From ab2868e2c86e21d7fdf542a188eeb1b6d2720503 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Fri, 14 Feb 2025 16:55:58 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20add=20nextcloud=20webapps?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inventory/host_vars/web1.dmz.mateu.be.yml | 38 ++++++++++++++
 playbooks/webapps.yml                     |  1 +
 roles/nextcloud/tasks/db.yml              | 15 ++++++
 roles/nextcloud/tasks/main.yml            |  7 +++
 roles/nextcloud/tasks/nextcloud.yml       | 58 ++++++++++++++++++++++
 roles/nextcloud/templates/config.php.j2   | 60 +++++++++++++++++++++++
 roles/nextcloud/vars/main.yml             |  8 +++
 7 files changed, 187 insertions(+)
 create mode 100644 roles/nextcloud/tasks/db.yml
 create mode 100644 roles/nextcloud/tasks/main.yml
 create mode 100644 roles/nextcloud/tasks/nextcloud.yml
 create mode 100644 roles/nextcloud/templates/config.php.j2
 create mode 100644 roles/nextcloud/vars/main.yml

diff --git a/inventory/host_vars/web1.dmz.mateu.be.yml b/inventory/host_vars/web1.dmz.mateu.be.yml
index 8fb34e9..6fef699 100644
--- a/inventory/host_vars/web1.dmz.mateu.be.yml
+++ b/inventory/host_vars/web1.dmz.mateu.be.yml
@@ -58,3 +58,41 @@ freshrss_pg_password: !vault |
           63363033306636316630373762623563613233633337626430643262323338326630333933626434
           3234313965356665650a613830653463636630663735393839303934643266646132373065653032
           3339
+
+nextcloud_passwordsalt: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64653764653265656264326436346633343430613136643363386363633766303265366462306432
+          6631363537663434373066386337363931626661353861380a333762386635663336356436643532
+          64383261393061353934333064373665646430643432333061623937373364343639303535633666
+          6330363537633866630a343138613834666231323233623333313639653935616533383462323265
+          36393265333639653833373031633337643835656336316333643932383565363936
+nextcloud_objectstore_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64346461383065303532333038333131656265336364333233646464373638333364303265346662
+          3130366233663737336361356664663964623239313963340a393333323265623434636330343962
+          36323232306538666235376564363931363662613131636339383262613230656538373833306264
+          3666663530616533380a663464393937356166633132646339376261313238316332343139666164
+          61663232643362633730333135323461643539333633306637303461613664306538653337373430
+          37303933316462393966313139633935653139613536333531323238373839613435313934313434
+          35633936653335353964363435636531333635343865376633656564396637663632663438343434
+          37343137613038623337
+nextcloud_secret: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          38623462386531323764653130343865633535386439626163343430376263636261643062346261
+          3561353239653461386266316136326235623063346431630a353064373662336336353062373238
+          38356662633536363836616138623965373035336362366161626630646138666662303666383231
+          6338316339353135350a623030313961623362663165646365313530623633653831366565653262
+          61306362663134623434316639313063633830303033386465653432353738386562386661306332
+          64326635626536636336326162663032323931663063323432326136666238636430633739326537
+          33643437313861616134346136396334376237303833303338353964663262393533336461653131
+          65623234313836633830643633386163386431316361303031353636333338633838326338346133
+          38333835376662343939333438326238396162343332303539346233303364663935
+nextcloud_pg_role: "admin_nc"
+nextcloud_pg_database: "libertus_nextcloud"
+nextcloud_pg_password: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          39653865316330373734616434306330303130336466376335396537613031636336663635333836
+          3638303465316562373937386432616232383363366531650a346163333039633436613361306539
+          39333636373365373638393930303063333066376362363262343239353632393663306564643061
+          3761366163373132360a643234333137313131396334303762616634333661396337393731323334
+          3361
diff --git a/playbooks/webapps.yml b/playbooks/webapps.yml
index 6b1b7cb..2a76db1 100644
--- a/playbooks/webapps.yml
+++ b/playbooks/webapps.yml
@@ -7,3 +7,4 @@
     - roundcube
     - shaarli
     - freshrss
+    - nextcloud
diff --git a/roles/nextcloud/tasks/db.yml b/roles/nextcloud/tasks/db.yml
new file mode 100644
index 0000000..94d9c16
--- /dev/null
+++ b/roles/nextcloud/tasks/db.yml
@@ -0,0 +1,15 @@
+---
+
+- name: Create nextcloud db role
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_user:
+    name: "{{ nextcloud_pg_role }}"
+    password: "{{ nextcloud_pg_password }}"
+
+- name: Create nextcloud db
+  become_user: postgres
+  become: true
+  community.postgresql.postgresql_db:
+    name: "{{ nextcloud_pg_database }}"
+    owner: "{{ nextcloud_pg_role }}"
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
new file mode 100644
index 0000000..b12b9ef
--- /dev/null
+++ b/roles/nextcloud/tasks/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Init db
+  ansible.builtin.include_tasks: db.yml
+
+- name: Install nextcloud
+  ansible.builtin.include_tasks: nextcloud.yml
diff --git a/roles/nextcloud/tasks/nextcloud.yml b/roles/nextcloud/tasks/nextcloud.yml
new file mode 100644
index 0000000..19353b0
--- /dev/null
+++ b/roles/nextcloud/tasks/nextcloud.yml
@@ -0,0 +1,58 @@
+---
+
+- name: Create application directory
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ nextcloud_local_path }}"
+    owner: root
+    group: www-data
+    mode: "0o750"
+
+- name: Install nextcloud application
+  ansible.builtin.unarchive:
+    remote_src: true
+    src: "{{ nextcloud_url }}"
+    dest: "{{ nextcloud_local_path }}"
+    owner: root
+    group: www-data
+    mode: "a-rwx,u+rwX,g+rX"
+    extra_opts: ['--strip-components=1']
+    exclude:
+      - "data"
+      - "config/config.php"
+
+- name: Put config file
+  ansible.builtin.template:
+    src: "config.php.j2"
+    dest: "{{ nextcloud_local_path }}/config/config.php"
+    owner: www-data
+    group: www-data
+    mode: "0o640"
+
+- name: Set config dir permissions
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ nextcloud_local_path }}/config"
+    owner: www-data
+    group: www-data
+    mode: "0o750"
+
+- name: Check writable dirs
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ nextcloud_local_path }}/{{ item }}"
+    owner: root
+    group: www-data
+    mode: "g+w"
+    recurse: true
+  loop:
+    - "apps"
+    - "data"
+
+- name: Run occ upgrade
+  become: true
+  become_user: www-data
+  ansible.builtin.command:
+    cmd: "php occ upgrade"
+    chdir: "{{ nextcloud_local_path }}"
+  changed_when: false
diff --git a/roles/nextcloud/templates/config.php.j2 b/roles/nextcloud/templates/config.php.j2
new file mode 100644
index 0000000..da1a043
--- /dev/null
+++ b/roles/nextcloud/templates/config.php.j2
@@ -0,0 +1,60 @@
+<?php
+$CONFIG = array (
+  'dbtype' => 'pgsql',
+  'version' => '{{ nextcloud_version }}',
+  'dbname' => '{{ nextcloud_pg_database }}',
+  'dbhost' => 'localhost',
+  'dbtableprefix' => 'oc_',
+  'dbuser' => '{{ nextcloud_pg_role }}',
+  'dbpassword' => '{{ nextcloud_pg_password }}',
+  'installed' => true,
+  'instanceid' => '507bf5ef0f4bd',
+  'theme' => '',
+  'trusted_domains' => 
+  array (
+    0 => '{{ nextcloud_access_url }}',
+  ),
+  'mail_domain' => 'libertus.eu',
+  'mail_from_address' => 'nextcloud',
+  'loglevel' => 1,
+  'log_type' => 'errorlog',
+  'secret' => '{{ nextcloud_secret }}',
+  'trashbin_retention_obligation' => 'auto',
+  'overwrite.cli.url' => 'https://{{ nextcloud_access_url }}',
+  'updater.release.channel' => 'stable',
+  'user_backends' => 
+  array (
+    0 => 
+    array (
+      'class' => '\\OCA\\UserExternal\\IMAP',
+      'arguments' => 
+      array (
+        0 => 'imap.libertus.eu',
+        1 => 993,
+        2 => 'ssl',
+      ),
+    ),
+  ),
+  'objectstore' => 
+  array (
+    'class' => '\\OC\\Files\\ObjectStore\\S3',
+    'arguments' => 
+    array (
+      'bucket' => 'nextcloud-libertus',
+      'autocreate' => false,
+      'key' => 'GK7f69982ab6b981b3fa5ec230',
+      'secret' => '{{ nextcloud_objectstore_secret }}',
+      'hostname' => 'garage.mateu.be',
+      'port' => 443,
+      'use_ssl' => true,
+      'region' => 'garage',
+      'use_path_style' => true,
+    ),
+  ),
+  'maintenance' => false,
+  'passwordsalt' => '{{ nextcloud_passwordsalt }}',
+  'app_install_overwrite' => 
+  array (
+    0 => 'user_external',
+  ),
+);
diff --git a/roles/nextcloud/vars/main.yml b/roles/nextcloud/vars/main.yml
new file mode 100644
index 0000000..6c389a5
--- /dev/null
+++ b/roles/nextcloud/vars/main.yml
@@ -0,0 +1,8 @@
+---
+
+nextcloud_version: "30.0.6"
+nextcloud_url: "https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2"
+
+nextcloud_access_url: "{{ web_hostname | selectattr('type', 'defined') | selectattr('type', '==', 'nextcloud') | map(attribute='host') | first }}"
+
+nextcloud_local_path: "/srv/http/{{ nextcloud_access_url }}"