services.talk.enabled', True) }}"
nextcloud_talk_stun_port: "{{ ports.public.stun[application_id] }}"
# nextcloud_talk_domain: "{{ domains[application_id].talk }}"
#nextcloud_collabora_name: "{{ applications | get_app_conf(application_id, 'docker.services.collabora.name', True) }}"
## User Configuration
nextcloud_docker_user_id: 82 # UID of the www-data user
nextcloud_docker_user: "www-data" # Name of the www-data user (Set here to easy change it in the future)
nextcloud_docker_user_id: 82 # UID of the www-data user
nextcloud_docker_user: "www-data" # Name of the www-data user (Set here to easy change it in the future)
## Internal Paths
nextcloud_docker_work_directory: "/var/www/html/" # Name of the workdir in which the application is stored
nextcloud_docker_config_directory: "{{nextcloud_docker_work_directory}}config/" # Folder in which the Nextcloud configurations are stored
nextcloud_docker_config_file: "{{nextcloud_docker_config_directory}}config.php" # Path to the Nextcloud configuration file
nextcloud_docker_config_additives_directory: "{{nextcloud_docker_config_directory}}cymais/" # Path to the folder which contains additional configurations
nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
nextcloud_docker_work_directory: "/var/www/html/" # Name of the workdir in which the application is stored
nextcloud_docker_config_directory: "{{nextcloud_docker_work_directory}}config/" # Folder in which the Nextcloud configurations are stored
nextcloud_docker_config_file: "{{nextcloud_docker_config_directory}}config.php" # Path to the Nextcloud configuration file
nextcloud_docker_config_additives_directory: "{{nextcloud_docker_config_directory}}cymais/" # Path to the folder which contains additional configurations
nextcloud_docker_include_instructions_file: "/tmp/includes.php" # Path to the temporary file which will be included to the config.php to load the additional configurations
## Execution
nextcloud_docker_exec: "docker exec -u {{ nextcloud_docker_user }} {{ applications.nextcloud.container.application }}" # General execute composition
nextcloud_docker_exec_occ: "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ" # Execute docker occ command
nextcloud_docker_exec: "docker exec -u {{ nextcloud_docker_user }} {{ nextcloud_name }}" # General execute composition
nextcloud_docker_exec_occ: "{{nextcloud_docker_exec}} {{ nextcloud_docker_work_directory }}occ" # Execute docker occ command