Add nextcloud config

Damn this needs cleaning up at some point!
This commit is contained in:
Jake Howard 2020-02-09 15:21:48 +00:00
parent c264a707c3
commit 4c92e2df3b
Signed by: jake
GPG key ID: 57AFB45680EDD477
6 changed files with 294 additions and 0 deletions

View file

@ -0,0 +1,48 @@
<?php
$CONFIG = array (
'memcache.local' => '\\OC\\Memcache\\APCu',
'memcache.locking' => '\\OC\\Memcache\\Redis',
'memcache.distributed' => '\\OC\\Memcache\\Redis',
'filelocking.enabled' => true,
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
'timeout' => 0.0,
),
'datadirectory' => '/data',
'instanceid' => '{{ nextcloud.instance_id }}',
'passwordsalt' => '{{ nextcloud.passwordsalt }}',
'secret' => '{{ nextcloud.secret }}',
'trusted_domains' =>
array (
0 => 'intersect.jakehoward.tech',
1 => '192.168.1.200',
2 => 'onlyoffice.jakehoward.tech',
),
'dbtype' => 'mysql',
'version' => '18.0.0.10',
'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
'dbname' => 'nextcloud',
'dbhost' => 'mariadb:3306',
'dbport' => '',
'dbtableprefix' => 'oc_',
'mysql.utf8mb4' => true,
'dbuser' => 'nextcloud',
'dbpassword' => 'nextcloud',
'installed' => true,
'trusted_proxies' =>
array (
0 => '10.23.0.1/24',
1 => '172.0.0.1/8',
2 => '192.168.0.0/16',
),
'maintenance' => false,
'twofactor_enforced' => 'false',
'twofactor_enforced_groups' =>
array (
),
'twofactor_enforced_excluded_groups' =>
array (
),
);

View file

@ -0,0 +1,89 @@
upstream php-handler {
server 127.0.0.1:9000;
}
#server {
# listen 80;
# listen [::]:80;
# server_name _;
# return 301 https://$host$request_uri;
#}
server {
#listen 443 ssl http2;
#listen [::]:443 ssl http2;
listen 80;
server_name _;
#ssl_certificate /config/keys/cert.crt;
#ssl_certificate_key /config/keys/cert.key;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
add_header Strict-Transport-Security "max-age=15768000;";
fastcgi_hide_header X-Powered-By;
root /config/www/nextcloud/;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /.well-known/carddav {
return 301 https://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://$host/remote.php/dav;
}
client_max_body_size 10G;
fastcgi_buffers 64 4K;
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
location / {
rewrite ^ /index.php;
}
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
try_files $fastcgi_script_name =404;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/(?:updater|ocs-provider|ocm-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
access_log off;
}
location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /index.php$request_uri;
access_log off;
}
}

View file

@ -0,0 +1,60 @@
version: "3"
services:
nextcloud:
image: linuxserver/nextcloud:18.0.0-ls58
container_name: nextcloud
environment:
- PUID={{ docker_user.id }}
- PGID={{ docker_user.id }}
- TZ=Europe/London
volumes:
- ./nextcloud/config:/config/www/nextcloud/config
- ./nextcloud/apps:/config/www/nextcloud/apps
- ./config:/config
- /srv/nextcloud-data/data:/data
- /opt/gitea/repos:/repos:ro
- /mnt/media:/content:ro
restart: unless-stopped
tmpfs:
- /config/log
labels:
- "traefik.enable=true"
- "traefik.http.routers.nextcloud.rule=Host(`intersect.jakehoward.tech`)"
- "traefik.http.routers.nextcloud.tls=true"
- "traefik.http.routers.nextcloud.tls.certresolver=le"
mariadb:
image: linuxserver/mariadb:110.4.11mariabionic-ls47
environment:
- PUID={{ docker_user.id }}
- PGID={{ docker_user.id }}
- MYSQL_ROOT_PASSWORD=root
- TZ=Europe/London
- MYSQL_DATABASE=nextcloud
- MYSQL_USER=nextcloud
- MYSQL_PASSWORD=nextcloud
volumes:
- /srv/nextcloud-mariadb:/config
restart: unless-stopped
redis:
image: redis:5-alpine
restart: unless-stopped
volumes:
- ./redis:/data
onlyoffice:
image: onlyoffice/documentserver
container_name: onlyoffice
restart: unless-stopped
environment:
- JWT_ENABLED=true
- JWT_SECRET={{ nextcloud.onlyoffice_jwt_secret }}
labels:
- "traefik.enable=true"
- "traefik.http.routers.onlyoffice.rule=Host(`onlyoffice.jakehoward.tech`)"
- "traefik.http.routers.onlyoffice.tls=true"
- "traefik.http.routers.onlyoffice.tls.certresolver=le"
- "traefik.http.routers.onlyoffice.middlewares=oo-header"
- "traefik.http.middlewares.oo-header.headers.customRequestHeaders.X-Forwarded-Proto=https"

View file

@ -51,3 +51,6 @@
- name: Install synapse - name: Install synapse
include: synapse.yml include: synapse.yml
- name: Install nextcloud
include: nextcloud.yml

View file

@ -0,0 +1,62 @@
- name: Include nextcloud variables
include_vars: nextcloud.yml
- name: Create nextcloud directory
file:
path: '/opt/nextcloud'
state: directory
owner: "{{ docker_user.name }}"
mode: "{{ docker_compose_directory_mask }}"
become: true
become_user: root
- name: Install nextcloud compose file
template:
src: files/nextcloud/docker-compose.yml
dest: "/opt/nextcloud/docker-compose.yml"
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
validate: /usr/bin/docker-compose -f %s config
register: compose_file
become: true
become_user: root
- name: Create nextcloud config directory
file:
path: '/opt/nextcloud/nextcloud/config'
state: directory
mode: "{{ docker_compose_directory_mask }}"
become: true
become_user: root
- name: Install nextcloud config
template:
src: files/nextcloud/config.php
dest: "/opt/nextcloud/nextcloud/config/config.php"
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
register: config_file
become: true
become_user: root
- name: Install nextcloud custom nginx config
template:
src: files/nextcloud/default.conf
dest: "/opt/nextcloud/config/nginx/site-confs/default"
mode: "{{ docker_compose_file_mask }}"
owner: "{{ docker_user.name }}"
register: nginx_config
become: true
become_user: root
- name: Cycle nextcloud container
docker_compose:
project_src: /opt/nextcloud
pull: true
remove_orphans: true
remove_volumes: true
state: "{{ item }}"
when: compose_file.changed or config_file.changed or nginx_config.changed
loop:
- absent
- present

View file

@ -0,0 +1,32 @@
nextcloud:
onlyoffice_jwt_secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62303266376363626466323834663133366565393165373435636663663665306334666434313233
6539396130326335653663646430613939323535616536340a363766386361616431353665636531
30303930373864333836363565303165613663613938356133616363396231376463623839383765
6563363263363039320a386134373931363733393636343539393133376463643962396231646565
32366533633564376561373534363662393361656563633230646439653361663836653339666439
3463633137313030363130636663373931623038616365333931
instance_id: !vault |
$ANSIBLE_VAULT;1.1;AES256
30343838333336366638343832633063343135393262336238633632333962656236656666343930
6438366539333138303263383532643866333434633261350a366530326432393837343934656136
64396131386165383237356463616436643263613931363030643262373963326337356338636435
3233376662343033320a333332626162363438356266663335633038323538373365393765363538
3430
passwordsalt: !vault |
$ANSIBLE_VAULT;1.1;AES256
66623930383738323135663662643465663230376431383035626131623866313166366239653330
3731393939623461366263616265363434663137313532640a356565623135616231643433626563
62393936656532366139653530393731663634663463663334303731363564376466393238393062
6663393830656161630a613334366332623535383937663863363136336661633332333638643939
66343163613066303466613032306465353563623331633837333166346163616231
secret: !vault |
$ANSIBLE_VAULT;1.1;AES256
62383337306165336235353864623232363330643239363733653639396665336463303563376131
6634313135663936613935333561396130643236313634630a633136643538666333386663333835
66323334666364343038663335313735346134353231663830383262353564316361346366386238
6437363863353461380a323164356163343236636334313166336265323363386638383239613233
39343533363830613338623064633861623362623537636363373232663134353639386166663135
63613361353965336332323935383032623362363265303035666533386565393261343031653034
313965383063353036633438613439333562