diff --git a/containers/nextcloud/files/mariadb/log_level.cnf b/containers/nextcloud/files/mariadb/log_level.cnf new file mode 100644 index 0000000..5f08af2 --- /dev/null +++ b/containers/nextcloud/files/mariadb/log_level.cnf @@ -0,0 +1,2 @@ +[mariadb] +log_warnings = 3 diff --git a/containers/nextcloud/files/mariadb/name_resolve.cnf b/containers/nextcloud/files/mariadb/name_resolve.cnf new file mode 100644 index 0000000..e5cb858 --- /dev/null +++ b/containers/nextcloud/files/mariadb/name_resolve.cnf @@ -0,0 +1,2 @@ +[mariadb] +skip-name-resolve = ON diff --git a/containers/nextcloud/files/systemd/nextcloudcron.service b/containers/nextcloud/files/systemd/nextcloudcron.service new file mode 100644 index 0000000..be39832 --- /dev/null +++ b/containers/nextcloud/files/systemd/nextcloudcron.service @@ -0,0 +1,7 @@ +[Unit] +Description=Nextcloud cron.php job +Wants=nextcloudcron.timer + +[Service] +ExecStart=/bin/podman exec -u www-data nextcloud php -f /var/www/html/cron.php +Type=oneshot diff --git a/containers/nextcloud/files/systemd/nextcloudcron.timer b/containers/nextcloud/files/systemd/nextcloudcron.timer new file mode 100644 index 0000000..c3af628 --- /dev/null +++ b/containers/nextcloud/files/systemd/nextcloudcron.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Run Nextcloud cron.php every 5 minutes +Requires=nextcloudcron.service + +[Timer] +Unit=nextcloudcron.service +OnBootSec=5min +OnUnitActiveSec=5min + +[Install] +WantedBy=timers.target diff --git a/containers/nextcloud/tasks.yml b/containers/nextcloud/tasks.yml new file mode 100644 index 0000000..bd72443 --- /dev/null +++ b/containers/nextcloud/tasks.yml @@ -0,0 +1,202 @@ +--- +- hosts: all + name: Nextcloud file sharing web service + tasks: + - name: Pull container images + become_user: containers + become: true + containers.podman.podman_image: + name: docker.io/{{ item }} + loop: + - nextcloud:latest + - redis:alpine + - mariadb:latest + + - name: Create podman volumes + containers.podman.podman_volume: + state: present + name: "{{ item }}" + become_user: containers + become: true + loop: + - nextcloud-html + - nextcloud-custom_apps + - nextcloud-theme + - nextcloud-data + - nextcloud-config + - redis-data + - nextcloud-db + + - name: Change permission to nextcloud folder + become: true + ansible.builtin.file: + path: /etc/nextcloud + owner: containers + group: containers + mode: 0700 + state: directory + + - name: Copy nextcloud config directory + become: true + ansible.builtin.copy: + src: files/nextcloud/ + dest: /etc/nextcloud/config/ + owner: containers + group: containers + mode: 0600 + + - name: Copy systemd service and timer + become: true + become_user: containers + ansible.builtin.copy: + src: files/systemd/ + dest: "/home/containers/.config/systemd/user/" + owner: containers + group: containers + mode: 0644 + + - name: Copy mariadb config directory + become: true + ansible.builtin.copy: + src: files/mariadb/ + dest: /etc/nextcloud/mariadb/ + owner: containers + group: containers + mode: 0600 + + - name: Create podman networks + containers.podman.podman_network: + name: "{{ item }}" + recreate: false + state: "present" + disable_dns: true + become_user: containers + become: true + loop: + - traefik-nextcloud + - mariadb-nextcloud + - redis-nextcloud + + - name: Create redis instance + become_user: containers + become: true + containers.podman.podman_container: + name: redis + image: docker.io/redis:latest + state: present + volume: + - redis-data:/data:Z + network: + - redis-nextcloud + generate_systemd: + path: /home/containers/.config/systemd/user/ + restart_policy: on-failure + names: true + new: true + + - name: Create mariadb instance + become_user: containers + become: true + containers.podman.podman_container: + name: db_nextcloud + image: docker.io/mariadb:latest + state: present + command: + - "--transaction-isolation=READ-COMMITTED" + - "--binlog-format=ROW" + volume: + - nextcloud-db:/var/lib/mysql:Z + - /etc/nextcloud/mariadb/:/etc/mysql/conf.d:Z + network: + - mariadb-nextcloud + env: + MARIADB_ROOT_PASSWORD: "{{ vault_nextcloud_mariadb_root_password }}" + MARIADB_DATABASE: "{{ vault_nextcloud_mariadb_database }}" + MARIADB_USER: "{{ vault_nextcloud_mariadb_user }}" + MARIADB_PASSWORD: "{{ vault_nextcloud_mariadb_password }}" + MARIADB_AUTO_UPGRADE: "true" + generate_systemd: + path: /home/containers/.config/systemd/user/ + restart_policy: on-failure + names: true + new: true + + - name: Create nextcloud instance + become_user: containers + become: true + containers.podman.podman_container: + name: nextcloud + image: docker.io/nextcloud:latest + state: present + volume: + - nextcloud-html:/var/www/html:Z + - nextcloud-custom_apps:/var/www/html/custom_apps:Z + - nextcloud-theme:/var/www/html/themes:Z + - nextcloud-data:/var/www/html/data:Z + - nextcloud-config:/var/www/html/config:Z + network: + - traefik-nextcloud + - mariadb-nextcloud + - redis-nextcloud + label: + io.containers.autoupdate: "registry" + traefik.enable: "true" + traefik.http.routers.nextcloud.entrypoints: "https" + traefik.http.routers.nextcloud.rule: "Path(`/cloud`)" + traefik.http.routers.nextcloud.tls: "true" + traefik.http.routers.nextcloud.tls.certresolver: "wildcard" + traefik.http.routers.nextcloud.service: "nextcloud" + traefik.http.routers.nextcloud.middlewares: "nextcloud-redirectregex,nextcloud-headers,http-compress@file" + traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true" + traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/cloud/.well-known/(card|cal)dav" + traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/cloud/remote.php/dav/" + traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000" + traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true" + traefik.http.services.nextcloud.loadbalancer.server.port: "80" + traefik.docker.network: "traefik-nextcloud" + env: + REDIS_HOST: "redis" + REDIS_PORT: "6379" + MYSQL_DATABASE: "{{ vault_nextcloud_mariadb_database }}" + MYSQL_USER: "{{ vault_nextcloud_mariadb_user }}" + MYSQL_PASSWORD: "{{ vault_nextcloud_mariadb_password }}" + MYSQL_HOST: "db_nextcloud" + NEXTCLOUD_DATA_DIR: "/var/www/html/data" + SMTP_HOST: "{{ vault_smtp_host }}" + SMTP_SECURE: "{{ vault_smtp_protocol }}" + SMTP_PORT: "{{ vault_smtp_port }}" + SMTP_AUTHTYPE: "LOGIN" + SMTP_NAME: "{{ vault_smtp_user }}" + SMTP_PASSWORD: "{{ vault_smtp_password }}" + MAIL_FROM_ADDRESS: "nextcloud" + MAIL_DOMAIN: "{{ vault_smtp_domain }}" + TRUSTED_PROXIES: "traefik" + generate_systemd: + path: /home/containers/.config/systemd/user/ + restart_policy: on-failure + names: true + new: true + + - name: Start containers at boot + become_user: containers + become: true + ansible.builtin.systemd: + scope: user + name: container-{{ item }}.service + enabled: true + state: started + daemon_reload: true + loop: + - nextcloud + - redis + - db_nextcloud + + - name: Enable a timer unit + become: true + become_user: containers + ansible.builtin.systemd: + scope: user + name: nextcloudcron.timer + enabled: true + state: started + daemon_reload: true