initial cleanup server-manager

roles/docker-nextcloud/README.md

@@ -0,0 +1,22 @@
+# role docker-nextcloud
+
+## database access
+To access the database execute
+```bash
+  docker exec -it nextcloud_database_1 /bin/mysql -u nextcloud -p
+```
+
+## occ
+
+To use occ run:
+
+```bash
+  docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ
+```
+
+## unlock files
+```bash
+docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ maintenance:mode --on
+docker exec -it nextcloud_database_1 mysql -u nextcloud -pPASSWORD1234132 -D nextcloud -e "delete from oc_file_locks where 1"
+docker exec -it -u www-data nextcloud_application_1 /var/www/html/occ maintenance:mode --off
+```

roles/docker-nextcloud/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+- native-nginx-docker-proxy

roles/docker-nextcloud/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: recieve {{domain}} certificate
+  command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
+
+- name: configure {{domain}}.conf
+  template: src=templates/nextcloud.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
+  notify: restart nginx
+
+- name: "setup nextcloud"
+  docker_compose:
+    project_name: nextcloud
+    definition:
+      application:
+        image: nextcloud
+        restart: always
+        links:
+          - database
+        volumes:
+          - nextcloud-data:/var/www/html
+        ports:
+          - "{{http_port}}:80"
+        environment:
+          MYSQL_DATABASE: "nextcloud"
+          MYSQL_USER: "nextcloud"
+          MYSQL_PASSWORD: "{{nextcloud_database_password}}"
+          MYSQL_HOST: database:3306
+      database:
+        image: mariadb
+        environment:
+          MYSQL_DATABASE: "nextcloud"
+          MYSQL_USER: "nextcloud"
+          MYSQL_PASSWORD: "{{nextcloud_database_password}}"
+          MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
+        volumes:
+          - nextcloud-database:/var/lib/mysql
+        restart: always
+        expose:
+          - "3306"

roles/docker-nextcloud/templates/nextcloud.conf.j2

@@ -0,0 +1,37 @@
+server
+{
+  server_name {{domain}};
+
+  {% include 'roles/native-letsencrypt/templates/ssl_header.j2' %}
+
+  # Remove X-Powered-By, which is an information leak
+  fastcgi_hide_header X-Powered-By;
+
+  # set max upload size
+  client_max_body_size 10G;
+  client_body_buffer_size 400M;
+  fastcgi_buffers 64 4K;
+
+  # Enable gzip but do not remove ETag headers
+  gzip on;
+  gzip_vary on;
+  gzip_comp_level 4;
+  gzip_min_length 256;
+  gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+  gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+
+  {% include 'roles/native-nginx-docker-proxy/templates/proxy_pass.conf.j2' %}
+
+  location ^~ /.well-known {
+    rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;
+    rewrite ^/\.well-known/host-meta        /public.php?service=host-meta       last;
+    rewrite ^/\.well-known/webfinger        /public.php?service=webfinger       last;
+    rewrite ^/\.well-known/nodeinfo         /public.php?service=nodeinfo        last;
+
+    location = /.well-known/carddav     { return 301 /remote.php/dav/; }
+    location = /.well-known/caldav      { return 301 /remote.php/dav/; }
+
+    try_files $uri $uri/ =404;
+  }
+}