rik/surf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
16ce0d1bf6a8a987bc5356066535dae4f9086cd7
surf/install_nextcloud_aio
jmdekker2 16ce0d1bf6 Update install_nextcloud_aio
2025-05-20 14:20:45 +02:00

175 lines
4.9 KiB
Plaintext
Raw Blame History

- name: Installeer Nextcloud AIO achter reverse proxy met Certbot
hosts: nextcloud
become: true
vars:
docker_compose_path: /opt/nextcloud-aio
webroot_path: /var/www/letsencrypt
tasks:
- name: Installeer vereisten (zonder docker*)
apt:
name:
- curl
- apt-transport-https
- ca-certificates
- software-properties-common
- nginx
- certbot
- python3-certbot-nginx
state: present
update_cache: yes
- name: Installeer Docker via officieel script
shell: curl -fsSL https://get.docker.com | sh
args:
creates: /usr/bin/docker
- name: Voeg gebruiker toe aan docker groep
user:
name: "{{ user }}"
groups: docker
append: yes
- name: Maak docker-compose map aan
file:
path: "{{ docker_compose_path }}"
state: directory
owner: "{{ user }}"
group: docker
- name: Maak webroot map voor Certbot
file:
path: "{{ webroot_path }}"
state: directory
owner: www-data
group: www-data
mode: '0755'
- name: Genereer tijdelijke NGINX-config voor Certbot
copy:
dest: /etc/nginx/sites-available/nextcloud-aio
content: |
server {
listen 80;
server_name {{ domain }};
location /.well-known/acme-challenge/ {
root {{ webroot_path }};
}
location / {
return 503;
}
}
- name: Activeer tijdelijke site
file:
src: /etc/nginx/sites-available/nextcloud-aio
dest: /etc/nginx/sites-enabled/nextcloud-aio
state: link
force: yes
- name: Verwijder default site
file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Valideer NGINX-config
command: nginx -t
register: nginx_check
failed_when: nginx_check.rc != 0
changed_when: false
- name: Herlaad NGINX
service:
name: nginx
state: reloaded
when: nginx_check.rc == 0
- name: Vraag certificaat aan via Certbot webroot
shell: >
certbot certonly --webroot
-w {{ webroot_path }}
--non-interactive --agree-tos
--email admin@{{ domain }}
-d {{ domain }}
args:
creates: "/etc/letsencrypt/live/{{ domain }}/fullchain.pem"
- name: Genereer definitieve NGINX-config met SSL
copy:
dest: /etc/nginx/sites-available/nextcloud-aio
content: |
server {
listen 80;
server_name {{ domain }};
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name {{ domain }};
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
location / {
proxy_pass http://127.0.0.1:11000;
proxy_ssl_verify off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location /.well-known/acme-challenge/ {
root {{ webroot_path }};
}
}
- name: Herlaad NGINX met definitieve config
service:
name: nginx
state: reloaded
- name: Start Nextcloud AIO container
copy:
dest: "{{ docker_compose_path }}/docker-compose.yml"
content: |
version: '3.8'
services:
nextcloud-aio-mastercontainer:
image: nextcloud/all-in-one:latest
container_name: nextcloud-aio-mastercontainer
restart: always
ports:
- "8080:8080"
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NEXTCLOUD_URL: "https://{{ domain }}"
APACHE_PORT: "11000"
APACHE_IP_BINDING: "127.0.0.1"
SKIP_DOMAIN_VALIDATION: "true"
volumes:
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer
- name: Start container via docker-compose
shell: docker compose up -d
args:
chdir: "{{ docker_compose_path }}"
- name: Cronjob voor automatische SSL-vernieuwing
cron:
name: "Certbot renew"
user: root
job: "certbot renew --quiet && systemctl reload nginx"
minute: "0"
hour: "3"
Reference in New Issue View Git Blame Copy Permalink