+- name: Etckeeper commit if necessary
+ ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
+ ignore_errors: true
+
+- name: Install required packages
+ ansible.builtin.apt:
+ name:
+# - php-ctype
+ - php-curl
+# - php-dom
+# - php-fileinfo
+ - php-gd
+ - php-json
+ - "php{{ php_version }}-xml"
+ - php-mbstring
+# - php-openssl
+# - php-posix
+# - php-session
+# - php-simplexml
+# - php-xmlreader
+# - php-xmlwriter
+ - php-zip
+# - php-zlib
+# - php-pdo_pgsql
+ - "php{{ php_version }}-pgsql"
+ - php-pgsql
+ - php-intl
+ - php-bz2
+# - php-sodium
+ - php-gmp
+# - php-exif
+ - php-redis
+ - php-imagick
+ - python3-psycopg2 # module ansible psql
+ state: present
+
+- name: Boucle d'ajout du user php dans plusieurs groupe
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - nextcloud
+ - postgres-data
+ - redis
+ - "site_{{ SIGLE }}_{{ SITE }}"
+
+- name: Bloc nouvelle version nextcloud
+ when: nouvelle_version is undefined
+ block:
+ - name: Demande la version de nextcloud à installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud doit être utilisée"
+ echo: true
+ register: nextcloud_version_prompt
+
+ - name: Definir nouvelle_version
+ ansible.builtin.set_fact:
+ nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
+
+- name: Bloc ancienne version nextcloud
+ when: ancienne_version is undefined
+ block:
+ - name: Demande la version de nextcloud déjà installée
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud déjà installée"
+ echo: true
+ register: ancienne_version_prompt
+
+ - name: Definir ancienne_version
+ ansible.builtin.set_fact:
+ ancienne_version: "{{ ancienne_version_prompt.user_input }}"
+
+- name: Inclure la verif de l'install nextcloud
+ ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
+
+- name: PostgreSQL - nextcloud_php_user role is created
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_user:
+ name: "{{ nextcloud_php_user }}"
+ state: present
+ role_attr_flags: CREATEDB
+
+- name: PostgreSQL - nextcloud_db_name database is created
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_db:
+ name: "{{ nextcloud_db_name }}"
+ state: "{{ item }}"
+ owner: "{{ nextcloud_php_user }}"
+ loop:
+ - absent
+ - present
+
+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type |default(omit) }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option |default(omit) }}"
+ loop_control:
+ label: "{{ item.name }}"
+ loop:
+ - db: "{{ nextcloud_db_name }}"
+ privs: "ALL"
+ type: "schema"
+ objs: "public"
+ role: "{{ nextcloud_php_user }}"
+ grant_option: true
+ name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
+
+- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
+ community.postgresql.postgresql_pg_hba:
+ dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
+ contype: local
+ users: "php_{{ SIGLE }}_{{ SITE }}"
+ databases: "php_{{ SIGLE }}_{{ SITE }}"
+ method: peer
+ keep_comments_at_rules: true
+ comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
+
+- name: Boucle création des répertoires app, config et data nextcloud
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "{{ nextcloud_webroot }}/apps"
+ state: directory
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '2750'
+ - path: "{{ nextcloud_webroot }}/config"
+ state: directory
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '2750'
+ - path: "{{ nextcloud_webroot }}/data"
+ state: directory
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '2750'
+
+- name: Create nextcloud root dir symbolic link
+ ansible.builtin.file:
+ src: "{{ nextcloud_symbolic_source }}"
+ dest: "{{ nextcloud_webroot }}/nextcloud"
+ owner: nextcloud
+ group: nextcloud
+ state: link
+ follow: false
+
+- name: Create nextcloud common app dir symbolic link
+ ansible.builtin.file:
+ src: "{{ nextcloud_symbolic_common }}"
+ dest: "{{ nextcloud_webroot }}/common"
+ owner: nextcloud
+ group: nextcloud
+ state: link
+ follow: false
+
+- name: Créer les fichiers spécifiques nextcloud
+ ansible.builtin.template:
+ src: "templates/{{ item.src }}"
+ dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop:
+ - src: "nextcloud_cron.j2"
+ dest: "cron"
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '750'
+ - src: "nextcloud_console.j2"
+ dest: "console"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '750'
+ - src: "nextcloud_install_config.j2"
+ dest: "config/config.php"
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640'
+
+- name: Recharger plusieurs services
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "postgresql"
+ - "php{{ php_version }}-fpm"
+
+- name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
+ become_user: "{{ nextcloud_php_user }}"
+ become: true
+ ansible.builtin.command: >
+ ./console maintenance:install
+ --database='pgsql'
+ --database-name="php_{{ SIGLE }}_{{ SITE }}"
+ --database-user="php_{{ SIGLE }}_{{ SITE }}"
+ --database-host="/var/run/postgresql/"
+ --database-pass=""
+ --admin-user='admin'
+ --admin-pass='ckoideja'
+ --data-dir="/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/data/"
+ args:
+ chdir: "{{ nextcloud_webroot }}"
+ register: install_result
+ ignore_errors: true
+
+- name: Afficher les logs du script d'install
+ ansible.builtin.debug:
+ var: install_result
+ when: install_result is defined
+
+- name: Afficher les logs du script d'install
+ ansible.builtin.fail:
+ msg: "Le script d'install a échoué: Voir les logs ci-dessus"
+ when: install_result.failed
+
+- name: Créer les fichiers spécifiques nextcloud
+ ansible.builtin.template:
+ src: "templates/{{ item.src }}"
+ dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop:
+ - src: "nextcloud_sigle_config.j2"
+ dest: "config/{{ SIGLE }}.config.php"
+ owner: "{{ nextcloud_php_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640'
+
+- name: Creation d'un lien symbolique vers le configuration nextcloud commun
+ ansible.builtin.file:
+ src: "../../../../nextcloud/common.config.php"
+ path: "{{ nextcloud_webroot }}/config/common.config.php"
+ owner: nextcloud
+ group: nextcloud
+ state: link
+ follow: false
+
+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type | default(omit) }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option | default(omit) }}"
+ loop_control:
+ label: "{{ item.name }}"
+ loop:
+ - db: "{{ nextcloud_db_name }}"
+ privs: "USAGE,CREATE"
+ type: "schema"
+ objs: "public"
+ role: "{{ nextcloud_php_user }}"
+ name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_namespace"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_collation"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_index"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_attrdef"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_description"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # type: "table"
+ # objs: "pg_settings"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
+ # - db: "{{ nextcloud_db_name }}"
+ # privs: "SELECT"
+ # objs: "pg_database"
+ # role: "{{ nextcloud_php_user }}"
+ # name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
+
+- name: Creation d'un fichier cron pour /etc/cron.d
+ ansible.builtin.cron:
+ name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
+ minute: "*/5"
+ user: "php_{{ SIGLE }}_{{ SITE }}"
+ job: "{{ nextcloud_webroot }}/cron"
+
+- name: Recharger plusieurs services
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "php{{ php_version }}-fpm"
+ - "nginx"