install role updates for 10.0.0 (#35)
* support Ubuntu 22.04 only * update php from 7.4 to 8.1 * update mariadb from 10.3 to 10.6 * update nextcloud 23 to 24 Co-authored-by: Markus Bergholz <markus.bergholz@lekker.de> Co-authored-by: Markus Bergholz <git@osuv.de> Reviewed-on: #35
This commit is contained in:
parent
5127cd08d9
commit
eb3b57f7d0
|
@ -5,6 +5,14 @@ markuman nextcloud Release Notes
|
|||
.. contents:: Topics
|
||||
|
||||
|
||||
v10.0.0
|
||||
=======
|
||||
|
||||
Release Summary
|
||||
---------------
|
||||
|
||||
The install role supports now nextcloud 25 on ubuntu 22.04 only.
|
||||
|
||||
v9.3.0
|
||||
======
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
|
|||
|
||||
## Documentation / Usage
|
||||
|
||||
* [Wiki](https://git.osuv.de/ansible_collections/markuman.nextcloud/wiki)
|
||||
* [Wiki](https://github.com/markuman/markuman.nextcloud/wiki)
|
||||
* `ansible-doc <module>`
|
||||
* e.g. `ansible-doc markuman.nextcloud.file`
|
||||
|
||||
|
@ -31,7 +31,7 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
|
|||
|
||||
| **host** | **category** |
|
||||
| --- | --- |
|
||||
| https://git.osuv.de/ansible_collections/markuman.nextcloud | origin |
|
||||
| https://gitea.osuv.de/ansible-collections/markuman.nextcloud | origin |
|
||||
| https://gitlab.com/markuman/markuman.nextcloud | push mirror, merge-requests and Issues |
|
||||
| https://github.com/markuman/markuman.nextcloud | push mirror, pull-requests and Issues |
|
||||
|
||||
|
@ -39,4 +39,4 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
|
|||
| Collection Version | Supported OS | Nextcloud Version | Collection EOL |
|
||||
| --- | --- | --- | --- |
|
||||
| 9 | Ubuntu 20.04 | 23 | 2022.12 |
|
||||
| 10 | Ubuntu 22.04 | >= 24 | TBA |
|
||||
| 10 | Ubuntu 22.04 | >= 25 | TBA |
|
|
@ -1,5 +1,12 @@
|
|||
ancestor: null
|
||||
releases:
|
||||
10.0.0:
|
||||
changes:
|
||||
release_summary: The install role supports now nextcloud 25 on ubuntu 22.04
|
||||
only.
|
||||
fragments:
|
||||
- 10.0.0.yml
|
||||
release_date: '2022-12-06'
|
||||
9.0.1-dev:
|
||||
changes:
|
||||
bugfixes:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
namespace: "markuman"
|
||||
description: bring up your nextcloud usage to the next level 🚀
|
||||
name: "nextcloud"
|
||||
version: "9.3.1"
|
||||
version: "10.0.0"
|
||||
readme: "README.md"
|
||||
authors:
|
||||
- "Markus Bergholz <markuman+spambelongstogoogle@gmail.com>"
|
||||
|
@ -16,4 +16,4 @@ tags:
|
|||
repository: "https://github.com/markuman/markuman.nextcloud"
|
||||
issues: "https://github.com/markuman/markuman.nextcloud/issues"
|
||||
dependencies:
|
||||
devsec.hardening: '>=7.14.0'
|
||||
devsec.hardening: '>=8.00.0'
|
||||
|
|
|
@ -7,5 +7,6 @@ action_groups:
|
|||
- password
|
||||
- password_info
|
||||
- talk
|
||||
- user
|
||||
- user_info
|
||||
- info
|
||||
- info
|
||||
|
|
|
@ -49,12 +49,6 @@ from ansible.plugins.lookup import LookupBase
|
|||
from ansible.errors import AnsibleError
|
||||
from ansible_collections.markuman.nextcloud.plugins.module_utils.nextcloud import NextcloudHandler
|
||||
|
||||
try:
|
||||
import requests
|
||||
HAS_REQUESTS_LIB = True
|
||||
except ImportError:
|
||||
HAS_REQUESTS_LIB = False
|
||||
|
||||
|
||||
class LookupModule(LookupBase):
|
||||
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
nextcloud_version: 23.0.11
|
||||
caddy_version: 2.5.2
|
||||
nextcloud_version: 25.0.1
|
||||
caddy_version: 2.6.2
|
||||
|
||||
nextcloud_db_name: nextcloud
|
||||
nextcloud_db_user: nextcloud
|
||||
|
||||
# nextcloud
|
||||
install_talk: yes
|
||||
install_talk: true
|
||||
|
||||
# php-fpm
|
||||
php_fpm:
|
||||
|
@ -20,3 +20,6 @@ opcache:
|
|||
|
||||
# mariadb
|
||||
innodb_buffer_pool_size: 512M
|
||||
|
||||
# os hardening
|
||||
os_auditd_max_log_file_action: rotate
|
|
@ -9,10 +9,10 @@
|
|||
|
||||
- name: restart php-fpm
|
||||
systemd:
|
||||
name: php7.4-fpm
|
||||
name: php8.1-fpm
|
||||
state: restarted
|
||||
|
||||
- name: restart coturn
|
||||
systemd:
|
||||
name: coturn
|
||||
state: restarted
|
||||
state: restarted
|
||||
|
|
|
@ -9,7 +9,7 @@ galaxy_info:
|
|||
platforms:
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- focal
|
||||
- jammy
|
||||
|
||||
galaxy_tags:
|
||||
- nextcloud
|
||||
|
|
|
@ -9,13 +9,13 @@
|
|||
|
||||
- name: uprade all packages first
|
||||
apt:
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
state: latest
|
||||
upgrade: yes
|
||||
upgrade: true
|
||||
|
||||
- name: install php and mariadb
|
||||
apt:
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
state: latest
|
||||
name:
|
||||
- mariadb-server
|
||||
|
|
|
@ -12,14 +12,14 @@
|
|||
ansible.posix.authorized_key:
|
||||
user: "{{ ubuntu_nextcloud_user }}"
|
||||
state: present
|
||||
manage_dir: yes
|
||||
manage_dir: true
|
||||
key: "{{ ubuntu_nextcloud_user_ssh_key_location }}"
|
||||
|
||||
- name: Allow 'sudo' group to have passwordless sudo
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo ALL=(ALL:ALL) ALL'
|
||||
regexp: '^%sudo ALL=(ALL:ALL) ALL'
|
||||
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
||||
validate: visudo -cf %s
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
- name: init root user
|
||||
command: >
|
||||
sudo mysql -uroot -e "
|
||||
UPDATE mysql.user SET plugin='mysql_native_password';
|
||||
SET old_passwords=0;
|
||||
SET PASSWORD FOR root@localhost = PASSWORD('{{ mariadb_root_password }}');
|
||||
FLUSH PRIVILEGES;"
|
||||
|
||||
|
@ -60,3 +60,4 @@
|
|||
with_items:
|
||||
- innodb_buffer_pool_size = "{{ innodb_buffer_pool_size }}"
|
||||
- max_allowed_packet = 64M
|
||||
- innodb_read_only_compressed = 0
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
notify:
|
||||
- restart php-fpm
|
||||
lineinfile:
|
||||
dest: /etc/php/7.4/fpm/pool.d/www.conf
|
||||
dest: /etc/php/8.1/fpm/pool.d/www.conf
|
||||
state: present
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
|
@ -30,7 +30,7 @@
|
|||
notify:
|
||||
- restart php-fpm
|
||||
lineinfile:
|
||||
dest: /etc/php/7.4/fpm/php.ini
|
||||
dest: /etc/php/8.1/fpm/php.ini
|
||||
state: present
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
|
@ -58,7 +58,7 @@
|
|||
notify:
|
||||
- restart php-fpm
|
||||
lineinfile:
|
||||
dest: /etc/php/7.4/cli/php.ini
|
||||
dest: /etc/php/8.1/cli/php.ini
|
||||
state: present
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
|
@ -72,6 +72,6 @@
|
|||
notify:
|
||||
- restart php-fpm
|
||||
lineinfile:
|
||||
dest: /etc/php/7.4/cli/php.ini
|
||||
dest: /etc/php/8.1/cli/php.ini
|
||||
state: present
|
||||
line: apc.enable_cli=1
|
||||
|
|
|
@ -4,6 +4,9 @@
|
|||
|
||||
- name: change caddy user to www-data
|
||||
lineinfile:
|
||||
mode: '0755'
|
||||
owner: root
|
||||
group: root
|
||||
dest: /lib/systemd/system/caddy.service
|
||||
regexp: "{{ item.regexp }}"
|
||||
line: "{{ item.line }}"
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
unarchive:
|
||||
src: "https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.zip"
|
||||
dest: "/var/www/"
|
||||
remote_src: yes
|
||||
remote_src: true
|
||||
owner: www-data
|
||||
group: www-data
|
||||
|
||||
|
@ -20,7 +20,7 @@
|
|||
command: "sudo -u www-data php occ app:{{ item }}"
|
||||
with_items:
|
||||
- enable bruteforcesettings
|
||||
- install twofactor_totp
|
||||
- enable twofactor_totp
|
||||
|
||||
- name: nextcloud system settings
|
||||
args:
|
||||
|
@ -30,8 +30,8 @@
|
|||
- "trusted_domains 2 --value={{ nextcloud_fqdn }}"
|
||||
- memcache.local --value='\OC\Memcache\APCu'
|
||||
- overwrite.cli.url --value={{ nextcloud_fqdn }}
|
||||
- preview_max_x --value 500
|
||||
- preview_max_y --value 500
|
||||
- preview_max_x --value 1024
|
||||
- preview_max_y --value 1920
|
||||
- jpeg_quality --value 50
|
||||
- overwriteprotocol --value="https"
|
||||
- htaccess.IgnoreFrontController --value=true
|
||||
|
@ -41,13 +41,14 @@
|
|||
chdir: /var/www/nextcloud/
|
||||
command: "sudo -u www-data php occ config:app:set {{ item }}"
|
||||
with_items:
|
||||
- previewgenerator squareSizes --value="32 256"
|
||||
- previewgenerator widthSizes --value="256 384"
|
||||
- previewgenerator heightSizes --value="256"
|
||||
- previewgenerator squareSizes --value="32 64 1024"
|
||||
- previewgenerator widthSizes --value="64 128 1024"
|
||||
- previewgenerator heightSizes --value="64 256 1024"
|
||||
- preview jpeg_quality --value="50"
|
||||
|
||||
- name: systemd timer service
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
mode: '0755'
|
||||
dest: /etc/systemd/system/nextcloudcron.service
|
||||
content: |
|
||||
[Unit]
|
||||
|
@ -59,7 +60,8 @@
|
|||
KillMode=process
|
||||
|
||||
- name: systemd timer
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
mode: '0755'
|
||||
dest: /etc/systemd/system/nextcloudcron.timer
|
||||
content: |
|
||||
[Unit]
|
||||
|
@ -77,4 +79,4 @@
|
|||
systemd:
|
||||
name: nextcloudcron.timer
|
||||
state: started
|
||||
enabled: yes
|
||||
enabled: true
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
- name: install coturn
|
||||
apt:
|
||||
update_cache: yes
|
||||
update_cache: true
|
||||
state: latest
|
||||
name:
|
||||
- coturn
|
||||
|
|
|
@ -4,7 +4,3 @@
|
|||
- include_tasks: 04-php.yml
|
||||
- include_tasks: 05-caddy.yml
|
||||
- include_tasks: 06-nextcloud.yml
|
||||
|
||||
- name: install and setup nc talk (spreed) and coturn
|
||||
when: install_talk
|
||||
include_tasks: 07-coturn.yml
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
{{ nextcloud_fqdn }} {
|
||||
root * /var/www/nextcloud/
|
||||
file_server
|
||||
php_fastcgi unix//run/php/php7.4-fpm.sock {
|
||||
php_fastcgi unix//run/php/php8.1-fpm.sock {
|
||||
env PATH /bin
|
||||
env front_controller_active true
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
src: /tmp/ansible.svg
|
||||
dest: ansible.svg
|
||||
register: out_state
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
|
||||
- name: check_mode state must be changed
|
||||
assert:
|
||||
|
@ -62,7 +62,7 @@
|
|||
src: ansible.svg
|
||||
dest: /tmp/tmp.svg
|
||||
register: out_state
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
|
||||
- name: check_mode state must be changed
|
||||
assert:
|
||||
|
@ -144,7 +144,7 @@
|
|||
markuman.nextcloud.file:
|
||||
source: Photos
|
||||
mode: delete
|
||||
delete_recursively: yes
|
||||
delete_recursively: true
|
||||
register: out_state
|
||||
|
||||
- name: delete resursively state must be changed
|
||||
|
@ -156,7 +156,7 @@
|
|||
markuman.nextcloud.file:
|
||||
source: Photos
|
||||
mode: delete
|
||||
delete_recursively: yes
|
||||
delete_recursively: true
|
||||
register: out_state
|
||||
|
||||
- name: delete resursively state must be changed
|
||||
|
|
|
@ -7,10 +7,10 @@
|
|||
- name: start nextcloud container
|
||||
community.docker.docker_container:
|
||||
name: nextcloudintergrationtest
|
||||
image: "nextcloud:{{ nextcloud_version | default('24-apache') }}"
|
||||
image: "nextcloud:{{ nextcloud_version | default('25-apache') }}"
|
||||
state: started
|
||||
auto_remove: yes
|
||||
recreate: yes
|
||||
auto_remove: true
|
||||
recreate: true
|
||||
container_default_behavior: no_defaults
|
||||
published_ports:
|
||||
- 127.0.0.1:80:80
|
||||
|
@ -133,4 +133,4 @@
|
|||
community.docker.docker_container:
|
||||
name: nextcloudintergrationtest
|
||||
state: stopped
|
||||
container_default_behavior: no_defaults
|
||||
container_default_behavior: no_defaults
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
markuman.nextcloud.password:
|
||||
name: ansible-test-01
|
||||
register: out
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
|
||||
- name: check_mode create
|
||||
assert:
|
||||
|
@ -50,7 +50,7 @@
|
|||
assert:
|
||||
that:
|
||||
- out is changed
|
||||
|
||||
|
||||
- name: fetched created password
|
||||
markuman.nextcloud.password_info:
|
||||
name: ansible-test-02
|
||||
|
@ -78,7 +78,7 @@
|
|||
name: ansible-test-02
|
||||
password: "{{ lookup('markuman.nextcloud.generate_password', host=NEXTCLOUD_HOST, user=NEXTCLOUD_USER, api_token=NEXTCLOUD_TOKEN, ssl_mode=SSL_MODE) }}"
|
||||
update_password: always
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
register: out
|
||||
|
||||
- name: pseudo updated
|
||||
|
@ -171,7 +171,7 @@
|
|||
markuman.nextcloud.password:
|
||||
name: ansible-test-01
|
||||
state: absent
|
||||
check_mode: yes
|
||||
check_mode: true
|
||||
register: out
|
||||
|
||||
- name: check_mode delete
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
connection: local
|
||||
gather_facts: no
|
||||
gather_facts: false
|
||||
|
||||
vars:
|
||||
SSL_MODE: http
|
||||
|
||||
|
||||
module_defaults:
|
||||
markuman.nextcloud.file:
|
||||
ssl_mode: "{{ SSL_MODE }}"
|
||||
|
@ -51,4 +51,4 @@
|
|||
- name: passwords integration test
|
||||
when: SSL_MODE != 'http'
|
||||
include_role:
|
||||
name: passwords
|
||||
name: passwords
|
||||
|
|
Loading…
Reference in New Issue