From bdaaf1336f989c3b9460ced235fd50702b9951e1 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Sat, 15 Aug 2020 05:11:50 -0500
Subject: [PATCH] Move Nextcloud to an EFS mount

---
 inventory/group_vars/9iron.club.yml |  5 ++++
 roles/nextcloud/tasks/main.yml      | 38 +++++++++++++++++++++++------
 2 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/inventory/group_vars/9iron.club.yml b/inventory/group_vars/9iron.club.yml
index 0e1698c..cd9aa65 100644
--- a/inventory/group_vars/9iron.club.yml
+++ b/inventory/group_vars/9iron.club.yml
@@ -108,6 +108,11 @@ nextcloud:
             66373234633939393034353439393465663131303661393164303335336435653734613064663964
             3332313764623133630a393731613236373837316437653265636663666261383135636662373566
             61373135303632336237333836353764646639633735323566346366623766646266
+  efs:
+    name: "9iron-nextcloud"
+    region: "us-east-2"
+    subnet_id: "subnet-852935ed"
+    security_group: "sg-4f4b692c"
   url: "nc.9iron.club"
 # Pleroma
 pleroma:
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index a4109b0..f7e8662 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -49,13 +49,6 @@
               dest: "{{ nextcloud_webroot }}"
               extra_opts: [--strip-components=1]
             notify: restart apache
-          - name: Create data directory
-            file:
-              path: "/var/nextcloud"
-              state: directory
-              mode: 0700
-              owner: www-data
-              group: www-data
           - name: Chown webroot
             # Nextcloud docs say Apache needs write access, so it gets write access
             file:
@@ -69,6 +62,37 @@
               path: /var/www/nextcloud.tar.bz2
               state: absent
         when: not stat_webroot_index.stat.exists
+      - name: Create data directory
+        file:
+          path: "/var/nextcloud"
+          state: directory
+          mode: 0700
+          owner: www-data
+          group: www-data
+      - name: Set up EFS mount
+        block:
+          - name: Install required packages
+            apt:
+              name:
+                - nfs-client
+          - name: Create EFS
+            efs:
+              name: "{{ nextcloud.efs.name }}"
+              encrypt: yes
+              region: "{{ nextcloud.efs.region }}"
+              targets:
+                - subnet_id: "{{ nextcloud.efs.subnet_id }}"
+                  security_groups:  [ "{{ nextcloud.efs.security_group }}" ]
+            register: efs
+          - name: Mount EFS
+            mount:
+              path: /var/nextcloud
+              src: "{{ efs.efs.filesystem_address }}"
+              fstype: nfs4
+              opts: "nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport"
+              state: mounted
+        when : nextcloud.efs.name is defined
+        tags: [ nextcloudefs ]
       - name: Assert permissions
         block:
           - name: Tighten config.php