feat: Add nextcloud

inventory/my-cluster/group_vars/all.yml

@@ -243,3 +243,29 @@ paperless_pwd: !vault |
           61356263303563656235623866653065633063313038326432636161316339663030313439646537
           63333032353133373633353463613861643933353038323231646461386330623038343262343763
           663836323538623836346337303834313139
+
+nextcloud_mysql_root_pwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          31623863613966623834303961333332396238346332646438633665623463353938623336346631
+          3835636631386263336130373130336662666635353461660a643635346430623438616234333964
+          35653638313734373134663865653865393536376162356234326565353665613337376562623231
+          6532333263313362660a306462626330346233393566363632613666616437343361303962353938
+          64343430316661653532366233396262316236633936333162653263646635643466326265613066
+          3062633330616537376462346235653433656635366135346265
+
+nextcloud_mysql_pwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          37343730363831393233643034393838323430383339386238626334343462383061656236613530
+          3430363331343139356538333333326337656163333931660a373964653034323466373038663561
+          64363239663665623263326435383132393561616436376564353562666637396631316262653361
+          6134653565623736310a303733396335303139643334363034356138393364373234353537623463
+          62323938343430313132363037626231633435333330653665613637333734613231326434303532
+          3461646466366339653532366639393035396638623035396338
+
+nextcloud_admin_pwd: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          64633233343935636536353533663761353033376331666634633138363233323065323936303934
+          3762643937346435636635306461663461373138636666380a363761616137373430666236306636
+          38663933656231386532333032353731643936653534666530333664333835316561663335633238
+          3531623266386432620a643861666538396437323234623162383437646663653036663836383233
+          62636461303338313436343934656165363361396332343961396434356161363736

inventory/my-cluster/host_vars/nextcloud

@@ -0,0 +1,6 @@
+---
+
+ansible_user: root
+ansible_host: 10.0.2.30
+ansible_ssh_pass: "{{ proxmox_api_password }}"
+vmid: 621

inventory/my-cluster/hosts.ini

@@ -15,6 +15,7 @@ mealie
 vaultwarden
 gitea
 paperless
+nextcloud
 
 [baremetal]
 mipha

playbook-nextcloud.yml

@@ -0,0 +1,23 @@
+---
+- hosts: localhost
+  become: yes
+  roles:
+    - role: nextcloud/provision/delete
+    - role: nextcloud/provision/create
+    - role: nextcloud/provision/start
+      vars:
+        vmid: 621
+
+- hosts: impa
+  become: yes
+  roles:
+    - role: nextcloud/enable-ssh
+      vars:
+        vmid: 621
+
+- hosts: nextcloud
+  become: yes
+  roles:
+    - role: nextcloud/update
+    - role: nextcloud/install-docker
+    - role: nextcloud/install-app

roles/nextcloud/enable-ssh/tasks/main.yml

@@ -0,0 +1,12 @@
+---
+# Unable to use ansible.builtin.lineinfile, because we need to run this through the proxmox host (because SSH is not enabled duh)
+
+- name: Pause for 10 seconds to wait for SSH server
+  ansible.builtin.pause:
+    seconds: 10
+
+- name: Allow SSH into LXC
+  ansible.builtin.command: lxc-attach -n 621 -- sed -i "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+
+- name: Restart SSH Service
+  ansible.builtin.command: lxc-attach -n 621 service ssh restart

roles/nextcloud/install-app/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: Create directory for docker-compose
+  ansible.builtin.file:
+    path: /root/docker/
+    state: directory
+    mode: "0755"
+
+- name: Copy docker-compose file
+  template:
+    src: "docker-compose.yml"
+    dest: /root/docker/docker-compose.yml
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Run docker-compose
+  ansible.builtin.shell:
+  args:
+    cmd: docker compose up -d
+    chdir: /root/docker/

roles/nextcloud/install-app/templates/docker-compose.yml

@@ -0,0 +1,33 @@
+version: '3.1'
+
+services:
+  db:
+    image: mariadb
+    container_name: nextcloud-db
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-read-only-compressed=OFF
+    restart: always
+    volumes:
+      - /data/nextcloud/mysql_data:/var/lib/mysql
+    environment:
+      - MYSQL_ROOT_PASSWORD={{ nextcloud_mysql_root_pwd }}
+      - MYSQL_PASSWORD={{ nextcloud_mysql_pwd }}
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_ALLOW_EMPTY_PASSWORD=true
+
+  app:
+    image: nextcloud
+    container_name: nextcloud
+    volumes:
+      - /zfs:/var/www/html
+    environment:
+      - NEXTCLOUD_HOSTNAME=cloud.lino.cooking
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_PASSWORD={{ nextcloud_mysql_pwd }}
+      - MYSQL_HOST=nextcloud-db:3306
+      - NEXTCLOUD_ADMIN_USER=linosilva
+      - NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_pwd }}
+    ports:
+      - 8001:80
+    restart: always

roles/nextcloud/install-docker/tasks/main.yml

@@ -0,0 +1,27 @@
+---
+- name: Get convenience script
+  uri:
+    url: "https://get.docker.com"
+    method: GET
+    dest: /tmp/get-docker.sh
+    mode: a+x
+    creates: /tmp/get-docker.sh
+
+- name: Execute script
+  ansible.builtin.shell: /tmp/get-docker.sh
+
+- name: Ensure group "docker" exists
+  ansible.builtin.group:
+    name: docker
+    state: present
+
+- name: Add root user to docker group
+  ansible.builtin.user:
+    name: root
+    groups: docker
+    append: yes
+
+- name: Enable docker on startup
+  ansible.builtin.shell: |
+    systemctl enable docker.service
+    systemctl enable containerd.service

roles/nextcloud/provision/create/tasks/main.yml

@@ -0,0 +1,31 @@
+---
+- name: Create container
+  community.general.proxmox:
+    vmid: 621
+    node: impa
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    password: "{{ lxc_password }}"
+    hostname: nextcloud
+    ostemplate: "hyrule-8tb-nfs:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst"
+    netif: "{'net0':'name=eth0,\
+      gw=10.0.0.1,\
+      ip=10.0.2.30/21,\
+      hwaddr=cc:c6:cf:de:17:90,\
+      bridge=vmbr0'}"
+    cores: 2
+    memory: 2048
+    unprivileged: no
+    swap: 0
+    searchdomain: "home"
+    onboot: 1
+    features:
+      - nesting=1
+      - keyctl=1
+    mounts: '{
+      "mp0":"nvme:5,mp=/data,backup=1",
+      "mp1":"/ganondorf/nextcloud,mp=/zfs",
+      }'
+    disk: nvme:10
+    force: yes

roles/nextcloud/provision/delete/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+- name: Stop container
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: stopped
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove containers
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: absent
+  ignore_errors: true
+  timeout: 90
+
+- name: Remove .ssh/known_hosts lines
+  ansible.builtin.lineinfile:
+    path: /Users/lino.silva/.ssh/known_hosts
+    state: absent
+    regexp: "^10.0.2.30"

roles/nextcloud/provision/start/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Start deployments
+  community.general.proxmox:
+    vmid: "{{ vmid }}"
+    api_user: root@pam
+    api_password: "{{ proxmox_api_password }}"
+    api_host: 10.0.2.2
+    state: started

roles/nextcloud/update/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Update all packages to their latest version
+  become: true
+  ansible.builtin.apt:
+    update_cache: yes
+    upgrade: full