From 5ad9fc5e963b9a461f60799d7f185a9e2e13522f Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 3 Dec 2018 03:37:19 +0100 Subject: Define new host "calima" serving Nextcloud. --- roles/nextcloud/tasks/ldap.yml | 17 +++++++ roles/nextcloud/tasks/main.yml | 108 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+) create mode 100644 roles/nextcloud/tasks/ldap.yml create mode 100644 roles/nextcloud/tasks/main.yml (limited to 'roles/nextcloud/tasks') diff --git a/roles/nextcloud/tasks/ldap.yml b/roles/nextcloud/tasks/ldap.yml new file mode 100644 index 0000000..17cd963 --- /dev/null +++ b/roles/nextcloud/tasks/ldap.yml @@ -0,0 +1,17 @@ +- name: Create /etc/ldap/ssl + file: path=/etc/ldap/ssl + state=directory + owner=root group=root + mode=0755 + +- name: Copy the slapd X.509 certificate + copy: src=certs/ldap/ldap.fripost.org.pem + dest=/etc/ldap/ssl/ldap.fripost.org.pem + owner=root group=root + mode=0644 + +- name: Copy ldap.conf(5) + copy: src=etc/ldap/ldap.conf + dest=/etc/ldap/ldap.conf + owner=root group=root + mode=0644 diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml new file mode 100644 index 0000000..09554e0 --- /dev/null +++ b/roles/nextcloud/tasks/main.yml @@ -0,0 +1,108 @@ +- name: Install PHP + apt: pkg={{ packages }} + vars: + packages: + - php-cli + - php-fpm + - php-apcu + - php-gd + - php-imagick + - php-mbstring + - php-mcrypt + - php-xml + - php-curl + - php-intl + - php-ldap + - php-mysql + - php-zip + - php-json + +- name: Configure PHP 7.0 Zend opcache + lineinfile: dest=/etc/php/7.0/fpm/php.ini + regexp='^;?{{ item.var }}\\s*=' + line="{{ item.var }} = {{ item.value }}" + owner=root group=root + mode=0644 + with_items: + - { var: opcache.enable, value: 1 } + - { var: opcache.enable_cli, value: 1 } + - { var: opcache.memory_consumption, value: 128 } + - { var: opcache.interned_strings_buffer, value: 8 } + - { var: opcache.max_accelerated_files, value: 10000 } + - { var: opcache.revalidate_freq, value: 1 } + - { var: opcache.fast_shutdown, value: 1 } + notify: + - Restart php7.0-fpm + +- name: Configure PHP 7.0 pool environment + lineinfile: dest=/etc/php/7.0/fpm/pool.d/www.conf + regexp='^;?env\[{{ item.var }}\]\\s*=' + line="env[{{ item.var }}] = {{ item.value }}" + owner=root group=root + mode=0644 + with_items: + - { var: HOSTNAME, value: "$HOSTNAME" } + - { var: PATH, value: "/usr/bin:/bin" } + - { var: TMP, value: "/tmp" } + - { var: TMPDIR, value: "/tmp" } + - { var: TEMP, value: "/tmp" } + notify: + - Restart php7.0-fpm + +- name: Start php7.0-fpm + service: name=php7.0-fpm state=started + +- name: Copy /etc/cron.d/nextcloud + copy: src=etc/cron.d/nextcloud + dest=/etc/cron.d/nextcloud + owner=root group=root + mode=0644 + +- name: Copy /etc/nginx/sites-available/nextcloud + copy: src=etc/nginx/sites-available/nextcloud + dest=/etc/nginx/sites-available/nextcloud + owner=root group=root + mode=0644 + register: r1 + notify: + - Restart Nginx + +- name: Create /etc/nginx/sites-enabled/nextcloud + file: src=../sites-available/nextcloud + dest=/etc/nginx/sites-enabled/nextcloud + owner=root group=root + state=link force=yes + register: r2 + notify: + - Restart Nginx + +- name: Copy HPKP header snippet + # never modify the pined pubkeys as we don't want to lock out our users + template: src=etc/nginx/snippets/cloud.fripost.org.hpkp-hdr.j2 + dest=/etc/nginx/snippets/cloud.fripost.org.hpkp-hdr + validate=/bin/false + owner=root group=root + mode=0644 + register: r3 + notify: + - Restart Nginx + +- name: Start Nginx + service: name=nginx state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers + +- name: Fetch Nginx's X.509 certificate + # Ensure we don't fetch private data + become: False + fetch_cmd: cmd="openssl x509 -noout -pubkey" + stdin=/etc/nginx/ssl/cloud.fripost.org.pem + dest=certs/public/cloud.fripost.org.pub + tags: + - genkey + +- import_tasks: ldap.yml + when: "'LDAP-provider' not in group_names" + tags: + - ldap -- cgit v1.2.3