Upgrade Nextcloud setup to use compose files

- Integrated MariaDB role into Dockerbox configuration
- Moved proxy role to the end to avoid early endpoint activation
- Temporarily disabled select roles for future re-evaluation
- Introduced flush_handlers task for early MariaDB restart
- Moved a few Nextcloud tasks to handlers
- Configured Nextcloud to utilize the host's MariaDB instance
- Enhanced overall code linting quality

.github/workflows/vagrant.yml

@@ -3,9 +3,8 @@ name: homelab-ci
 on:
   push:
     branches:
-      - github_actions
+      - main
-      # - main
+      - testing
-      # - testing
 
 jobs:
   homelab-ci:

dev/host_vars/dockerbox.yml

@@ -33,7 +33,7 @@ docker_compose_deploy:
   # Nextcloud
   - name: nextcloud
     url: https://github.com/krislamo/nextcloud
-    version: fe6d349749f178e91ae7ff726d557f48ebf84356
+    version: 0abc5cc6ba64ed94b7ddc6fd934f0fd62b8a6d11
     env:
       DATA: ./data
 

playbooks/docker.yml

@@ -4,5 +4,4 @@
   roles:
     - base
     - jenkins
-    - proxy
     - docker

roles/base/tasks/samba.yml

@@ -26,7 +26,7 @@
   ansible.builtin.template:
     src: smb.conf.j2
     dest: /etc/samba/smb.conf
-    mode: "644"
+    mode: "700"
   notify: restart_samba
 
 - name: Start smbd and enable on boot

roles/base/tasks/wireguard.yml

@@ -18,28 +18,6 @@
     src: /etc/wireguard/privatekey
   register: wgkey
 
-- name: Check if WireGuard preshared key file exists
-  ansible.builtin.stat:
-    path: /etc/wireguard/presharedkey-{{ item.name }}
-  loop: "{{ wireguard.peers }}"
-  loop_control:
-    label: "{{ item.name }}"
-  register: presharedkey_files
-
-- name: Grab WireGuard preshared key for configuration
-  ansible.builtin.slurp:
-    src: /etc/wireguard/presharedkey-{{ item.item.name }}
-  register: wgshared
-  loop: "{{ presharedkey_files.results }}"
-  loop_control:
-    label: "{{ item.item.name }}"
-  when: item.stat.exists
-
-- name: Grab WireGuard private key for configuration
-  ansible.builtin.slurp:
-    src: /etc/wireguard/privatekey
-  register: wgkey
-
 - name: Install WireGuard configuration
   ansible.builtin.template:
     src: wireguard.j2

roles/base/templates/wireguard.j2

@@ -1,6 +1,4 @@
-# {{ ansible_managed }}
+[Interface]
-
-[Interface] # {{ ansible_hostname }}
 PrivateKey = {{ wgkey['content'] | b64decode | trim }}
 Address = {{ wireguard.address }}
 {% if wireguard.listenport is defined %}
@@ -8,26 +6,8 @@ ListenPort = {{ wireguard.listenport }}
 {% endif %}
 
 {% for peer in wireguard.peers %}
-{% if peer.name is defined %}
-[Peer] # {{ peer.name }}
-{% else %}
 [Peer]
-{% endif %}
 PublicKey = {{ peer.publickey }}
-{% if peer.presharedkey is defined %}
-PresharedKey = {{ peer.presharedkey }}
-{% else %}
-{% set preshared_key = (
-    wgshared.results
-    | selectattr('item.item.name', 'equalto', peer.name)
-    | first
-  ).content
-  | default(none)
-%}
-{% if preshared_key is not none %}
-PresharedKey = {{ preshared_key | b64decode | trim }}
-{% endif %}
-{% endif %}
 {% if peer.endpoint is defined %}
 Endpoint = {{ peer.endpoint }}
 {% endif %}

roles/proxy/templates/server-nginx.conf.j2

@@ -35,13 +35,7 @@ server {
   client_max_body_size {{ item.client_max_body_size }};
 {% endif %}
   location / {
-{% if item.allowedips is defined %}
+{% if item.restrict is defined and item.restrict  %}
-{% for ip in item.allowedips %}
-    allow {{ ip }};
-{% endfor %}
-    deny all;
-{% endif %}
-{% if item.restrict is defined and item.restrict %}
     auth_basic "{{ item.restrict_name | default('Restricted Access') }}";
     auth_basic_user_file {{ item.restrict_file | default('/etc/nginx/.htpasswd') }};
     proxy_set_header Authorization "";