From 71b03669777f069614f56fb523482e09c4ed614a Mon Sep 17 00:00:00 2001 From: Lino Silva Date: Sat, 22 Apr 2023 10:59:28 +0100 Subject: [PATCH] feat: Add nextcloud --- inventory/my-cluster/group_vars/all.yml | 26 +++++++++++++++ inventory/my-cluster/host_vars/nextcloud | 6 ++++ inventory/my-cluster/hosts.ini | 1 + playbook-nextcloud.yml | 23 +++++++++++++ roles/nextcloud/enable-ssh/tasks/main.yml | 12 +++++++ roles/nextcloud/install-app/tasks/main.yml | 20 +++++++++++ .../install-app/templates/docker-compose.yml | 33 +++++++++++++++++++ roles/nextcloud/install-docker/tasks/main.yml | 27 +++++++++++++++ .../nextcloud/provision/create/tasks/main.yml | 31 +++++++++++++++++ .../nextcloud/provision/delete/tasks/main.yml | 26 +++++++++++++++ .../nextcloud/provision/start/tasks/main.yml | 8 +++++ roles/nextcloud/update/tasks/main.yml | 6 ++++ 12 files changed, 219 insertions(+) create mode 100644 inventory/my-cluster/host_vars/nextcloud create mode 100644 playbook-nextcloud.yml create mode 100644 roles/nextcloud/enable-ssh/tasks/main.yml create mode 100644 roles/nextcloud/install-app/tasks/main.yml create mode 100644 roles/nextcloud/install-app/templates/docker-compose.yml create mode 100644 roles/nextcloud/install-docker/tasks/main.yml create mode 100644 roles/nextcloud/provision/create/tasks/main.yml create mode 100644 roles/nextcloud/provision/delete/tasks/main.yml create mode 100644 roles/nextcloud/provision/start/tasks/main.yml create mode 100644 roles/nextcloud/update/tasks/main.yml diff --git a/inventory/my-cluster/group_vars/all.yml b/inventory/my-cluster/group_vars/all.yml index 113f34e..467cd3d 100644 --- a/inventory/my-cluster/group_vars/all.yml +++ b/inventory/my-cluster/group_vars/all.yml @@ -243,3 +243,29 @@ paperless_pwd: !vault | 61356263303563656235623866653065633063313038326432636161316339663030313439646537 63333032353133373633353463613861643933353038323231646461386330623038343262343763 663836323538623836346337303834313139 + +nextcloud_mysql_root_pwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 31623863613966623834303961333332396238346332646438633665623463353938623336346631 + 3835636631386263336130373130336662666635353461660a643635346430623438616234333964 + 35653638313734373134663865653865393536376162356234326565353665613337376562623231 + 6532333263313362660a306462626330346233393566363632613666616437343361303962353938 + 64343430316661653532366233396262316236633936333162653263646635643466326265613066 + 3062633330616537376462346235653433656635366135346265 + +nextcloud_mysql_pwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 37343730363831393233643034393838323430383339386238626334343462383061656236613530 + 3430363331343139356538333333326337656163333931660a373964653034323466373038663561 + 64363239663665623263326435383132393561616436376564353562666637396631316262653361 + 6134653565623736310a303733396335303139643334363034356138393364373234353537623463 + 62323938343430313132363037626231633435333330653665613637333734613231326434303532 + 3461646466366339653532366639393035396638623035396338 + +nextcloud_admin_pwd: !vault | + $ANSIBLE_VAULT;1.1;AES256 + 64633233343935636536353533663761353033376331666634633138363233323065323936303934 + 3762643937346435636635306461663461373138636666380a363761616137373430666236306636 + 38663933656231386532333032353731643936653534666530333664333835316561663335633238 + 3531623266386432620a643861666538396437323234623162383437646663653036663836383233 + 62636461303338313436343934656165363361396332343961396434356161363736 \ No newline at end of file diff --git a/inventory/my-cluster/host_vars/nextcloud b/inventory/my-cluster/host_vars/nextcloud new file mode 100644 index 0000000..1dc5299 --- /dev/null +++ b/inventory/my-cluster/host_vars/nextcloud @@ -0,0 +1,6 @@ +--- + +ansible_user: root +ansible_host: 10.0.2.30 +ansible_ssh_pass: "{{ proxmox_api_password }}" +vmid: 621 diff --git a/inventory/my-cluster/hosts.ini b/inventory/my-cluster/hosts.ini index 0d64ae0..0357be0 100644 --- a/inventory/my-cluster/hosts.ini +++ b/inventory/my-cluster/hosts.ini @@ -15,6 +15,7 @@ mealie vaultwarden gitea paperless +nextcloud [baremetal] mipha diff --git a/playbook-nextcloud.yml b/playbook-nextcloud.yml new file mode 100644 index 0000000..bbc59a5 --- /dev/null +++ b/playbook-nextcloud.yml @@ -0,0 +1,23 @@ +--- +- hosts: localhost + become: yes + roles: + - role: nextcloud/provision/delete + - role: nextcloud/provision/create + - role: nextcloud/provision/start + vars: + vmid: 621 + +- hosts: impa + become: yes + roles: + - role: nextcloud/enable-ssh + vars: + vmid: 621 + +- hosts: nextcloud + become: yes + roles: + - role: nextcloud/update + - role: nextcloud/install-docker + - role: nextcloud/install-app diff --git a/roles/nextcloud/enable-ssh/tasks/main.yml b/roles/nextcloud/enable-ssh/tasks/main.yml new file mode 100644 index 0000000..bbc2011 --- /dev/null +++ b/roles/nextcloud/enable-ssh/tasks/main.yml @@ -0,0 +1,12 @@ +--- +# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh) + +- name: Pause for 10 seconds to wait for SSH server + ansible.builtin.pause: + seconds: 10 + +- name: Allow SSH into LXC + ansible.builtin.command: lxc-attach -n 621 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config + +- name: Restart SSH Service + ansible.builtin.command: lxc-attach -n 621 service ssh restart diff --git a/roles/nextcloud/install-app/tasks/main.yml b/roles/nextcloud/install-app/tasks/main.yml new file mode 100644 index 0000000..3aa3110 --- /dev/null +++ b/roles/nextcloud/install-app/tasks/main.yml @@ -0,0 +1,20 @@ +--- +- name: Create directory for docker-compose + ansible.builtin.file: + path: /root/docker/ + state: directory + mode: "0755" + +- name: Copy docker-compose file + template: + src: "docker-compose.yml" + dest: /root/docker/docker-compose.yml + owner: root + group: root + mode: 0755 + +- name: Run docker-compose + ansible.builtin.shell: + args: + cmd: docker compose up -d + chdir: /root/docker/ diff --git a/roles/nextcloud/install-app/templates/docker-compose.yml b/roles/nextcloud/install-app/templates/docker-compose.yml new file mode 100644 index 0000000..346c4e8 --- /dev/null +++ b/roles/nextcloud/install-app/templates/docker-compose.yml @@ -0,0 +1,33 @@ +version: '3.1' + +services: + db: + image: mariadb + container_name: nextcloud-db + command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF + restart: always + volumes: + - /data/nextcloud/mysql_data:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD={{ nextcloud_mysql_root_pwd }} + - MYSQL_PASSWORD={{ nextcloud_mysql_pwd }} + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_ALLOW_EMPTY_PASSWORD=true + + app: + image: nextcloud + container_name: nextcloud + volumes: + - /zfs:/var/www/html + environment: + - NEXTCLOUD_HOSTNAME=cloud.lino.cooking + - MYSQL_DATABASE=nextcloud + - MYSQL_USER=nextcloud + - MYSQL_PASSWORD={{ nextcloud_mysql_pwd }} + - MYSQL_HOST=nextcloud-db:3306 + - NEXTCLOUD_ADMIN_USER=linosilva + - NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_pwd }} + ports: + - 8001:80 + restart: always diff --git a/roles/nextcloud/install-docker/tasks/main.yml b/roles/nextcloud/install-docker/tasks/main.yml new file mode 100644 index 0000000..d5baba9 --- /dev/null +++ b/roles/nextcloud/install-docker/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Get convenience script + uri: + url: "https://get.docker.com" + method: GET + dest: /tmp/get-docker.sh + mode: a+x + creates: /tmp/get-docker.sh + +- name: Execute script + ansible.builtin.shell: /tmp/get-docker.sh + +- name: Ensure group "docker" exists + ansible.builtin.group: + name: docker + state: present + +- name: Add root user to docker group + ansible.builtin.user: + name: root + groups: docker + append: yes + +- name: Enable docker on startup + ansible.builtin.shell: | + systemctl enable docker.service + systemctl enable containerd.service diff --git a/roles/nextcloud/provision/create/tasks/main.yml b/roles/nextcloud/provision/create/tasks/main.yml new file mode 100644 index 0000000..e279fcf --- /dev/null +++ b/roles/nextcloud/provision/create/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Create container + community.general.proxmox: + vmid: 621 + node: impa + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + password: "{{ lxc_password }}" + hostname: nextcloud + ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst" + netif: "{'net0':'name=eth0,\ + gw=10.0.0.1,\ + ip=10.0.2.30/21,\ + hwaddr=cc:c6:cf:de:17:90,\ + bridge=vmbr0'}" + cores: 2 + memory: 2048 + unprivileged: no + swap: 0 + searchdomain: "home" + onboot: 1 + features: + - nesting=1 + - keyctl=1 + mounts: '{ + "mp0":"nvme:5,mp=/data,backup=1", + "mp1":"/ganondorf/nextcloud,mp=/zfs", + }' + disk: nvme:10 + force: yes diff --git a/roles/nextcloud/provision/delete/tasks/main.yml b/roles/nextcloud/provision/delete/tasks/main.yml new file mode 100644 index 0000000..4493231 --- /dev/null +++ b/roles/nextcloud/provision/delete/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Stop container + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: stopped + ignore_errors: true + timeout: 90 + +- name: Remove containers + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: absent + ignore_errors: true + timeout: 90 + +- name: Remove .ssh/known_hosts lines + ansible.builtin.lineinfile: + path: /Users/lino.silva/.ssh/known_hosts + state: absent + regexp: "^10.0.2.30" diff --git a/roles/nextcloud/provision/start/tasks/main.yml b/roles/nextcloud/provision/start/tasks/main.yml new file mode 100644 index 0000000..de86b9b --- /dev/null +++ b/roles/nextcloud/provision/start/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Start deployments + community.general.proxmox: + vmid: "{{ vmid }}" + api_user: root@pam + api_password: "{{ proxmox_api_password }}" + api_host: 10.0.2.2 + state: started diff --git a/roles/nextcloud/update/tasks/main.yml b/roles/nextcloud/update/tasks/main.yml new file mode 100644 index 0000000..8227bf4 --- /dev/null +++ b/roles/nextcloud/update/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: Update all packages to their latest version + become: true + ansible.builtin.apt: + update_cache: yes + upgrade: full