From f6a4c7892d53bcaea20a75849c993cfceb0a4800 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 27 Nov 2022 18:09:56 +0000 Subject: [PATCH 1/3] Bump ansible-community/ansible-lint-action from 6.2.1 to 6.8.2 Bumps [ansible-community/ansible-lint-action](https://github.com/ansible-community/ansible-lint-action) from 6.2.1 to 6.8.2. - [Release notes](https://github.com/ansible-community/ansible-lint-action/releases) - [Commits](https://github.com/ansible-community/ansible-lint-action/compare/v6.2.1...v6.8.2) --- updated-dependencies: - dependency-name: ansible-community/ansible-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/ansible-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index a42a0365..ad415c6f 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -14,7 +14,7 @@ jobs: - name: Run ansible-lint # replace `main` with any valid ref, or tags like `v6` - uses: ansible-community/ansible-lint-action@v6.2.1 + uses: ansible-community/ansible-lint-action@v6.8.2 # optional: # with: # path: "playbooks/" # <-- only one value is allowed From 139ec82d1d7a2df7f4c9a5d93b7b57c7d32cdf9c Mon Sep 17 00:00:00 2001 From: staticdev Date: Tue, 29 Nov 2022 12:20:55 +0100 Subject: [PATCH 2/3] Fix ansible-lint 6.8 errors --- defaults/main.yml | 44 +++++++++++++++++------------------ handlers/main.yml | 16 ++++++------- tasks/db_mysql.yml | 2 +- tasks/main.yml | 48 +++++++++++++++++++-------------------- tasks/nc_apps.yml | 20 ++++++++-------- tasks/nc_download.yml | 10 ++++---- tasks/nc_installation.yml | 6 ++--- tasks/setup_env.yml | 10 ++++---- tasks/tls_installed.yml | 20 ++++------------ tasks/tls_selfsigned.yml | 12 ++++++---- tasks/tls_signed.yml | 9 ++++---- vars/main.yml | 12 +++++----- 12 files changed, 101 insertions(+), 108 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 65a32d7e..5345aebc 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,29 +3,29 @@ # [DOWNLOAD] # An URL will be generated following naming rules used by nextcloud's repository # Not following this rules correctly will make the role unable to download nextcloud. -nextcloud_version_channel: "releases" # mandatory # (releases | prereleases | daily) +nextcloud_version_channel: "releases" # mandatory # (releases/prereleases/daily) # channel releases requires version_full. # channel prereleases requires version_full. Optional: version_special. # channel daily requires requires version_full & version_special. nextcloud_get_latest: true # mandatory # specify if the latest archive should be downloaded. -# Override generated file name for channels: releases | daily. +# Override generated file name for channels: releases/daily. # optional : version_major. -# nextcloud_version_major: 10 # (9 | 10 | 11| ..) for releases | for daily : (master | stable9 | stable10 | ...) -# nextcloud_version_full: "10.0.3" # full version string -# nextcloud_version_special: "" # For prereleases: "RCn|beta" | for daily "YYYY-MM-DD" +# nextcloud_version_major: 25 # (23/24/25/26) for releases or for daily (master/stable25/stable26...) +# nextcloud_version_full: "24.0.3" # full version string +# nextcloud_version_special: "" # For prereleases: "RCn/beta" or for daily "YYYY-MM-DD" nextcloud_repository: "https://download.nextcloud.com/server" # Domain URL where to download Nextcloud. -nextcloud_archive_format: "zip" # zip | tar.bz2 +nextcloud_archive_format: "zip" # zip/tar.bz2 # nextcloud_full_url: "https://download.nextcloud.com/server/releases/nextcloud-23.0.0.zip" # specify directly a full URL to the archive # [PHP CONFIG AND EXTENSIONS] # by default, use references stored in defaults/php_configs.yml -php_ver: "{{ os_config_ref[ansible_distribution|lower][ansible_distribution_release|lower].php_ver }}" -php_dir: "{{ php_config_ref[php_ver|replace('.','_')].php_dir | d(php_config_ref.defaults.php_dir) }}" -php_bin: "{{ php_config_ref[php_ver|replace('.','_')].php_bin | d(php_config_ref.defaults.php_bin) }}" -php_pkg_apcu: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_apcu | d(php_config_ref.defaults.php_pkg_apcu) }}" -php_pkg_spe: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_spe | d(php_config_ref.defaults.php_pkg_spe) }}" -php_socket: "{{ php_config_ref[php_ver|replace('.','_')].php_socket | d(php_config_ref.defaults.php_socket) }}" +php_ver: "{{ os_config_ref[ansible_distribution | lower][ansible_distribution_release | lower].php_ver }}" +php_dir: "{{ php_config_ref[php_ver | replace('.', '_')].php_dir | d(php_config_ref.defaults.php_dir) }}" +php_bin: "{{ php_config_ref[php_ver | replace('.', '_')].php_bin | d(php_config_ref.defaults.php_bin) }}" +php_pkg_apcu: "{{ php_config_ref[php_ver | replace('.', '_')].php_pkg_apcu | d(php_config_ref.defaults.php_pkg_apcu) }}" +php_pkg_spe: "{{ php_config_ref[php_ver | replace('.', '_')].php_pkg_spe | d(php_config_ref.defaults.php_pkg_spe) }}" +php_socket: "{{ php_config_ref[php_ver | replace('.', '_')].php_socket | d(php_config_ref.defaults.php_socket) }}" php_memory_limit: 512M # [NEXTCLOUD CONFIG] @@ -40,9 +40,9 @@ nextcloud_trusted_proxies: [] nextcloud_instance_name: "{{ nextcloud_trusted_domain | first }}" nextcloud_install_websrv: true -nextcloud_websrv: "apache2" # "apache2" | "nginx" -nextcloud_websrv_user: "{{ os_config_ref[ansible_os_family|lower].defaults.nextcloud_websrv_user }}" -nextcloud_websrv_group: "{{ os_config_ref[ansible_os_family|lower].defaults.nextcloud_websrv_group }}" +nextcloud_websrv: "apache2" # "apache2"/"nginx" +nextcloud_websrv_user: "{{ os_config_ref[ansible_os_family | lower].defaults.nextcloud_websrv_user }}" +nextcloud_websrv_group: "{{ os_config_ref[ansible_os_family | lower].defaults.nextcloud_websrv_group }}" nextcloud_disable_websrv_default_site: false nextcloud_websrv_template: "templates/{{ nextcloud_websrv }}_nc.j2" nextcloud_webroot: "/opt/nextcloud" @@ -69,16 +69,16 @@ nextcloud_config_settings: - { name: 'memcache.local', value: '\OC\Memcache\APCu' } - { name: 'open_basedir', value: '/dev/urandom' } - { name: 'mysql.utf8mb4', value: 'true' } - - { name: 'updater.release.channel', value: 'production' } # production | stable | daily | beta + - { name: 'updater.release.channel', value: 'production' } # production/stable/daily/beta # [DATABASE] nextcloud_install_db: true nextcloud_db_host: "127.0.0.1" -nextcloud_db_backend: "mysql" # "mysql"/"mariadb" | "pgsql" +nextcloud_db_backend: "mysql" # mysql/mariadb/pgsql mysql_daemon: >- {{ - os_config_ref[ansible_distribution|lower][ansible_distribution_release|lower].mysql_daemon | - default(os_config_ref[ansible_distribution|lower].defaults.mysql_daemon) + os_config_ref[ansible_distribution | lower][ansible_distribution_release | lower].mysql_daemon | + default(os_config_ref[ansible_distribution | lower].defaults.mysql_daemon) }} nextcloud_db_enabled_on_startup: true nextcloud_db_name: "nextcloud" @@ -89,11 +89,11 @@ nextcloud_mysql_root_pwd_update: false # [TLS] parameters used in the apache2 & nginx templates ## max file's size allowed to be uploaded on the server -nextcloud_max_upload_size: 512m # in Byte or human readable size notation (g|m|k) +nextcloud_max_upload_size: 512m # in Byte or human readable size notation (g/m/k) nextcloud_install_tls: true nextcloud_tls_enforce: true nextcloud_mozilla_modern_ssl_profile: false # when false, intermediate profile is used -nextcloud_tls_cert_method: "self-signed" # "self-signed" | "signed" | "installed" +nextcloud_tls_cert_method: "self-signed" # self-signed/signed/installed nextcloud_tls_dhparam: "/etc/ssl/dhparam.pem" nextcloud_hsts: false # recommended >= 15552000 # nextcloud_tls_cert: /path/to/cert @@ -101,7 +101,7 @@ nextcloud_hsts: false # recommended >= 15552000 # nextcloud_tls_cert_chain: /path/to/cert/chain # nextcloud_tls_src_cert: /path/to/cert # nextcloud_tls_src_cert_key: /path/to/cert/key -nextcloud_tls_session_cache_size: 50m # in Byte or human readable size notation (g|m|k) +nextcloud_tls_session_cache_size: 50m # in Byte or human readable size notation (g/m/k) # [APPS] nextcloud_apps: {} diff --git a/handlers/main.yml b/handlers/main.yml index 14d0f46a..107065e3 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,41 +1,41 @@ --- # handlers file for nextcloud -- name: restart mysql +- name: Restart mysql ansible.builtin.service: name: "{{ mysql_daemon }}" state: restarted -- name: start http +- name: Start http ansible.builtin.service: name: "{{ nextcloud_websrv }}" state: started -- name: restart http +- name: Restart http ansible.builtin.service: name: "{{ nextcloud_websrv }}" state: restarted -- name: reload http +- name: Reload http ansible.builtin.service: name: "{{ nextcloud_websrv }}" state: reloaded -- name: start php-fpm +- name: Start php-fpm ansible.builtin.service: name: php{{ php_ver }}-fpm state: started -- name: reload php-fpm +- name: Reload php-fpm ansible.builtin.service: name: php{{ php_ver }}-fpm state: reloaded -- name: start redis +- name: Start redis ansible.builtin.service: name: redis-server state: started -- name: restart redis +- name: Restart redis ansible.builtin.service: name: redis-server state: restarted diff --git a/tasks/db_mysql.yml b/tasks/db_mysql.yml index bb2783c9..cd462b95 100644 --- a/tasks/db_mysql.yml +++ b/tasks/db_mysql.yml @@ -96,7 +96,7 @@ mode: 0600 notify: restart mysql -- name: "[mySQL] - Add Database {{ nextcloud_db_name }}." +- name: "[mySQL] - Add Database {{ nextcloud_db_name }}" mysql_db: name: "{{ nextcloud_db_name }}" login_user: root diff --git a/tasks/main.yml b/tasks/main.yml index e3addb22..c3149160 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,54 +1,54 @@ --- # tasks file for nextcloud -# load os specific variables -- include_tasks: ./setup_env.yml +- name: "Load os specific variables" + ansible.builtin.include_tasks: ./setup_env.yml tags: always -# install required packages -- include_tasks: php_install.yml +- name: "Install required packages" + ansible.builtin.include_tasks: php_install.yml tags: always - name: Install certificates + when: nextcloud_install_tls block: - name: Verify permission for installed TLS certificates - include_tasks: ./tls_installed.yml + ansible.builtin.include_tasks: ./tls_installed.yml when: nextcloud_tls_cert_method == "installed" - name: Install given signed certificates - include_tasks: ./tls_signed.yml + ansible.builtin.include_tasks: ./tls_signed.yml when: nextcloud_tls_cert_method == "signed" - - name: configure self signed TLS certificates - include_tasks: ./tls_selfsigned.yml + - name: Configure self signed TLS certificates + ansible.builtin.include_tasks: ./tls_selfsigned.yml when: nextcloud_tls_cert_method == "self-signed" - when: nextcloud_install_tls - name: Configure web server + when: nextcloud_install_websrv block: - name: Configure Nginx web server. - include_tasks: ./http_nginx.yml + ansible.builtin.include_tasks: ./http_nginx.yml when: nextcloud_websrv in ["nginx"] - name: Configure Apache web server - include_tasks: ./http_apache.yml + ansible.builtin.include_tasks: ./http_apache.yml when: nextcloud_websrv in ["apache", "apache2"] - when: nextcloud_install_websrv - name: Configure Redis server - include_tasks: ./redis_server.yml + ansible.builtin.include_tasks: ./redis_server.yml when: (nextcloud_install_redis_server | bool) - name: Configure DB + when: nextcloud_install_db block: - name: Configure mysql/mariadb database - include_tasks: ./db_mysql.yml + ansible.builtin.include_tasks: ./db_mysql.yml when: nextcloud_db_backend in ["mysql", "mariadb"] - name: Configure PostgreSQL database - include_tasks: ./db_postgresql.yml + ansible.builtin.include_tasks: ./db_postgresql.yml when: nextcloud_db_backend in ["pgsql"] - when: nextcloud_install_db - name: Check Nextcloud installed ansible.builtin.stat: @@ -56,7 +56,7 @@ register: nc_nextcloud_installed - name: Downloading Nextcloud - include_tasks: ./nc_download.yml + ansible.builtin.include_tasks: ./nc_download.yml when: not nc_nextcloud_installed.stat.exists - name: Check Nextcloud configuration exists. @@ -65,19 +65,23 @@ register: nc_nextcloud_conf - name: Check Nextcloud is configured - ansible.builtin.command: grep -q "{{ nextcloud_trusted_domain| first }}" {{ nextcloud_webroot }}/config/config.php + ansible.builtin.command: grep -q "{{ nextcloud_trusted_domain | first }}" {{ nextcloud_webroot }}/config/config.php failed_when: false changed_when: false register: nc_nextcloud_configured when: nc_nextcloud_conf.stat.exists - name: Nextcloud installation - include_tasks: ./nc_installation.yml + ansible.builtin.include_tasks: ./nc_installation.yml when: | (not nc_nextcloud_conf.stat.exists) or (nc_nextcloud_configured.rc is defined and nc_nextcloud_configured.rc != 0) - name: Install Nextcloud Apps + when: + - nextcloud_apps is defined + - nextcloud_apps is mapping + tags: install_apps block: - name: "[NC apps] - lists the number of apps available in the instance." ansible.builtin.command: php occ app:list --output=json_pretty --no-warnings @@ -95,16 +99,12 @@ nc_available_apps: "{{ nc_apps_list.stdout | from_json }}" - name: "[NC apps] - installation." - include_tasks: ./nc_apps.yml + ansible.builtin.include_tasks: ./nc_apps.yml # do if the app is not enabled and ( (archive path is not "") or (app is disabled) ) when: - item.key not in nc_available_apps.enabled - (item.value is not none) or (item.key in nc_available_apps.disabled) with_dict: "{{ nextcloud_apps }}" - when: - - nextcloud_apps is defined - - nextcloud_apps is mapping - tags: install_apps - name: Add indices ansible.builtin.command: php occ db:add-missing-indices diff --git a/tasks/nc_apps.yml b/tasks/nc_apps.yml index 58ccb297..e9a398ff 100644 --- a/tasks/nc_apps.yml +++ b/tasks/nc_apps.yml @@ -1,12 +1,13 @@ --- -- name: parse the item values +- name: "[App] - Parse the item values" ansible.builtin.set_fact: nc_app_name: "{{ item.key }}" nc_app_cfg: "{{ item.value }}" - name: "Install and enable Nextcloud Apps" + when: nc_app_cfg is string block: - - name: "[ App {{ nc_app_name }} ] - Download Archive in apps folder." + - name: "[App] - Download Archive in apps folder {{ nc_app_name }}" ansible.builtin.unarchive: copy: false src: "{{ nc_app_cfg }}" @@ -16,7 +17,7 @@ creates: "{{ nextcloud_webroot }}/apps/{{ nc_app_name }}" when: nc_app_cfg is not none - - name: "[ App {{ nc_app_name }} ] - enable the application." + - name: "[App] - Enable the application {{ nc_app_name }}" become_user: "{{ nextcloud_websrv_user }}" become_flags: "{{ ansible_become_flags | default(omit) }}" become: true @@ -24,17 +25,17 @@ args: chdir: "{{ nextcloud_webroot }}" when: nc_app_cfg is not none - when: nc_app_cfg is string -- name: "Install Apps" +- name: "[App] - Install Apps" + when: nc_app_cfg is mapping block: - - name: verify the app's yaml declaration + - name: "[App] - Verify the app's yaml declaration" ansible.builtin.assert: that: - (nc_app_cfg.source is defined) and (nc_app_cfg.source is string) msg: "{{ nc_app_name }} is not well declared." - - name: "[ App {{ nc_app_name }} ] - Download Archive in apps folder." + - name: "[App] - Download Archive in apps folder {{ nc_app_name }}" ansible.builtin.unarchive: copy: false src: "{{ nc_app_cfg.source }}" @@ -44,7 +45,7 @@ creates: "{{ nextcloud_webroot }}/apps/{{ nc_app_name }}" when: nc_app_cfg.source is not none - - name: "[ App {{ nc_app_name }} ] - enable the application." + - name: "[App] - Enable the application {{ nc_app_name }}" become_user: "{{ nextcloud_websrv_user }}" become_flags: "{{ ansible_become_flags | default(omit) }}" become: true @@ -53,7 +54,7 @@ chdir: "{{ nextcloud_webroot }}" when: nc_app_cfg.source is not none - - name: "[ App {{ nc_app_name }} ] - Configure the application " + - name: "[App] - Configure the application {{ nc_app_name }}" become_user: "{{ nextcloud_websrv_user }}" become_flags: "{{ ansible_become_flags | default(omit) }}" become: true @@ -64,4 +65,3 @@ loop_control: loop_var: item_cfg when: nc_app_cfg.conf is defined - when: (nc_app_cfg is mapping) diff --git a/tasks/nc_download.yml b/tasks/nc_download.yml index f125c1a1..9fa3ee12 100644 --- a/tasks/nc_download.yml +++ b/tasks/nc_download.yml @@ -11,7 +11,7 @@ state: present when: nextcloud_archive_format == "tar.bz2" -- name: you must specify the major version +- name: "[NC-DL] - You must specify the major version" ansible.builtin.assert: that: nextcloud_version_major is defined when: nextcloud_full_url is defined @@ -27,17 +27,17 @@ - name: "Download and extract Nextcloud" block: - - name: "Download & extract Nextcloud to /tmp." + - name: "[NC-DL] - Download & extract Nextcloud to /tmp." ansible.builtin.unarchive: copy: false src: "{{ nextcloud_full_url | default(nextcloud_calculated_url) }}" dest: "/tmp/" vars: nextcloud_calculated_url: "{{ nextcloud_repository }}/{{ nextcloud_version_channel }}/{{ nextcloud_calculated_file }}" - nextcloud_calculated_file: "{{ [nextcloud_dl_file_name[just_a_dict_key], nextcloud_archive_format]|join('.') }}" - just_a_dict_key: "{{ 'latest' if ((nextcloud_get_latest|bool) and (nextcloud_version_channel != 'prereleases')) else nextcloud_version_channel }}" + nextcloud_calculated_file: "{{ [nextcloud_dl_file_name[just_a_dict_key], nextcloud_archive_format] | join('.') }}" + just_a_dict_key: "{{ 'latest' if ((nextcloud_get_latest | bool) and (nextcloud_version_channel != 'prereleases')) else nextcloud_version_channel }}" - - name: "[NC-DL] - Move extracted files to {{ nextcloud_webroot }}." + - name: "[NC-DL] - Move extracted files to {{ nextcloud_webroot }}" ansible.builtin.command: "cp -r /tmp/nextcloud/. {{ nextcloud_webroot }}/" when: nextcloud_webroot is not none diff --git a/tasks/nc_installation.yml b/tasks/nc_installation.yml index e3cfc899..67779978 100644 --- a/tasks/nc_installation.yml +++ b/tasks/nc_installation.yml @@ -14,9 +14,9 @@ owner: "{{ nextcloud_websrv_user }}" group: "{{ nextcloud_websrv_group }}" -- name: "[NC] - generate {{ nextcloud_admin_name }} password:" +- name: "[NC] - Generate password {{ nextcloud_admin_name }}" ansible.builtin.set_fact: - nextcloud_admin_pwd: "{{ lookup( 'password', 'nextcloud_instances/'+ nextcloud_instance_name +'/web_admin.pwd' ) }}" + nextcloud_admin_pwd: "{{ lookup('password', 'nextcloud_instances/' + nextcloud_instance_name + '/web_admin.pwd') }}" when: nextcloud_admin_pwd is not defined - name: "[NC] - Set temporary permissions for command line installation." @@ -123,6 +123,7 @@ when: (nextcloud_install_redis_server | bool) - name: "[NC] - Configure Cron" + when: (nextcloud_background_cron | bool) block: - name: "[NC] - Check Cron package" ansible.builtin.package: @@ -136,7 +137,6 @@ user: "{{ nextcloud_websrv_user }}" job: "php {{ nextcloud_webroot }}/cron.php" cron_file: "nextcloud" - when: (nextcloud_background_cron | bool) - name: "[NC] - Set Cron method to Crontab" become_user: "{{ nextcloud_websrv_user }}" diff --git a/tasks/setup_env.yml b/tasks/setup_env.yml index b3e8afaa..066147b4 100644 --- a/tasks/setup_env.yml +++ b/tasks/setup_env.yml @@ -28,6 +28,9 @@ when: ansible_distribution == "Debian" - name: "[ENV] - Checking su" + when: + - nc_sudo_installed_result.rc is defined + - nc_sudo_installed_result.rc != 0 block: - name: "[ENV] - rolling back to su." ansible.builtin.set_fact: @@ -35,18 +38,15 @@ - name: "[ENV] - force su to use /bin/sh as shell" ansible.builtin.set_fact: ansible_become_flags: '-s /bin/sh' - when: - - nc_sudo_installed_result.rc is defined - - nc_sudo_installed_result.rc != 0 - name: "[ENV] - Generate database user password." ansible.builtin.set_fact: - nextcloud_db_pwd: "{{ lookup( 'ansible.builtin.password', 'nextcloud_instances/'+ nextcloud_instance_name +'/db_admin.pwd' ) }}" + nextcloud_db_pwd: "{{ lookup('ansible.builtin.password', 'nextcloud_instances/' + nextcloud_instance_name + '/db_admin.pwd') }}" when: nextcloud_db_pwd is not defined - name: "[ENV] - Generate database root password." ansible.builtin.set_fact: - nextcloud_mysql_root_pwd: "{{ lookup( 'ansible.builtin.password', 'nextcloud_instances/'+ nextcloud_instance_name +'/db_root.pwd' ) }}" + nextcloud_mysql_root_pwd: "{{ lookup('ansible.builtin.password', 'nextcloud_instances/' + nextcloud_instance_name + '/db_root.pwd') }}" when: - nextcloud_db_backend in ["mysql", "mariadb"] - nextcloud_mysql_root_pwd is not defined diff --git a/tasks/tls_installed.yml b/tasks/tls_installed.yml index d3fb7afd..46fd5a78 100644 --- a/tasks/tls_installed.yml +++ b/tasks/tls_installed.yml @@ -1,23 +1,13 @@ --- -- name: define certificate path +- name: "[INSTALLED TLS] - Define certificate path" ansible.builtin.set_fact: nextcloud_tls_cert_file: "{{ nextcloud_tls_cert }}" -- name: define key path + +- name: "[INSTALLED TLS] - Define key path" ansible.builtin.set_fact: nextcloud_tls_cert_key_file: "{{ nextcloud_tls_cert_key }}" -- name: define certificate chain path + +- name: "[INSTALLED TLS] - Define certificate chain path" ansible.builtin.set_fact: nextcloud_tls_cert_chain_file: "{{ nextcloud_tls_cert_chain }}" when: nextcloud_tls_cert_chain is defined - -# - name: "[INSTALLED TLS] - check TLS certificate permissions" -# ansible.builtin.file: -# path: "{{ nextcloud_tls_cert_file }}" -# mode: 0644 -# group: "{{ nextcloud_websrv_group }}" - -# - name: "[INSTALLED TLS] - check TLS key permissions" -# ansible.builtin.file: -# path: "{{ nextcloud_tls_cert_key_file }}" -# mode: 0640 -# group: "{{ nextcloud_websrv_group }}" diff --git a/tasks/tls_selfsigned.yml b/tasks/tls_selfsigned.yml index 0d59adda..114b626b 100644 --- a/tasks/tls_selfsigned.yml +++ b/tasks/tls_selfsigned.yml @@ -1,11 +1,13 @@ --- -- name: define private certificate path +- name: "[Selfsigned TLS] - Define private certificate path" ansible.builtin.set_fact: nextcloud_tls_cert_file: "/etc/ssl/{{ nextcloud_instance_name }}.crt" -- name: define private key path + +- name: "[Selfsigned TLS] - Define private key path" ansible.builtin.set_fact: nextcloud_tls_cert_key_file: "/etc/ssl/{{ nextcloud_instance_name }}.key" -- name: "[selfsigned TLS] - create self-signed SSL cert" + +- name: "[Selfsigned TLS] - Create self-signed SSL cert" ansible.builtin.command: > openssl req -new -nodes -x509 -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=${hostname --fqdn}" @@ -16,13 +18,13 @@ args: creates: "{{ nextcloud_tls_cert_key_file }}" -- name: "[selfsigned TLS] - check TLS certificate permissions" +- name: "[Selfsigned TLS] - check TLS certificate permissions" ansible.builtin.file: path: "{{ nextcloud_tls_cert_file }}" mode: 0644 group: "{{ nextcloud_websrv_group }}" -- name: "[selfsigned TLS] - check TLS key permissions" +- name: "[Selfsigned TLS] - check TLS key permissions" ansible.builtin.file: path: "{{ nextcloud_tls_cert_key_file }}" mode: 0640 diff --git a/tasks/tls_signed.yml b/tasks/tls_signed.yml index b2f5246c..e9b3fb13 100644 --- a/tasks/tls_signed.yml +++ b/tasks/tls_signed.yml @@ -1,8 +1,9 @@ --- -- name: define signed certificate path +- name: "[SIGNED TLS] - Define signed certificate path" ansible.builtin.set_fact: nextcloud_tls_cert_file: "{{ nextcloud_tls_cert | default(\"/etc/ssl/\" + nextcloud_instance_name + \".crt\") }}" -- name: define signed certificate's key path + +- name: "[SIGNED TLS] - Define signed certificate's key path" ansible.builtin.set_fact: nextcloud_tls_cert_key_file: "{{ nextcloud_tls_cert_key | default(\"/etc/ssl/\" + nextcloud_instance_name + \".key\") }}" @@ -18,13 +19,13 @@ src: "{{ nextcloud_tls_src_cert_key }}" mode: 0640 -- name: "[SIGNED TLS] - check TLS certificate permissions" +- name: "[SIGNED TLS] - Check TLS certificate permissions" ansible.builtin.file: path: "{{ nextcloud_tls_cert_file }}" mode: 0644 group: "{{ nextcloud_websrv_group }}" -- name: "[SIGNED TLS] - check TLS key permissions" +- name: "[SIGNED TLS] - Check TLS key permissions" ansible.builtin.file: path: "{{ nextcloud_tls_cert_key_file }}" mode: 0640 diff --git a/vars/main.yml b/vars/main.yml index 9f2423c7..af16e607 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,10 +1,10 @@ --- # vars file for nextcloud nextcloud_dl_file_name: - latest: "{{ ['latest', nextcloud_version_major]|reject('undefined')|join('-') }}" - releases: "{{ ['nextcloud', nextcloud_version_full]|reject('undefined')|join('-') }}" - prereleases: "nextcloud-{{ [nextcloud_version_full, nextcloud_version_special]|reject('undefined')|join() }}" - daily: "nextcloud-{{ nextcloud_version_major|d('') }}-daily-{{ nextcloud_version_special|d('') }}" + latest: "{{ ['latest', nextcloud_version_major] | reject('undefined') | join('-') }}" + releases: "{{ ['nextcloud', nextcloud_version_full] | reject('undefined') | join('-') }}" + prereleases: "nextcloud-{{ [nextcloud_version_full, nextcloud_version_special] | reject('undefined') | join() }}" + daily: "nextcloud-{{ nextcloud_version_major | d('') }}-daily-{{ nextcloud_version_special | d('') }}" mysql_credential_file: debian: '/etc/mysql/debian.cnf' @@ -12,5 +12,5 @@ mysql_credential_file: nextcloud_max_upload_size_in_bytes: "{{ nextcloud_max_upload_size | human_to_bytes }}" # load configurations references -os_config_ref: "{{ lookup('ansible.builtin.template', [role_path,'defaults','os_config_ref.yml']|join('/')) | from_yaml }}" -php_config_ref: "{{ lookup('ansible.builtin.template', [role_path,'defaults','php_config_ref.yml']|join('/')) | from_yaml }}" +os_config_ref: "{{ lookup('ansible.builtin.template', [role_path, 'defaults', 'os_config_ref.yml'] | join('/')) | from_yaml }}" +php_config_ref: "{{ lookup('ansible.builtin.template', [role_path, 'defaults', 'php_config_ref.yml'] | join('/')) | from_yaml }}" From a1629e157501fe60e232639106c399e4919d368e Mon Sep 17 00:00:00 2001 From: staticdev Date: Tue, 29 Nov 2022 12:45:08 +0100 Subject: [PATCH 3/3] Rename handler names --- tasks/db_mysql.yml | 2 +- tasks/http_apache.yml | 12 ++++++------ tasks/http_nginx.yml | 18 +++++++++--------- tasks/nc_installation.yml | 2 +- tasks/php_install.yml | 8 ++++---- tasks/redis_server.yml | 4 ++-- 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/tasks/db_mysql.yml b/tasks/db_mysql.yml index cd462b95..6784a1ee 100644 --- a/tasks/db_mysql.yml +++ b/tasks/db_mysql.yml @@ -94,7 +94,7 @@ dest: /etc/mysql/conf.d/nextcloud.cnf src: files/mysql_nextcloud.cnf mode: 0600 - notify: restart mysql + notify: Restart mysql - name: "[mySQL] - Add Database {{ nextcloud_db_name }}" mysql_db: diff --git a/tasks/http_apache.yml b/tasks/http_apache.yml index 04f88f23..c66218cc 100644 --- a/tasks/http_apache.yml +++ b/tasks/http_apache.yml @@ -24,7 +24,7 @@ - {regexp: 'opcache.revalidate_freq', line: 'opcache.revalidate_freq=1'} - {regexp: 'memory_limit', line: 'memory_limit={{ php_memory_limit }}'} # validate: "/usr/sbin/{{ php_bin }} -t #%s" - notify: reload http + notify: Reload http - name: "[APACHE] - Required Apache2 modules are enabled" apache2_module: @@ -36,7 +36,7 @@ - env - dir - mime - notify: restart http + notify: Restart http - name: "[APACHE] - Ssl Apache2 module is enabled" apache2_module: @@ -45,25 +45,25 @@ with_items: - ssl when: (nextcloud_install_tls | bool) - notify: restart http + notify: Restart http - name: "[APACHE] - generate Nextcloud configuration for apache" ansible.builtin.template: dest: /etc/apache2/sites-available/nc_{{ nextcloud_instance_name }}.conf src: "{{ nextcloud_websrv_template }}" mode: 0640 - notify: reload http + notify: Reload http - name: "[APACHE] - Enable Nextcloud site in apache conf" ansible.builtin.file: path: /etc/apache2/sites-enabled/nc_{{ nextcloud_instance_name }}.conf src: /etc/apache2/sites-available/nc_{{ nextcloud_instance_name }}.conf state: link - notify: reload http + notify: Reload http - name: "[APACHE] - Disable apache default site" ansible.builtin.file: path: /etc/apache2/sites-enabled/000-default.conf state: absent when: nextcloud_disable_websrv_default_site | bool - notify: reload http + notify: Reload http diff --git a/tasks/http_nginx.yml b/tasks/http_nginx.yml index 49555245..1c049e69 100644 --- a/tasks/http_nginx.yml +++ b/tasks/http_nginx.yml @@ -5,7 +5,7 @@ regexp: '^\;env' state: absent # validate: "/usr/sbin/{{ php_bin }} -t #%s" - notify: reload php-fpm + notify: Reload php-fpm - name: "[NGINX] - Add path variable to php-fpm" ansible.builtin.blockinfile: @@ -18,7 +18,7 @@ env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp - notify: reload php-fpm + notify: Reload php-fpm - name: "[NGINX] - enable APC for php CLI" ansible.builtin.lineinfile: @@ -27,7 +27,7 @@ insertbefore: "^; End:$" state: present # validate: "/usr/sbin/{{ php_bin }} -t #%s" - notify: reload php-fpm + notify: Reload php-fpm - name: "[NGINX] - enable PHP OPcache for php.ini" ansible.builtin.lineinfile: @@ -46,7 +46,7 @@ - { regexp: 'opcache.revalidate_freq', line: 'opcache.revalidate_freq=1' } - { regexp: 'memory_limit', line: 'memory_limit={{ php_memory_limit }}'} # validate: "/usr/sbin/{{ php_bin }} -t #%s" - notify: reload php-fpm + notify: Reload php-fpm - name: "[NGINX] - Public Diffie-Hellman Parameter are generated. This might take a while." @@ -59,32 +59,32 @@ dest: /etc/nginx/sites-available/php_handler.cnf src: templates/nginx_php_handler.j2 mode: 0640 - notify: reload http + notify: Reload http - name: "[NGINX] - php handler is enabled" ansible.builtin.file: path: /etc/nginx/sites-enabled/php_handler src: /etc/nginx/sites-available/php_handler.cnf state: link - notify: reload http + notify: Reload http - name: "[NGINX] - generate Nextcloud configuration for nginx" ansible.builtin.template: dest: /etc/nginx/sites-available/nc_{{ nextcloud_instance_name }}.cnf src: "{{ nextcloud_websrv_template }}" mode: 0640 - notify: reload http + notify: Reload http - name: "[NGINX] - Enable Nextcloud in nginx conf" ansible.builtin.file: path: /etc/nginx/sites-enabled/nc_{{ nextcloud_instance_name }} src: /etc/nginx/sites-available/nc_{{ nextcloud_instance_name }}.cnf state: link - notify: reload http + notify: Reload http - name: "[NGINX] - Disable nginx default site" ansible.builtin.file: path: /etc/nginx/sites-enabled/default state: absent when: nextcloud_disable_websrv_default_site | bool - notify: reload http + notify: Reload http diff --git a/tasks/nc_installation.yml b/tasks/nc_installation.yml index 67779978..78602422 100644 --- a/tasks/nc_installation.yml +++ b/tasks/nc_installation.yml @@ -54,7 +54,7 @@ vars: # mariadb is equal to mysql for occ nextcloud_tmp_backend: "{{ 'mysql' if nextcloud_db_backend == 'mariadb' else nextcloud_db_backend }}" - notify: reload http + notify: Reload http - name: "[NC] - Verify config.php - check filesize" ansible.builtin.stat: diff --git a/tasks/php_install.yml b/tasks/php_install.yml index 2f5892a4..f50d2441 100644 --- a/tasks/php_install.yml +++ b/tasks/php_install.yml @@ -13,7 +13,7 @@ - "php{{ php_ver }}-curl" - "php{{ php_ver }}-intl" notify: - - start http + - Start http - name: "[INSTALL] - php-json is installed (PHP < 8)" ansible.builtin.package: @@ -27,7 +27,7 @@ state: present when: nextcloud_websrv == "apache2" notify: - - start http + - Start http - name: "[INSTALL] - NGINX Required package is installed." ansible.builtin.package: @@ -35,8 +35,8 @@ state: present when: nextcloud_websrv == "nginx" notify: - - start http - - start php-fpm + - Start http + - Start php-fpm - name: "[INSTALL] - PHP extra Packages are installed." ansible.builtin.package: diff --git a/tasks/redis_server.yml b/tasks/redis_server.yml index a952b93c..95f273d9 100644 --- a/tasks/redis_server.yml +++ b/tasks/redis_server.yml @@ -6,11 +6,11 @@ vars: redix_deps: - redis-server - notify: start redis + notify: Start redis - name: "[REDIS] - Redis configuration is present." ansible.builtin.template: dest: /etc/redis/redis.conf src: templates/redis.conf.j2 mode: 0640 - notify: restart redis + notify: Restart redis