Add disfunctional Nextcloud role

This commit is contained in:
Salt 2020-02-05 20:23:20 -06:00
parent 34ab9cc8d2
commit 02e5164eed
6 changed files with 4006 additions and 68 deletions

10
ec2.yml
View File

@ -4,8 +4,14 @@
- hosts: ec2 - hosts: ec2
roles: roles:
- common - common
- user
- hosts: tag_role_nextcloud
vars:
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
acme_version: 2
website_url: "nc.assburgers.club"
roles:
- nextcloud
- hosts: tag_role_cockpit - hosts: tag_role_cockpit
roles: roles:
- user
- ansiblehost
- cockpit - cockpit

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,2 @@
---
allow_duplicates: no

View File

@ -0,0 +1,78 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install, configure, and start Nextcloud
block:
- name: Install Nextcloud-required packages
apt:
name: "{{ packages }}"
vars:
packages:
- apache2
- mariadb-server
- libapache2-mod-php
- php7.2
- php7.2-xml
- php7.2-curl
- php7.2-gd
- php7.2-cgi
- php7.2-cli
- php7.2-zip
- php7.2-mysql
- php7.2-mbstring
- python-openssl # Needed for keygen
- python3-openssl
- name: Copy configuration
block:
- name: php-apache2
copy:
src: php-apache2.ini
dest: /etc/php/7.2/apache2/php.ini
mode: 644
- name: php-cgi
copy:
src: php-cgi.ini
dest: /etc/php/7.2/cgi/php.ini
mode: 644
- name: Register certificates
block:
- name: Set up our filesystem heirarchy
file:
path: "{{ item.dir }}"
mode: "{{ item.mode }}"
recurse: yes
state: directory
loop:
- { dir: "/etc/pki", mode: "0600" }
- { dir: "/etc/pki/cert", mode: "0600" }
- { dir: "/etc/pki/cert/csr", mode: "0600" }
- { dir: "/etc/pki/cert/fullchain", mode: "0600" }
- { dir: "/etc/pki/cert/private", mode: "0600" }
- { dir: "/etc/pki/cert/challenge/{{ website_url }}", mode: "0600" }
- name: Create ACME account key
openssl_privatekey:
path: "/etc/pki/cert/private/account.key"
size: 4096
- name: Register ACME account
acme_account:
account_key: "/etc/pki/cert/private/account.key"
acme_directory: "{{ acme_directory }}"
acme_version: "{{ acme_version }}"
terms_agreed: yes
- name: Create CSR
openssl_csr:
path: "/etc/pki/cert/csr/{{ website_url }}.csr"
common_name: "{{ website_url }}"
privatekey_path: /etc/pki/cert/private/account.key
email_address: "rehashedsalt@cock.li"
- name: Register LE cert
acme_certificate:
acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory"
acme_version: 2
terms_agreed: yes
account_email: "rehashedsalt@cock.li"
account_key: /etc/pki/cert/private/account.key
csr: "/etc/pki/cert/csr/{{ website_url }}.csr"
dest: "/etc/pki/cert/{{ website_url }}.crt"
fullchain_dest: "/etc/pki/cert/fullchain/{{ website_url }}.crt"
become: true

View File

@ -21,43 +21,35 @@
groups: sudo groups: sudo
append: yes append: yes
become: yes become: yes
- name: Bootstrap user
block:
- name: Authorize dsk-cstm-0 for user salt - name: Authorize dsk-cstm-0 for user salt
authorized_key: authorized_key:
user: salt user: salt
state: present state: present
manage_dir: yes manage_dir: yes
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ Salt@tungsten-qemu" key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ Salt@tungsten-qemu"
become: yes
become_user: salt
- name: Authorize lap-th-e560-0 for user salt - name: Authorize lap-th-e560-0 for user salt
authorized_key: authorized_key:
user: salt user: salt
state: present state: present
manage_dir: yes manage_dir: yes
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@iridium" key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@iridium"
become: yes
become_user: salt
- name: Check for dotfile initialization - name: Check for dotfile initialization
stat: path=$HOME/.dotfiles stat: path=$HOME/.dotfiles
register: p register: p
become: yes
become_user: salt
- name: Configure git SSH substitute for GitHub - name: Configure git SSH substitute for GitHub
git_config: git_config:
name: url."https://github.com/".insteadOf name: url."https://github.com/".insteadOf
value: "git@github.com:" value: "git@github.com:"
scope: global scope: global
when: not p.stat.exists when: not p.stat.exists
become: yes
become_user: salt
- name: Configure git SSH substitute for GitLab - name: Configure git SSH substitute for GitLab
git_config: git_config:
name: url."https://gitlab.com/".insteadOf name: url."https://gitlab.com/".insteadOf
value: "git@gitlab.com:" value: "git@gitlab.com:"
scope: global scope: global
when: not p.stat.exists when: not p.stat.exists
become: yes
become_user: salt
- name: Clone bootstrap script - name: Clone bootstrap script
git: git:
accept_hostkey: yes accept_hostkey: yes
@ -66,13 +58,9 @@
depth: 1 depth: 1
force: yes force: yes
when: not p.stat.exists when: not p.stat.exists
become: yes
become_user: salt
- name: Execute bootstrap script - name: Execute bootstrap script
shell: cd && ~/bootstrap/build-home.sh shell: cd && ~/bootstrap/build-home.sh
when: not p.stat.exists when: not p.stat.exists
become: yes
become_user: salt
- name: Disable untracked files on dotfiles - name: Disable untracked files on dotfiles
git_config: git_config:
name: status.showUntrackedFiles name: status.showUntrackedFiles
@ -80,8 +68,6 @@
scope: local scope: local
repo: ~/.dotfiles repo: ~/.dotfiles
when: not p.stat.exists when: not p.stat.exists
become: yes
become_user: salt
- name: Remove bootstrap script directory - name: Remove bootstrap script directory
file: file:
path: ~/bootstrap path: ~/bootstrap