--- /dev/null
+- name: Install required packages
+ ansible.builtin.apt:
+ name:
+ - php-ctype
+ - php-curl
+ - php-dom
+ - php-fileinfo
+ - php-gd
+ - php-json
+ - php-libxml
+ - php-mbstring
+ - php-openssl
+ - php-posix
+ - php-session
+ - php-simplexml
+ - php-xmlreader
+ - php-xmlwriter
+ - php-zip
+ - php-zlib
+ - php-pdo_pgsql
+ - php-intl
+ - php-bz2
+ - php-sodium
+ - php-gmp
+# - php-exif
+ - php-redis
+ - php-imagick
+ state: present
+
+- name: Boucle d'ajout du user php dans plusieurs groupe
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - nextcloud
+ - postgres-data
+ - redis
+ - "site_{{ SIGLE }}_{{ SITE }}"
+
+- name: Bloc nextcloud_version
+ when: nouvelle_version is undefined
+ block:
+ - name: Demande la version de nextcloud à installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud doit être utilisée"
+ echo: true
+ register: nextcloud_version_prompt
+
+ - name: Definir nouvelle_version
+ ansible.builtin.set_fact:
+ nouvelle_version: "{{ nextcloud_version.user_input }}"
+
+ - name: Demande la version de nextcloud déjà installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud déjà installée"
+ echo: true
+ register: ancienne_version_prompt
+
+ - name: Definir ancienne_version
+ ansible.builtin.set_fact:
+ ancienne_version: "{{ ancienne_version.user_input }}"
+
+- name: Inclure la verif de l'install nextcloud
+ ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
+
+- name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created."
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_user:
+ name: "{{ nextcloud_websrv_user }}"
+ state: present
+ role_attr_flags: CREATEDB
+
+- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created."
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_db:
+ name: "{{ nextcloud_db_name }}"
+ state: "{{ item }}"
+ owner: "{{ nextcloud_websrv_user }}"
+ loop:
+ - absent
+ - present
+
+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option |default(false) }}"
+ loop_control: "{{ item.name }}"
+ loop:
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "ALL"
+ type: "schema"
+ objs: "public"
+ role: "{{ php_${SIGLE}_nuage }}"
+ grant_option: true
+ name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;"
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "USAGE,CREATE"
+ type: "schema"
+ objs: "public"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;"
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_namespace"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_collation"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_index"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_attrdef"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_description"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_settings"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ objs: "pg_database"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage;
+
+- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
+ community.postgresql.postgresql_pg_hba:
+ dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
+ contype: local
+ users: "php_{{ SIGLE}}_{{SITE}}"
+ databases: "php_{{ SIGLE}}_{{SITE}}"
+ method: peer
+ keep_comments_at_rules: true
+ comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom"
+
+# - name: Update nextcloud root dir symbolic link
+# become: true
+# ansible.builtin.file:
+# src: "{{ nextcloud_source }}"
+# dest: "{{ nextcloud_webroot }}/nextcloud"
+# owner: nextcloud
+# group: nextcloud
+# state: link
+# follow: false
+
+# - name: Update nextcloud common app dir symbolic link
+# become: true
+# ansible.builtin.file:
+# src: "{{ nextcloud_common }}"
+# dest: "{{ nextcloud_webroot }}/common"
+# owner: nextcloud
+# group: nextcloud
+# state: link
+# follow: false
+
+# copy skeleton?
+
+# lancement de la commande d'installation
+
+# lien symbolic common conf
+
+- name: Create sigle nextcloud config
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.template:
+ src: templates/sigle.config.php.j2
+ dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640' # or u=rwx,g=r,o=
+
+- name: Creation d'un fichier cron pour /etc/cron.d
+ ansible.builtin.cron:
+ name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan "
+ minute: "5"
+ user: "php_{{ SIGLE}}_{{SITE}}"
+ job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron"
+
+- name: Recharger plusieurs services
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "postgresql"
+ - "php{{ php_version }}-fpm"
+ - "nginx"