- name: Install PHP apt: pkg={{ packages }} vars: packages: - php-cli - php-bcmath - php-fpm - php-apcu - php-gd - php-gmp - php-imagick - php-mbstring - php-xml - php-curl - php-intl - php-ldap - php-mysql - php-zip - php-json - php-gmp - name: Configure PHP 7.3 Zend opcache lineinfile: dest=/etc/php/7.3/fpm/php.ini regexp='^;?{{ item.var }}\\s*=' line="{{ item.var }} = {{ item.value }}" owner=root group=root mode=0644 with_items: - { var: opcache.memory_consumption, value: 512 } - { var: opcache.revalidate_freq, value: 180 } notify: - Restart php7.3-fpm - name: Create '_nextcloud' user user: name=_nextcloud system=yes group=nogroup createhome=no home=/nonexistent shell=/usr/sbin/nologin password=! state=present - name: Delete PHP 7.3 FPM's www pool file: path=/etc/php/7.3/fpm/pool.d/www.conf state=absent notify: - Restart php7.3-fpm - name: Configure PHP 7.3 FPM's nextcloud pool copy: src=etc/php/fpm/pool.d/nextcloud.conf dest=/etc/php/7.3/fpm/pool.d/nextcloud.conf owner=root group=root mode=0644 notify: - Restart php7.3-fpm - name: Start php7.3-fpm service: name=php7.3-fpm state=started - name: Copy /etc/cron.d/nextcloud copy: src=etc/cron.d/nextcloud dest=/etc/cron.d/nextcloud owner=root group=root mode=0644 - name: Copy /etc/nginx/sites-available/nextcloud copy: src=etc/nginx/sites-available/nextcloud dest=/etc/nginx/sites-available/nextcloud owner=root group=root mode=0644 register: r1 notify: - Restart Nginx - name: Create /etc/nginx/sites-enabled/nextcloud file: src=../sites-available/nextcloud dest=/etc/nginx/sites-enabled/nextcloud owner=root group=root state=link force=yes register: r2 notify: - Restart Nginx - name: Copy HPKP header snippet # never modify the pined pubkeys as we don't want to lock out our users template: src=etc/nginx/snippets/cloud.fripost.org.hpkp-hdr.j2 dest=/etc/nginx/snippets/cloud.fripost.org.hpkp-hdr validate=/bin/false owner=root group=root mode=0644 register: r3 notify: - Restart Nginx - name: Start Nginx service: name=nginx state=started when: not (r1.changed or r2.changed or r3.changed) - meta: flush_handlers - name: Fetch Nginx's X.509 certificate # Ensure we don't fetch private data become: False fetch_cmd: cmd="openssl x509 -noout -pubkey" stdin=/etc/nginx/ssl/cloud.fripost.org.pem dest=certs/public/cloud.fripost.org.pub tags: - genkey - import_tasks: ldap.yml when: "'LDAP_provider' not in group_names" tags: - ldap # Note: intentionally don't set an owner/group as we don't want to set # ownership unless the path is a mountpoint. The service will fail # unless the data directory is mounted and accessible, and that's what # we want. - name: Create directory /mnt/nextcloud-data file: path=/mnt/nextcloud-data state=directory mode=0700 - name: Create directory /var/www/nextcloud file: path=/var/www/nextcloud state=directory owner=root group=root mode=0755 # Note: Nextcloud doesn't like symlinked apps # * https://github.com/nextcloud/server/issues/10437 # * https://github.com/nextcloud/server/issues/13556 - name: Create directory /var/www/nextcloud/apps file: path=/var/www/nextcloud/apps state=directory owner=_nextcloud group=nogroup mode=0755 - name: Create directory /var/log/nextcloud file: path=/var/log/nextcloud state=directory owner=_nextcloud group=adm mode=0750 - name: Create directory /var/cache/nextcloud file: path=/var/cache/nextcloud state=directory owner=_nextcloud group=nogroup mode=0700 - name: Copy Nextcloud logrotate snippet copy: src=etc/logrotate.d/nextcloud dest=/etc/logrotate.d/nextcloud owner=root group=root mode=0644 tags: - logrotate - name: Install redis-server apt: pkg={{ packages }} vars: packages: - php-redis - redis-server - name: Configure Redis lineinfile: dest=/etc/redis/redis.conf regexp='^#?\\s*{{ item.var }}\\s+' line="{{ item.var }} {{ item.value }}" owner=redis group=redis mode=0640 with_items: - { var: port, value: 0 } - { var: unixsocket, value: /run/redis/redis-server.sock } - { var: unixsocketperm, value: 660 } notify: - Restart Redis - name: Start redis-server service: name=redis-server state=started - name: Add '_nextcloud' user to 'redis' group user: name=_nextcloud groups=redis append=yes notify: - Restart php7.3-fpm