diff --git a/install_nextcloud_aio b/install_nextcloud_aio new file mode 100644 index 0000000..073864a --- /dev/null +++ b/install_nextcloud_aio @@ -0,0 +1,174 @@ +- name: Installeer Nextcloud AIO achter reverse proxy met Certbot + hosts: nextcloud + become: true + + vars: + docker_compose_path: /opt/nextcloud-aio + webroot_path: /var/www/letsencrypt + + tasks: + - name: Installeer vereisten (zonder docker*) + apt: + name: + - curl + - apt-transport-https + - ca-certificates + - software-properties-common + - nginx + - certbot + - python3-certbot-nginx + state: present + update_cache: yes + + - name: Installeer Docker via officieel script + shell: curl -fsSL https://get.docker.com | sh + args: + creates: /usr/bin/docker + + - name: Voeg gebruiker toe aan docker groep + user: + name: "{{ user }}" + groups: docker + append: yes + + - name: Maak docker-compose map aan + file: + path: "{{ docker_compose_path }}" + state: directory + owner: "{{ user }}" + group: docker + + - name: Maak webroot map voor Certbot + file: + path: "{{ webroot_path }}" + state: directory + owner: www-data + group: www-data + mode: '0755' + + - name: Genereer tijdelijke NGINX-config voor Certbot + copy: + dest: /etc/nginx/sites-available/nextcloud-aio + content: | + server { + listen 80; + server_name {{ domain }}; + + location /.well-known/acme-challenge/ { + root {{ webroot_path }}; + } + + location / { + return 503; + } + } + + - name: Activeer tijdelijke site + file: + src: /etc/nginx/sites-available/nextcloud-aio + dest: /etc/nginx/sites-enabled/nextcloud-aio + state: link + force: yes + + - name: Verwijder default site + file: + path: /etc/nginx/sites-enabled/default + state: absent + + - name: Valideer NGINX-config + command: nginx -t + register: nginx_check + failed_when: nginx_check.rc != 0 + changed_when: false + + - name: Herlaad NGINX + service: + name: nginx + state: reloaded + when: nginx_check.rc == 0 + + - name: Vraag certificaat aan via Certbot webroot + shell: > + certbot certonly --webroot + -w {{ webroot_path }} + --non-interactive --agree-tos + --email {{ email }} + -d {{ domain }} + args: + creates: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" + + - name: Genereer definitieve NGINX-config met SSL + copy: + dest: /etc/nginx/sites-available/nextcloud-aio + content: | + server { + listen 80; + server_name {{ domain }}; + location / { + return 301 https://$host$request_uri; + } + } + + server { + listen 443 ssl; + server_name {{ domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; + + location / { + proxy_pass http://127.0.0.1:11000; + proxy_ssl_verify off; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + + location /.well-known/acme-challenge/ { + root {{ webroot_path }}; + } + } + + - name: Herlaad NGINX met definitieve config + service: + name: nginx + state: reloaded + + - name: Start Nextcloud AIO container + copy: + dest: "{{ docker_compose_path }}/docker-compose.yml" + content: | + version: '3.8' + services: + nextcloud-aio-mastercontainer: + image: nextcloud/all-in-one:latest + container_name: nextcloud-aio-mastercontainer + restart: always + ports: + - "8080:8080" + volumes: + - nextcloud_aio_mastercontainer:/mnt/docker-aio-config + - /var/run/docker.sock:/var/run/docker.sock:ro + environment: + NEXTCLOUD_URL: "https://{{ domain }}" + APACHE_PORT: "11000" + APACHE_IP_BINDING: "127.0.0.1" + SKIP_DOMAIN_VALIDATION: "true" + volumes: + nextcloud_aio_mastercontainer: + name: nextcloud_aio_mastercontainer + + - name: Start container via docker-compose + shell: docker compose up -d + args: + chdir: "{{ docker_compose_path }}" + + - name: Cronjob voor automatische SSL-vernieuwing + cron: + name: "Certbot renew" + user: root + job: "certbot renew --quiet && systemctl reload nginx" + minute: "0" + hour: "3"