Compare commits
4 Commits
93bc285f3d
...
0a072b4c90
| Author | SHA1 | Date | |
|---|---|---|---|
|
0a072b4c90
|
||
|
|
736277c377
|
||
|
|
b386f5e363
|
||
|
|
da694910c6
|
64
roles/bootstrap/handlers/nextcloud.yml
Normal file
64
roles/bootstrap/handlers/nextcloud.yml
Normal file
@@ -0,0 +1,64 @@
|
|||||||
|
# SPDX-License-Identifier: MIT-0
|
||||||
|
---
|
||||||
|
# handlers file for bootstrap
|
||||||
|
- name: Configure Nextcloud snap
|
||||||
|
become: true
|
||||||
|
listen: nextcloud
|
||||||
|
block:
|
||||||
|
- name: Enable monitoring of network hardware
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "snap connect nextcloud:network-observe"
|
||||||
|
- name: Enable access to removable media
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "snap connect nextcloud:removable-media"
|
||||||
|
# @TODO see if setting below is necessary given use of reverse proxy
|
||||||
|
# - name: Set trusted domains
|
||||||
|
# ansible.builtin.command:
|
||||||
|
# cmd: "nextcloud.occ config:system:set trusted_domains 0 --value='cloud.{{ hostvars[inventory_hostname].fqdn }}'"
|
||||||
|
# @TODO configure perhaps for trusted (reverse) proxy instead of above
|
||||||
|
- name: Set trusted reverse proxy IPv4 address
|
||||||
|
when: config.trusted_revproxy_ips.ipv4 is None or len(config.trusted_revproxy_ips.ipv4) < 1
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- nextcloud.occ
|
||||||
|
- "config:system:set"
|
||||||
|
- trusted_proxies 0
|
||||||
|
- "--value=$(hostname -I | awk -F ' ' '{ print $1 }')"
|
||||||
|
- name: Set trusted reverse proxy IPv4 address
|
||||||
|
when: config.trusted_revproxy_ips.ipv4 is not None and len(config.trusted_revproxy_ips.ipv4) > 0
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- nextcloud.occ
|
||||||
|
- "config:system:set"
|
||||||
|
- "trusted_proxies {{ idx }}"
|
||||||
|
- "--value={{ item }}"
|
||||||
|
loop: "{{ config.trusted_revproxy_ips.ipv4 }}"
|
||||||
|
loop_control:
|
||||||
|
index_var: idx
|
||||||
|
- name: Set trusted reverse proxy IPv6 address
|
||||||
|
when: config.trusted_revproxy_ips.ipv6 is None or len(config.trusted_revproxy_ips.ipv6) < 1
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- nextcloud.occ
|
||||||
|
- "config:system:set"
|
||||||
|
- trusted_proxies 0
|
||||||
|
- "--value=$(hostname -I | awk -F ' ' '{ print $2 }')"
|
||||||
|
- name: Set trusted reverse proxy IPv6 address
|
||||||
|
when: config.trusted_revproxy_ips.ipv6 is not None and len(config.trusted_revproxy_ips.ipv6) > 0
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- nextcloud.occ
|
||||||
|
- "config:system:set"
|
||||||
|
- "trusted_proxies {{ idx }}"
|
||||||
|
- "--value={{ item }}"
|
||||||
|
loop: "{{ config.trusted_revproxy_ips.ipv6 }}"
|
||||||
|
loop_control:
|
||||||
|
index_var: idx
|
||||||
|
- name: Enable LDAP integration app
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "nextcloud.occ app:enable user_ldap"
|
||||||
|
# @TODO see if can further configure LDAP in particular: https://docs.nextcloud.com/server/stable/admin_manual/occ_command.html#ldap-commands
|
||||||
|
- name: Enable contacts' birthday calendar app
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "nextcloud.occ dav:sync-birthday-calendar"
|
||||||
|
# @TODO create system-level bash alias for `nextcloud.occ` command
|
||||||
17
roles/bootstrap/handlers/snapd.yml
Normal file
17
roles/bootstrap/handlers/snapd.yml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
# SPDX-License-Identifier: MIT-0
|
||||||
|
---
|
||||||
|
# handlers file for bootstrap
|
||||||
|
- name: Install all snapd applications
|
||||||
|
become: true
|
||||||
|
listen: snapd
|
||||||
|
block:
|
||||||
|
- name: Install snaps
|
||||||
|
community.general.snap:
|
||||||
|
channel: "{{ item.value['channel'] | default('latest/stable') }}"
|
||||||
|
name:
|
||||||
|
- "{{ item.value['name'] }}"
|
||||||
|
# @TODO test the below list extend method for list of lists
|
||||||
|
options: "{{ item.value['opts'] }}"
|
||||||
|
state: present
|
||||||
|
notify: "{{ item.key }}"
|
||||||
|
loop: "{{ lookup('ansible.builtin.dict', software.snaps) }}"
|
||||||
@@ -42,6 +42,7 @@
|
|||||||
name: snapd
|
name: snapd
|
||||||
use: "{{ ansible_facts['pkg_mgr'] }}"
|
use: "{{ ansible_facts['pkg_mgr'] }}"
|
||||||
state: present
|
state: present
|
||||||
|
notify: snapd
|
||||||
- name: Install flatpak
|
- name: Install flatpak
|
||||||
when: "ansible_facts['pkg_mgr'] == 'apt'"
|
when: "ansible_facts['pkg_mgr'] == 'apt'"
|
||||||
block:
|
block:
|
||||||
|
|||||||
@@ -104,6 +104,9 @@ software:
|
|||||||
php-pkg:
|
php-pkg:
|
||||||
name:
|
name:
|
||||||
apt: composer
|
apt: composer
|
||||||
|
php-ldap:
|
||||||
|
name:
|
||||||
|
apt: php-ldap
|
||||||
html-linter:
|
html-linter:
|
||||||
name:
|
name:
|
||||||
apt: tidy
|
apt: tidy
|
||||||
@@ -217,6 +220,19 @@ software:
|
|||||||
# caddy:
|
# caddy:
|
||||||
# name:
|
# name:
|
||||||
# apt: caddy
|
# apt: caddy
|
||||||
|
snaps:
|
||||||
|
nextcloud:
|
||||||
|
name: nextcloud
|
||||||
|
channel: ~
|
||||||
|
opts:
|
||||||
|
- "nextcloud:php.memory-limit=512M"
|
||||||
|
- "nextcloud:nextcloud.cron-interval=10m"
|
||||||
|
- "nextcloud:http.compression=true"
|
||||||
|
# @TODO commented opts use 'connect' snapd subcommand--look into how to use in Ansible
|
||||||
|
# - "nextcloud:removable-media"
|
||||||
|
# - "nextcloud:network-observe"
|
||||||
|
# @TODO see how to set these options: https://help.nextcloud.com/t/how-to-configure-nextcloud-snap/216036#p-649442-trusted-domains-configuration-8
|
||||||
|
# @TODO see how to set these options: https://help.nextcloud.com/t/how-to-configure-nextcloud-snap/216036#p-649442-trusted-proxy-configuration-9
|
||||||
config:
|
config:
|
||||||
git:
|
git:
|
||||||
sys:
|
sys:
|
||||||
|
|||||||
Reference in New Issue
Block a user