- name: Installeer Nextcloud AIO achter reverse proxy met Certbot hosts: nextcloud become: true vars: docker_compose_path: /opt/nextcloud-aio webroot_path: /var/www/letsencrypt tasks: - name: Installeer vereisten (zonder docker*) apt: name: - curl - apt-transport-https - ca-certificates - software-properties-common - nginx - certbot - python3-certbot-nginx state: present update_cache: yes - name: Installeer Docker via officieel script shell: curl -fsSL https://get.docker.com | sh args: creates: /usr/bin/docker - name: Voeg gebruiker toe aan docker groep user: name: "{{ user }}" groups: docker append: yes - name: Maak docker-compose map aan file: path: "{{ docker_compose_path }}" state: directory owner: "{{ user }}" group: docker - name: Maak webroot map voor Certbot file: path: "{{ webroot_path }}" state: directory owner: www-data group: www-data mode: '0755' - name: Genereer tijdelijke NGINX-config voor Certbot copy: dest: /etc/nginx/sites-available/nextcloud-aio content: | server { listen 80; server_name {{ domain }}; location /.well-known/acme-challenge/ { root {{ webroot_path }}; } location / { return 503; } } - name: Activeer tijdelijke site file: src: /etc/nginx/sites-available/nextcloud-aio dest: /etc/nginx/sites-enabled/nextcloud-aio state: link force: yes - name: Verwijder default site file: path: /etc/nginx/sites-enabled/default state: absent - name: Valideer NGINX-config command: nginx -t register: nginx_check failed_when: nginx_check.rc != 0 changed_when: false - name: Herlaad NGINX service: name: nginx state: reloaded when: nginx_check.rc == 0 - name: Vraag certificaat aan via Certbot webroot shell: > certbot certonly --webroot -w {{ webroot_path }} --non-interactive --agree-tos --email {{ email }} -d {{ domain }} args: creates: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem" - name: Genereer definitieve NGINX-config met SSL copy: dest: /etc/nginx/sites-available/nextcloud-aio content: | server { listen 80; server_name {{ domain }}; location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name {{ domain }}; ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; location / { proxy_pass http://127.0.0.1:11000; proxy_ssl_verify off; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; } location /.well-known/acme-challenge/ { root {{ webroot_path }}; } } - name: Herlaad NGINX met definitieve config service: name: nginx state: reloaded - name: Start Nextcloud AIO container copy: dest: "{{ docker_compose_path }}/docker-compose.yml" content: | version: '3.8' services: nextcloud-aio-mastercontainer: image: nextcloud/all-in-one:latest container_name: nextcloud-aio-mastercontainer restart: always ports: - "8080:8080" volumes: - nextcloud_aio_mastercontainer:/mnt/docker-aio-config - /var/run/docker.sock:/var/run/docker.sock:ro environment: NEXTCLOUD_URL: "https://{{ domain }}" APACHE_PORT: "11000" APACHE_IP_BINDING: "127.0.0.1" SKIP_DOMAIN_VALIDATION: "true" volumes: nextcloud_aio_mastercontainer: name: nextcloud_aio_mastercontainer - name: Start container via docker-compose shell: docker compose up -d args: chdir: "{{ docker_compose_path }}" - name: Cronjob voor automatische SSL-vernieuwing cron: name: "Certbot renew" user: root job: "certbot renew --quiet && systemctl reload nginx" minute: "0" hour: "3"