From 86a202d526a7ffc36c4772828977ede47b3f03b0 Mon Sep 17 00:00:00 2001 From: Danyal Berchtold Date: Wed, 20 May 2026 10:09:16 +0200 Subject: [PATCH 1/2] refactor(roles/nextcloud): parameterize OS-specific names for multi-OS support Move the hardcoded RHEL-specific web server user/group (apache), the PHP-FPM service name (php-fpm) and the base package list out of the role logic into vars/RedHat.yml, loaded via shared/platform-variables.yml. Expose nextcloud__webserver_user, nextcloud__webserver_group and nextcloud__php_fpm_service_name as overridable variables and use them throughout the tasks, the deployed systemd services and the notify_push unit, as well as the nextcloud-update script. Guard the SELinux restorecon tasks with the selinux status fact and switch the update script's SELinux blocks to ansible_facts["os_family"]. Only vars/RedHat.yml ships, so the role still runs on RHEL only; adding a tested vars/Debian.yml is all that is needed to extend support. --- CHANGELOG.md | 1 + roles/nextcloud/README.md | 18 +++++ roles/nextcloud/defaults/main.yml | 8 +- roles/nextcloud/tasks/create-user.yml | 4 +- roles/nextcloud/tasks/main.yml | 73 +++++++++++-------- .../system/nextcloud-app-update.service.j2 | 4 +- .../systemd/system/nextcloud-jobs.service.j2 | 4 +- .../nextcloud-ldap-show-remnants.service.j2 | 4 +- .../system/nextcloud-scan-files.service.j2 | 4 +- .../usr/local/bin/nextcloud-update.j2 | 14 ++-- roles/nextcloud/vars/RedHat.yml | 8 ++ 11 files changed, 93 insertions(+), 49 deletions(-) create mode 100644 roles/nextcloud/vars/RedHat.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 26c9dc204..2f14b4124 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed +* **role:nextcloud**: Lay the groundwork for non-RHEL platforms (Debian/Ubuntu) by removing hardcoded RHEL-specific names from the role logic. The web server user/group (previously `apache`), the PHP-FPM service name (previously `php-fpm`) and the base package list (previously the RHEL names `openldap-clients`/`samba-client`) are now sourced from OS-specific `vars/` via `shared/platform-variables.yml`. The web server user/group and PHP-FPM service name are exposed as the overridable variables `nextcloud__webserver_user`, `nextcloud__webserver_group` and `nextcloud__php_fpm_service_name` and are now used throughout the tasks, the deployed systemd services and the notify_push unit (not just the `/usr/local/bin/nextcloud-update` script). The SELinux `restorecon` tasks are now guarded by `ansible_facts["selinux"]["status"] != "disabled"`, and the SELinux blocks in the update script use `ansible_facts["os_family"]` instead of `ansible_os_family`. Only `vars/RedHat.yml` ships, so the role still runs on RHEL only (see `COMPATIBILITY.md`); adding a tested `vars/Debian.yml` is all that is needed to extend support. * **role:keycloak**: The role no longer leaves the bootstrap admin credentials lying around in `/etc/sysconfig/keycloak` after the first run. It now writes the credentials, waits for Keycloak to consume them on startup (provisioning the bootstrap admin in the `master` realm), re-renders the sysconfig file with the credentials removed, and stores a state marker at `/etc/ansible/facts.d/keycloak__admin_login_bootstrapped.state` so subsequent runs skip the credential render entirely. After the first run, `keycloak__admin_login` can be removed from the inventory. Disaster recovery: delete the marker file, re-add the variable, re-run. Also recommend a `-temp` suffix for the initial admin username (example: `keycloak-admin-temp`) so it is visually obvious in the Keycloak UI which account must be deleted once a permanent admin exists. * **role:monitoring_plugins**: `install_method: 'source'` now reads the per-Python-LTS lockfile under `lockfiles/pyXX/requirements.txt` (`py39` ... `py314`) from both the `monitoring-plugins` and `lib` repos, picking the directory that matches the target host's Python. The previous root-level `requirements.txt` no longer exists upstream. No variable changes; rsync sources updated. * **CONTRIBUTING**: `meta/argument_specs.yml` must declare the `__dependent_var` slot for any variable that `setup_*` playbooks inject into the role via `vars:`. Dict variables fed by external lookups like `linuxfabrik.lfops.bitwarden_item` should use `type: 'dict'` without strict sub-options, since the lookup returns the full item with additional keys. diff --git a/roles/nextcloud/README.md b/roles/nextcloud/README.md index f9f70e585..1725dc9e3 100644 --- a/roles/nextcloud/README.md +++ b/roles/nextcloud/README.md @@ -233,6 +233,12 @@ nextcloud__users: * Type: String. * Default: `'*:50:15'` +`nextcloud__php_fpm_service_name` + +* Name of the PHP-FPM systemd service that the role restarts (and that the `/usr/local/bin/nextcloud-update` script restarts). Defaults to the OS-specific value (`php-fpm` on RHEL, `php-fpm` on Debian). +* Type: String. +* Default: Have a look at [vars/](https://github.com/Linuxfabrik/lfops/blob/main/roles/nextcloud/vars/) + `nextcloud__skip_apps` * Completely skips the management of Nextcloud apps. Set this to prevent changes via the WebGUI from being overwritten. @@ -328,6 +334,18 @@ nextcloud__users: * Type: Number. * Default: `80` +`nextcloud__webserver_group` + +* Group of the web server, used for file ownership of the Nextcloud installation. Defaults to the OS-specific value (`apache` on RHEL, `www-data` on Debian). +* Type: String. +* Default: Have a look at [vars/](https://github.com/Linuxfabrik/lfops/blob/main/roles/nextcloud/vars/) + +`nextcloud__webserver_user` + +* User of the web server, used for file ownership, to run the `occ` commands and as the `User=` of the deployed systemd services. Defaults to the OS-specific value (`apache` on RHEL, `www-data` on Debian). +* Type: String. +* Default: Have a look at [vars/](https://github.com/Linuxfabrik/lfops/blob/main/roles/nextcloud/vars/) + Example: ```yaml # optional diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index 9e491ac61..67b539830 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -177,6 +177,9 @@ nextcloud__mariadb_login: '{{ mariadb_server__admin_user }}' nextcloud__on_calendar_app_update: '06,18,23:{{ 59 | random(seed=inventory_hostname) }}' nextcloud__on_calendar_jobs: '*:0/5' # every 5 minutes nextcloud__on_calendar_scan_files: '*:50:15' # every hour at hh:50:15 + +nextcloud__php_fpm_service_name: '{{ __nextcloud__php_fpm_service_name }}' + nextcloud__skip_apps: false nextcloud__skip_notify_push: false @@ -310,6 +313,9 @@ nextcloud__timer_scan_files_enabled: true # 'latest', 'latest-XX' or 'nextcloud-XX.X.XX' nextcloud__version: 'latest' +nextcloud__webserver_group: '{{ __nextcloud__webserver_group }}' +nextcloud__webserver_user: '{{ __nextcloud__webserver_user }}' + # ----------------------------------------------------------------------------- nextcloud__apache_httpd__mods__dependent_var: @@ -546,6 +552,6 @@ nextcloud__systemd_unit__services__dependent_var: Environment=PORT=7867 ExecStartPre=-/bin/chcon --type bin_t /var/www/html/nextcloud/apps/notify_push/bin/x86_64/notify_push ExecStart=/var/www/html/nextcloud/apps/notify_push/bin/x86_64/notify_push /var/www/html/nextcloud/config/config.php - User=apache + User={{ nextcloud__webserver_user }} enabled: true state: 'present' diff --git a/roles/nextcloud/tasks/create-user.yml b/roles/nextcloud/tasks/create-user.yml index c6cfb78fd..4f58d50ab 100644 --- a/roles/nextcloud/tasks/create-user.yml +++ b/roles/nextcloud/tasks/create-user.yml @@ -1,7 +1,7 @@ - name: 'Create Nextcloud user {{ ncuser["username"] }}' ansible.builtin.shell: >- export OC_PASS={{ ncuser["password"] | quote }}; - sudo -E -u apache php occ user:add + sudo -E -u {{ nextcloud__webserver_user }} php occ user:add --password-from-env --group {{ ncuser["group"] | d('""') | quote }} {{ ncuser["username"] | quote }} @@ -15,7 +15,7 @@ - name: 'Update Nextcloud settings for user {{ ncuser["username"] }}' ansible.builtin.command: | - sudo -u apache php occ user:setting {{ ncuser["username"] }} {{ item }} + sudo -u {{ nextcloud__webserver_user }} php occ user:setting {{ ncuser["username"] }} {{ item }} args: chdir: '/var/www/html/nextcloud/' # changed_when: there is no easy way to check for changes diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 72f673a21..b03756433 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -1,12 +1,19 @@ - block: - - name: 'Install bzip2 jq openldap-clients samba-client' + - name: 'Set platform/version specific variables' + ansible.builtin.import_role: + name: 'shared' + tasks_from: 'platform-variables.yml' + + tags: + - 'always' + + +- block: + + - name: 'Install required packages' ansible.builtin.package: - name: - - 'bzip2' - - 'jq' - - 'openldap-clients' - - 'samba-client' + name: '{{ __nextcloud__packages }}' state: 'present' - name: 'wget https://download.nextcloud.com/server/releases/{{ nextcloud__version }}.tar.bz2' @@ -26,25 +33,25 @@ backup: true src: 'var/www/html/nextcloud/config/objectstore.config.php.j2' dest: '/var/www/html/nextcloud/config/objectstore.config.php' - owner: 'apache' - group: 'apache' + owner: '{{ nextcloud__webserver_user }}' + group: '{{ nextcloud__webserver_group }}' mode: 0o644 when: '(nextcloud__storage_backend_s3["bucket"] is defined and nextcloud__storage_backend_s3["bucket"] | length > 0) or (nextcloud__storage_backend_swift["bucket"] is defined and nextcloud__storage_backend_swift["bucket"] | length > 0)' - - name: 'chown -R apache:apache /var/www/html/nextcloud' + - name: 'chown -R {{ nextcloud__webserver_user }}:{{ nextcloud__webserver_group }} /var/www/html/nextcloud' ansible.builtin.file: path: '/var/www/html/nextcloud' - owner: 'apache' - group: 'apache' + owner: '{{ nextcloud__webserver_user }}' + group: '{{ nextcloud__webserver_group }}' recurse: true - - name: 'mkdir path/to/data; chown -R apache:apache path/to/data; chmod 0750 -R path/to/data' + - name: 'mkdir path/to/data; chown -R {{ nextcloud__webserver_user }}:{{ nextcloud__webserver_group }} path/to/data; chmod 0750 -R path/to/data' ansible.builtin.file: path: '{{ item }}' state: 'directory' - owner: 'apache' - group: 'apache' + owner: '{{ nextcloud__webserver_user }}' + group: '{{ nextcloud__webserver_group }}' mode: 0o750 loop: - '/data' @@ -59,6 +66,8 @@ ansible.builtin.command: 'restorecon -Fvr /data /var/www/html/nextcloud' register: 'nextcloud__restorecon_nextcloud_result' changed_when: 'nextcloud__restorecon_nextcloud_result["stdout"] | length > 0' + when: + - 'ansible_facts["selinux"]["status"] != "disabled"' - name: 'Run the Nextcloud installer' # installation hangs without "--admin-user" and "--admin-pass" @@ -76,7 +85,7 @@ chdir: '/var/www/html/nextcloud/' creates: '/var/www/html/nextcloud/config/config.php' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' - name: 'Convert some database columns to big int' ansible.builtin.command: | @@ -84,7 +93,7 @@ args: chdir: '/var/www/html/nextcloud/' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' register: 'nextcloud__convert_filecache_bigint_result' changed_when: '"All tables already up to date" not in nextcloud__convert_filecache_bigint_result["stdout"]' # changed_when: there is no easy way to check for changes @@ -98,7 +107,7 @@ - name: 'Get Nextcloud config list' ansible.builtin.command: 'php /var/www/html/nextcloud/occ --no-interaction --output=json config:list --private' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' changed_when: false check_mode: false register: '__nextcloud__config_list_result' @@ -111,14 +120,14 @@ state: '{{ item["state"] | d("present") }}' installed_config_json: '{{ __nextcloud__config_list_result["stdout"] | from_json }}' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' loop: '{{ nextcloud__sysconfig__combined_var }}' # do this straight after the installation to get NC up and running # otherwise subsequent occ commands might fail - - name: 'restart php-fpm' + - name: 'restart {{ nextcloud__php_fpm_service_name }}' ansible.builtin.service: - name: 'php-fpm' + name: '{{ nextcloud__php_fpm_service_name }}' state: 'restarted' tags: @@ -131,7 +140,7 @@ - name: 'Get Nextcloud app list' ansible.builtin.command: 'php /var/www/html/nextcloud/occ --no-interaction --output=json app:list' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' changed_when: false check_mode: false register: '__nextcloud__app_list_result' @@ -143,13 +152,13 @@ force: '{{ item["force"] | d(false) }}' installed_apps_json: '{{ __nextcloud__app_list_result["stdout"] | from_json }}' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' loop: '{{ nextcloud__apps__combined_var }}' - name: 'Get Nextcloud config list' ansible.builtin.command: 'php /var/www/html/nextcloud/occ --no-interaction --output=json config:list --private' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' changed_when: false check_mode: false register: '__nextcloud__config_list_result' @@ -163,12 +172,12 @@ state: '{{ item["state"] | d("present") }}' installed_config_json: '{{ __nextcloud__config_list_result["stdout"] | from_json }}' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' loop: '{{ nextcloud__app_configs__combined_var }}' - - name: 'restart php-fpm' + - name: 'restart {{ nextcloud__php_fpm_service_name }}' ansible.builtin.service: - name: 'php-fpm' + name: '{{ nextcloud__php_fpm_service_name }}' state: 'restarted' when: @@ -184,6 +193,8 @@ ansible.builtin.command: 'restorecon -Fvr /var/www/html/nextcloud/apps/notify_push/' register: 'nextcloud__restorecon_notify_push_result' changed_when: 'nextcloud__restorecon_notify_push_result["stdout"] | length > 0' + when: + - 'ansible_facts["selinux"]["status"] != "disabled"' - name: 'systemctl restart notify_push.service' ansible.builtin.systemd_service: @@ -196,7 +207,7 @@ args: chdir: '/var/www/html/nextcloud/' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' when: - 'not nextcloud__skip_notify_push' @@ -221,11 +232,11 @@ - block: - - name: 'chown -R apache:apache /var/www/html/nextcloud' + - name: 'chown -R {{ nextcloud__webserver_user }}:{{ nextcloud__webserver_group }} /var/www/html/nextcloud' ansible.builtin.file: path: '/var/www/html/nextcloud' - owner: 'apache' - group: 'apache' + owner: '{{ nextcloud__webserver_user }}' + group: '{{ nextcloud__webserver_group }}' recurse: true tags: @@ -260,7 +271,7 @@ args: chdir: '/var/www/html/nextcloud/' become: true - become_user: 'apache' + become_user: '{{ nextcloud__webserver_user }}' # changed_when: there is no easy way to check for changes - name: 'Deploy /etc/systemd/system/nextcloud-app-update.service' diff --git a/roles/nextcloud/templates/etc/systemd/system/nextcloud-app-update.service.j2 b/roles/nextcloud/templates/etc/systemd/system/nextcloud-app-update.service.j2 index 06ef0f523..a5f42bd4e 100644 --- a/roles/nextcloud/templates/etc/systemd/system/nextcloud-app-update.service.j2 +++ b/roles/nextcloud/templates/etc/systemd/system/nextcloud-app-update.service.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2022100401 +# 2026052001 [Unit] Description=Nextcloud App Update Service @@ -8,4 +8,4 @@ Description=Nextcloud App Update Service ExecStart=/usr/bin/php occ app:update --all --no-interaction --quiet WorkingDirectory=/var/www/html/nextcloud Type=oneshot -User=apache +User={{ nextcloud__webserver_user }} diff --git a/roles/nextcloud/templates/etc/systemd/system/nextcloud-jobs.service.j2 b/roles/nextcloud/templates/etc/systemd/system/nextcloud-jobs.service.j2 index 668db63b9..4a8423ddd 100644 --- a/roles/nextcloud/templates/etc/systemd/system/nextcloud-jobs.service.j2 +++ b/roles/nextcloud/templates/etc/systemd/system/nextcloud-jobs.service.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2023041802 +# 2026052001 [Unit] Description=Nextcloud Background Jobs Service @@ -7,6 +7,6 @@ Description=Nextcloud Background Jobs Service [Service] ExecStart=/usr/bin/php --file /var/www/html/nextcloud/cron.php Type=oneshot -User=apache +User={{ nextcloud__webserver_user }} KillMode=process TimeoutStartSec=10m diff --git a/roles/nextcloud/templates/etc/systemd/system/nextcloud-ldap-show-remnants.service.j2 b/roles/nextcloud/templates/etc/systemd/system/nextcloud-ldap-show-remnants.service.j2 index 3e69a47d1..3418eeeba 100644 --- a/roles/nextcloud/templates/etc/systemd/system/nextcloud-ldap-show-remnants.service.j2 +++ b/roles/nextcloud/templates/etc/systemd/system/nextcloud-ldap-show-remnants.service.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2024062101 +# 2026052001 [Unit] Description=Nextcloud LDAP Show Remnants Service @@ -8,4 +8,4 @@ Description=Nextcloud LDAP Show Remnants Service # need the help of /bin/sh here, since systemd units don't understand pipes directly ExecStart=/usr/local/bin/nextcloud-ldap-show-remnants Type=oneshot -User=apache +User={{ nextcloud__webserver_user }} diff --git a/roles/nextcloud/templates/etc/systemd/system/nextcloud-scan-files.service.j2 b/roles/nextcloud/templates/etc/systemd/system/nextcloud-scan-files.service.j2 index f5b66f9eb..c45fad609 100644 --- a/roles/nextcloud/templates/etc/systemd/system/nextcloud-scan-files.service.j2 +++ b/roles/nextcloud/templates/etc/systemd/system/nextcloud-scan-files.service.j2 @@ -1,5 +1,5 @@ # {{ ansible_managed }} -# 2022110701 +# 2026052001 [Unit] Description=Nextcloud Scan Files Service @@ -8,4 +8,4 @@ Description=Nextcloud Scan Files Service ExecStart=/usr/bin/nice --adjustment 19 /usr/bin/php occ files:scan --all --unscanned WorkingDirectory=/var/www/html/nextcloud Type=oneshot -User=apache +User={{ nextcloud__webserver_user }} diff --git a/roles/nextcloud/templates/usr/local/bin/nextcloud-update.j2 b/roles/nextcloud/templates/usr/local/bin/nextcloud-update.j2 index 953c62244..c5ad20d7a 100644 --- a/roles/nextcloud/templates/usr/local/bin/nextcloud-update.j2 +++ b/roles/nextcloud/templates/usr/local/bin/nextcloud-update.j2 @@ -1,6 +1,6 @@ #!/usr/bin/env bash # {{ ansible_managed }} -# 2026051102 +# 2026052001 set -euo pipefail @@ -11,9 +11,9 @@ error_handler() { } trap 'error_handler "${LINENO}"' ERR -WEBSERVER_USER="apache" -WEBSERVER_GROUP="apache" -PHP_SERVICE_NAME="php-fpm" +WEBSERVER_USER="{{ nextcloud__webserver_user }}" +WEBSERVER_GROUP="{{ nextcloud__webserver_group }}" +PHP_SERVICE_NAME="{{ nextcloud__php_fpm_service_name }}" NC_DIR="/var/www/html/nextcloud" DATA_DIR=$(sudo -u "${WEBSERVER_USER}" php "${NC_DIR}/occ" config:system:get datadirectory) @@ -84,7 +84,7 @@ else echo 'skipping.' fi -{% if ansible_os_family == "RedHat" %} +{% if ansible_facts["os_family"] == "RedHat" %} echo echo 'setsebool httpd_unified on' echo '--------------------------' @@ -140,7 +140,7 @@ else echo 'skipping.' fi -{% if ansible_os_family == "RedHat" %} +{% if ansible_facts["os_family"] == "RedHat" %} echo echo 'setsebool httpd_unified off' echo '---------------------------' @@ -186,7 +186,7 @@ else echo 'skipping.' fi -{% if ansible_os_family == "RedHat" %} +{% if ansible_facts["os_family"] == "RedHat" %} echo echo "restorecon" echo '----------' diff --git a/roles/nextcloud/vars/RedHat.yml b/roles/nextcloud/vars/RedHat.yml new file mode 100644 index 000000000..d8f8c5311 --- /dev/null +++ b/roles/nextcloud/vars/RedHat.yml @@ -0,0 +1,8 @@ +__nextcloud__packages: + - 'bzip2' + - 'jq' + - 'openldap-clients' + - 'samba-client' +__nextcloud__php_fpm_service_name: 'php-fpm' +__nextcloud__webserver_group: 'apache' +__nextcloud__webserver_user: 'apache' From f74b5aeb116b78f1482f5d78396ec557dc5ae578 Mon Sep 17 00:00:00 2001 From: Danyal Berchtold Date: Wed, 20 May 2026 10:29:43 +0200 Subject: [PATCH 2/2] refactor(roles/nextcloud): add argument_specs and align internal var name Add meta/argument_specs.yml declaring all user-facing variables so Ansible validates required variables (nextcloud__fqdn, nextcloud__users) and types at role entry, including the new nextcloud__webserver_user, nextcloud__webserver_group and nextcloud__php_fpm_service_name. Rename the internal __nextcloud__packages to __nextcloud__required_packages for consistency with the example role's __example__required_packages. --- CHANGELOG.md | 1 + roles/nextcloud/meta/argument_specs.yml | 209 ++++++++++++++++++++++++ roles/nextcloud/tasks/main.yml | 2 +- roles/nextcloud/vars/RedHat.yml | 2 +- 4 files changed, 212 insertions(+), 2 deletions(-) create mode 100644 roles/nextcloud/meta/argument_specs.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 2f14b4124..df12beb82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added +* **role:nextcloud**: Add `meta/argument_specs.yml` declaring all user-facing variables (including the new `nextcloud__webserver_user`, `nextcloud__webserver_group` and `nextcloud__php_fpm_service_name`), so Ansible validates required variables and types at role entry. * **role:graylog_datanode, role:graylog_server**: Add template for Graylog 7.1. * **role:sshd**: Add Debian 13 support. * **role:mirror**: Document the new per-repository `newest_only` subkey on `mirror__reposync_repos` entries. Defaults to `true` (only the newest version of each package is mirrored). Set to `false` for repositories that publish multiple versions in parallel, such as Icinga, where older versions must remain available. diff --git a/roles/nextcloud/meta/argument_specs.yml b/roles/nextcloud/meta/argument_specs.yml new file mode 100644 index 000000000..03fb1d27c --- /dev/null +++ b/roles/nextcloud/meta/argument_specs.yml @@ -0,0 +1,209 @@ +argument_specs: + main: + options: + + nextcloud__app_configs__dependent_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Key-value pairs for configuring apps. Dependent-role injection.' + + nextcloud__app_configs__group_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Key-value pairs for configuring apps. Group-level override.' + + nextcloud__app_configs__host_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Key-value pairs for configuring apps. Host-level override.' + + nextcloud__apps__dependent_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud apps to install. Dependent-role injection.' + + nextcloud__apps__group_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud apps to install. Group-level override.' + + nextcloud__apps__host_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud apps to install. Host-level override.' + + nextcloud__database_host: + type: 'str' + required: false + default: 'localhost' + description: 'Host where MariaDB is located.' + + nextcloud__database_name: + type: 'str' + required: false + default: 'nextcloud' + description: 'Name of the Nextcloud database in MariaDB.' + + nextcloud__datadir: + type: 'str' + required: false + default: '/data' + description: 'Where to store the user files.' + + nextcloud__fqdn: + type: 'str' + required: true + description: 'The FQDN of the Nextcloud instance.' + + nextcloud__icinga2_api_url: + type: 'str' + required: false + description: 'The URL of the Icinga2 API used to set/remove a downtime in the nextcloud-update script.' + + nextcloud__icinga2_api_user_login: + type: 'dict' + required: false + description: 'The Icinga2 API user used to set/remove a downtime in the nextcloud-update script.' + + nextcloud__icinga2_hostname: + type: 'str' + required: false + description: 'The hostname of the Icinga2 host on which the downtime should be set.' + + nextcloud__mariadb_login: + type: 'dict' + required: false + description: 'The database administrator account. The Nextcloud setup will create its own database account.' + + nextcloud__on_calendar_app_update: + type: 'str' + required: false + description: 'Time to update the Nextcloud apps. See systemd.time(7) for the format.' + + nextcloud__on_calendar_jobs: + type: 'str' + required: false + default: '*:0/5' + description: 'Run interval of OCC background jobs. See systemd.time(7) for the format.' + + nextcloud__on_calendar_scan_files: + type: 'str' + required: false + default: '*:50:15' + description: 'Run interval of rescanning the filesystem. See systemd.time(7) for the format.' + + nextcloud__php_fpm_service_name: + type: 'str' + required: false + description: 'Name of the PHP-FPM systemd service that the role and the nextcloud-update script restart. OS-specific default from vars/.' + + nextcloud__skip_apps: + type: 'bool' + required: false + default: false + description: 'Completely skips the management of Nextcloud apps.' + + nextcloud__skip_notify_push: + type: 'bool' + required: false + default: false + description: 'Skips the configuration of notify_push.' + + nextcloud__storage_backend_s3: + type: 'dict' + required: false + description: 'S3 storage backend. If omitted, local storage is used.' + + nextcloud__storage_backend_swift: + type: 'dict' + required: false + description: 'Swift storage backend. If omitted, local storage is used.' + + nextcloud__sysconfig__dependent_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud system config settings. Dependent-role injection.' + + nextcloud__sysconfig__group_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud system config settings. Group-level override.' + + nextcloud__sysconfig__host_var: + type: 'list' + elements: 'dict' + required: false + default: [] + description: 'Nextcloud system config settings. Host-level override.' + + nextcloud__timer_app_update_enabled: + type: 'bool' + required: false + default: false + description: 'Enables/disables the systemd timer for updating apps.' + + nextcloud__timer_jobs_enabled: + type: 'bool' + required: false + default: true + description: 'Enables/disables the systemd timer for running OCC background jobs.' + + nextcloud__timer_ldap_show_remnants_enabled: + type: 'bool' + required: false + default: true + description: 'Enables/disables the systemd timer for mailing LDAP remnants once a month.' + + nextcloud__timer_scan_files_enabled: + type: 'bool' + required: false + default: true + description: 'Enables/disables the systemd timer for re-scanning the Nextcloud files.' + + nextcloud__users: + type: 'list' + elements: 'dict' + required: true + description: 'User accounts to create. The first user has to be the primary administrator account.' + + nextcloud__version: + type: 'str' + required: false + default: 'latest' + description: "Which version to install. One of 'latest', 'latest-XX' or 'nextcloud-XX.X.XX'." + + nextcloud__vhost_virtualhost_ip: + type: 'str' + required: false + description: 'Used within the directive.' + + nextcloud__vhost_virtualhost_port: + type: 'int' + required: false + description: 'Used within the directive.' + + nextcloud__webserver_group: + type: 'str' + required: false + description: 'Group of the web server, used for file ownership. OS-specific default from vars/.' + + nextcloud__webserver_user: + type: 'str' + required: false + description: 'User of the web server, used for file ownership, occ commands and as the User= of the deployed systemd services. OS-specific default from vars/.' diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index b03756433..330d551cf 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -13,7 +13,7 @@ - name: 'Install required packages' ansible.builtin.package: - name: '{{ __nextcloud__packages }}' + name: '{{ __nextcloud__required_packages }}' state: 'present' - name: 'wget https://download.nextcloud.com/server/releases/{{ nextcloud__version }}.tar.bz2' diff --git a/roles/nextcloud/vars/RedHat.yml b/roles/nextcloud/vars/RedHat.yml index d8f8c5311..3612dbb94 100644 --- a/roles/nextcloud/vars/RedHat.yml +++ b/roles/nextcloud/vars/RedHat.yml @@ -1,4 +1,4 @@ -__nextcloud__packages: +__nextcloud__required_packages: - 'bzip2' - 'jq' - 'openldap-clients'