From 511c26392c5d3e43d6a16571dba5309c1aa993a0 Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Tue, 22 Nov 2022 03:27:34 -0500 Subject: [PATCH] Add Nextcloud to docker-compose.yml --- dev/vars/webserver.yml | 11 +++++++- roles/webserver/files/docker-compose.yml | 32 +++++++++++++++++++++++- 2 files changed, 41 insertions(+), 2 deletions(-) diff --git a/dev/vars/webserver.yml b/dev/vars/webserver.yml index b073f16..7623e56 100644 --- a/dev/vars/webserver.yml +++ b/dev/vars/webserver.yml @@ -1,8 +1,10 @@ ############### ### Secrets ### ############### +# These are sample public passwords not encrypted in Ansible Vault, unlike production secret: WORDPRESS_DB_PASSWORD: WPpa55w0rd! + NEXTCLOUD_MYSQL_PASSWORD: NCpa55w0rd! TRAEFIK_DREAMHOST_APIKEY: DHap1pa55w0rd! ############## @@ -17,6 +19,8 @@ docker_users: databases: - name: wordpress pass: "{{ secret.WORDPRESS_DB_PASSWORD }}" + - name: nextcloud + pass: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}" ####################### ### Webserver Stack ### @@ -34,7 +38,7 @@ webserver: TRAEFIK_DEBUG: true TRAEFIK_ACME_PROVIDER: dreamhost TRAEFIK_ACME_CASERVER: https://localhost/directory - TRAEFIK_ACME_EMAIL: frita@example.org + TRAEFIK_ACME_EMAIL: admin@example.org TRAEFIK_DREAMHOST_APIKEY: "{{ secret.TRAEFIK_DREAMHOST_APIKEY }}" ################# @@ -46,3 +50,8 @@ webserver: #WORDPRESS_DB_NAME: wordpress #WORDPRESS_DB_USER: wordpress WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}" + + ################# + ### Nextcloud ### + ################# + NEXTCLOUD_MYSQL_PASSWORD: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}" diff --git a/roles/webserver/files/docker-compose.yml b/roles/webserver/files/docker-compose.yml index 6378020..c9e564c 100644 --- a/roles/webserver/files/docker-compose.yml +++ b/roles/webserver/files/docker-compose.yml @@ -2,6 +2,7 @@ version: '3.5' volumes: wordpress: + nextcloud: networks: traefik: @@ -26,7 +27,7 @@ services: - --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL} - --certificatesresolvers.letsencrypt.acme.storage=/etc/letsencrypt/acme.json - --certificatesresolvers.letsencrypt.acme.dnschallenge=true - - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_PROVIDER} + - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_PROVIDER:-manual} - --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0 - --certificatesresolvers.letsencrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-staging-v02.api.letsencrypt.org/directory} environment: @@ -78,3 +79,32 @@ services: - traefik extra_hosts: - host.docker.internal:host-gateway + + nextcloud: + image: nextcloud:${NEXTCLOUD_VERSION:-stable} + restart: always + environment: + MYSQL_HOST: ${NEXTCLOUD_MYSQL_HOST:-host.docker.internal:3306} + MYSQL_DATABASE: ${NEXTCLOUD_MYSQL_DATABASE-nextcloud} + MYSQL_USER: ${NEXTCLOUD_MYSQL_USER:-nextcloud} + MYSQL_PASSWORD: ${NEXTCLOUD_MYSQL_PASSWORD} + labels: + traefik.http.routers.nextcloud.rule: "Host(`${NEXTCLOUD_DOMAIN:-cloud.local.freeitathens.org}`)" + traefik.http.routers.nextcloud.entrypoints: websecure + traefik.http.routers.nextcloud.tls: true + traefik.http.routers.nextcloud.tls.certresolver: letsencrypt + traefik.http.routers.nextcloud.tls.domains[0].main: ${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org} + traefik.http.routers.nextcloud.tls.domains[0].sans: "${TRAEFIK_ACME_DOMAIN_SANS:-*.local.freeitathens.org}" + traefik.http.services.nextcloud.loadbalancer.server.port: 80 + traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" + traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://$${1}/remote.php/dav/" + traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: true + traefik.http.routers.nextcloud.middlewares: nextcloud-webdav + traefik.docker.network: traefik + traefik.enable: ${NEXTCLOUD_WEB_ENABLED:-true} + volumes: + - nextcloud:/var/www/html + networks: + - traefik + extra_hosts: + - host.docker.internal:host-gateway