ansible-collections
/
markuman.nextcloud
1
0
Fork 0
Code Issues 6 Pull Requests 2 Actions Packages Projects 1 Releases 22 Wiki Activity
Page: install role
Pages
Home callback_talk development file file_info generate_password install role password password_info passwords talk user user_info
26 install role
m edited this page 2023-02-07 11:45:57 +00:00
Table of Contents

markuman.nextcloud.nextcloud

Collection Version Supported OS Nextcloud Version EOL
9 Ubuntu 20.04 23 2022.12
>= 10 Ubuntu 22.04 >= 25 2024.12

This ansible installation role supports only Ubuntu LTS.
Furthermore it depends on ansible devsec.hardening collection that is applied on

  • ssh
  • os
  • mariadb

And it does even more:

  • setup ufw
  • setup letsencrypt with TLSv1.3 in caddy
  • configured smooth preview settings for nextcloud gallery app and preview generator
  • ...
out of scope

This role does not cover

  • Other distributions
  • apache, nginx
  • postgres

requirements

  • ansible >= 2.9.10
  • collection dependencies
    • devsec.hardening
    • community.mysql

hardware recommendations

Basically 1 Core and 512MB are sufficient to serve a nextcloud. And it heavily depends on its usage if it is sufficient or not.
That might be also sufficient for this installation role. However, the recommendations for this role are at least:

  • >= 1 Core
  • >= 2 GB Mempry

...the more the better ;)
Note that innodb_buffer_pool_size value of mariadb is set to 1/4 of the available memory, but at least to 512M.

example

---
- hosts: some.nextcloud.domain
  become: yes

  vars:
    ubuntu_nextcloud_user: ubuntu
    ubuntu_nextcloud_user_ssh_key_location: https://github.com/markuman.keys

    nextcloud_fqdn: "{{ inventory_hostname }}"
    lets_encrypt_mail: git@osuv.de

    mariadb_root_password: some_random_mysql_root_pws
    nextcloud_db_password: some_random_nextcloud_database_password

    nextcloud_admin_user: admin
    nextcloud_admin_password: some_strong_password

  roles:
    - markuman.nextcloud.nextcloud

install_media

Added in 10.1.0

If install_media: yes, the collection will install and configure

  • recognize
  • memories
  • previewgenerator
  • richdocuments (nextcloud office)
  • richdocumentscode (nextcloud office)

defaults

There are some settings that needs to be adjust/increased, based on the useage and resources of your nextcloud.

Firewall Settings

Direction Port
IN 22 (SSH Rate Limit)
IN 80 (HTTP)
IN 443 (HTTPS)
OUT 22 (SSH)
OUT 53 (DNS)
OUT 123 (NTP)
OUT 80 (HTTP)
OUT 443 (HTTPS)
OUT 465 (TLS SMTP)
OUT 993 (TLS IMAP)

Role Variables

Variale Name Required Default Value version_added
ubuntu_nextcloud_user yes
ubuntu_nextcloud_user_ssh_key_location yes
nextcloud_fqdn yes
install_talk no yes
lets_encrypt_mail yes
mariadb_root_password yes
nextcloud_db_password yes
nextcloud_admin_user yes
nextcloud_admin_password yes
php_fpm.max_children no 120
php_fpm.start_servers no 12
php_fpm.min_spare_servers no 6
php_fpm.max_spare_servers no 18
opcache.interned_strings_buffer no 16
innodb_buffer_pool_size no 512M
install_media no yes 10.1.0
remove_dead_authtokens_after_days no 21 11.1.0