# code: language=ansible --- - hosts: all name: Nextcloud file sharing web service tasks: - name: Pull container images become_user: containers become: true containers.podman.podman_image: name: docker.io/{{ item }} loop: - nextcloud:latest - redis:alpine - mariadb:latest - name: Create podman volumes containers.podman.podman_volume: state: present name: "{{ item }}" become_user: containers become: true loop: - nextcloud-html - nextcloud-custom_apps - nextcloud-theme - nextcloud-data - nextcloud-config - redis-data - nextcloud-db - name: Change permission to nextcloud folder become: true ansible.builtin.file: path: /etc/nextcloud owner: containers group: containers mode: 0700 state: directory - name: Copy nextcloud config directory become: true ansible.builtin.copy: src: files/nextcloud/ dest: /etc/nextcloud/config/ owner: containers group: containers mode: 0600 - name: Copy systemd service and timer become: true become_user: containers ansible.builtin.copy: src: files/systemd/ dest: "/home/containers/.config/systemd/user/" owner: containers group: containers mode: 0644 - name: Copy mariadb config directory become: true ansible.builtin.copy: src: files/mariadb/ dest: /etc/nextcloud/mariadb/ owner: containers group: containers mode: 0600 - name: Create podman networks containers.podman.podman_network: name: "{{ item }}" recreate: false state: "present" become_user: containers become: true loop: - traefik-nextcloud - mariadb-nextcloud - redis-nextcloud - nextcloud-collabora - name: Create redis instance become_user: containers become: true containers.podman.podman_container: name: redis_nextcloud image: docker.io/redis:latest state: present volume: - redis-data:/data:Z network: - redis-nextcloud generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure names: true new: true - name: Create mariadb instance become_user: containers become: true containers.podman.podman_container: name: db_nextcloud image: docker.io/mariadb:latest state: present command: - "--transaction-isolation=READ-COMMITTED" - "--binlog-format=ROW" volume: - nextcloud-db:/var/lib/mysql:Z - /etc/nextcloud/mariadb/:/etc/mysql/conf.d:Z network: - mariadb-nextcloud env: MARIADB_ROOT_PASSWORD: "{{ vault_nextcloud_mariadb_root_password }}" MARIADB_DATABASE: "{{ vault_nextcloud_mariadb_database }}" MARIADB_USER: "{{ vault_nextcloud_mariadb_user }}" MARIADB_PASSWORD: "{{ vault_nextcloud_mariadb_password }}" MARIADB_AUTO_UPGRADE: "true" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure names: true new: true - name: Create nextcloud instance become_user: containers become: true containers.podman.podman_container: name: nextcloud image: docker.io/nextcloud:latest state: present volume: - nextcloud-html:/var/www/html:Z - nextcloud-custom_apps:/var/www/html/custom_apps:Z - nextcloud-theme:/var/www/html/themes:Z - nextcloud-data:/var/www/html/data:Z - nextcloud-config:/var/www/html/config:Z network: - traefik-nextcloud - mariadb-nextcloud - redis-nextcloud - nextcloud-collabora label: io.containers.autoupdate: "registry" traefik.enable: "true" traefik.http.routers.nextcloud.entrypoints: "https" traefik.http.routers.nextcloud.rule: "PathPrefix(`/cloud`)" traefik.http.routers.nextcloud.tls: "true" traefik.http.routers.nextcloud.tls.certresolver: "wildcard" traefik.http.routers.nextcloud.service: "nextcloud" traefik.http.routers.nextcloud.middlewares: "nextcloud-prefixstrip,nextcloud-redirectregex,nextcloud-headers,http-compress@file" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.permanent: "true" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.regex: "https://(.*)/cloud/.well-known/(card|cal)dav" traefik.http.middlewares.nextcloud-redirectregex.redirectRegex.replacement: "https://${1}/cloud/remote.php/dav/" traefik.http.middlewares.nextcloud-headers.headers.stsSeconds: "31536000" traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains: "true" traefik.http.middlewares.nextcloud-prefixstrip.stripprefix.prefixes: "/cloud" traefik.http.services.nextcloud.loadbalancer.server.port: "80" traefik.docker.network: "traefik-nextcloud" env: REDIS_HOST: "redis_nextcloud" REDIS_PORT: "6379" MYSQL_DATABASE: "{{ vault_nextcloud_mariadb_database }}" MYSQL_USER: "{{ vault_nextcloud_mariadb_user }}" MYSQL_PASSWORD: "{{ vault_nextcloud_mariadb_password }}" MYSQL_HOST: "db_nextcloud" NEXTCLOUD_DATA_DIR: "/var/www/html/data" SMTP_HOST: "{{ vault_smtp_host }}" SMTP_SECURE: "{{ vault_smtp_protocol }}" SMTP_PORT: "{{ vault_smtp_port }}" SMTP_AUTHTYPE: "None" SMTP_NAME: "" SMTP_PASSWORD: "" MAIL_FROM_ADDRESS: "{{ vault_smtp_from }}" MAIL_DOMAIN: "{{ vault_smtp_domain }}" TRUSTED_PROXIES: "traefik" OVERWRITEWEBROOT: "/cloud" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure names: true new: true - name: Start containers at boot become_user: containers become: true ansible.builtin.systemd: scope: user name: container-{{ item }}.service enabled: true state: started daemon_reload: true loop: - nextcloud - redis_nextcloud - db_nextcloud - name: Enable a timer unit become: true become_user: containers ansible.builtin.systemd: scope: user name: nextcloudcron.timer enabled: true state: started daemon_reload: true