diff --git a/dev/dockerbox.yml b/dev/dockerbox.yml index 48927c4..fcbaf58 100644 --- a/dev/dockerbox.yml +++ b/dev/dockerbox.yml @@ -6,8 +6,7 @@ roles: - base - docker + - mariadb - traefik - nextcloud - - jenkins - - prometheus - - nginx + - proxy diff --git a/dev/host_vars/dockerbox.yml b/dev/host_vars/dockerbox.yml index 95e8545..488ca00 100644 --- a/dev/host_vars/dockerbox.yml +++ b/dev/host_vars/dockerbox.yml @@ -2,44 +2,47 @@ allow_reboot: false manage_network: false +# Import my GPG key for git signature verification +root_gpgkeys: + - name: kris@lamoureux.io + id: FBF673CEEC030F8AECA814E73EDA9C3441EDA925 + +# proxy +proxy: + servers: + - domain: cloud.local.krislamo.org + proxy_pass: http://127.0.0.1:8000 + # docker +docker_official: true # docker's apt repos docker_users: - vagrant +docker_compose_env_nolog: false # dev only setting +docker_compose_deploy: + # Traefik + - name: traefik + url: https://github.com/krislamo/traefik + version: d62bd06b37ecf0993962b0449a9d708373f9e381 + enabled: true + accept_newhostkey: true # Consider verifying manually instead + trusted_keys: + - FBF673CEEC030F8AECA814E73EDA9C3441EDA925 + env: + DASHBOARD: true + # Nextcloud + - name: nextcloud + url: https://github.com/krislamo/nextcloud + version: 0abc5cc6ba64ed94b7ddc6fd934f0fd62b8a6d11 + env: + DATA: ./data + # traefik -traefik_version: latest -traefik_dashboard: true -traefik_domain: traefik.local.krislamo.org -traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin -traefik_web_entry: 0.0.0.0:80 -traefik_websecure_entry: 0.0.0.0:443 -#traefik_acme_email: realemail@example.com # Let's Encrypt settings -#traefik_production: true -#traefik_http_only: true # if behind reverse-proxy +traefik: + ENABLE: true # nextcloud -nextcloud_version: stable -nextcloud_admin: admin -nextcloud_pass: password -nextcloud_domain: cloud.local.krislamo.org - -nextcloud_dbversion: latest -nextcloud_dbpass: password - -# jenkins -jenkins_version: lts -jenkins_domain: jenkins.local.krislamo.org - -# prometheus (includes grafana) -prom_version: latest -prom_domain: prom.local.krislamo.org -grafana_version: latest -grafana_domain: grafana.local.krislamo.org -prom_targets: "['10.0.2.15:9100']" - -# nginx -nginx_domain: nginx.local.krislamo.org -nginx_name: staticsite -nginx_repo_url: https://git.krislamo.org/kris/example-website/ -nginx_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin -nginx_version: latest +nextcloud: + DOMAIN: cloud.local.krislamo.org + DB_PASSWD: password + ADMIN_PASSWD: password diff --git a/roles/mariadb/tasks/main.yml b/roles/mariadb/tasks/main.yml index 967b56b..eece998 100644 --- a/roles/mariadb/tasks/main.yml +++ b/roles/mariadb/tasks/main.yml @@ -17,6 +17,10 @@ line: "bind-address = {{ ansible_facts.docker0.ipv4.address }}" notify: restart_mariadb +- name: Flush handlers to ensure MariaDB restarts immediately + ansible.builtin.meta: flush_handlers + tags: restart_mariadb + - name: Allow database connections from Docker community.general.ufw: rule: allow diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index c4ae79f..57aff68 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -1,11 +1 @@ -# container names -nextcloud_container: nextcloud -nextcloud_dbcontainer: "{{ nextcloud_container }}-db" - -# database settings -nextcloud_dbname: "{{ nextcloud_container }}" -nextcloud_dbuser: "{{ nextcloud_dbname }}" - -# host mounts -nextcloud_root: "/opt/{{ nextcloud_container }}/public_html" -nextcloud_dbroot: "/opt/{{ nextcloud_container }}/database" +nextcloud_name: nextcloud diff --git a/roles/nextcloud/handlers/main.yml b/roles/nextcloud/handlers/main.yml new file mode 100644 index 0000000..62fbc5f --- /dev/null +++ b/roles/nextcloud/handlers/main.yml @@ -0,0 +1,25 @@ +- name: Set Nextcloud's Trusted Proxy + ansible.builtin.command: > + docker exec --user www-data "{{ nextcloud_name }}" + php occ config:system:set trusted_proxies 0 --value="{{ traefik_name }}" + register: nextcloud_trusted_proxy + changed_when: "nextcloud_trusted_proxy.stdout == 'System config value trusted_proxies => 0 set to string ' ~ traefik_name" + listen: install_nextcloud + +- name: Set Nextcloud's Trusted Domain + ansible.builtin.command: > + docker exec --user www-data "{{ nextcloud_name }}" + php occ config:system:set trusted_domains 0 --value="{{ nextcloud.DOMAIN }}" + register: nextcloud_trusted_domains + changed_when: "nextcloud_trusted_domains.stdout == 'System config value trusted_domains => 0 set to string ' ~ nextcloud.DOMAIN" + listen: install_nextcloud + +- name: Preform Nextcloud database maintenance + ansible.builtin.command: > + docker exec --user www-data "{{ nextcloud_name }}" {{ item }} + loop: + - "php occ maintenance:mode --on" + - "php occ db:add-missing-indices" + - "php occ db:convert-filecache-bigint" + - "php occ maintenance:mode --off" + listen: install_nextcloud diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 0a04202..9c2e073 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,109 +1,62 @@ -- name: Create Nextcloud network - community.general.docker_network: - name: "{{ nextcloud_container }}" +- name: Install MySQL module for Ansible + ansible.builtin.apt: + name: python3-pymysql + state: present -- name: Start Nextcloud's database container - community.general.docker_container: - name: "{{ nextcloud_dbcontainer }}" - image: mariadb:{{ nextcloud_dbversion }} +- name: Create Nextcloud database + community.mysql.mysql_db: + name: "{{ nextcloud.DB_NAME | default('nextcloud') }}" + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Create Nextcloud database user + community.mysql.mysql_user: + name: "{{ nextcloud.DB_USER | default('nextcloud') }}" + password: "{{ nextcloud.DB_PASSWD }}" + host: '%' + state: present + priv: "{{ nextcloud.DB_NAME | default('nextcloud') }}.*:ALL" + login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Start Nextcloud service and enable on boot + ansible.builtin.service: + name: "{{ docker_compose_service }}@{{ nextcloud_name }}" state: started - restart_policy: always - volumes: "{{ nextcloud_dbroot }}:/var/lib/mysql" - networks_cli_compatible: true - networks: - - name: "{{ nextcloud_container }}" - env: - MYSQL_RANDOM_ROOT_PASSWORD: "true" - MYSQL_DATABASE: "{{ nextcloud_dbname }}" - MYSQL_USER: "{{ nextcloud_dbuser }}" - MYSQL_PASSWORD: "{{ nextcloud_dbpass }}" - -- name: Start Nextcloud container - community.general.docker_container: - name: "{{ nextcloud_container }}" - image: nextcloud:{{ nextcloud_version }} - state: started - restart_policy: always - volumes: "{{ nextcloud_root }}:/var/www/html" - networks_cli_compatible: true - networks: - - name: "{{ nextcloud_container }}" - - name: traefik - env: - PHP_MEMORY_LIMIT: 1024M - labels: - traefik.http.routers.nextcloud.rule: "Host(`{{ nextcloud_domain }}`)" - traefik.http.routers.nextcloud.entrypoints: websecure - traefik.http.routers.nextcloud.tls.certresolver: letsencrypt - traefik.http.routers.nextcloud.middlewares: "securehttps@file,nextcloud-webdav" - traefik.http.middlewares.nextcloud-webdav.redirectregex.regex: "https://(.*)/.well-known/(card|cal)dav" - traefik.http.middlewares.nextcloud-webdav.redirectregex.replacement: "https://${1}/remote.php/dav/" - traefik.http.middlewares.nextcloud-webdav.redirectregex.permanent: "true" - traefik.docker.network: traefik - traefik.enable: "true" - -- name: Grab Nextcloud database container information - community.general.docker_container_info: - name: "{{ nextcloud_dbcontainer }}" - register: nextcloud_dbinfo + enabled: true + when: nextcloud.ENABLE | default('false') - name: Grab Nextcloud container information community.general.docker_container_info: - name: "{{ nextcloud_container }}" + name: "{{ nextcloud_name }}" register: nextcloud_info - name: Wait for Nextcloud to become available ansible.builtin.wait_for: host: "{{ nextcloud_info.container.NetworkSettings.Networks.traefik.IPAddress }}" + delay: 10 port: 80 - name: Check Nextcloud status - ansible.builtin.command: "docker exec --user www-data {{ nextcloud_container }} - php occ status" + ansible.builtin.command: > + docker exec --user www-data "{{ nextcloud_name }}" php occ status register: nextcloud_status - args: - removes: "{{ nextcloud_root }}/config/CAN_INSTALL" - -- name: Wait for Nextcloud database to become available - ansible.builtin.wait_for: - host: "{{ nextcloud_dbinfo.container.NetworkSettings.Networks.nextcloud.IPAddress }}" - port: 3306 + changed_when: false - name: Install Nextcloud - ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} - php occ maintenance:install - --database "mysql" - --database-host "{{ nextcloud_dbcontainer }}" - --database-name "{{ nextcloud_dbname }}" - --database-user "{{ nextcloud_dbuser }}" - --database-pass "{{ nextcloud_dbpass }}" - --admin-user "{{ nextcloud_admin }}" - --admin-pass "{{ nextcloud_pass }}"' + ansible.builtin.command: > + docker exec --user www-data {{ nextcloud_name }} + php occ maintenance:install + --database "mysql" + --database-host "{{ nextcloud.DB_HOST | default('host.docker.internal') }}" + --database-name "{{ nextcloud.DB_NAME | default('nextcloud') }}" + --database-user "{{ nextcloud.DB_USER | default('nextcloud') }}" + --database-pass "{{ nextcloud.DB_PASSWD }}" + --admin-user "{{ nextcloud.ADMIN_USER | default('admin') }}" + --admin-pass "{{ nextcloud.ADMIN_PASSWD }}" register: nextcloud_install - when: - - nextcloud_status.stdout[:26] == "Nextcloud is not installed" - - nextcloud_domain is defined - -- name: Set Nextcloud's Trusted Proxy - ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} - php occ config:system:set trusted_proxies 0 - --value="{{ traefik_name }}"' - when: nextcloud_install.changed - -- name: Set Nextcloud's Trusted Domain - ansible.builtin.command: 'docker exec --user www-data {{ nextcloud_container }} - php occ config:system:set trusted_domains 0 - --value="{{ nextcloud_domain }}"' - when: nextcloud_install.changed - -- name: Preform Nextcloud database maintenance - ansible.builtin.command: "docker exec --user www-data {{ nextcloud_container }} {{ item }}" - loop: - - "php occ maintenance:mode --on" - - "php occ db:add-missing-indices" - - "php occ db:convert-filecache-bigint" - - "php occ maintenance:mode --off" - when: nextcloud_install.changed + when: nextcloud_status.stderr[:26] == "Nextcloud is not installed" + changed_when: nextcloud_install.stdout == "Nextcloud was successfully installed" + notify: install_nextcloud - name: Install Nextcloud background jobs cron ansible.builtin.cron: @@ -111,8 +64,3 @@ minute: "*/5" job: "/usr/bin/docker exec -u www-data nextcloud /usr/local/bin/php -f /var/www/html/cron.php" user: root - -- name: Remove Nextcloud's CAN_INSTALL file - ansible.builtin.file: - path: "{{ nextcloud_root }}/config/CAN_INSTALL" - state: absent diff --git a/roles/traefik/tasks/main.yml b/roles/traefik/tasks/main.yml index 32b0904..cbf6e40 100644 --- a/roles/traefik/tasks/main.yml +++ b/roles/traefik/tasks/main.yml @@ -21,20 +21,6 @@ loop: "{{ traefik_external }}" when: traefik_external is defined -- name: Install Traefik's docker-compose file - ansible.builtin.template: - src: docker-compose.yml.j2 - dest: "{{ traefik_root }}/docker-compose.yml" - mode: 0400 - notify: restart_traefik - -- name: Install Traefik's docker-compose variables - ansible.builtin.template: - src: compose-env.j2 - dest: "{{ traefik_root }}/.env" - mode: 0400 - notify: restart_traefik - - name: Install static Traefik configuration ansible.builtin.template: src: traefik.yml.j2 @@ -42,8 +28,9 @@ mode: 0400 notify: restart_traefik -- name: Start and enable Traefik service +- name: Start Traefik service and enable on boot ansible.builtin.service: name: "{{ docker_compose_service }}@{{ traefik_name }}" state: started enabled: true + when: traefik.ENABLED | default('false')