110 lines
3.3 KiB
YAML

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Install, configure, and start Nextcloud
block:
- name: Install Nextcloud-required packages
apt:
name:
- php-imagick
- php-redis
notify: restart apache
- name: Set up MySQL
block:
- name: Create database
mysql_db:
name: nextcloud
login_user: root
login_password: "{{ mysql.root_password }}"
state: present
- name: Create Nextcloud user
mysql_user:
name: nextcloud
host: localhost
password: "{{ nextcloud.db_password }}"
priv: "nextcloud.*:ALL,GRANT"
login_user: root
login_password: "{{ mysql.root_password }}"
- name: Set up Apache
block:
- name: Create webroot
file:
path: "{{ nextcloud_webroot }}"
mode: "0750"
state: directory
- name: Check for existing installation
stat:
path: "{{ nextcloud_webroot }}/index.html"
register: stat_webroot_index
- name: Install Nextcloud
block:
- name: Download Nextcloud
get_url:
dest: /var/www/nextcloud.tar.bz2
url: "{{ nextcloud_tarbz2 }}"
- name: Extract Nextcloud
unarchive:
src: /var/www/nextcloud.tar.bz2
remote_src: yes
dest: "{{ nextcloud_webroot }}"
extra_opts: [--strip-components=1]
notify: restart apache
- name: Create data directory
file:
path: "/var/nextcloud"
state: directory
mode: 0700
owner: www-data
group: www-data
- name: Chown webroot
# Nextcloud docs say Apache needs write access, so it gets write access
file:
path: "{{ nextcloud_webroot }}"
state: directory
recurse: yes
owner: www-data
group: www-data
- name: Cleanup
file:
path: /var/www/nextcloud.tar.bz2
state: absent
when: not stat_webroot_index.stat.exists
- name: Assert permissions
block:
- name: Tighten config.php
file:
path: "{{ nextcloud_webroot }}/config/config.php"
mode: "0640"
- name: Loosen occ
file:
path: "{{ nextcloud_webroot }}/occ"
mode: "0755"
- name: Set up Nextcloud cronjob
cron:
user: www-data
name: "nextcloud-cron"
minute: "*/5"
job: 'php -f "{{ nextcloud_webroot }}/cron.php"'
- name: Copy over virtual host configs
template:
src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-available/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Enable config
command:
cmd: "a2ensite {{ nextcloud.url }}.conf"
creates: "/etc/apache2/sites-enabled/{{ nextcloud.url }}.conf"
notify: restart apache
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ nextcloud.url }}"
website_webroot: "{{ nextcloud_webroot }}"
- name: Template out backup module
template:
src: "backup.sh"
dest: "/opt/backups/modules/{{ nextcloud.url }}.sh"
mode: "0600"
become: yes