#!/usr/bin/ansible-playbook # vim:ft=ansible: --- - name: Include MySQL role include_role: name: mysql - name: Install, configure, and start Nextcloud block: - name: Install Nextcloud-required packages apt: name: "{{ packages }}" vars: packages: - apache2 - libapache2-mod-php7.2 - php7.2 - php7.2-gd - php7.2-json - php7.2-mysql - php7.2-curl - php7.2-mbstring - php7.2-intl - php-imagick - php7.2-xml - php7.2-zip - php7.2-cgi - php7.2-cli - name: Copy configuration copy: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" loop: - { src: "php-apache2.ini", dest: "/etc/php/7.2/apache2/php.ini", mode: "0644" } - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" } - name: Set up MySQL block: - name: Create database mysql_db: name: nextcloud login_user: root login_password: "{{ mysql_root_password }}" state: present - name: Create Nextcloud user mysql_user: name: nextcloud host: localhost password: "{{ nextcloud_mysql_password }}" priv: "nextcloud.*:ALL,GRANT" login_user: root login_password: "{{ mysql_root_password }}" - name: Set up Apache block: - name: Disable default configuration file: # This is a symlink so who cares path: "/etc/apache2/sites-enabled/000-default.conf" state: absent - name: Create webroot file: path: "{{ nextcloud_webroot }}" mode: "0755" recurse: yes state: directory - name: Check for existing installation stat: path: "{{ nextcloud_webroot }}/index.html" register: stat_webroot_index - name: Install Nextcloud block: - name: Download Nextcloud get_url: dest: /var/www/nextcloud.tar.bz2 url: "{{ nextcloud_tarbz2 }}" - name: Extract Nextcloud unarchive: src: /var/www/nextcloud.tar.bz2 remote_src: yes dest: "{{ nextcloud_webroot }}" extra_opts: [--strip-components=1] - name: Create data directory file: path: "/var/nextcloud" state: directory mode: 0700 owner: www-data group: www-data - name: Chown webroot # Nextcloud docs say Apache needs write access, so it gets write access file: path: "{{ nextcloud_webroot }}" state: directory recurse: yes owner: www-data group: www-data - name: Cleanup file: path: /var/www/nextcloud.tar.bz2 state: absent when: not stat_webroot_index.stat.exists - name: Set up Nextcloud cronjob cron: user: www-data name: "nextcloud-cron" minute: "*/5" job: 'php -f "{{ nextcloud_webroot }}/cron.php"' - name: Enable Apache configs and modules shell: "{{ item }}" loop: - "a2enmod rewrite" - "a2enmod ssl" - name: Register certificates block: # Note: We copy over some insecure configs now # Reason being there's no way for the https role to handle every site's # configuration on its own. If it doesn't have to update the key, it # won't reload Apache and our site will never actually see https downtime - name: Configure insecure virtual host configs template: src: apache2-vhost.conf dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" - name: Generate certificate include_role: name: https vars: website_url: "{{ nextcloud_url }}" website_webroot: "{{ nextcloud_webroot }}" - name: Secure Apache block: - name: Copy over virtual host configs template: src: apache2-vhost-ssl.conf dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" - name: Reload Apache service: name: apache2 state: reloaded enabled: true become: yes