install role updates for 10.0.0 (#35)

* support Ubuntu 22.04 only
* update php from 7.4 to 8.1
* update mariadb from 10.3 to 10.6
* update nextcloud 23 to 24

Co-authored-by: Markus Bergholz <markus.bergholz@lekker.de>
Co-authored-by: Markus Bergholz <git@osuv.de>
Reviewed-on: #35

CHANGELOG.rst

@@ -5,6 +5,14 @@ markuman nextcloud Release Notes
 .. contents:: Topics
 
 
+v10.0.0
+=======
+
+Release Summary
+---------------
+
+The install role supports now nextcloud 25 on ubuntu 22.04 only.
+
 v9.3.0
 ======
 

README.md

@@ -23,7 +23,7 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
 
 ## Documentation / Usage
 
-* [Wiki](https://git.osuv.de/ansible_collections/markuman.nextcloud/wiki)
+* [Wiki](https://github.com/markuman/markuman.nextcloud/wiki)
 * `ansible-doc <module>`
     * e.g. `ansible-doc markuman.nextcloud.file`
 
@@ -31,7 +31,7 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
 
 | **host** | **category** |
 | --- | --- |
-| https://git.osuv.de/ansible_collections/markuman.nextcloud | origin |
+| https://gitea.osuv.de/ansible-collections/markuman.nextcloud | origin |
 | https://gitlab.com/markuman/markuman.nextcloud | push mirror, merge-requests and Issues |
 | https://github.com/markuman/markuman.nextcloud | push mirror, pull-requests and Issues |
 
@@ -39,4 +39,4 @@ Ansible Nextcloud Collection - that brings up your nextcloud usage to the next l
 | Collection Version | Supported OS | Nextcloud Version | Collection EOL |
 | --- | --- | --- | --- |
 | 9 | Ubuntu 20.04 | 23 | 2022.12 |
-| 10 | Ubuntu 22.04 | >= 24 | TBA |
+| 10 | Ubuntu 22.04 | >= 25 | TBA |

changelogs/changelog.yaml

@@ -1,5 +1,12 @@
 ancestor: null
 releases:
+  10.0.0:
+    changes:
+      release_summary: The install role supports now nextcloud 25 on ubuntu 22.04
+        only.
+    fragments:
+    - 10.0.0.yml
+    release_date: '2022-12-06'
   9.0.1-dev:
     changes:
       bugfixes:

galaxy.yml

@@ -1,7 +1,7 @@
 namespace: "markuman"
 description: bring up your nextcloud usage to the next level 🚀
 name: "nextcloud"
-version: "9.3.1"
+version: "10.0.0"
 readme: "README.md"
 authors:
     - "Markus Bergholz <markuman+spambelongstogoogle@gmail.com>"
@@ -16,4 +16,4 @@ tags:
 repository: "https://github.com/markuman/markuman.nextcloud"
 issues: "https://github.com/markuman/markuman.nextcloud/issues"
 dependencies:
-  devsec.hardening: '>=7.14.0'
+  devsec.hardening: '>=8.00.0'

meta/runtime.yml

@@ -7,5 +7,6 @@ action_groups:
   - password
   - password_info
   - talk
+  - user
   - user_info
-  - info
+  - info

plugins/lookup/passwords.py

@@ -49,12 +49,6 @@ from ansible.plugins.lookup import LookupBase
 from ansible.errors import AnsibleError
 from ansible_collections.markuman.nextcloud.plugins.module_utils.nextcloud import NextcloudHandler
 
-try:
-    import requests
-    HAS_REQUESTS_LIB = True
-except ImportError:
-    HAS_REQUESTS_LIB = False
-
 
 class LookupModule(LookupBase):
 

roles/nextcloud/defaults/main.yml

@@ -1,11 +1,11 @@
-nextcloud_version: 23.0.11
-caddy_version: 2.5.2
+nextcloud_version: 25.0.1
+caddy_version: 2.6.2
 
 nextcloud_db_name: nextcloud
 nextcloud_db_user: nextcloud
 
 # nextcloud
-install_talk: yes
+install_talk: true
 
 # php-fpm
 php_fpm:
@@ -20,3 +20,6 @@ opcache:
 
 # mariadb
 innodb_buffer_pool_size: 512M
+
+# os hardening
+os_auditd_max_log_file_action: rotate

roles/nextcloud/handlers/main.yml

@@ -9,10 +9,10 @@
 
 - name: restart php-fpm
   systemd:
-    name: php7.4-fpm
+    name: php8.1-fpm
     state: restarted
 
 - name: restart coturn
   systemd:
     name: coturn
-    state: restarted
+    state: restarted

roles/nextcloud/meta/main.yml

@@ -9,7 +9,7 @@ galaxy_info:
   platforms:
     - name: Ubuntu
       versions:
-        - focal
+        - jammy
 
   galaxy_tags:
     - nextcloud

roles/nextcloud/tasks/01-packages.yml

@@ -9,13 +9,13 @@
 
 - name: uprade all packages first
   apt:
-    update_cache: yes
+    update_cache: true
     state: latest
-    upgrade: yes
+    upgrade: true
 
 - name: install php and mariadb
   apt:
-    update_cache: yes
+    update_cache: true
     state: latest
     name:
       - mariadb-server

roles/nextcloud/tasks/02-user.yml

@@ -12,14 +12,14 @@
   ansible.posix.authorized_key:
     user: "{{ ubuntu_nextcloud_user }}"
     state: present
-    manage_dir: yes
+    manage_dir: true
     key: "{{ ubuntu_nextcloud_user_ssh_key_location }}"
 
 - name: Allow 'sudo' group to have passwordless sudo
   lineinfile:
     dest: /etc/sudoers
     state: present
-    regexp: '^%sudo	ALL=(ALL:ALL) ALL'
+    regexp: '^%sudo ALL=(ALL:ALL) ALL'
     line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
     validate: visudo -cf %s
 

roles/nextcloud/tasks/03-mariadb.yml

@@ -1,7 +1,7 @@
 - name: init root user
   command: >
     sudo mysql -uroot -e "
-    UPDATE mysql.user SET plugin='mysql_native_password';
+    SET old_passwords=0;
     SET PASSWORD FOR root@localhost = PASSWORD('{{ mariadb_root_password }}');
     FLUSH PRIVILEGES;"
 
@@ -60,3 +60,4 @@
   with_items:
     - innodb_buffer_pool_size = "{{ innodb_buffer_pool_size }}"
     - max_allowed_packet = 64M
+    - innodb_read_only_compressed = 0

roles/nextcloud/tasks/04-php.yml

@@ -2,7 +2,7 @@
   notify:
     - restart php-fpm
   lineinfile:
-    dest: /etc/php/7.4/fpm/pool.d/www.conf
+    dest: /etc/php/8.1/fpm/pool.d/www.conf
     state: present
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
@@ -30,7 +30,7 @@
   notify:
     - restart php-fpm
   lineinfile:
-    dest: /etc/php/7.4/fpm/php.ini
+    dest: /etc/php/8.1/fpm/php.ini
     state: present
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
@@ -58,7 +58,7 @@
   notify:
     - restart php-fpm
   lineinfile:
-    dest: /etc/php/7.4/cli/php.ini
+    dest: /etc/php/8.1/cli/php.ini
     state: present
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"
@@ -72,6 +72,6 @@
   notify:
     - restart php-fpm
   lineinfile:
-    dest: /etc/php/7.4/cli/php.ini
+    dest: /etc/php/8.1/cli/php.ini
     state: present
     line: apc.enable_cli=1

roles/nextcloud/tasks/05-caddy.yml

@@ -4,6 +4,9 @@
 
 - name: change caddy user to www-data
   lineinfile:
+    mode: '0755'
+    owner: root
+    group: root
     dest: /lib/systemd/system/caddy.service
     regexp: "{{ item.regexp }}"
     line: "{{ item.line }}"

roles/nextcloud/tasks/06-nextcloud.yml

@@ -2,7 +2,7 @@
   unarchive:
     src: "https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.zip"
     dest: "/var/www/"
-    remote_src: yes
+    remote_src: true
     owner: www-data
     group: www-data
 
@@ -20,7 +20,7 @@
   command: "sudo -u www-data php occ app:{{ item }}"
   with_items:
     - enable bruteforcesettings
-    - install twofactor_totp
+    - enable twofactor_totp
 
 - name: nextcloud system settings
   args:
@@ -30,8 +30,8 @@
     - "trusted_domains 2 --value={{ nextcloud_fqdn }}"
     - memcache.local --value='\OC\Memcache\APCu'
     - overwrite.cli.url --value={{ nextcloud_fqdn }}
-    - preview_max_x --value 500
-    - preview_max_y --value 500
+    - preview_max_x --value 1024
+    - preview_max_y --value 1920
     - jpeg_quality --value 50
     - overwriteprotocol --value="https"
     - htaccess.IgnoreFrontController --value=true
@@ -41,13 +41,14 @@
     chdir: /var/www/nextcloud/
   command: "sudo -u www-data php occ config:app:set {{ item }}"
   with_items:
-    - previewgenerator squareSizes --value="32 256"
-    - previewgenerator widthSizes  --value="256 384"
-    - previewgenerator heightSizes --value="256"
+    - previewgenerator squareSizes --value="32 64 1024"
+    - previewgenerator widthSizes  --value="64 128 1024"
+    - previewgenerator heightSizes --value="64 256 1024"
     - preview jpeg_quality --value="50"
 
 - name: systemd timer service
-  copy:
+  ansible.builtin.copy:
+    mode: '0755'
     dest: /etc/systemd/system/nextcloudcron.service
     content: |
       [Unit]
@@ -59,7 +60,8 @@
       KillMode=process
 
 - name: systemd timer
-  copy:
+  ansible.builtin.copy:
+    mode: '0755'
     dest: /etc/systemd/system/nextcloudcron.timer
     content: |
       [Unit]
@@ -77,4 +79,4 @@
   systemd:
     name: nextcloudcron.timer
     state: started
-    enabled: yes
+    enabled: true

roles/nextcloud/tasks/07-coturn.yml

@@ -7,7 +7,7 @@
 
 - name: install coturn
   apt:
-    update_cache: yes
+    update_cache: true
     state: latest
     name:
       - coturn

roles/nextcloud/tasks/main.yml

@@ -4,7 +4,3 @@
 - include_tasks: 04-php.yml
 - include_tasks: 05-caddy.yml
 - include_tasks: 06-nextcloud.yml
-
-- name: install and setup nc talk (spreed) and coturn
-  when: install_talk
-  include_tasks: 07-coturn.yml

roles/nextcloud/templates/caddyfile.j2

@@ -5,7 +5,7 @@
 {{ nextcloud_fqdn }} {
         root * /var/www/nextcloud/
         file_server
-        php_fastcgi unix//run/php/php7.4-fpm.sock {
+        php_fastcgi unix//run/php/php8.1-fpm.sock {
                 env PATH /bin
                 env front_controller_active true
         }

tests/integration/targets/file/tasks/main.yml

@@ -11,7 +11,7 @@
     src: /tmp/ansible.svg
     dest: ansible.svg
   register: out_state
-  check_mode: yes
+  check_mode: true
 
 - name: check_mode state must be changed
   assert:
@@ -62,7 +62,7 @@
     src: ansible.svg
     dest: /tmp/tmp.svg
   register: out_state
-  check_mode: yes
+  check_mode: true
 
 - name: check_mode state must be changed
   assert:
@@ -144,7 +144,7 @@
   markuman.nextcloud.file:
     source: Photos
     mode: delete
-    delete_recursively: yes
+    delete_recursively: true
   register: out_state
 
 - name: delete resursively state must be changed
@@ -156,7 +156,7 @@
   markuman.nextcloud.file:
     source: Photos
     mode: delete
-    delete_recursively: yes
+    delete_recursively: true
   register: out_state
 
 - name: delete resursively state must be changed

tests/integration/targets/localhost.yml

@@ -7,10 +7,10 @@
     - name: start nextcloud container
       community.docker.docker_container:
         name: nextcloudintergrationtest
-        image: "nextcloud:{{ nextcloud_version | default('24-apache') }}"
+        image: "nextcloud:{{ nextcloud_version | default('25-apache') }}"
         state: started
-        auto_remove: yes
-        recreate: yes
+        auto_remove: true
+        recreate: true
         container_default_behavior: no_defaults
         published_ports:
           - 127.0.0.1:80:80
@@ -133,4 +133,4 @@
           community.docker.docker_container:
             name: nextcloudintergrationtest
             state: stopped
-            container_default_behavior: no_defaults
+            container_default_behavior: no_defaults

tests/integration/targets/passwords/tasks/main.yml

@@ -9,7 +9,7 @@
       markuman.nextcloud.password:
         name: ansible-test-01
       register: out
-      check_mode: yes
+      check_mode: true
 
     - name: check_mode create
       assert:
@@ -50,7 +50,7 @@
       assert:
         that:
           - out is changed
-      
+
     - name: fetched created password
       markuman.nextcloud.password_info:
         name: ansible-test-02
@@ -78,7 +78,7 @@
         name: ansible-test-02
         password: "{{ lookup('markuman.nextcloud.generate_password', host=NEXTCLOUD_HOST, user=NEXTCLOUD_USER, api_token=NEXTCLOUD_TOKEN, ssl_mode=SSL_MODE) }}"
         update_password: always
-      check_mode: yes
+      check_mode: true
       register: out
 
     - name: pseudo updated
@@ -171,7 +171,7 @@
       markuman.nextcloud.password:
         name: ansible-test-01
         state: absent
-      check_mode: yes
+      check_mode: true
       register: out
 
     - name: check_mode delete

tests/integration/targets/woodpecker.yml

@@ -1,11 +1,11 @@
 ---
 - hosts: localhost
   connection: local
-  gather_facts: no
+  gather_facts: false
 
   vars:
     SSL_MODE: http
-  
+
   module_defaults:
     markuman.nextcloud.file:
       ssl_mode: "{{ SSL_MODE }}"
@@ -51,4 +51,4 @@
         - name: passwords integration test
           when: SSL_MODE != 'http'
           include_role:
-            name: passwords
+            name: passwords