ansible/roles/nextcloud/tasks/main.yml

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install, configure, and start Nextcloud
  block:
  - name: Install Nextcloud-required packages
    apt:
      name: "{{ packages }}"
    vars:
      packages:
      - apache2
      - mariadb-server
      - libapache2-mod-php
      - php7.2
      - php7.2-xml
      - php7.2-curl
      - php7.2-gd
      - php7.2-cgi
      - php7.2-cli
      - php7.2-zip
      - php7.2-mysql
      - php7.2-mbstring
      - python-openssl # Needed for keygen
      - python3-openssl
  - name: Copy configuration
    block:
      - name: php-apache2
        copy:
          src: php-apache2.ini
          dest: /etc/php/7.2/apache2/php.ini
          mode: 644
      - name: php-cgi
        copy:
          src: php-cgi.ini
          dest: /etc/php/7.2/cgi/php.ini
          mode: 644
  - name: Register certificates
    block:
      - name: Set up our filesystem heirarchy
        file:
          path: "{{ item.dir }}"
          mode: "{{ item.mode }}"
          recurse: yes
          state: directory
        loop:
          - { dir: "/etc/pki", mode: "0600" }
          - { dir: "/etc/pki/cert", mode: "0600" }
          - { dir: "/etc/pki/cert/csr", mode: "0600" }
          - { dir: "/etc/pki/cert/fullchain", mode: "0600" }
          - { dir: "/etc/pki/cert/private", mode: "0600" }
          - { dir: "/etc/pki/cert/challenge/{{ website_url }}", mode: "0600" }
      - name: Create ACME account key
        openssl_privatekey:
          path: "/etc/pki/cert/private/account.key"
          size: 4096
      - name: Register ACME account
        acme_account:
          account_key: "/etc/pki/cert/private/account.key"
          acme_directory: "{{ acme_directory }}"
          acme_version: "{{ acme_version }}"
          terms_agreed: yes
      - name: Create CSR
        openssl_csr:
          path: "/etc/pki/cert/csr/{{ website_url }}.csr"
          common_name: "{{ website_url }}"
          privatekey_path: /etc/pki/cert/private/account.key
          email_address: "rehashedsalt@cock.li"
      - name: Register LE cert
        acme_certificate:
          acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
          acme_version: 2
          terms_agreed: yes
          account_email: "rehashedsalt@cock.li"
          account_key: /etc/pki/cert/private/account.key
          csr: "/etc/pki/cert/csr/{{ website_url }}.csr"
          dest: "/etc/pki/cert/{{ website_url }}.crt"
          fullchain_dest: "/etc/pki/cert/fullchain/{{ website_url }}.crt"
  become: true
Add disfunctional Nextcloud role 2020-02-05 20:23:20 -06:00			`#!/usr/bin/ansible-playbook`
			`# vim:ft=ansible:`
			`---`
			`- name: Install, configure, and start Nextcloud`
			`block:`
			`- name: Install Nextcloud-required packages`
			`apt:`
			`name: "{{ packages }}"`
			`vars:`
			`packages:`
			`- apache2`
			`- mariadb-server`
			`- libapache2-mod-php`
			`- php7.2`
			`- php7.2-xml`
			`- php7.2-curl`
			`- php7.2-gd`
			`- php7.2-cgi`
			`- php7.2-cli`
			`- php7.2-zip`
			`- php7.2-mysql`
			`- php7.2-mbstring`
			`- python-openssl # Needed for keygen`
			`- python3-openssl`
			`- name: Copy configuration`
			`block:`
			`- name: php-apache2`
			`copy:`
			`src: php-apache2.ini`
			`dest: /etc/php/7.2/apache2/php.ini`
			`mode: 644`
			`- name: php-cgi`
			`copy:`
			`src: php-cgi.ini`
			`dest: /etc/php/7.2/cgi/php.ini`
			`mode: 644`
			`- name: Register certificates`
			`block:`
			`- name: Set up our filesystem heirarchy`
			`file:`
			`path: "{{ item.dir }}"`
			`mode: "{{ item.mode }}"`
			`recurse: yes`
			`state: directory`
			`loop:`
			`- { dir: "/etc/pki", mode: "0600" }`
			`- { dir: "/etc/pki/cert", mode: "0600" }`
			`- { dir: "/etc/pki/cert/csr", mode: "0600" }`
			`- { dir: "/etc/pki/cert/fullchain", mode: "0600" }`
			`- { dir: "/etc/pki/cert/private", mode: "0600" }`
			`- { dir: "/etc/pki/cert/challenge/{{ website_url }}", mode: "0600" }`
			`- name: Create ACME account key`
			`openssl_privatekey:`
			`path: "/etc/pki/cert/private/account.key"`
			`size: 4096`
			`- name: Register ACME account`
			`acme_account:`
			`account_key: "/etc/pki/cert/private/account.key"`
			`acme_directory: "{{ acme_directory }}"`
			`acme_version: "{{ acme_version }}"`
			`terms_agreed: yes`
			`- name: Create CSR`
			`openssl_csr:`
			`path: "/etc/pki/cert/csr/{{ website_url }}.csr"`
			`common_name: "{{ website_url }}"`
			`privatekey_path: /etc/pki/cert/private/account.key`
			`email_address: "rehashedsalt@cock.li"`
			`- name: Register LE cert`
			`acme_certificate:`
			`acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"`
			`acme_version: 2`
			`terms_agreed: yes`
			`account_email: "rehashedsalt@cock.li"`
			`account_key: /etc/pki/cert/private/account.key`
			`csr: "/etc/pki/cert/csr/{{ website_url }}.csr"`
			`dest: "/etc/pki/cert/{{ website_url }}.crt"`
			`fullchain_dest: "/etc/pki/cert/fullchain/{{ website_url }}.crt"`
			`become: true`