Ansible Role nextcloud

This role installs Nextcloud including the tools needed by the most popular business plugins and notify_push. By default, the latest available version is installed. You can choose wether to use

  • local block storage (default)

  • S3 object storage backend (by providing nextcloud__storage_backend_s3)

  • Swift object storage backend (by providing nextcloud__storage_backend_swift)

After installing Nextcloud, head over to your http(s)://nextcloud/index.php/settings/admin to set or verify your email server configuration. Afterwards, use the „Send email“ button below the form to verify your settings.

Mandatory Requirements

If you use the „Setup Nextcloud“ Playbook, this is automatically done for you (you still have to take care of providing the required versions).

Optional Requirements

If you use the „Setup Nextcloud“ Playbook, this is automatically done for you.

Tags

Tag

What it does

nextcloud

Installs and configures the whole Nextcloud server

nextcloud:apps

Enables, disables apps and sets their settings

nextcloud:configure

Deploys the nextcloud__sysconfig__*_var and configures notify_push

nextcloud:cron

Sets the Nextcloud background job setting to cron, deploys and manages the state of:

  • nextcloud-app-update.{service,timer}
  • nextcloud-jobs.{service,timer}
  • nextcloud-ldap-show-remnants.{service,timer}
  • nextcloud-ldap-show-remnants script
  • nextcloud-scan-files.{service,timer}

nextcloud:notify_push

Configures notify_push

nextcloud:scripts

Deploys /usr/local/bin/nextcloud-update

nextcloud:state

Manages the state of:

  • nextcloud-jobs.timer
  • nextcloud-app-update.timer
  • nextcloud-scan-files.timer
  • nextcloud-ldap-show-remnants.timer

Mandatory Role Variables

Variable

Description

nextcloud__fqdn

The FQDN of the Nextcloud instance.

nextcloud__users

List of dictionaries containing the user accounts to create. Attention: The first user has to be the primary administrator account. Subkeys:

  • username: Mandatory, string. Username.
  • password: Mandatory, string. Password.
  • group: Optional, string. Group of the user. Defaults to none.
  • settings: Optional, list of strings. Nextcloud settings for the user. Have a look at the example below. Defaults to [].

Example:

# mandatory
nextcloud__fqdn: 'cloud.example.com'
nextcloud__users:
  # first user has to be the admin account
  - username: 'nextcloud-admin'
    password: 'linuxfabrik'
    group: 'admin'
    settings:
      - 'core lang en'
      - 'core locale de_CH'
      - 'core timezone Europe/Zurich'
      - 'files quota "50 MB"'
      - 'firstrunwizard show 0'
      - 'settings email info@example.org'

Optional Role Variables

Variable

Description

Default Value

nextcloud__app_configs__host_var /
nextcloud__app_configs__group_var

List of dictionaries containing key-value pairs for configuring apps in Nextcloud. Subkeys:

  • key: Mandatory, string. The name of the config option to set.
  • value: Mandatory, string. The configuration value.
  • force: Optional, boolean. Set to true to install the app regardless of the Nextcloud version requirement.
  • state: Optional, string. Either absent, disabled, enabled or present. Note that enabled also installs the app. Defaults to enabled.

Have a look at defaults/main.yml

nextcloud__apps__host_var /
nextcloud__apps__group_var

List of dictionaries containing Nextcloud apps to install. Subkeys:

  • name: Mandatory, string. The app name.
  • state: Optional, string. State of the app, either present or absent. Defaults to present.

Have a look at defaults/main.yml

nextcloud__database_host

Host where MariaDB is located.

'localhost'

nextcloud__database_name

Name of the Nextcloud database in MariaDB.

'nextcloud'

nextcloud__datadir

Where to store the user files.

'/data'

nextcloud__mariadb_login

The user account for the database administrator. The Nextcloud setup will create its own database account.

'{{ mariadb_server__admin_user }}'

nextcloud__on_calendar_app_update

Time to update the Nextcloud apps. Have a look at systemd.time(7) for the format.

'06,18,23:{{ 59 | random(seed=inventory_hostname) }}'

nextcloud__on_calendar_jobs

Run interval of OCC background jobs. Have a look at systemd.time(7) for the format.

'*:0/5'

nextcloud__on_calendar_scan_files

Run interval of rescanning filesystem. Have a look at systemd.time(7) for the format.

'*:50:15'

nextcloud__skip_apps

Boolean. Completely skips the management of Nextcloud apps. Set this to prevent changes via the WebGUI from being overwritten.

false

nextcloud__skip_notify_push

Boolean. Skips the configuration of notify_push. Use this if the DNS setup is not done yet when running the role.

false

nextcloud__storage_backend_s3

S3 Storage Backend. If ommitted, local storage is used. If both S3 and Swift are provided, S3 is configured. Have a look at the example below on how to configure.

unset

nextcloud__storage_backend_swift

Swift Storage Backend. If ommitted, local storage is used. If both S3 and Swift are provided, S3 is configured. Have a look at the example below on how to configure.

unset

nextcloud__sysconfig__host_var /
nextcloud__sysconfig__group_var

List of dictionaries containing key-value pairs for Nextcloud system config settings. Also use this setting to configure Nextcloud behind a reverse proxy, have a look at the example below on how to configure. Subkeys:

  • key: Mandatory, string. The name of the config option to set.
  • value: Mandatory, string. The configuration value.
  • type: Optional, string. The type of the configuration value. Defaults to 'string‘.
  • state: Optional, string. Either present or absent. Defaults to present.

Have a look at defaults/main.yml

nextcloud__timer_app_update_enabled

Enables/disables Systemd-Timer for updating apps.

false

nextcloud__timer_jobs_enabled

Enables/disables Systemd-Timer for running OCC background jobs.

true

nextcloud__timer_ldap_show_remnants_enabled

Enables/disables Systemd-Timer for mailing once a month which users are not available on LDAP anymore, but have remnants in Nextcloud. Will only be applied if the app users_ldap is present.

true

nextcloud__timer_scan_files_enabled

Enables/disables Systemd-Timer for re-scanning the Nextcloud files.

true

nextcloud__version

Which version to install. One of 'latest', 'latest-XX' or 'nextcloud-XX.X.XX'. Have a look at https://download.nextcloud.com/server/releases/ for a list of available releases.

'latest'

nextcloud__vhost_virtualhost_ip

String. Used within the <VirtualHost {{ virtualhost_ip }}:{{ virtualhost_port }}> directive.

*

nextcloud__vhost_virtualhost_port

Number. Used within the <VirtualHost {{ virtualhost_ip }}:{{ virtualhost_port }}> directive.

80

Example:

# optional
nextcloud__app_configs__host_var:
  - key: 'core shareapi_default_expire_date'
    value: 'yes'
    state: 'present'
  - key: 'theming imprintUrl'
    value: 'https://www.example.com'
    state: 'present'
nextcloud__apps__host_var:
  - name: 'bruteforcesettings'
    state: 'present'
  - name: 'weather'
    state: 'absent'
nextcloud__database_host: 'localhost'
nextcloud__database_name: 'nextcloud'
nextcloud__datadir: '/data'
nextcloud__mariadb_login: '{{ mariadb_server__admin_user }}'
nextcloud__on_calendar_app_update: '06,18,23:{{ 59 | random(seed=inventory_hostname) }}'
nextcloud__on_calendar_jobs: '*:0/5'
nextcloud__on_calendar_scan_files: '*:50:15'
nextcloud__skip_apps: true
nextcloud__skip_notify_push: true
# if not local storage, then either one of s3 ...
nextcloud__storage_backend_s3:
  autocreate: true
  bucket: 'mybucket'
  hostname: 's3.pub1.infomaniak.cloud'
  key: '428fc7e2-b532-4704-9df0-a764c7253a15'
  port: 9000
  region: 'us-east-1'
  secret: 'linuxfabrik'
  use_path_style: true
  use_ssl: true
# ... or swift
nextcloud__storage_backend_swift:
  autocreate: true
  bucket: 'mybucket'
  region: 'dc3-a'
  scope_project_domain_name: 'Default'
  scope_project_name: 'PCP-XXXXXX'
  service_name: 'swift'
  url: 'https://api.pub1.infomaniak.cloud/identity/v3'
  user_domain_name: 'Default'
  user_name: 'PCU-XXXXXX'
  user_password: 'linuxfabrik'
nextcloud__sysconfig__host_var:
  - key: 'check_for_working_wellknown_setup'
    value: 'true'
    type: 'boolean'
    state: 'present'
  - key: 'updatechecker'
    value: 'false'
    type: 'boolean'
    state: 'present'
  - key: 'redis timeout'
    value: '0.5'
    type: 'double'
    state: 'present'
  # reverse proxy config
  - key: 'overwrite.cli.url '
    value: 'https://cloud.example.com'
    state: 'present'
  - key: 'overwritecondaddr '
    value: '^192\\.0\\.2\\.7$' # IP of the reverse proxy
    state: 'present'
  - key: 'overwritehost '
    value: 'cloud.example.com'
    state: 'present'
  - key: 'overwriteprotocol '
    value: 'https'
    state: 'present'
  - key: 'overwritewebroot '
    value: '/'
    state: 'present'
  - key: 'trusted_proxies 0 '
    value: '192.0.2.7' # IP of the reverse proxy
    state: 'present'

nextcloud__timer_app_update_enabled: true
nextcloud__timer_jobs_enabled: true
nextcloud__timer_ldap_show_remnants_enabled: true
nextcloud__timer_scan_files_enabled: true
nextcloud__version: 'latest'
nextcloud__vhost_virtualhost_ip: '127.0.0.1'
nextcloud__vhost_virtualhost_port: '81'

License

The Unlicense

Author Information

Linuxfabrik GmbH, Zurich