- name: Voeg lokale host toe aan nextcloud groep
hosts: localhost
gather_facts: yes
tasks:
- name: Haal IP-adres op van huidige server
debug:
var: ansible_default_ipv4.address
- name: Voeg IP-adres toe aan 'nextcloud' groep
add_host:
name: "{{ ansible_default_ipv4.address }}"
groups: nextcloud
ansible_user: "{{ ansible_user }}"
- name: Volledige Nextcloud-installatie met veilige Apache + Let's Encrypt
hosts: nextcloud
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Voeg ondubbelzinnig de laatste stabiele PHP PPA toe (voor recentste versies)
apt_repository:
repo: ppa:ondrej/php
state: present
update_cache: yes
- name: Installeer benodigde pakketten
apt:
name:
- apache2
- mariadb-server
- php
- php-mysql
- php-xml
- php-mbstring
- php-curl
- php-gd
- php-zip
- php-intl
- php-bcmath
- php-gmp
- libapache2-mod-php
- unzip
- wget
- curl
- certbot
- python3-certbot-apache
- python3-pymysql
state: present
update_cache: yes
- name: Detecteer actieve PHP-versie
shell: php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;'
register: detected_php_version
retries: 5
delay: 3
until: detected_php_version.rc == 0
changed_when: false
- name: Zet gedetecteerde PHP-versie als fact
set_fact:
php_version: "{{ detected_php_version.stdout }}"
- name: Verhoog PHP-geheugenlimiet naar 512 MB
lineinfile:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
regexp: '^memory_limit\s*='
line: 'memory_limit = 512M'
backup: yes
- name: Verhoog OPcache interned_strings_buffer naar aanbevolen waarde
lineinfile:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
regexp: '^opcache\.interned_strings_buffer\s*='
line: 'opcache.interned_strings_buffer = 16'
insertafter: EOF
backup: yes
- name: Start Apache en MariaDB
systemd:
name: "{{ item }}"
enabled: true
state: started
loop:
- apache2
- mariadb
- name: Maak databasebeheerder aan
mysql_user:
name: "{{ db_admin_user }}"
password: "{{ db_admin_password }}"
priv: "*.*:ALL,GRANT"
host: localhost
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Maak Nextcloud database aan
mysql_db:
name: "{{ nextcloud_db }}"
state: present
login_user: "{{ db_admin_user }}"
login_password: "{{ db_admin_password }}"
login_host: localhost
- name: Maak Nextcloud databasegebruiker aan
mysql_user:
name: "{{ nextcloud_db_user }}"
password: "{{ nextcloud_db_password }}"
priv: "{{ nextcloud_db }}.*:ALL"
host: localhost
state: present
login_user: "{{ db_admin_user }}"
login_password: "{{ db_admin_password }}"
login_host: localhost
- name: Download Nextcloud
get_url:
url: https://download.nextcloud.com/server/releases/latest.zip
dest: /tmp/nextcloud.zip
- name: Pak Nextcloud uit
unarchive:
src: /tmp/nextcloud.zip
dest: /var/www/
remote_src: yes
creates: /var/www/nextcloud
- name: Zet juiste rechten
file:
path: /var/www/nextcloud
owner: www-data
group: www-data
recurse: yes
- name: Voeg globale ServerName toe aan apache2.conf
lineinfile:
path: /etc/apache2/apache2.conf
line: "ServerName {{ nextcloud_domain }}"
insertafter: BOF
- name: Maak Apache HTTP VirtualHost (geen SSL vooraf)
copy:
dest: /etc/apache2/sites-available/nextcloud.conf
content: |
ServerName {{ nextcloud_domain }}
DocumentRoot /var/www/nextcloud
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
- name: Activeer Apache-modules
shell: a2enmod rewrite headers env dir mime
register: apache_mods
changed_when: "'enabled' in apache_mods.stdout"
- name: Activeer Apache-site nextcloud
shell: a2ensite nextcloud
register: site_enabled
changed_when: "'enabled' in site_enabled.stdout"
- name: Deactiveer Apache default-site
shell: a2dissite 000-default
register: default_disabled
changed_when: "'disabled' in default_disabled.stdout"
- name: Valideer Apache-configuratie (negeer waarschuwingen)
shell: apache2ctl configtest 2>&1
register: apache_config
failed_when: apache_config.rc != 0 or ('Syntax OK' not in apache_config.stdout and 'Syntax OK' not in apache_config.stderr)
changed_when: false
- name: Herstart Apache
systemd:
name: apache2
state: restarted
- name: Vraag Let's Encrypt-certificaat aan (voegt automatisch HTTPS toe)
command: >
certbot --apache --non-interactive --agree-tos
--redirect
-m admin@{{ nextcloud_domain }}
-d {{ nextcloud_domain }}
args:
creates: /etc/letsencrypt/live/{{ nextcloud_domain }}/fullchain.pem
- name: Voeg Strict-Transport-Security header toe voor HSTS
blockinfile:
path: "/etc/apache2/sites-available/nextcloud-le-ssl.conf"
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR HSTS"
block: |
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
notify: Herstart Apache
- name: Installeer Nextcloud via OCC
shell: >
sudo -u www-data php /var/www/nextcloud/occ maintenance:install
--database "mysql"
--database-name "{{ nextcloud_db }}"
--database-user "{{ nextcloud_db_user }}"
--database-pass "{{ nextcloud_db_password }}"
--admin-user "{{ nextcloud_admin_user }}"
--admin-pass "{{ nextcloud_admin_password }}"
args:
creates: /var/www/nextcloud/config/config.php
chdir: /var/www/nextcloud
- name: Voeg domein toe aan trusted_domains
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1
--value="{{ nextcloud_domain }}"
args:
chdir: /var/www/nextcloud
- name: Voer mimetype migraties uit via occ
shell: sudo -u www-data php /var/www/nextcloud/occ maintenance:repair --include-expensive
args:
chdir: /var/www/nextcloud
- name: Repareer ontbrekende theming-cachebestanden
shell: sudo -u www-data php /var/www/nextcloud/occ maintenance:repair
args:
chdir: /var/www/nextcloud
- name: Registreer theming-app expliciet opnieuw
shell: sudo -u www-data php /var/www/nextcloud/occ app:enable theming
args:
chdir: /var/www/nextcloud
- name: Stel Nextcloud in om cron als achtergrondproces te gebruiken
shell: sudo -u www-data php /var/www/nextcloud/occ background:cron
args:
chdir: /var/www/nextcloud
- name: Voeg cronjob toe voor Nextcloud background jobs (elke 5 minuten)
cron:
name: "Nextcloud background jobs"
user: www-data
minute: "*/5"
job: "php -f /var/www/nextcloud/cron.php"
- name: Voeg cronjob toe voor Nextcloud logrotatie (dagelijks)
cron:
name: "Nextcloud logrotate"
user: www-data
minute: "0"
hour: "2"
job: "php /var/www/nextcloud/occ log:manage --shrink --days=14"
cron_file: nextcloud_logrotate
- name: Voeg cronjob toe voor OCC onderhoud (elke zondag)
cron:
name: "Nextcloud DB onderhoud (repair + files:scan-app-data)"
user: www-data
minute: "30"
hour: "3"
weekday: "0"
job: "php /var/www/nextcloud/occ maintenance:repair && php /var/www/nextcloud/occ files:scan-app-data"
cron_file: nextcloud_maintenance
- name: Voeg cronjob toe voor mimetype repair (1× per week)
cron:
name: "Nextcloud mimetype repair"
user: www-data
minute: "0"
hour: "4"
weekday: "0"
job: "php /var/www/nextcloud/occ maintenance:repair --include-expensive"
cron_file: nextcloud_mimetype_repair
- name: Stel onderhoudsvenster in op 03:00 (Nextcloud background tasks)
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --value="3"
args:
chdir: /var/www/nextcloud
- name: Stel standaard telefoonregio in (bijv. NL)
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set default_phone_region --value="NL"
args:
chdir: /var/www/nextcloud
- name: Controleer of het php.ini-bestand bestaat
stat:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
register: php_ini_stat
- name: Maak php.ini aan als het nog niet bestaat
copy:
dest: "/etc/php/{{ php_version }}/apache2/php.ini"
content: ""
when: not php_ini_stat.stat.exists
- name: Installeer php{{ php_version }}-apcu voor memcache
apt:
name: "php{{ php_version }}-apcu"
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer php{{ php_version }}-redis
apt:
name:
- "php{{ php_version }}-redis"
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer Redis-server
apt:
name: redis-server
state: present
update_cache: yes
notify: Herstart Redis
- name: Installeer php-imagick extensie
apt:
name: php-imagick
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer ImageMagick en SVG-ondersteuning
apt:
name:
- imagemagick
- librsvg2-2
- librsvg2-bin
state: present
update_cache: yes
notify: Herstart Apache
- name: Stel memcache in (APCu) voor Nextcloud
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.local --value="\\OC\\Memcache\\APCu" --type=string
args:
chdir: /var/www/nextcloud
- name: Stel memcache locking in (Redis) voor Nextcloud
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.locking --value="\\OC\\Memcache\\Redis" --type=string
args:
chdir: /var/www/nextcloud
handlers:
- name: Herstart Apache
systemd:
name: apache2
state: restarted
- name: Herstart Redis
systemd:
name: redis-server
enabled: true
state: restarted