From 698d6b3aee20465156652cd4481f5c10ff708a35 Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Fri, 6 Oct 2017 10:31:04 +0000
Subject: [PATCH] nextcloud role

---
 defaults/main.yml              |  22 +++
 handlers/main.yml              |   6 +
 tasks/access.yml               |  26 +++
 tasks/apache2.yml              |  20 +++
 tasks/apps.yml                 |  26 +++
 tasks/configure.yml            |  12 ++
 tasks/install.yml              |  31 ++++
 tasks/main.yml                 |  25 +++
 tasks/mysql.yml                |  15 ++
 tasks/reset.yml                |  13 ++
 tasks/server.yml               |  15 ++
 tasks/setup_Debian.yml         |  18 ++-
 tasks/upgrade.yml              |   9 ++
 templates/apache-vhost.conf.j2 |  23 +++
 templates/config.php.j2        | 285 +++++++++++++++++++++++++++++++++
 15 files changed, 543 insertions(+), 3 deletions(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/access.yml
 create mode 100644 tasks/apache2.yml
 create mode 100644 tasks/apps.yml
 create mode 100644 tasks/configure.yml
 create mode 100644 tasks/install.yml
 create mode 100644 tasks/mysql.yml
 create mode 100644 tasks/reset.yml
 create mode 100644 tasks/server.yml
 create mode 100644 tasks/upgrade.yml
 create mode 100644 templates/apache-vhost.conf.j2
 create mode 100644 templates/config.php.j2

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..e1890c5
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,22 @@
+nextcloud_state: installed
+
+nextcloud_directory: /var/www/nextcloud
+
+nextcloud_data_directory: "{{nextcloud_directory}}/data"
+
+nextcloud_server_version: 12.0.3
+nextcloud_server_sha256sum: 88bcaccba886d0e5a145b15fe216d652ab68a0a4c089a102f1fa1e78e6ddfb71
+
+nextcloud_apps:
+  - name: contacts
+    version: 2.0.1
+    url: https://github.com/nextcloud/contacts/releases/download/v2.0.1/contacts.tar.gz
+    sha256sum: ce17a7dde519698abb86be987d803913222c6691bf297a1082001344031fd2d9
+  - name: calendar
+    version: 1.5.5
+    url: https://download.nextcloud.com/server/apps/calendar-1.5.5.tar.gz
+    sha256sum: 9a809307a3bf7e92e1dc5d39339f97d68fa1bd72a39206191ad1a3862bb778ed
+
+nextcloud_default_language: en
+nextcloud_force_language: false
+nextcloud_defaultapp: files
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..e2ca53e
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
diff --git a/tasks/access.yml b/tasks/access.yml
new file mode 100644
index 0000000..d0a1449
--- /dev/null
+++ b/tasks/access.yml
@@ -0,0 +1,26 @@
+---
+
+- name: nextcloud directory access
+  file:
+    path: /var/www/nextcloud/{{item}}
+    state: directory
+    owner: www-data
+    group: www-data
+    recurse: yes
+  with_items:
+    - data
+    - config
+
+- name: nextcloud htaccess file access
+  file:
+    path: /var/www/nextcloud/.htaccess
+    state: file
+    owner: www-data
+    group: www-data
+
+- name: nextcloud log directory
+  file:
+    path: /var/log/nextcloud
+    state: directory
+    owner: www-data
+    group: www-data
diff --git a/tasks/apache2.yml b/tasks/apache2.yml
new file mode 100644
index 0000000..038fa53
--- /dev/null
+++ b/tasks/apache2.yml
@@ -0,0 +1,20 @@
+---
+
+- name: apache2 nextcloud vhost
+  template:
+    src: apache-vhost.conf.j2
+    dest: /etc/apache2/sites-available/nextcloud.conf
+  notify: restart apache2
+
+- name: apache2 nextcloud vhost enabled
+  file:
+    src: ../sites-available/nextcloud.conf
+    dest: /etc/apache2/sites-enabled/nextcloud.conf
+    state: link
+  notify: restart apache2
+
+- name: apache2 rewrite module
+  apache2_module:
+    name: rewrite
+    state: present
+  notify: restart apache2
diff --git a/tasks/apps.yml b/tasks/apps.yml
new file mode 100644
index 0000000..7c5e44b
--- /dev/null
+++ b/tasks/apps.yml
@@ -0,0 +1,26 @@
+---
+
+- name: nextcloud apps download
+  get_url:
+    url: "{{ item.url }}"
+    dest: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz
+    sha256sum: "{{ item.sha256sum }}"
+  with_items: "{{ nextcloud_apps }}"
+
+- name: nextcloud apps extract
+  unarchive:
+    src: /var/www/nextcloud-app-{{item.name}}-{{ item.version }}.tar.gz
+    dest: /var/www/nextcloud/apps/
+    remote_src: yes
+    owner: root
+    group: root
+  with_items: "{{ nextcloud_apps }}"
+
+- name: nextcloud enable apps
+  command: php occ app:enable {{item.name}}
+  with_items: "{{ nextcloud_apps }}"
+  args:
+    chdir: /var/www/nextcloud
+  become: true
+  become_user: www-data
+  become_method: sudo
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..f13af54
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,12 @@
+---
+
+- name: nextcloud occ
+  command: php occ {{item}}
+  with_items:
+    - config:system:set trusted_domains 1 --value={{inventory_hostname}}
+    - maintenance:update:htaccess
+  args:
+    chdir: /var/www/nextcloud
+  become: true
+  become_user: www-data
+  become_method: sudo
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..17bd025
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,31 @@
+---
+
+- name: check for config file
+  stat:
+    path: /var/www/nextcloud/config/config.php
+  register: _nextcloud_config_file
+
+- name: nextcloud initial config file
+  template:
+    src: config.php.j2
+    dest: /var/www/nextcloud/config/config.php
+    owner: www-data
+    group: www-data
+  when: not _nextcloud_config_file.stat.isreg is defined
+
+- name: install nextcloud
+  command:
+    php occ maintenance:install
+    --admin-user "{{ nextcloud_admin_username }}"
+    --admin-pass "{{ nextcloud_admin_password }}"
+    --database "{{ nextcloud_database_type }}"
+    --database-host "{{ nextcloud_database_host }}"
+    --database-name "{{ nextcloud_database_name }}"
+    --database-user "{{ nextcloud_database_user }}"
+    --database-pass "{{ nextcloud_database_password }}"
+  args:
+    chdir: /var/www/nextcloud
+  become: true
+  become_user: www-data
+  become_method: sudo
+  when: not _nextcloud_config_file.stat.isreg is defined
diff --git a/tasks/main.yml b/tasks/main.yml
index ed97d53..d2bf05c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1 +1,26 @@
 ---
+
+- include: setup_Debian.yml
+
+- include: reset.yml
+  when: nextcloud_state == "reinstalled"
+
+- include: server.yml
+
+- include: access.yml
+
+- include: mysql.yml
+  when: nextcloud_database_type == "mysql"
+
+- include: install.yml
+  when:
+    nextcloud_state == "installed" or
+    nextcloud_state == "reinstalled"
+
+- include: configure.yml
+
+- include: apps.yml
+
+- include: upgrade.yml
+
+- include: apache2.yml
diff --git a/tasks/mysql.yml b/tasks/mysql.yml
new file mode 100644
index 0000000..52cf4a9
--- /dev/null
+++ b/tasks/mysql.yml
@@ -0,0 +1,15 @@
+---
+
+- name: mysql user
+  mysql_user:
+    name: "{{ nextcloud_database_user }}"
+    host: "{{ ssh_ip }}"
+    password: "{{ nextcloud_database_password }}"
+    priv: "{{nextcloud_database_name}}.*:ALL"
+  delegate_to: "{{ nextcloud_database_host }}"
+
+- name: mysql database
+  mysql_db:
+    name: "{{nextcloud_database_name}}"
+    state: present
+  delegate_to: "{{ nextcloud_database_host }}"
diff --git a/tasks/reset.yml b/tasks/reset.yml
new file mode 100644
index 0000000..23ea615
--- /dev/null
+++ b/tasks/reset.yml
@@ -0,0 +1,13 @@
+---
+
+- name: delete nextcloud directory
+  file:
+    path: /var/www/nextcloud
+    state: absent
+
+- name: drop mysql database
+  mysql_db:
+    name: "{{nextcloud_database_name}}"
+    state: absent
+  delegate_to: "{{ nextcloud_database_host }}"
+  when: nextcloud_database_type == "mysql"
diff --git a/tasks/server.yml b/tasks/server.yml
new file mode 100644
index 0000000..fc4a881
--- /dev/null
+++ b/tasks/server.yml
@@ -0,0 +1,15 @@
+---
+
+- name: nextcloud server download
+  get_url:
+    url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_server_version }}.tar.bz2
+    dest: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2
+    sha256sum: "{{ nextcloud_server_sha256sum }}"
+
+- name: nextcloud server extract
+  unarchive:
+    src: /var/www/nextcloud-{{ nextcloud_server_version }}.tar.bz2
+    dest: /var/www/
+    remote_src: yes
+    owner: root
+    group: root
diff --git a/tasks/setup_Debian.yml b/tasks/setup_Debian.yml
index 8d34949..b0a995c 100644
--- a/tasks/setup_Debian.yml
+++ b/tasks/setup_Debian.yml
@@ -5,10 +5,22 @@
     pkg: "{{item}}"
     state: present
   with_items:
-    - nginx
-    - nginx-full
+    - apache2
+    - libapache2-mod-php
+    - php-xml
+    - php-gd
+    - php-json
+    - php-mbstring
+    - php-zip
+    - php-mysql
+    - php-curl
+    - php-intl
+    - php-mcrypt
+    - php-imagick
+    - ca-certificates
+    - sudo
 
 - name: remove default page
   file:
-    path: /var/www/html/index.nginx-debian.html
+    path: /var/www/html/index.html
     state: absent
diff --git a/tasks/upgrade.yml b/tasks/upgrade.yml
new file mode 100644
index 0000000..2fad1d7
--- /dev/null
+++ b/tasks/upgrade.yml
@@ -0,0 +1,9 @@
+---
+
+- name: upgrade nextcloud
+  command: php occ upgrade
+  args:
+    chdir: /var/www/nextcloud
+  become: true
+  become_user: www-data
+  become_method: sudo
diff --git a/templates/apache-vhost.conf.j2 b/templates/apache-vhost.conf.j2
new file mode 100644
index 0000000..da7d880
--- /dev/null
+++ b/templates/apache-vhost.conf.j2
@@ -0,0 +1,23 @@
+<VirtualHost *:80>
+
+        DocumentRoot /var/www/nextcloud
+
+        ServerName {{inventory_hostname}}
+
+        <Directory /var/www/nextcloud/>
+                Options +FollowSymlinks
+                AllowOverride All
+
+                <IfModule mod_dav.c>
+                        Dav off
+                </IfModule>
+
+                SetEnv HOME /var/www/nextcloud
+                SetEnv HTTP_HOME /var/www/nextcloud
+
+        </Directory>
+
+        ErrorLog ${APACHE_LOG_DIR}/error.log
+        CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+</VirtualHost>
diff --git a/templates/config.php.j2 b/templates/config.php.j2
new file mode 100644
index 0000000..cbaa254
--- /dev/null
+++ b/templates/config.php.j2
@@ -0,0 +1,285 @@
+<?php
+
+/**
+ * This configuration file is only provided to document the different
+ * configuration options and their usage.
+ *
+ * DO NOT COMPLETELY BASE YOUR CONFIGURATION FILE ON THIS SAMPLE. THIS MAY BREAK
+ * YOUR INSTANCE. Instead, manually copy configuration switches that you
+ * consider important for your instance to your working ``config.php``, and
+ * apply configuration options that are pertinent for your instance.
+ *
+ * This file is used to generate the configuration documentation.
+ * Please consider following requirements of the current parser:
+ *  * all comments need to start with `/**` and end with ` *\/` - each on their
+ *    own line
+ *  * add a `@see CONFIG_INDEX` to copy a previously described config option
+ *    also to this line
+ *  * everything between the ` *\/` and the next `/**` will be treated as the
+ *    config option
+ *  * use RST syntax
+ */
+
+$CONFIG = array(
+
+
+/**
+ * Your list of trusted domains that users can log into. Specifying trusted
+ * domains prevents host header poisoning. Do not remove this, as it performs
+ * necessary security checks.
+ * You can specify:
+ *
+ * - the exact hostname of your host or virtual host, e.g. demo.example.org.
+ * - the exact hostname with permitted port, e.g. demo.example.org:443.
+ *   This disallows all other ports on this host
+ * - use * as a wildcard, e.g. ubos-raspberry-pi*.local will allow
+ *   ubos-raspberry-pi.local and ubos-raspberry-pi-2.local
+ */
+'trusted_domains' =>
+  array (
+    'localhost',
+    '{{inventory_hostname}}',
+  ),
+
+
+/**
+ * Where user files are stored. The SQLite database is also stored here, when
+ * you use SQLite.
+ *
+ * Default to ``data/`` in the Nextcloud directory.
+ */
+'datadirectory' => '{{nextcloud_data_directory}}',
+
+
+/**
+ * Identifies the database used with this installation. See also config option
+ * ``supportedDatabases``
+ *
+ * Available:
+ * 	- sqlite (SQLite3)
+ * 	- mysql (MySQL/MariaDB)
+ * 	- pgsql (PostgreSQL)
+ *
+ * Defaults to ``sqlite``
+ */
+'dbtype' => '{{ nextcloud_database_type }}',
+
+/**
+ * Your host server name, for example ``localhost``, ``hostname``,
+ * ``hostname.example.com``, or the IP address. To specify a port use
+ * ``hostname:####``; to specify a Unix socket use
+ * ``localhost:/path/to/socket``.
+ */
+'dbhost' => '{{ nextcloud_database_host }}',
+
+/**
+ * The name of the Nextcloud database, which is set during installation. You
+ * should not need to change this.
+ */
+'dbname' => '{{ nextcloud_database_name }}',
+
+/**
+ * The user that Nextcloud uses to write to the database. This must be unique
+ * across Nextcloud instances using the same SQL database. This is set up during
+ * installation, so you shouldn't need to change it.
+ */
+'dbuser' => '{{ nextcloud_database_user }}',
+
+/**
+ * The password for the database user. This is set up during installation, so
+ * you shouldn't need to change it.
+ */
+'dbpassword' => '{{ nextcloud_database_password }}',
+
+/**
+ * Prefix for the Nextcloud tables in the database.
+ *
+ * Default to ``oc_``
+ */
+'dbtableprefix' => '',
+
+
+/**
+ * Indicates whether the Nextcloud instance was installed successfully; ``true``
+ * indicates a successful installation, and ``false`` indicates an unsuccessful
+ * installation.
+ *
+ * Defaults to ``false``
+ */
+'installed' => false,
+
+
+/**
+ * User Experience
+ *
+ * These optional parameters control some aspects of the user interface. Default
+ * values, where present, are shown.
+ */
+
+/**
+ * This sets the default language on your Nextcloud server, using ISO_639-1
+ * language codes such as ``en`` for English, ``de`` for German, and ``fr`` for
+ * French. It overrides automatic language detection on public pages like login
+ * or shared items. User's language preferences configured under "personal ->
+ * language" override this setting after they have logged in.
+ *
+ * Defaults to ``en``
+ */
+'default_language' => '{{nextcloud_default_language}}',
+
+/**
+ * With this setting a language can be forced for all users. If a language is
+ * forced, the users are also unable to change their language in the personal
+ * settings. If users shall be unable to change their language, but users have
+ * different languages, this value can be set to ``true`` instead of a language
+ * code.
+ *
+ * Defaults to ``false``
+ */
+{% if nextcloud_force_language %}
+'force_language' => '{{nextcloud_force_language}}',
+{% endif %}
+
+/**
+ * Set the default app to open on login. Use the app names as they appear in the
+ * URL after clicking them in the Apps menu, such as documents, calendar, and
+ * gallery. You can use a comma-separated list of app names, so if the first
+ * app is not enabled for a user then Nextcloud will try the second one, and so
+ * on. If no enabled apps are found it defaults to the Files app.
+ *
+ * Defaults to ``files``
+ */
+'defaultapp' => '{{nextcloud_defaultapp}}',
+
+/**
+ * Use this configuration parameter to specify the base URL for any URLs which
+ * are generated within Nextcloud using any kind of command line tools (cron or
+ * occ). The value should contain the full base URL:
+ * ``https://www.example.com/nextcloud``
+ *
+ * Defaults to ``''`` (empty string)
+ */
+'overwrite.cli.url' => 'http://{{inventory_hostname}}',
+
+/**
+ * To have clean URLs without `/index.php` this parameter needs to be configured.
+ *
+ * This parameter will be written as "RewriteBase" on update and installation of
+ * Nextcloud to your `.htaccess` file. While this value is often simply the URL
+ * path of the Nextcloud installation it cannot be set automatically properly in
+ * every scenario and needs thus some manual configuration.
+ *
+ * In a standard Apache setup this usually equals the folder that Nextcloud is
+ * accessible at. So if Nextcloud is accessible via "https://mycloud.org/nextcloud"
+ * the correct value would most likely be "/nextcloud". If Nextcloud is running
+ * under "https://mycloud.org/" then it would be "/".
+ *
+ * Note that the above rule is not valid in every case, as there are some rare setup
+ * cases where this may not apply. However, to avoid any update problems this
+ * configuration value is explicitly opt-in.
+ *
+ * After setting this value run `occ maintenance:update:htaccess`. Now, when the
+ * following conditions are met Nextcloud URLs won't contain `index.php`:
+ *
+ * - `mod_rewrite` is installed
+ * - `mod_env` is installed
+ *
+ * Defaults to ``''`` (empty string)
+ */
+'htaccess.RewriteBase' => '/',
+
+/**
+ * Checks an app before install whether it uses private APIs instead of the
+ * proper public APIs. If this is set to true it will only allow to install or
+ * enable apps that pass this check.
+ *
+ * Defaults to ``false``
+ */
+'appcodechecker' => true,
+
+/**
+ * Check if Nextcloud is up-to-date and shows a notification if a new version is
+ * available.
+ *
+ * Defaults to ``true``
+ */
+'updatechecker' => true,
+
+
+/**
+ * Logging
+ */
+
+/**
+ * By default the Nextcloud logs are sent to the ``nextcloud.log`` file in the
+ * default Nextcloud data directory.
+ * If syslogging is desired, set this parameter to ``syslog``.
+ * Setting this parameter to ``errorlog`` will use the PHP error_log function
+ * for logging.
+ *
+ * Defaults to ``file``
+ */
+'log_type' => 'file',
+
+/**
+ * Log file path for the Nextcloud logging type.
+ *
+ * Defaults to ``[datadirectory]/nextcloud.log``
+ */
+'logfile' => '/var/log/nextcloud/nextcloud.log',
+
+/**
+ * Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 =
+ * Warning, 3 = Error, and 4 = Fatal. The default value is Warning.
+ *
+ * Defaults to ``2``
+ */
+'loglevel' => 2,
+
+
+/**
+ * The timezone for logfiles. You may change this; see
+ * http://php.net/manual/en/timezones.php
+ *
+ * Defaults to ``UTC``
+ */
+'logtimezone' => 'UTC',
+
+
+/**
+ * Apps
+ *
+ * Options for the Apps folder, Apps store, and App code checker.
+ */
+
+/**
+ * When enabled, admins may install apps from the Nextcloud app store.
+ *
+ * Defaults to ``true``
+ */
+'appstoreenabled' => false,
+
+/**
+ * Use the ``apps_paths`` parameter to set the location of the Apps directory,
+ * which should be scanned for available apps, and where user-specific apps
+ * should be installed from the Apps store. The ``path`` defines the absolute
+ * file system path to the app folder. The key ``url`` defines the HTTP Web path
+ * to that folder, starting from the Nextcloud webroot. The key ``writable``
+ * indicates if a Web server can write files to that folder.
+ */
+'apps_paths' => array(
+	array(
+		'path'=> '/var/www/nextcloud/apps',
+		'url' => '/apps',
+		'writable' => false,
+	),
+),
+
+
+/**
+ * Disable the web based updater
+ */
+'upgrade.disable-web' => true,
+
+
+);