Automated Nextcloud installation

Add Nextcloud to docker-compose.yml
2022-11-24 02:00:52 -05:00 · 2022-11-22 03:27:34 -05:00
9 changed files with 130 additions and 11 deletions
--- a/README.md
+++ b/README.md
@@ -10,6 +10,7 @@ and services operated by Free I.T. Athens (FRITA).
 3. Go to
    - [Traefik Dashboard](https://traefik.local.freeitathens.org:8443/dashboard/#/)
    - [WordPress](https://www.local.freeitathens.org)
+    - [Nextcloud](https://cloud.local.freeitathens.org)
 4. Click through the HTTPS security warning

 ## Production
--- a/10
+++ b/10
@@ -24,11 +24,19 @@ Vagrant.configure("2") do |config|
  config.vm.define :frita do |frita| #
  end

-  # Disable Machine Name Prefix
+  # Set libvirt settings
  config.vm.provider :libvirt do |libvirt|
+    libvirt.cpus = 2
+    libvirt.memory = 4096
    libvirt.default_prefix = ""
  end

+  # Set VirtualBox settings
+  config.vm.provider "virtualbox" do |vbox|
+    vbox.cpus = 2
+    vbox.memory = 4096
+  end
+
  # Provision with Ansible
  config.vm.provision "ansible" do |ansible|
    ENV['ANSIBLE_ROLES_PATH'] = File.dirname(__FILE__) + "/roles"
--- a/dev/vars/webserver.yml
+++ b/dev/vars/webserver.yml
@@ -1,9 +1,12 @@
 ###############
 ### Secrets ###
 ###############
+# These are sample public passwords not encrypted in Ansible Vault, unlike production
 secret:
-  WORDPRESS_DB_PASSWORD: WPpa55w0rd!
  TRAEFIK_DREAMHOST_APIKEY: DHap1pa55w0rd!
+  WORDPRESS_DB_PASSWORD: WPpa55w0rd!
+  NEXTCLOUD_MYSQL_PASSWORD: NCdbpa55w0rd!
+  NEXTCLOUD_ADMIN_PASSWORD: NCadm1npa55w0rd!

 ##############
 ### Docker ###
@@ -17,6 +20,8 @@ docker_users:
 databases:
  - name: wordpress
    pass: "{{ secret.WORDPRESS_DB_PASSWORD }}"
+  - name: nextcloud
+    pass: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"

 #######################
 ### Webserver Stack ###
@@ -34,7 +39,7 @@ webserver:
  TRAEFIK_DEBUG: true
  TRAEFIK_ACME_PROVIDER: dreamhost
  TRAEFIK_ACME_CASERVER: https://localhost/directory
-  TRAEFIK_ACME_EMAIL: frita@example.org
+  TRAEFIK_ACME_EMAIL: admin@example.org
  TRAEFIK_DREAMHOST_APIKEY: "{{ secret.TRAEFIK_DREAMHOST_APIKEY }}"

  #################
@@ -45,4 +50,18 @@ webserver:
  #WORDPRESS_DB_HOST: host.docker.internal
  #WORDPRESS_DB_NAME: wordpress
  #WORDPRESS_DB_USER: wordpress
+  #WORDPRESS_WEB_ENABLED: true
  WORDPRESS_DB_PASSWORD: "{{ secret.WORDPRESS_DB_PASSWORD }}"
+
+  #################
+  ### Nextcloud ###
+  #################
+  #NEXTCLOUD_VERSION: stable
+  #NEXTCLOUD_DOMAIN: cloud.local.freeitathens.org
+  #NEXTCLOUD_MYSQL_HOST: host.docker.internal
+  #NEXTCLOUD_MYSQL_DATABASE: nextcloud
+  #NEXTCLOUD_MYSQL_USER: nextcloud
+  #NEXTCLOUD_WEB_ENABLED: true
+  #NEXTCLOUD_ADMIN: admin
+  NEXTCLOUD_ADMIN_PASSWORD: "{{ secret.NEXTCLOUD_ADMIN_PASSWORD }}"
+  NEXTCLOUD_MYSQL_PASSWORD: "{{ secret.NEXTCLOUD_MYSQL_PASSWORD }}"
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -5,7 +5,7 @@
    mode: 0700

 - name: Install useful software
-  apt:
+  ansible.builtin.apt:
    name: "{{ packages }}"
    state: present
    update_cache: true
--- a/roles/webserver/defaults/main.yml
+++ b/roles/webserver/defaults/main.yml
@@ -1,4 +1,5 @@
 webserver_root: "{{ docker_compose_root }}/webserver"
+nextcloud_autoinstall: true
 mariadb_trust:
  - "172.16.0.0/12"
  - "192.168.0.0/16"
--- a/roles/webserver/files/docker-compose.yml
+++ b/roles/webserver/files/docker-compose.yml
@@ -2,6 +2,7 @@ version: '3.5'

 volumes:
  wordpress:
+  nextcloud:

 networks:
  traefik:
@@ -26,7 +27,7 @@ services:
      - --certificatesresolvers.letsencrypt.acme.email=${TRAEFIK_ACME_EMAIL}
      - --certificatesresolvers.letsencrypt.acme.storage=/etc/letsencrypt/acme.json
      - --certificatesresolvers.letsencrypt.acme.dnschallenge=true
-      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_PROVIDER}
+      - --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=${TRAEFIK_ACME_PROVIDER:-manual}
      - --certificatesresolvers.letsencrypt.acme.dnschallenge.delaybeforecheck=0
      - --certificatesresolvers.letsencrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-staging-v02.api.letsencrypt.org/directory}
    environment:
@@ -78,3 +79,32 @@ services:
      - traefik
    extra_hosts:
      - host.docker.internal:host-gateway
+
+  nextcloud:
+    image: nextcloud:${NEXTCLOUD_VERSION:-stable}
+    restart: always
+    environment:
+      MYSQL_HOST: ${NEXTCLOUD_MYSQL_HOST:-host.docker.internal:3306}
+      MYSQL_DATABASE: ${NEXTCLOUD_MYSQL_DATABASE-nextcloud}
+      MYSQL_USER: ${NEXTCLOUD_MYSQL_USER:-nextcloud}
+      MYSQL_PASSWORD: ${NEXTCLOUD_MYSQL_PASSWORD}
+    labels:
+      traefik.http.routers.nextcloud.rule: "Host(`${NEXTCLOUD_DOMAIN:-cloud.local.freeitathens.org}`)"
+      traefik.http.routers.nextcloud.entrypoints: websecure
+      traefik.http.routers.nextcloud.tls: true
+      traefik.http.routers.nextcloud.tls.certresolver: letsencrypt
+      traefik.http.routers.nextcloud.tls.domains[0].main: ${TRAEFIK_ACME_DOMAIN_MAIN:-local.freeitathens.org}
+      traefik.http.routers.nextcloud.tls.domains[0].sans: "${TRAEFIK_ACME_DOMAIN_SANS:-*.local.freeitathens.org}"
+      traefik.http.services.nextcloud.loadbalancer.server.port: 80
+      traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav"
+      traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://$${1}/remote.php/dav/"
+      traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: true
+      traefik.http.routers.nextcloud.middlewares: nextcloud-webdav
+      traefik.docker.network: traefik
+      traefik.enable: ${NEXTCLOUD_WEB_ENABLED:-true}
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - traefik
+    extra_hosts:
+      - host.docker.internal:host-gateway
--- a/roles/webserver/handlers/main.yml
+++ b/roles/webserver/handlers/main.yml
@@ -1,11 +1,36 @@
+- name: Restart MariaDB
+  ansible.builtin.service:
+    name: mariadb
+    state: restarted
+  listen: restart_mariadb
+
 - name: Compose up on webserver stack
  ansible.builtin.command: "docker-compose up -d"
  args:
    chdir: "{{ webserver_root }}"
  listen: composeup_webserver

- name: Restart MariaDB
-  ansible.builtin.service:
-    name: mariadb
-    state: restarted
-  listen: restart_mariadb
+- name: Grab Nextcloud container information
+  community.docker.docker_container_info:
+    name: "{{ webserver_root | basename }}_nextcloud_1"
+  listen: composeup_webserver
+  register: nextcloud_info
+
+- name: Wait for Nextcloud to become available
+  ansible.builtin.wait_for:
+    host: "{{ nextcloud_info.container.NetworkSettings.Networks.traefik.IPAddress }}"
+    port: 80
+  listen: composeup_webserver
+
+- name: Check Nextcloud status
+  ansible.builtin.command: "docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1
+            php occ status"
+  listen: composeup_webserver
+  register: nextcloud_status
+
+- name: Import Nextcloud installation handlers
+  ansible.builtin.import_tasks: nextcloud.yml
+  listen: composeup_webserver
+  when:
+    - nextcloud_status.stderr[:26] == "Nextcloud is not installed"
+    - nextcloud_autoinstall
--- a/roles/webserver/handlers/nextcloud.yml
+++ b/roles/webserver/handlers/nextcloud.yml
@@ -0,0 +1,35 @@
+- name: Install Nextcloud
+  ansible.builtin.command: 'docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1
+            php occ maintenance:install
+              --database "mysql"
+              --database-host "{{ webserver.NEXTCLOUD_MYSQL_HOST | default("host.docker.internal") }}"
+              --database-name "{{ webserver.NEXTCLOUD_MYSQL_DATABASE | default("nextcloud") }}"
+              --database-user "{{ webserver.NEXTCLOUD_MYSQL_USER | default("nextcloud") }}"
+              --database-pass "{{ webserver.NEXTCLOUD_MYSQL_PASSWORD }}"
+              --admin-user "{{ webserver.NEXTCLOUD_ADMIN | default("admin") }}"
+              --admin-pass "{{ webserver.NEXTCLOUD_ADMIN_PASSWORD }}"'
+  register: nextcloud_install
+  listen: composeup_webserver
+
+- name: Set Nextcloud's Trusted Domain
+  ansible.builtin.command: 'docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1
+            php occ config:system:set trusted_domains 0
+              --value="{{ webserver.NEXTCLOUD_DOMAIN | default("cloud.local.freeitathens.org") }}"'
+  listen: composeup_webserver
+  when: nextcloud_install.changed
+
+- name: Set Nextcloud's Trusted Proxy
+  ansible.builtin.command: 'docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1
+            php occ config:system:set trusted_proxies 0 --value="traefik"'
+  listen: composeup_webserver
+  when: nextcloud_install.changed
+
+- name: Preform Nextcloud database maintenance
+  ansible.builtin.command: "docker exec --user www-data {{ webserver_root | basename }}_nextcloud_1 {{ item }}"
+  loop:
+    - "php occ maintenance:mode --on"
+    - "php occ db:add-missing-indices"
+    - "php occ db:convert-filecache-bigint"
+    - "php occ maintenance:mode --off"
+  listen: composeup_webserver
+  when: "'  - needsDbUpgrade: true' in nextcloud_status.stdout_lines"
Author	SHA1	Message	Date
Kris Lamoureux	bf9c98fd3f	Automated Nextcloud installation	2022-11-24 02:00:52 -05:00
Kris Lamoureux	511c26392c	Add Nextcloud to docker-compose.yml	2022-11-22 03:27:34 -05:00