rik/surf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8ff6497b72c9b8ffc1f533f8b47a756144eca093
surf/install_nextcloud.yml
jmdekker2 8ff6497b72 Update install_nextcloud.yml
2025-05-23 14:04:45 +02:00

362 lines
11 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
- name: Voeg lokale host toe aan nextcloud groep
hosts: localhost
gather_facts: yes
tasks:
- name: Haal IP-adres op van huidige server
debug:
var: ansible_default_ipv4.address
- name: Voeg IP-adres toe aan 'nextcloud' groep
add_host:
name: "{{ ansible_default_ipv4.address }}"
groups: nextcloud
ansible_user: "{{ ansible_user }}"
- name: Volledige Nextcloud-installatie met veilige Apache + Let's Encrypt
hosts: nextcloud
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Voeg ondubbelzinnig de laatste stabiele PHP PPA toe (voor recentste versies)
apt_repository:
repo: ppa:ondrej/php
state: present
update_cache: yes
- name: Installeer benodigde pakketten
apt:
name:
- apache2
- mariadb-server
- php
- php-mysql
- php-xml
- php-mbstring
- php-curl
- php-gd
- php-zip
- php-intl
- php-bcmath
- php-gmp
- libapache2-mod-php
- unzip
- wget
- curl
- certbot
- python3-certbot-apache
- python3-pymysql
state: present
update_cache: yes
- name: Detecteer actieve PHP-versie
shell: php -r 'echo PHP_MAJOR_VERSION.".".PHP_MINOR_VERSION;'
register: detected_php_version
retries: 5
delay: 3
until: detected_php_version.rc == 0
changed_when: false
- name: Zet gedetecteerde PHP-versie als fact
set_fact:
php_version: "{{ detected_php_version.stdout }}"
- name: Verhoog PHP-geheugenlimiet naar 512 MB
lineinfile:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
regexp: '^memory_limit\s*='
line: 'memory_limit = 512M'
backup: yes
- name: Verhoog OPcache interned_strings_buffer naar aanbevolen waarde
lineinfile:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
regexp: '^opcache\.interned_strings_buffer\s*='
line: 'opcache.interned_strings_buffer = 16'
insertafter: EOF
backup: yes
- name: Start Apache en MariaDB
systemd:
name: "{{ item }}"
enabled: true
state: started
loop:
- apache2
- mariadb
- name: Maak databasebeheerder aan
mysql_user:
name: "{{ db_admin_user }}"
password: "{{ db_admin_password }}"
priv: "*.*:ALL,GRANT"
host: localhost
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: Maak Nextcloud database aan
mysql_db:
name: "{{ nextcloud_db }}"
state: present
login_user: "{{ db_admin_user }}"
login_password: "{{ db_admin_password }}"
login_host: localhost
- name: Maak Nextcloud databasegebruiker aan
mysql_user:
name: "{{ nextcloud_db_user }}"
password: "{{ nextcloud_db_password }}"
priv: "{{ nextcloud_db }}.*:ALL"
host: localhost
state: present
login_user: "{{ db_admin_user }}"
login_password: "{{ db_admin_password }}"
login_host: localhost
- name: Download Nextcloud
get_url:
url: https://download.nextcloud.com/server/releases/latest.zip
dest: /tmp/nextcloud.zip
- name: Pak Nextcloud uit
unarchive:
src: /tmp/nextcloud.zip
dest: /var/www/
remote_src: yes
creates: /var/www/nextcloud
- name: Zet juiste rechten
file:
path: /var/www/nextcloud
owner: www-data
group: www-data
recurse: yes
- name: Voeg globale ServerName toe aan apache2.conf
lineinfile:
path: /etc/apache2/apache2.conf
line: "ServerName {{ nextcloud_domain }}"
insertafter: BOF
- name: Maak Apache HTTP VirtualHost (geen SSL vooraf)
copy:
dest: /etc/apache2/sites-available/nextcloud.conf
content: |
<VirtualHost *:80>
ServerName {{ nextcloud_domain }}
DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud>
Require all granted
AllowOverride All
Options FollowSymLinks MultiViews
</Directory>
</VirtualHost>
- name: Activeer Apache-modules
shell: a2enmod rewrite headers env dir mime
register: apache_mods
changed_when: "'enabled' in apache_mods.stdout"
- name: Activeer Apache-site nextcloud
shell: a2ensite nextcloud
register: site_enabled
changed_when: "'enabled' in site_enabled.stdout"
- name: Deactiveer Apache default-site
shell: a2dissite 000-default
register: default_disabled
changed_when: "'disabled' in default_disabled.stdout"
- name: Valideer Apache-configuratie (negeer waarschuwingen)
shell: apache2ctl configtest 2>&1
register: apache_config
failed_when: apache_config.rc != 0 or ('Syntax OK' not in apache_config.stdout and 'Syntax OK' not in apache_config.stderr)
changed_when: false
- name: Herstart Apache
systemd:
name: apache2
state: restarted
- name: Vraag Let's Encrypt-certificaat aan (voegt automatisch HTTPS toe)
command: >
certbot --apache --non-interactive --agree-tos
--redirect
-m admin@{{ nextcloud_domain }}
-d {{ nextcloud_domain }}
args:
creates: /etc/letsencrypt/live/{{ nextcloud_domain }}/fullchain.pem
- name: Voeg Strict-Transport-Security header toe voor HSTS
blockinfile:
path: "/etc/apache2/sites-available/nextcloud-le-ssl.conf"
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR HSTS"
block: |
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
</IfModule>
notify: Herstart Apache
- name: Installeer Nextcloud via OCC
shell: >
sudo -u www-data php /var/www/nextcloud/occ maintenance:install
--database "mysql"
--database-name "{{ nextcloud_db }}"
--database-user "{{ nextcloud_db_user }}"
--database-pass "{{ nextcloud_db_password }}"
--admin-user "{{ nextcloud_admin_user }}"
--admin-pass "{{ nextcloud_admin_password }}"
args:
creates: /var/www/nextcloud/config/config.php
chdir: /var/www/nextcloud
- name: Voeg domein toe aan trusted_domains
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set trusted_domains 1
--value="{{ nextcloud_domain }}"
args:
chdir: /var/www/nextcloud
- name: Voer mimetype migraties uit via occ
shell: sudo -u www-data php /var/www/nextcloud/occ maintenance:repair --include-expensive
args:
chdir: /var/www/nextcloud
- name: Stel Nextcloud in om cron als achtergrondproces te gebruiken
shell: sudo -u www-data php /var/www/nextcloud/occ background:cron
args:
chdir: /var/www/nextcloud
- name: Voeg cronjob toe voor Nextcloud background jobs (elke 5 minuten)
cron:
name: "Nextcloud background jobs"
user: www-data
minute: "*/5"
job: "php -f /var/www/nextcloud/cron.php"
- name: Voeg cronjob toe voor Nextcloud logrotatie (dagelijks)
cron:
name: "Nextcloud logrotate"
user: www-data
minute: "0"
hour: "2"
job: "php /var/www/nextcloud/occ log:manage --shrink --days=14"
cron_file: nextcloud_logrotate
- name: Voeg cronjob toe voor OCC onderhoud (elke zondag)
cron:
name: "Nextcloud DB onderhoud (repair + files:scan-app-data)"
user: www-data
minute: "30"
hour: "3"
weekday: "0"
job: "php /var/www/nextcloud/occ maintenance:repair && php /var/www/nextcloud/occ files:scan-app-data"
cron_file: nextcloud_maintenance
- name: Voeg cronjob toe voor mimetype repair (1× per week)
cron:
name: "Nextcloud mimetype repair"
user: www-data
minute: "0"
hour: "4"
weekday: "0"
job: "php /var/www/nextcloud/occ maintenance:repair --include-expensive"
cron_file: nextcloud_mimetype_repair
- name: Stel onderhoudsvenster in op 03:00 (Nextcloud background tasks)
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set maintenance_window_start --value="3"
args:
chdir: /var/www/nextcloud
- name: Stel standaard telefoonregio in (bijv. NL)
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set default_phone_region --value="NL"
args:
chdir: /var/www/nextcloud
- name: Controleer of het php.ini-bestand bestaat
stat:
path: "/etc/php/{{ php_version }}/apache2/php.ini"
register: php_ini_stat
- name: Maak php.ini aan als het nog niet bestaat
copy:
dest: "/etc/php/{{ php_version }}/apache2/php.ini"
content: ""
when: not php_ini_stat.stat.exists
- name: Installeer php{{ php_version }}-apcu voor memcache
apt:
name: "php{{ php_version }}-apcu"
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer php{{ php_version }}-redis
apt:
name:
- "php{{ php_version }}-redis"
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer Redis-server
apt:
name: redis-server
state: present
update_cache: yes
notify: Herstart Redis
- name: Installeer php-imagick extensie
apt:
name: php-imagick
state: present
update_cache: yes
notify: Herstart Apache
- name: Installeer ImageMagick en SVG-ondersteuning
apt:
name:
- imagemagick
- librsvg2-2
- librsvg2-bin
state: present
update_cache: yes
notify: Herstart Apache
- name: Stel memcache in (APCu) voor Nextcloud
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.local --value="\\OC\\Memcache\\APCu" --type=string
args:
chdir: /var/www/nextcloud
- name: Stel memcache locking in (Redis) voor Nextcloud
shell: >
sudo -u www-data php /var/www/nextcloud/occ config:system:set memcache.locking --value="\\OC\\Memcache\\Redis" --type=string
args:
chdir: /var/www/nextcloud
- name: Repareer ontbrekende theming-cachebestanden
shell: sudo -u www-data php /var/www/nextcloud/occ maintenance:repair
args:
chdir: /var/www/nextcloud
- name: Registreer theming-app expliciet opnieuw
shell: sudo -u www-data php /var/www/nextcloud/occ app:enable theming
args:
chdir: /var/www/nextcloud
handlers:
- name: Herstart Apache
systemd:
name: apache2
state: restarted
- name: Herstart Redis
systemd:
name: redis-server
enabled: true
state: restarted
Reference in New Issue View Git Blame Copy Permalink