1 files changed, 109 insertions, 27 deletions

diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 09554e0..4c049a9 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -3,12 +3,13 @@
   vars:
     packages:
     - php-cli
+    - php-bcmath
     - php-fpm
     - php-apcu
     - php-gd
+    - php-gmp
     - php-imagick
     - php-mbstring
-    - php-mcrypt
     - php-xml
     - php-curl
     - php-intl
@@ -16,41 +17,44 @@
     - php-mysql
     - php-zip
     - php-json
+    - php-gmp
 
-- name: Configure PHP 7.0 Zend opcache
-  lineinfile: dest=/etc/php/7.0/fpm/php.ini
+- name: Configure PHP 7.3 Zend opcache
+  lineinfile: dest=/etc/php/7.3/fpm/php.ini
               regexp='^;?{{ item.var }}\\s*='
               line="{{ item.var }} = {{ item.value }}"
               owner=root group=root
               mode=0644
   with_items:
-    - { var: opcache.enable,                  value: 1     }
-    - { var: opcache.enable_cli,              value: 1     }
-    - { var: opcache.memory_consumption,      value: 128   }
-    - { var: opcache.interned_strings_buffer, value: 8     }
-    - { var: opcache.max_accelerated_files,   value: 10000 }
-    - { var: opcache.revalidate_freq,         value: 1     }
-    - { var: opcache.fast_shutdown,           value: 1     }
+    - { var: opcache.memory_consumption,      value: 512 }
+    - { var: opcache.revalidate_freq,         value: 180 }
   notify:
-    - Restart php7.0-fpm
+    - Restart php7.3-fpm
 
-- name: Configure PHP 7.0 pool environment
-  lineinfile: dest=/etc/php/7.0/fpm/pool.d/www.conf
-              regexp='^;?env\[{{ item.var }}\]\\s*='
-              line="env[{{ item.var }}] = {{ item.value }}"
-              owner=root group=root
-              mode=0644
-  with_items:
-    - { var: HOSTNAME, value: "$HOSTNAME"     }
-    - { var: PATH,     value: "/usr/bin:/bin" }
-    - { var: TMP,      value: "/tmp"          }
-    - { var: TMPDIR,   value: "/tmp"          }
-    - { var: TEMP,     value: "/tmp"          }
+- name: Create '_nextcloud' user
+  user: name=_nextcloud system=yes
+        group=nogroup
+        createhome=no
+        home=/nonexistent
+        shell=/usr/sbin/nologin
+        password=!
+        state=present
+
+- name: Delete PHP 7.3 FPM's www pool
+  file: path=/etc/php/7.3/fpm/pool.d/www.conf state=absent
+  notify:
+    - Restart php7.3-fpm
+
+- name: Configure PHP 7.3 FPM's nextcloud pool
+  copy: src=etc/php/fpm/pool.d/nextcloud.conf
+        dest=/etc/php/7.3/fpm/pool.d/nextcloud.conf
+        owner=root group=root
+        mode=0644
   notify:
-    - Restart php7.0-fpm
+    - Restart php7.3-fpm
 
-- name: Start php7.0-fpm
-  service: name=php7.0-fpm state=started
+- name: Start php7.3-fpm
+  service: name=php7.3-fpm state=started
 
 - name: Copy /etc/cron.d/nextcloud
   copy: src=etc/cron.d/nextcloud
@@ -103,6 +107,84 @@
     - genkey
 
 - import_tasks: ldap.yml
-  when: "'LDAP-provider' not in group_names"
+  when: "'LDAP_provider' not in group_names"
   tags:
     - ldap
+
+# Note: intentionally don't set an owner/group as we don't want to set
+# ownership unless the path is a mountpoint.  The service will fail
+# unless the data directory is mounted and accessible, and that's what
+# we want.
+- name: Create directory /mnt/nextcloud-data
+  file: path=/mnt/nextcloud-data
+        state=directory
+        mode=0700
+
+- name: Create directory /var/www/nextcloud
+  file: path=/var/www/nextcloud
+        state=directory
+        owner=root group=root
+        mode=0755
+
+# Note: Nextcloud doesn't like symlinked apps
+# * https://github.com/nextcloud/server/issues/10437
+# * https://github.com/nextcloud/server/issues/13556
+- name: Create directory /var/www/nextcloud/apps
+  file: path=/var/www/nextcloud/apps
+        state=directory
+        owner=_nextcloud group=nogroup
+        mode=0755
+
+- name: Create directory /var/log/nextcloud
+  file: path=/var/log/nextcloud
+        state=directory
+        owner=_nextcloud group=adm
+        mode=0750
+
+- name: Create directory /var/cache/nextcloud
+  file: path=/var/cache/nextcloud
+        state=directory
+        owner=_nextcloud group=nogroup
+        mode=0700
+
+- name: Copy Nextcloud logrotate snippet
+  copy: src=etc/logrotate.d/nextcloud
+        dest=/etc/logrotate.d/nextcloud
+        owner=root group=root
+        mode=0644
+  tags:
+    - logrotate
+
+- name: Install redis-server
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - php-redis
+    - redis-server
+
+- name: Configure Redis
+  lineinfile: dest=/etc/redis/redis.conf
+              regexp='^#?\\s*{{ item.var }}\\s+'
+              line="{{ item.var }} {{ item.value }}"
+              owner=redis group=redis
+              mode=0640
+  with_items:
+    - { var: port,           value: 0 }
+    - { var: unixsocket,     value: /run/redis/redis-server.sock }
+    - { var: unixsocketperm, value: 660 }
+  notify:
+    - Restart Redis
+
+- name: Start redis-server
+  service: name=redis-server state=started
+
+- name: Add '_nextcloud' user to 'redis' group
+  user: name=_nextcloud groups=redis append=yes
+  notify:
+    - Restart php7.3-fpm
+
+- name: Install other Nextcloud dependencies
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - libmagickcore-6.q16-6-extra