upgrade to nextcloud 14

6 lat temu · 056c026178
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,29 +1,23 @@
 nextcloud_state: installed

 nextcloud_archive_directory: /opt/nextcloud

 nextcloud_directory: /var/www/nextcloud

 nextcloud_data_directory: "{{nextcloud_directory}}/data"

 nextcloud_server_version: 12.0.4
 nextcloud_server_checksum: sha256:654161a74ceaf9a60c7731d7d6702e6710a972633a97955d16f01abeb09d09b6
 nextcloud_version: 14.0.2

 nextcloud_apps:
  - name: contacts
    version: 2.0.1
    checksum: sha256:ce17a7dde519698abb86be987d803913222c6691bf297a1082001344031fd2d9
  - name: calendar
    version: 1.5.6
    checksum: sha256:afe77c960e0a67a41452b1183495ce327beea1b35f04eaf48c71706af9e81358
  - name: tasks
    version: 0.9.5
    checksum: sha256:a76ab499668510d0364262f787520e8f030974facbbe5f0b9ec8ea11915579c9
  - name: news
    version: 11.0.5
    url: https://github.com/nextcloud/news/releases/download/11.0.5/news.tar.gz
    checksum: sha256:664acc326821d8e15be4f26d4e69033bf01286f255f6e1224c0048d1842e5617
  - contacts
  - calendar
  - tasks

 nextcloud_default_language: en
 nextcloud_force_language: false
 nextcloud_defaultapp: files

 nextcloud_database_type: mysql

 nextcloud_server_names:
  - "{{ inventory_hostname }}"
--- a/tasks/access.yml
+++ b/tasks/access.yml
@@ -1,6 +1,14 @@
 ---

 - name: nextcloud directory access
 - name: nextcloud directory
  file:
    path: /var/www/nextcloud
    state: directory
    owner: root
    group: www-data
    mode: 0750

 - name: nextcloud subdirectories
  file:
    path: /var/www/nextcloud/{{item}}
    state: directory
@@ -8,15 +16,18 @@
    group: www-data
    recurse: yes
  with_items:
    - data
    - config
    - apps
    - themes
    - updater

 - name: nextcloud htaccess file access
 - name: nextcloud data directory
  file:
    path: /var/www/nextcloud/.htaccess
    state: file
    path: "{{nextcloud_data_directory}}"
    state: directory
    owner: www-data
    group: www-data
    recurse: yes

 - name: nextcloud log directory
  file:
@@ -24,3 +35,11 @@
    state: directory
    owner: www-data
    group: www-data

 - name: nextcloud htaccess webserver access
  file:
    path: /var/www/nextcloud/.htaccess
    state: file
    owner: www-data
    group: www-data
    state: touch
--- a/tasks/apache2.yml
+++ b/tasks/apache2.yml
@@ -1,12 +1,13 @@
 ---

 - name: apache2 rewrite module
 - name: apache2 modules
  apache2_module:
    name: "{{ item }}"
    state: present
  with_items:
    - ssl
    - rewrite
    - env
  notify: restart apache2

 - name: apache2 nextcloud vhost
@@ -21,3 +22,9 @@
    dest: /etc/apache2/sites-enabled/nextcloud.conf
    state: link
  notify: restart apache2

 - name: apache2 ports
  template:
    src: apache2-ports.conf.j2
    dest: /etc/apache2/ports.conf
  notify: restart apache2
--- a/tasks/apps.yml
+++ b/tasks/apps.yml
@@ -1,15 +1,23 @@
 ---

 - name: get nextcloud apps list
  uri:
    url: https://apps.nextcloud.com/api/v1/platform/{{ nextcloud_version }}/apps.json
  register: _nextcloud_apps_list

 - debug:
    msg:
      _nextcloud_apps: "{{ _nextcloud_apps }}"

 - name: nextcloud apps download
  get_url:
    url: "{{ item.url | default('https://github.com/nextcloud/'+item.name+'/releases/download/v'+item.version+'/'+item.name+'.tar.gz') }}"
    dest: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz
    checksum: "{{ item.checksum }}"
    url: "{{ _nextcloud_apps[item].url }}"
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{item}}-{{ _nextcloud_apps[item].version }}.tar.gz"
  with_items: "{{ nextcloud_apps }}"

 - name: nextcloud apps extract
  unarchive:
    src: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz
    src: "{{nextcloud_archive_directory}}/nextcloud-{{item}}-{{ _nextcloud_apps[item].version }}.tar.gz"
    dest: /var/www/nextcloud/apps/
    remote_src: yes
    owner: root
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -7,6 +7,7 @@
      args:
        chdir: /var/www/nextcloud
      register: _nextcloud_config_cmd
      changed_when: false

    - name: nextcloud occ config:app:delete trusted_domains
      command: php occ config:system:delete trusted_domains
--- a/tasks/gpg.yaml
+++ b/tasks/gpg.yaml
@@ -0,0 +1,17 @@
 ---

 - name: archive directory
  file:
    path: "{{nextcloud_archive_directory}}"
    state: directory

 - name: gpg key
  get_url:
    url: https://nextcloud.com/nextcloud.asc
    dest: "{{nextcloud_archive_directory}}/archive-key.asc"
    checksum: sha256:ae5d6087ae037a673b9901c946a156b180744253375e2e18e1005e6310d95d55

 - name: gpg keyring
  command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg" --import "{{nextcloud_archive_directory}}/archive-key.asc"
  register: _nextcloud_gpg_keyring
  changed_when:  '"imported" in (_nextcloud_gpg_keyring.stderr_lines | last)'
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -16,13 +16,13 @@
 - name: install nextcloud
  command:
    php occ maintenance:install
    --admin-user "{{ nextcloud_admin_username }}"
    --admin-pass "{{ nextcloud_admin_password }}"
    --admin-user "{{ nextcloud_admin_user }}"
    --admin-pass "{{ nextcloud_admin_pass }}"
    --database "{{ nextcloud_database_type }}"
    --database-host "{{ nextcloud_database_host }}"
    --database-name "{{ nextcloud_database_name }}"
    --database-user "{{ nextcloud_database_user }}"
    --database-pass "{{ nextcloud_database_password }}"
    --database-pass "{{ nextcloud_database_pass }}"
  args:
    chdir: /var/www/nextcloud
  become: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,13 +2,14 @@

 - include_tasks: setup_{{ansible_os_family}}.yml

 - import_tasks: gpg.yaml

 - import_tasks: php-opcache.yml

 - import_tasks: reset.yml
  when: nextcloud_state == "reinstalled"

 - import_tasks: server.yml

 - import_tasks: access.yml

 - import_tasks: mysql.yml
@@ -21,7 +22,7 @@

 - import_tasks: configure.yml

 - import_tasks: apps.yml
 #- import_tasks: apps.yml

 - import_tasks: upgrade.yml

@@ -30,3 +31,5 @@
 - import_tasks: apache2.yml

 - import_tasks: cron.yml

 - import_tasks: occ.yaml
--- a/tasks/mysql.yml
+++ b/tasks/mysql.yml
@@ -4,7 +4,7 @@
  mysql_user:
    name: "{{ nextcloud_database_user }}"
    host: "{{ ssh_ip }}"
    password: "{{ nextcloud_database_password }}"
    password: "{{ nextcloud_database_pass }}"
    priv: "{{nextcloud_database_name}}.*:ALL"
  delegate_to: "{{ nextcloud_database_host }}"

--- a/tasks/occ.yaml
+++ b/tasks/occ.yaml
@@ -0,0 +1,6 @@
 ---

 - name: occ fish
  template:
    src: occ.fish.j2
    dest: /etc/fish/conf.d/occ.fish
--- a/tasks/reset.yml
+++ b/tasks/reset.yml
@@ -11,3 +11,8 @@
    state: absent
  delegate_to: "{{ nextcloud_database_host }}"
  when: nextcloud_database_type == "mysql"

 - name: delete nextcloud log
  file:
    path: /var/log/nextcloud/nextcloud.log
    state: absent
--- a/tasks/server.yml
+++ b/tasks/server.yml
@@ -1,15 +1,41 @@
 ---

 - name: nextcloud server download
 - name: nextcloud platforms
  uri:
    url: https://apps.nextcloud.com/api/v1/platforms.json
  register: _nextcloud_platforms

 - name: nextcloud archive checksum download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_server_version }}.tar.bz2
    dest: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2
    checksum: "{{ nextcloud_server_checksum }}"
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"

 - name: nextcloud server archive checksum
  shell: cat "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.sha256"
  register: _nextcloud_server_archive_checksum
  changed_when: false

 - name: nextcloud server extract
 - name: nextcloud archive download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    checksum: sha256:{{ _nextcloud_server_archive_checksum.stdout_lines[0].split(' ')[0] }}

 - name: nextcloud archive signature download
  get_url:
    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2.asc
    dest: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"

 - name: nextcloud archive signature check
  command: gpg --no-default-keyring --keyring "{{nextcloud_archive_directory}}/keyring.gpg"
    --verify "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2.asc"
    "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
  changed_when: false

 - name: nextcloud extract
  unarchive:
    src: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2
    dest: /var/www/
    src: "{{nextcloud_archive_directory}}/nextcloud-{{ nextcloud_version }}.tar.bz2"
    remote_src: yes
    dest: /var/www/
    owner: root
    group: root
    group: www-data
--- a/templates/apache-vhost.conf.j2
+++ b/templates/apache-vhost.conf.j2
@@ -1,6 +1,6 @@
 {{ ansible_managed | comment }}

 <VirtualHost *:443>
 <VirtualHost *:443 *:8843>

  ServerName {{nextcloud_server_names|first}}
  {% for name in nextcloud_server_names | difference([nextcloud_server_names|first]) %}
--- a/templates/apache2-ports.conf.j2
+++ b/templates/apache2-ports.conf.j2
@@ -0,0 +1,3 @@
 Listen 80
 Listen 443
 Listen 8843
--- a/templates/config.php.j2
+++ b/templates/config.php.j2
@@ -1,248 +1,28 @@
 <?php

 /**
 * This configuration file is only provided to document the different
 * configuration options and their usage.
 *
 * DO NOT COMPLETELY BASE YOUR CONFIGURATION FILE ON THIS SAMPLE. THIS MAY BREAK
 * YOUR INSTANCE. Instead, manually copy configuration switches that you
 * consider important for your instance to your working ``config.php``, and
 * apply configuration options that are pertinent for your instance.
 *
 * This file is used to generate the configuration documentation.
 * Please consider following requirements of the current parser:
 *  * all comments need to start with `/**` and end with ` *\/` - each on their
 *    own line
 *  * add a `@see CONFIG_INDEX` to copy a previously described config option
 *    also to this line
 *  * everything between the ` *\/` and the next `/**` will be treated as the
 *    config option
 *  * use RST syntax
 */

 $CONFIG = array(

 /**
 * Where user files are stored. The SQLite database is also stored here, when
 * you use SQLite.
 *
 * Default to ``data/`` in the Nextcloud directory.
 */
 'datadirectory' => '{{nextcloud_data_directory}}',

 /**
 * Indicates whether the Nextcloud instance was installed successfully; ``true``
 * indicates a successful installation, and ``false`` indicates an unsuccessful
 * installation.
 *
 * Defaults to ``false``
 */
 'installed' => false,

 /**
 * During setup, if requirements are met (see below), this setting is set to true
 * and MySQL can handle 4 byte characters instead of 3 byte characters.
 *
 * If you want to convert an existing 3-byte setup into a 4-byte setup please
 * set the parameters in MySQL as mentioned below and run the migration command:
 * ./occ db:convert-mysql-charset
 * The config setting will be set automatically after a successful run.
 *
 * Consult the documentation for more details.
 *
 * MySQL requires a special setup for longer indexes (> 767 bytes) which are
 * needed:
 *
 * [mysqld]
 * innodb_large_prefix=ON
 * innodb_file_format=Barracuda
 * innodb_file_per_table=ON
 *
 * Tables will be created with
 *  * character set: utf8mb4
 *  * collation:     utf8mb4_bin
 *  * row_format:    compressed
 *
 * See:
 * https://dev.mysql.com/doc/refman/5.7/en/charset-unicode-utf8mb4.html
 * https://dev.mysql.com/doc/refman/5.7/en/innodb-parameters.html#sysvar_innodb_large_prefix
 * https://mariadb.com/kb/en/mariadb/xtradbinnodb-server-system-variables/#innodb_large_prefix
 * http://www.tocker.ca/2013/10/31/benchmarking-innodb-page-compression-performance.html
 * http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/
 */
 'mysql.utf8mb4' => true,

 /**
 * User Experience
 *
 * These optional parameters control some aspects of the user interface. Default
 * values, where present, are shown.
 */

 /**
 * This sets the default language on your Nextcloud server, using ISO_639-1
 * language codes such as ``en`` for English, ``de`` for German, and ``fr`` for
 * French. It overrides automatic language detection on public pages like login
 * or shared items. User's language preferences configured under "personal ->
 * language" override this setting after they have logged in.
 *
 * Defaults to ``en``
 */
 'default_language' => '{{nextcloud_default_language}}',

 /**
 * With this setting a language can be forced for all users. If a language is
 * forced, the users are also unable to change their language in the personal
 * settings. If users shall be unable to change their language, but users have
 * different languages, this value can be set to ``true`` instead of a language
 * code.
 *
 * Defaults to ``false``
 */
 {% if nextcloud_force_language %}
 'force_language' => '{{nextcloud_force_language}}',
 {% endif %}

 /**
 * Set the default app to open on login. Use the app names as they appear in the
 * URL after clicking them in the Apps menu, such as documents, calendar, and
 * gallery. You can use a comma-separated list of app names, so if the first
 * app is not enabled for a user then Nextcloud will try the second one, and so
 * on. If no enabled apps are found it defaults to the Files app.
 *
 * Defaults to ``files``
 */
 'defaultapp' => '{{nextcloud_defaultapp}}',

 /**
 * To have clean URLs without `/index.php` this parameter needs to be configured.
 *
 * This parameter will be written as "RewriteBase" on update and installation of
 * Nextcloud to your `.htaccess` file. While this value is often simply the URL
 * path of the Nextcloud installation it cannot be set automatically properly in
 * every scenario and needs thus some manual configuration.
 *
 * In a standard Apache setup this usually equals the folder that Nextcloud is
 * accessible at. So if Nextcloud is accessible via "https://mycloud.org/nextcloud"
 * the correct value would most likely be "/nextcloud". If Nextcloud is running
 * under "https://mycloud.org/" then it would be "/".
 *
 * Note that the above rule is not valid in every case, as there are some rare setup
 * cases where this may not apply. However, to avoid any update problems this
 * configuration value is explicitly opt-in.
 *
 * After setting this value run `occ maintenance:update:htaccess`. Now, when the
 * following conditions are met Nextcloud URLs won't contain `index.php`:
 *
 * - `mod_rewrite` is installed
 * - `mod_env` is installed
 *
 * Defaults to ``''`` (empty string)
 */
 'htaccess.RewriteBase' => '/',

 /**
 * Checks an app before install whether it uses private APIs instead of the
 * proper public APIs. If this is set to true it will only allow to install or
 * enable apps that pass this check.
 *
 * Defaults to ``false``
 */
 'overwrite.cli.url'  => 'https://{{nextcloud_server_names|first}}/',
 'appcodechecker' => true,

 /**
 * Check if Nextcloud is up-to-date and shows a notification if a new version is
 * available.
 *
 * Defaults to ``true``
 */
 'updatechecker' => true,


 /**
 * Logging
 */

 /**
 * By default the Nextcloud logs are sent to the ``nextcloud.log`` file in the
 * default Nextcloud data directory.
 * If syslogging is desired, set this parameter to ``syslog``.
 * Setting this parameter to ``errorlog`` will use the PHP error_log function
 * for logging.
 *
 * Defaults to ``file``
 */
 'log_type' => 'file',

 /**
 * Log file path for the Nextcloud logging type.
 *
 * Defaults to ``[datadirectory]/nextcloud.log``
 */
 'logfile' => '/var/log/nextcloud/nextcloud.log',

 /**
 * Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 =
 * Warning, 3 = Error, and 4 = Fatal. The default value is Warning.
 *
 * Defaults to ``2``
 */
 'loglevel' => 2,


 /**
 * The timezone for logfiles. You may change this; see
 * http://php.net/manual/en/timezones.php
 *
 * Defaults to ``UTC``
 */
 'logtimezone' => 'UTC',


 /**
 * Apps
 *
 * Options for the Apps folder, Apps store, and App code checker.
 */

 /**
 * When enabled, admins may install apps from the Nextcloud app store.
 *
 * Defaults to ``true``
 */
 'appstoreenabled' => false,

 /**
 * Use the ``apps_paths`` parameter to set the location of the Apps directory,
 * which should be scanned for available apps, and where user-specific apps
 * should be installed from the Apps store. The ``path`` defines the absolute
 * file system path to the app folder. The key ``url`` defines the HTTP Web path
 * to that folder, starting from the Nextcloud webroot. The key ``writable``
 * indicates if a Web server can write files to that folder.
 */
 'apps_paths' => array(
 	array(
 		'path'=> '/var/www/nextcloud/apps',
 		'path'=> '{{nextcloud_directory}}/apps',
 		'url' => '/apps',
 		'writable' => false,
 	),
 ),


 /**
 * Disable the web based updater
 */
 'upgrade.disable-web' => true,


 /**
 * Enable memcache
 */
 'memcache.local' => '\OC\Memcache\APCu',
 'memcache.distributed' => '\OC\Memcache\Memcached',
 'memcached_servers' => array(
     array('localhost', 11211),
     ),


 );
--- a/templates/nextcloud-latest.json.j2
+++ b/templates/nextcloud-latest.json.j2
@@ -0,0 +1,8 @@
 {% set r = namespace() %}
 {% set r.latest = "0.0.0" %}
 {% for release in _nextcloud_platforms.json %}
 {% if release.version is version(r.latest , operator='gt') and not release.isSupported and release.hasRelease %}
 {% set r.latest = release.version %}
 {% endif %}
 {% endfor %}
 {{r.latest|to_json}}
--- a/templates/occ.fish.j2
+++ b/templates/occ.fish.j2
@@ -0,0 +1,5 @@
 {{ansible_managed|comment}}

 function occ
  sudo -u www-data php {{nextcloud_directory}}/occ $argv
 end
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1 +1,3 @@
 _nextcloud_config: "{{ _nextcloud_config_cmd.stdout | from_json }}"
 _nextcloud_latest: "{{ lookup('template','nextcloud-latest.json.j2') |from_json }}"
 _nextcloud_apps: "{{ lookup('template','nextcloud-apps.json.j2') }}"