mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
initial cleanup server-manager
This commit is contained in:
22
roles/docker-nextcloud/README.md
Normal file
22
roles/docker-nextcloud/README.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# role docker-nextcloud
|
||||
|
||||
## database access
|
||||
To access the database execute
|
||||
```bash
|
||||
docker exec -it nextcloud_database_1 /bin/mysql -u nextcloud -p
|
||||
```
|
||||
|
||||
## occ
|
||||
|
||||
To use occ run:
|
||||
|
||||
```bash
|
||||
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
|
||||
```
|
||||
|
||||
## unlock files
|
||||
```bash
|
||||
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ maintenance:mode --on
|
||||
docker exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
|
||||
docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ maintenance:mode --off
|
||||
```
|
2
roles/docker-nextcloud/meta/main.yml
Normal file
2
roles/docker-nextcloud/meta/main.yml
Normal file
@@ -0,0 +1,2 @@
|
||||
dependencies:
|
||||
- native-nginx-docker-proxy
|
38
roles/docker-nextcloud/tasks/main.yml
Normal file
38
roles/docker-nextcloud/tasks/main.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
---
|
||||
- name: recieve {{domain}} certificate
|
||||
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
template: src=templates/nextcloud.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
|
||||
notify: restart nginx
|
||||
|
||||
- name: "setup nextcloud"
|
||||
docker_compose:
|
||||
project_name: nextcloud
|
||||
definition:
|
||||
application:
|
||||
image: nextcloud
|
||||
restart: always
|
||||
links:
|
||||
- database
|
||||
volumes:
|
||||
- nextcloud-data:/var/www/html
|
||||
ports:
|
||||
- "{{http_port}}:80"
|
||||
environment:
|
||||
MYSQL_DATABASE: "nextcloud"
|
||||
MYSQL_USER: "nextcloud"
|
||||
MYSQL_PASSWORD: "{{nextcloud_database_password}}"
|
||||
MYSQL_HOST: database:3306
|
||||
database:
|
||||
image: mariadb
|
||||
environment:
|
||||
MYSQL_DATABASE: "nextcloud"
|
||||
MYSQL_USER: "nextcloud"
|
||||
MYSQL_PASSWORD: "{{nextcloud_database_password}}"
|
||||
MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
|
||||
volumes:
|
||||
- nextcloud-database:/var/lib/mysql
|
||||
restart: always
|
||||
expose:
|
||||
- "3306"
|
37
roles/docker-nextcloud/templates/nextcloud.conf.j2
Normal file
37
roles/docker-nextcloud/templates/nextcloud.conf.j2
Normal file
@@ -0,0 +1,37 @@
|
||||
server
|
||||
{
|
||||
server_name {{domain}};
|
||||
|
||||
{% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
# Remove X-Powered-By, which is an information leak
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
|
||||
# set max upload size
|
||||
client_max_body_size 10G;
|
||||
client_body_buffer_size 400M;
|
||||
fastcgi_buffers 64 4K;
|
||||
|
||||
# Enable gzip but do not remove ETag headers
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 4;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||
|
||||
|
||||
{% include 'roles/native-nginx-docker-proxy/templates/proxy_pass.conf.j2' %}
|
||||
|
||||
location ^~ /.well-known {
|
||||
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;
|
||||
rewrite ^/\.well-known/host-meta /public.php?service=host-meta last;
|
||||
rewrite ^/\.well-known/webfinger /public.php?service=webfinger last;
|
||||
rewrite ^/\.well-known/nodeinfo /public.php?service=nodeinfo last;
|
||||
|
||||
location = /.well-known/carddav { return 301 /remote.php/dav/; }
|
||||
location = /.well-known/caldav { return 301 /remote.php/dav/; }
|
||||
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
Reference in New Issue
Block a user