--- /dev/null
+# commande pour lancer le playbook: ansible-playbook creation_nouveau_site.yml
+# attention - Par défaut ce scipt se lancer vers ligatures
+
+- name: Promp pour définir les variables du nouveau ite
+ hosts: vm_debian11 # test avec un nom de vm
+ become: true # toutes les tâches seront pas défaut éxécuter en tant que root
+
+ vars:
+# config_nginx: true à l'avenir on pourrait demander à l'utilisateur de choisir si il veut configurer nginx
+ php_version: 8.0
+ postgres_version: 15
+ nouvelle_version: 27.1.6 # nextcloud
+ ancienne_version: 27.1.5 # nextcloud
+
+ vars_prompt:
+
+ - name: SITE
+ prompt: 'quel type de site?(ex: nuage, www, wiki, paheko)'
+ private: false
+ default: "paheko"
+
+ - name: TLD
+ prompt: 'TLD du site à mettre à jour?(ex: org)'
+ private: false
+ default: "org"
+
+ - name: DOMAIN
+ prompt: 'Domaine du site à mettre à jour?(ex: heureux-cyclage)'
+ private: false
+ default: "heureux-cyclage"
+
+ - name: SIGLE
+ prompt: 'Sigle du site à mettre à jour?(ex: lhc)'
+ private: false
+ default: "lhc"
+
+ - name: config_php
+ prompt: 'Faut-il configurer un pool PHP?(ex: oui/non)'
+ private: false
+ default: "non"
+
+ - name: besoin_https
+ prompt: 'Faut-il configurer un certificat ssl pour le HTTPS?(ex: oui/non)'
+ private: false
+ default: "non"
+
+ - name: sftp
+ prompt: 'besoin de configurer un accès SFTP pour ce compte (ex: oui/non)'
+ private: false
+ default: "non"
+
+ - name: sftp_key
+ prompt: "Entrer la clé publique à autoriser pour l'acces SFTP (si nécessaire)"
+ private: false
+ default: "non"
+
+ pre_tasks:
+
+ - name: Vérifier le sigle n'est pas déjà utilisé
+ ansible.builtin.lineinfile:
+ dest: /etc/passwd
+ search_string: "site_{{ SIGLE }}"
+ state: absent
+ check_mode: true
+ changed_when: false
+ register: presence_sigle
+ failed_when: presence_sigle.changed
+
+ tasks:
+
+ - name: Inclure la configuration d'un site web basique
+ ansible.builtin.include_tasks: tasks/config_www.yml
+
+ - name: Bloc permettant de générer les certificats SSL
+ when: besoin_https == 'oui'
+ block:
+ - name: Inclure la configuration nginx http
+ ansible.builtin.include_tasks: tasks/config_nginx.yml
+ vars:
+ template_site: 'http'
+
+ - name: Générer un certififat avec certbot # noqa : command-instead-of-module
+ become: true
+ ansible.builtin.command: 'certbot certonly -i nginx -d {{ SITE }}.{{ DOMAIN }}.{{ TLD }}'
+ register: certbot_log
+ changed_when: false
+
+ - name: Afficher les logs certbot
+ ansible.builtin.debug:
+ var: certbot_log
+ when: certbot_log is defined
+
+
+ - name: Inclure la configuration nginx
+ ansible.builtin.include_tasks: tasks/config_nginx.yml
+ vars:
+ template_site: "{{ SITE }}"
+
+ - name: Inclure la configuration d'un pool PHP
+ ansible.builtin.include_tasks: tasks/config_pool_php.yml
+ when: config_php == 'oui' or SITE == 'paheko' or SITE == 'nuage'
+
+ - name: Inclure la configuration nextcloud si besoin
+ ansible.builtin.include_tasks: tasks/config_nuage.yml
+ when: SITE == 'nuage'
+
+ - name: Inclure la configuration paheko si besoin
+ ansible.builtin.include_tasks: tasks/config_paheko.yml
+ when: SITE == 'paheko'
+
+ # MAJ borgmatic conf
+## Mettre à jour la conf de borgmatic pour intégrer les dossiers du nouveau nuage dans 'source_directories'
+
+ # vim /etc/borgmatic/config.yaml
+
+ # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/config
+ # - /home/sites/data/${TLD}/${DOMAIN}/${SITE}/data
\ No newline at end of file
# 24.0.12
# 25.0.9
# 26.0.4
-php_fpm_service: php8.0-fpm
-nextcloud_tmp_path: "/tmp/nextcloud/{{ domain }}"
-nextcloud_backup_path: "/opt/nuage/backups/{{ domain }}"
+php_fpm_service: php{{ php_version }}-fpm
+php_version: '8.0'
+nextcloud_tmp_path: "/tmp/nextcloud/{{ DOMAIN }}"
+nextcloud_backup_path: "/opt/nuage/backups/{{ DOMAIN }}"
nextcloud_db_name: "nextcloud"
nextcloud_sources_files_path: "{{ nextcloud_files_path }}/sources"
nextcloud_common_files_path: "{{ nextcloud_files_path }}/common"
-nextcloud_webroot: "/home/www/data/org/heureux-cyclage/nuages/instances/{{ domain }}"
+nextcloud_webroot: "/home/www/data/org/heureux-cyclage/nuages/instances/{{ DOMAIN }}"
nextcloud_websrv_user: php_nuages
-nextcloud_db_name: "php_nuage_{{ domain }}"
-php_fpm_service: php8.0-fpm
-nextcloud_tmp_path: "/home/nextcloud_tmp/{{ domain }}"
\ No newline at end of file
+#nextcloud_db_name: "php_nuage_{{ DOMAIN }}"
+nextcloud_db_name: "php_nuage_clav_gre"
+php_fpm_service: php{{ php_version }}-fpm
+php_version: '8.0'
+nextcloud_tmp_path: "/home/nextcloud_tmp/{{ DOMAIN }}"
\ No newline at end of file
-nextcloud_websrv_user: "php_{{ sigle }}_nuage"
+nextcloud_websrv_user: "php_{{ SIGLE }}_nuage"
nextcloud_sources_files_path: "/home/sites/data/nextcloud/sources"
nextcloud_common_files_path: "/home/sites/data/nextcloud/common"
-nextcloud_webroot: "/home/sites/data/{{ tld }}/{{ domain }}/nuage"
+nextcloud_webroot: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/nuage"
nextcloud_source: "{{ nextcloud_sources_files_path }}/nextcloud-{{ nouvelle_version }}"
nextcloud_common: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
-php_fpm_service: php8.2-fpm
\ No newline at end of file
+php_fpm_service: php{{ php_version}}-fpm
+php_version: '8.2'
\ No newline at end of file
--- /dev/null
+
+
+https://nicolaslang.fr/articles/migrer-la-bdd-nextcloud-de-mysql-vers-postgres
+
+gzip -d ARCHIVE_dump_bdd.gz
+
+préparation MYSQL
+DROP DATABASE pailleccambouis;
+CREATE DATABASE pailleccambouis;
+GRANT ALL PRIVILEGES ON *.* TO 'nextcloud' WITH GRANT OPTION;
+source /home/roms/ARCHIVE_dump_bdd;
+
+
+drop table oc_bbb_restrictions;
+drop table oc_bbb_room_shares;
+drop table oc_bbb_rooms;
+drop table oc_mail_accounts;
+drop table oc_mail_aliases;
+drop table oc_mail_attachments;
+drop table oc_mail_classifiers;
+drop table oc_mail_coll_addresses;
+drop table oc_mail_mailboxes;
+drop table oc_mail_messages;
+drop table oc_mail_recipients;
+
+mysql -u nextcloud -p pailleccambouis
+
+modif config.php avec localhost + dbuser nextcloud + dbpass Ckoideja
+
+sudo -u www-data ./console-7.4 db:convert-mysql-charset
+sudo -u www-data ./console-7.4 db:add-missing-columns
+sudo -u www-data ./console-7.4 db:add-missing-indices
+sudo -u www-data ./console-7.4 db:convert-filecache-bigint
+sudo -u www-data ./console-7.4 maintenance:mimetype:update-db
+sudo -u www-data ./console-7.4 maintenance:mimetype:update-js
+
+préparation PGSQL
+vim /etc/postgresql/11/main/pg_hba.conf
+local all nextcloud peer
+CREATE USER nextcloud;
+ALTER USER nextcloud WITH PASSWORD 'Ckoideja';
+
+DROP DATABASE nextcloud;
+CREATE DATABASE nextcloud;
+
+ALTER DATABASE nextcloud OWNER TO nextcloud;
+GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
+
+
+adduser nextcloud -disabled-login --disabled-password --home /opt/nuage --no-create-home --shell /bin/false --system
+adduser nextcloud postgres
+
+adduser nextcloud www-data
+sudo -u www-data ./console-7.4 db:convert-type --all-apps pgsql nextcloud localhost nextcloud
+certaines tables ne sont pas convertis donc perdus. Dire OK.
+
+
+
+unlink nextcloud
+sudo -u www-data ln -s /opt/source/nextcloud22/nextcloud/ nextcloud
+sudo -u www-data ./console-7.4 upgrade
+service php7.4-fpm reload
+
+
+sudo -u www-data ./console-7.4 db:add-missing-columns
+sudo -u www-data ./console-7.4 db:add-missing-indices
+sudo -u www-data ./console-7.4 db:add-missing-primary-keys
+
+
+migration:
+
+ autoriser site_pec_nuage a se connecter dans /etc/passwd
+ lancer un rsync depuis la vm vers ligatures dans un /tmp (ou tester un fichier dans le /data)
+ comparer les fichiers de conf
+ sudo -u php_pec_nuage ./console upgrade
+ test de la v26
+ update en v27
+
hosts: localhost
vars_prompt:
- - name: domain
- prompt: 'Domaine du site à mettre à jour?(ex: heureux-cyclage)'
+ - name: DOMAIN
+ prompt: 'Domaine du site à migrer?(ex: heureux-cyclage)'
private: false
tasks:
- name: Rendre la var domain dispo pour le host ateliers
ansible.builtin.set_fact:
- domain: "{{ domain }}"
+ DOMAIN: "{{ DOMAIN }}"
delegate_to: "{{ item }}"
delegate_facts: true
loop:
hosts: ateliers
tasks:
- # - name: Include backup_from_ateliers
- # ansible.builtin.include_tasks: tasks/backup_from_ateliers.yml
+ - name: Include backup_from_ateliers
+ ansible.builtin.include_tasks: tasks/backup_from_ateliers.yml
- name: Play sur vm_debian11
hosts: vm_debian11
---
+# Tâches éxecutées sur le serveur ateliers
+
- name: Create nextcloud restore dir
+ become: true
+ become_user: root
ansible.builtin.file:
path: "{{ nextcloud_tmp_path }}"
state: directory
mode: '777'
-- name: activate nextcloud maintenance mode
- become_user: "{{ nextcloud_websrv_user }}"
- become: true
- command: './console maintenance:mode --on'
- args:
- chdir: "{{ nextcloud_webroot }}"
+# - name: Activate nextcloud maintenance mode # noqa : command-instead-of-module
+# become_user: "{{ nextcloud_websrv_user }}"
+# become: true
+# ansible.builtin.command: './console maintenance:mode --on'
+# args:
+# chdir: "{{ nextcloud_webroot }}"
-- name: "Compress directory {{ nextcloud_data_path }} into {{ nextcloud_tmp_path }}/data.tar.gz"
- become_user: "{{ nextcloud_websrv_user }}"
- become: true
- community.general.archive:
- path: "{{ nextcloud_data_path }}"
- dest: "{{ nextcloud_tmp_path }}/data.tar.gz"
- format: gz
- force_archive: true
- mode: '777'
+# replace by rsync -t -P --delay-updates -F --compress --archive --partial ateliers:/home/www/data/org/heureux-cyclage/nuages/instances/clavette-gre/data /opt/nuage/backups/clavette-gre/
+# - name: "Compress directory {{ nextcloud_data_path }} into {{ nextcloud_tmp_path }}/data.tar.gz"
+# become_user: "{{ nextcloud_websrv_user }}"
+# become: true
+# community.general.archive:
+# path: "{{ nextcloud_data_path }}"
+# dest: "{{ nextcloud_tmp_path }}/data.tar.gz"
+# format: gz
+# force_archive: true
+# mode: '777'
- name: Create a dump of the postgreSQL database # noqa : command-instead-of-module
become: true
become_user: "{{ nextcloud_websrv_user }}"
- ansible.builtin.command: "pg_dump -f dump.sql -F c -O -b {{ nextcloud_db_name }}"
+ ansible.builtin.command: "pg_dump -f dump.pgc -F c -O -b {{ nextcloud_db_name }}"
args:
chdir: "{{ nextcloud_tmp_path }}"
-- name: copy nextcloud config file
+# rsync -t -P --delay-updates -F --compress --archive --partial ateliers:/tmp/nextcloud_restore/dump.pgc /opt/nuage/backups/clavette-gre/
+
+- name: Copy nextcloud config file
become_user: "{{ nextcloud_websrv_user }}"
become: true
- ansible.builtin.copy:
+ ansible.builtin.copy:
src: "{{ nextcloud_webroot }}/config/config.php"
dest: "{{ nextcloud_tmp_path }}/config.php"
- remote_src: yes # because the config file is already in the nextcloud_tmp_path
+ remote_src: true # because the config file is already in the nextcloud_tmp_path
mode: '755'
- name: Add read permissions to created tmp files
dest: "/tmp/nextcloud/{{ domain }}/"
flat: true
loop:
- - "{{ nextcloud_tmp_path }}/dump.sql"
- - "{{ nextcloud_tmp_path }}/data.tar.gz"
+ - "{{ nextcloud_tmp_path }}/dump.pgc"
+# - "{{ nextcloud_tmp_path }}/data.tar.gz"
- "{{ nextcloud_tmp_path }}/config.php"
- name: Supprimer les fichiers temporaires du serveur ateliers
path: "{{ item }}"
state: absent
loop:
- - "{{ nextcloud_tmp_path }}/dump.sql"
- - "{{ nextcloud_tmp_path }}/data.tar.gz"
+ - "{{ nextcloud_tmp_path }}/dump.pgc"
+ # - "{{ nextcloud_tmp_path }}/data.tar.gz"
- "{{ nextcloud_tmp_path }}/config.php"
# - name: deactivate nextcloud maintenance mode
# become: true
# command: './console maintenance:mode --off'
# args:
-# chdir: "{{ nextcloud_webroot }}"
\ No newline at end of file
+# chdir: "{{ nextcloud_webroot }}"
--- /dev/null
+- name: Install required packages
+ ansible.builtin.apt:
+ name:
+ - php-ctype
+ - php-curl
+ - php-dom
+ - php-fileinfo
+ - php-gd
+ - php-json
+ - php-libxml
+ - php-mbstring
+ - php-openssl
+ - php-posix
+ - php-session
+ - php-simplexml
+ - php-xmlreader
+ - php-xmlwriter
+ - php-zip
+ - php-zlib
+ - php-pdo_pgsql
+ - php-intl
+ - php-bz2
+ - php-sodium
+ - php-gmp
+# - php-exif
+ - php-redis
+ - php-imagick
+ state: present
+
+- name: Boucle d'ajout du user php dans plusieurs groupe
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - nextcloud
+ - postgres-data
+ - redis
+ - "site_{{ SIGLE }}_{{ SITE }}"
+
+- name: Bloc nextcloud_version
+ when: nouvelle_version is undefined
+ block:
+ - name: Demande la version de nextcloud à installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud doit être utilisée"
+ echo: true
+ register: nextcloud_version_prompt
+
+ - name: Definir nouvelle_version
+ ansible.builtin.set_fact:
+ nouvelle_version: "{{ nextcloud_version.user_input }}"
+
+ - name: Demande la version de nextcloud déjà installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud déjà installée"
+ echo: true
+ register: ancienne_version_prompt
+
+ - name: Definir ancienne_version
+ ansible.builtin.set_fact:
+ ancienne_version: "{{ ancienne_version.user_input }}"
+
+- name: Inclure la verif de l'install nextcloud
+ ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
+
+- name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created."
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_user:
+ name: "{{ nextcloud_websrv_user }}"
+ state: present
+ role_attr_flags: CREATEDB
+
+- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created."
+ become_user: postgres
+ become: true
+ community.postgresql.postgresql_db:
+ name: "{{ nextcloud_db_name }}"
+ state: "{{ item }}"
+ owner: "{{ nextcloud_websrv_user }}"
+ loop:
+ - absent
+ - present
+
+- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
+ community.postgresql.postgresql_privs:
+ db: "{{ item.db }}"
+ privs: "{{ item.privs }}"
+ type: "{{ item.type }}"
+ objs: "{{ item.objs }}"
+ role: "{{ item.role }}"
+ grant_option: "{{ item.grant_option |default(false) }}"
+ loop_control: "{{ item.name }}"
+ loop:
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "ALL"
+ type: "schema"
+ objs: "public"
+ role: "{{ php_${SIGLE}_nuage }}"
+ grant_option: true
+ name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;"
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "USAGE,CREATE"
+ type: "schema"
+ objs: "public"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;"
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_namespace"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_collation"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_index"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_attrdef"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_description"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ type: "table"
+ objs: "pg_settings"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage;
+ - db: "{{ php_${SIGLE}_nuage }}"
+ privs: "SELECT"
+ objs: "pg_database"
+ role: "{{ php_${SIGLE}_nuage }}"
+ name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage;
+
+- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
+ community.postgresql.postgresql_pg_hba:
+ dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
+ contype: local
+ users: "php_{{ SIGLE}}_{{SITE}}"
+ databases: "php_{{ SIGLE}}_{{SITE}}"
+ method: peer
+ keep_comments_at_rules: true
+ comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom"
+
+# - name: Update nextcloud root dir symbolic link
+# become: true
+# ansible.builtin.file:
+# src: "{{ nextcloud_source }}"
+# dest: "{{ nextcloud_webroot }}/nextcloud"
+# owner: nextcloud
+# group: nextcloud
+# state: link
+# follow: false
+
+# - name: Update nextcloud common app dir symbolic link
+# become: true
+# ansible.builtin.file:
+# src: "{{ nextcloud_common }}"
+# dest: "{{ nextcloud_webroot }}/common"
+# owner: nextcloud
+# group: nextcloud
+# state: link
+# follow: false
+
+# copy skeleton?
+
+# lancement de la commande d'installation
+
+# lien symbolic common conf
+
+- name: Create sigle nextcloud config
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.template:
+ src: templates/sigle.config.php.j2
+ dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640' # or u=rwx,g=r,o=
+
+- name: Creation d'un fichier cron pour /etc/cron.d
+ ansible.builtin.cron:
+ name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan "
+ minute: "5"
+ user: "php_{{ SIGLE}}_{{SITE}}"
+ job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron"
+
+- name: Recharger plusieurs services
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "postgresql"
+ - "php{{ php_version }}-fpm"
+ - "nginx"
--- /dev/null
+- name: Boucle création ou modifications des répertoires config et logs de nginx pour le site
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ state: directory
+ owner: 'root'
+ group: 'root'
+ mode: '2750'
+ - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}"
+ state: directory
+ owner: 'log_sites'
+ group: 'log_sites'
+ mode: '755'
+ - path: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ state: directory
+ owner: 'log_sites'
+ group: 'log_sites'
+ mode: '2750'
+
+- name: Création de la conf server nginx
+ ansible.builtin.template:
+ src: "templates/nginx_{{ template_site }}_server.j2"
+ dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/server.conf"
+ owner: "root"
+ group: "root"
+ mode: '640' # or u=rwx,g=r,o=
+
+- name: Création de la conf common nginx
+ ansible.builtin.template:
+ src: "templates/nginx_{{ template_site }}_common.j2"
+ dest: "/etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf"
+ owner: "root"
+ group: "root"
+ mode: '640' # or u=rwx,g=r,o=
+ when: SITE != 'nuage' and template_site != 'http'
+
+- name: Recharger le service nginx
+ ansible.builtin.service:
+ name: nginx
+ state: reloaded
+ when: SITE != 'nuage' and SITE != 'paheko' and template_site == 'http'
--- /dev/null
+- name: Install required packages
+ ansible.builtin.apt:
+ name:
+ - php
+ - php-sqlite3
+ - php-intl
+ - php-cli
+ - php-imagick
+ - php-mbstring
+ state: present
+ register: php_install
+
+- name: Enable PHP modules
+ ansible.builtin.command: phpenmod sqlite3 imagick intl
+ when: php_install.changed
+
+- name: Ajout de l'utilisateur php_SIGLE_SITE
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ shell: /bin/false
+ system: true
+ append: true
+ create_home: false
+ password: '!'
+# group: "php_{{ SIGLE }}_{{ SITE }}"
+
+- name: Bloc paheko_version
+ when: paheko_version is undefined
+ block:
+ - name: Demande la version de nextcloud à installer
+ ansible.builtin.pause:
+ prompt: "Quelle version de nextcloud doit être utilisé"
+ echo: true
+ register: paheko_version_prompt
+
+ - name: Definir paheko_version
+ ansible.builtin.set_fact:
+ paheko_version: "{{ paheko_version_prompt.user_input }}"
+
+- name: Vérif si la source paheko est téléchargée
+ become: true
+ ansible.builtin.stat:
+ path: "/home/sites/data/paheko/{{ paheko_version }}"
+ register: paheko_source_path
+
+- name: Installion de la nouvelle version paheko
+ when: not paheko_source_path.stat.exists
+ block:
+
+ - name: Boucle création ou modifications des répertoires pahéko
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "/home/sites/data/paheko/{{ paheko_version }}"
+ state: "directory"
+ owner: "www-data"
+ group: "www-data"
+ mode: "755"
+
+ - name: Telecharger la source Paheko
+ become: true
+ become_user: www-data
+ ansible.builtin.get_url:
+ url: "https://fossil.kd2.org/paheko/uv/paheko-{{ paheko_version }}.tar.gz"
+ dest: "/home/sites/data/paheko/{{ paheko_version }}.tar.gz"
+ mode: '755' # or u=rwx,g=rx,o=rx
+
+ - name: Extract downloaded nextcloud source
+ become: true
+ become_user: www-data
+ ansible.builtin.unarchive:
+ src: "/home/sites/data/paheko/{{ paheko_version }}.tar.gz"
+ dest: "/home/sites/data/paheko"
+ # mode: '755' # or u=rwx,g=rx,o=rx
+ remote_src: true
+
+ - name: Renommer paheko-version par uniquement la version
+ become: true
+ become_user: www-data
+ ansible.builtin.copy:
+ src: "/home/sites/data/paheko/paheko-{{ paheko_version }}/"
+ dest: "/home/sites/data/paheko/{{ paheko_version }}"
+ remote_src: true # because the config file is already in the nextcloud_tmp_path
+ mode: preserve
+
+ - name: Deleted downloaded nextcloud files
+ become: true
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - "/home/sites/data/paheko/{{ paheko_version }}.tar.gz"
+ - "/home/sites/data/paheko/paheko-{{ paheko_version }}"
+
+- name: Copie la source paheko vers le home du site
+ become: true
+# become_user: "php_{{ SIGLE }}_{{ SITE }}"
+ ansible.builtin.copy:
+ src: "/home/sites/data/paheko/{{ paheko_version }}/"
+ dest: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ remote_src: true # because the config file is already in the nextcloud_tmp_path
+
+- name: Modification du propriétaire group et droits du dossier
+ ansible.builtin.file:
+ path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/"
+ state: directory
+ owner: "php_{{ SIGLE }}_{{ SITE }}"
+ group: "php_{{ SIGLE }}_{{ SITE }}"
+ mode: '644'
+ recurse: true
+
+- name: Boucle d'ajout du user php dans plusieurs groupe
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - "site_{{ SIGLE }}_{{ SITE }}"
+
+# - name: Change displayed icon
+# ansible.builtin.copy:
+# src: "{{ icon }}"
+# dest: "/usr/share/garradin/www/admin/static/icon{{ icon | splitext | last }}"
+# when: icon is defined
+
+# - name: Change page favicon
+# ansible.builtin.copy:
+# src: "{{ favicon }}"
+# dest: "/usr/share/garradin/www/admin/static/favicon{{ icon | splitext | last }}"
+# when: favicon is defined
+
+- name: Recharger PHP service
+ ansible.builtin.service:
+ name: "{{ item }}"
+ state: reloaded
+ loop:
+ - "php{{ php_version }}-fpm"
+ - "nginx"
--- /dev/null
+- name: Ajout de l'utilisateur php_SIGLE_SITE
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ home: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ shell: /bin/false
+ system: true
+ append: true
+ create_home: false
+ password: '!'
+# group: "php_{{ SIGLE }}_{{ SITE }}"
+
+- name: Boucle d'ajout du user php dans plusieurs groupe
+ ansible.builtin.user:
+ name: "php_{{ SIGLE }}_{{ SITE }}"
+ groups: "{{ item }}"
+ append: true
+ loop:
+ - www-data
+
+- name: Boucle création ou modifications des répertoires log d'un pool php
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "/home/sites/log/php/fpm/{{ TLD }}"
+ state: directory
+ owner: 'root'
+ group: 'root'
+ mode: '1751'
+ - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}"
+ state: directory
+ owner: "php_{{ SIGLE }}_{{ SITE }}"
+ group: "php_{{ SIGLE }}_{{ SITE }}"
+ mode: '1751'
+ - path: "/home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ state: directory
+ owner: "php_{{ SIGLE }}_{{ SITE }}"
+ group: "php_{{ SIGLE }}_{{ SITE }}"
+ mode: '750'
+
+- name: Boucle création ou modifications des répertoires config d'un pool php
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "/etc/php/{{ php_version }}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ state: directory # If directory, all intermediate subdirectories will be created if they do not exist.
+ owner: 'root'
+ group: 'root'
+ mode: '750'
+ - path: "/run/php_{{ php_version }}/fpm"
+ state: directory
+ owner: 'root'
+ group: 'root'
+ mode: '2755'
+
+- name: Création de la conf server nginx
+ ansible.builtin.template:
+ src: "templates/php_{{ SITE }}_conf.j2"
+ dest: "/etc/php/{{ php_version}}/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/php-fpm.conf"
+ owner: "root"
+ group: "root"
+ mode: '640' # or u=rwx,g=r,o=
+ when: SITE == 'nuage' or SITE == 'paheko'
+
+- name: ATTENTION la config php n'a pas été créer
+ ansible.builtin.debug:
+ msg: "Il n'y a pas de templates php pour votre site, il faudra le créer manuellement"
+ when: SITE != 'nuage' or SITE != 'paheko'
+
+# - name: recharger PHP service
+# ansible.builtin.service:
+# name: "php{{ php_version }}-fpm"
+# state: reloaded
+# when: SITE != 'nuage' or SITE != 'paheko'
--- /dev/null
+- name: Ajout de l'utilisateur site_SIGLE_SITE
+ ansible.builtin.user:
+ name: "site_{{ SIGLE }}_{{ SITE }}"
+ home: "/home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ shell: /bin/false
+ groups: www-data
+ system: true
+ append: true
+ create_home: false
+ password: '!'
+
+- name: Boucle d'ajout d'user dans le groupe site_SIGLE_SITE
+ ansible.builtin.user:
+ name: "{{ item }}"
+ groups: "site_{{ SIGLE }}_{{ SITE }}"
+ append: true
+ loop:
+ - 'www-data'
+ - 'backup' # pour borgmatic
+
+- name: Boucle création ou modifications des répertoires home du site
+ ansible.builtin.file:
+ path: "{{ item.path }}"
+ state: "{{ item.state }}"
+ owner: "{{ item.owner }}"
+ group: "{{ item.group }}"
+ mode: "{{ item.mode }}"
+ loop_control:
+ label: "{{ item.path }}"
+ loop:
+ - path: "/home/sites/data/{{ TLD }}"
+ state: directory
+ owner: 'root'
+ group: 'www-data'
+ mode: '3751'
+ - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}"
+ state: directory
+ owner: 'root'
+ group: 'www-data'
+ mode: '2751'
+ - path: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}"
+ state: directory
+ owner: 'root'
+ group: "site_{{ SIGLE }}_{{ SITE }}"
+ mode: '2750'
---
-# - name: Clean nextcloud restore dir content
-# become_user: "{{ nextcloud_websrv_user }}"
-# become: true
-# ansible.builtin.file:
-# path: "{{ item }}"
-# state: absent
-# loop:
-# - "{{ nextcloud_tmp_path }}"
-# - "{{ nextcloud_webroot }}/data"
+# chown -R www-data: /opt/nuage/backups/clavette-gre
+# sudo -u postgres psql
+# DROP DATABASE nextcloud;
+# CREATE DATABASE nextcloud WITH OWNER=php_mig_nuage;
+# GRANT ALL ON SCHEMA public TO php_mig_nuage WITH GRANT OPTION;
+# GRANT USAGE,CREATE ON SCHEMA public TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_namespace TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_collation TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_index TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_attrdef TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_description TO php_mig_nuage;
+# GRANT SELECT ON TABLE pg_settings TO php_mig_nuage;
+# GRANT SELECT ON pg_database TO php_mig_nuage;
+# exit
+# sudo -u php_mig_nuage pg_restore -F c -Oxc --if-exists -d nextcloud /opt/nuage/backups/clavette-gre/dump.pgc
+
+
+- name: Clean nextcloud restore dir content
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - "{{ nextcloud_tmp_path }}"
+ - "{{ nextcloud_webroot }}/data"
- name: Recreate nextcloud restore dir # necessite le paquet acl installé
become_user: "{{ nextcloud_websrv_user }}"
ansible.builtin.file:
path: "{{ item }}"
state: directory
- loop:
+ loop:
- "{{ nextcloud_tmp_path }}"
- - "{{ nextcloud_webroot }}/data"
-# - name: Copy files from ansible controller to vm host
-# become_user: "{{ nextcloud_websrv_user }}"
-# become: true
-# ansible.builtin.copy:
-# src: "{{ nextcloud_tmp_path }}/"
-# dest: "{{ nextcloud_tmp_path }}/"
+- name: Copy files from ansible controller to vm host
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.copy:
+ src: "{{ nextcloud_tmp_path }}/"
+ dest: "{{ nextcloud_tmp_path }}/"
-# - name: Extract nc data archive
-# become_user: "{{ nextcloud_websrv_user }}"
-# become: true
-# ansible.builtin.unarchive:
-# src: "{{ nextcloud_tmp_path }}/data.tar.gz"
-# dest: "{{ nextcloud_webroot }}/data"
+- name: Add read permissions to data backups files
+ become: true
+ become_user: root
+ ansible.builtin.file:
+ path: "{{ nextcloud_backup_path }}"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ state: directory
+ recurse: true
+ mode: '755' # or 'u=rw,g=r,o=r'
+
+- name: Créer un lien symbolique vers le dossier data backups
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.file:
+ src: "{{ nextcloud_backup_path }}/data"
+ dest: "{{ nextcloud_webroot }}/data"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ state: link
+ follow: false
- name: Stop webserver service
become: true
name: "{{ nextcloud_db_name }}"
state: "{{ item }}"
owner: "{{ nextcloud_websrv_user }}"
- target: "{{ nextcloud_tmp_path }}/dump.sql"
+ target: "{{ nextcloud_tmp_path }}/dump.pgc"
+ target_opts: "-F c -Oxc --if-exists"
loop:
- absent
- present
# - name: Restore psql dump # noqa : command-instead-of-module
# become: true
# become_user: postgres
-# ansible.builtin.command: "pg_restore -c -F c -O -x -d {{ nextcloud_db_name }} {{ nextcloud_tmp_path }}/dump.pgc"
+# ansible.builtin.command: "pg_restore -F c -Oxc --if-exists -d {{ nextcloud_db_name }} {{ nextcloud_tmp_path }}/dump.pgc"
-- name: Update data fingerprint post db restore # noqa : command-instead-of-module
+- name: Create vm nextcloud config
become_user: "{{ nextcloud_websrv_user }}"
become: true
- ansible.builtin.command: './console maintenance:data-fingerprint'
- args:
- chdir: "{{ nextcloud_webroot }}"
+ ansible.builtin.template:
+ src: templates/vm_config_template.j2
+ dest: "{{ nextcloud_webroot }}/config/vm.config.php"
+ owner: "{{ nextcloud_websrv_user }}"
+ group: "{{ nextcloud_websrv_user }}"
+ mode: '640' # or u=rwx,g=r,o=
-- name: create nextcloud config
+- name: Create sigle nextcloud config
become_user: "{{ nextcloud_websrv_user }}"
become: true
ansible.builtin.template:
- src: templates/config_template.j2
- dest: "{{ nextcloud_webroot }}/config/config.php"
+ src: templates/sigle_config_template.j2
+ dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
owner: "{{ nextcloud_websrv_user }}"
group: "{{ nextcloud_websrv_user }}"
mode: '640' # or u=rwx,g=r,o=
+- name: Update data fingerprint post db restore # noqa : command-instead-of-module
+ become_user: "{{ nextcloud_websrv_user }}"
+ become: true
+ ansible.builtin.command: './console maintenance:data-fingerprint'
+ args:
+ chdir: "{{ nextcloud_webroot }}"
+
- name: Deactivate nextcloud maintenance mode # noqa : command-instead-of-module
become_user: "{{ nextcloud_websrv_user }}"
become: true
when: "'Nextcloud is already latest version' not in nc_upgrade_result.stdout_lines"
block:
- - name: Launch some occ cleaning command
+ - name: Launch some occ cleaning command # noqa : command-instead-of-module
become_user: "{{ nextcloud_websrv_user }}"
become: true
ansible.builtin.command: "./console { command }}"
debug:
var: nc_upgrade_result.stdout_lines
-- name: Bloque de tâches contrôlant la fin de la maintenance de mise à jour
+- name: Bloc de tâches contrôlant la fin de la maintenance de mise à jour
block:
- name: Wait for nextcloud maintenance mode to become false # noqa : command-instead-of-module
become_user: "{{ nextcloud_websrv_user }}"
--- /dev/null
+- name: Vérif si la source nextcloud est téléchargée
+ become: true
+ ansible.builtin.stat:
+ path: "{{ nextcloud_source }}"
+ register: new_nextcloud_source
+
+- name: Vérif si le dossier common app est créé
+ become: true
+ ansible.builtin.stat:
+ path: "{{ nextcloud_common }}"
+ register: new_nextcloud_common
+
+# - name: Obtenir l'ancienne version # noqa : command-instead-of-module
+# become_user: "{{ nextcloud_websrv_user }}"
+# become: true
+# ansible.builtin.command: '{{ nextcloud_webroot }}/console status --output=json'
+# register: result
+
+# - name: Enregistrer l'ancienne version
+# ansible.builtin.set_fact:
+# ancienne_version: "{{ tmp.versionstring }}"
+# vars:
+# tmp: "{{ result.stdout | from_json }}"
+
+- name: Include download_nextcloud_source tasks
+ ansible.builtin.include_tasks: tasks/download_nextcloud_source.yml
+ when: not new_nextcloud_source.stat.exists
+ vars:
+ ansible_become: true
+ become_user: nextcloud
+
+- name: Create new app common folder from old version one
+ become_user: nextcloud
+ become: true
+ ansible.builtin.copy:
+ src: "{{ nextcloud_common_files_path }}/nextcloud-{{ ancienne_version }}/"
+ dest: "{{ nextcloud_common_files_path }}/nextcloud-{{ nouvelle_version }}"
+ remote_src: true # because the copy is from remote host to remote host
+ mode: '754' # or 'u=rwx,g=rx,o=r'
+ when: not new_nextcloud_common.stat.exists
\ No newline at end of file
+++ /dev/null
-<?php
-$CONFIG = array (
- 'appstoreenabled' => false,
- 'trusted_domains' =>
- array (
- 0 => 'nuage.migration.org',
- ),
- 'datadirectory' => '{{ nextcloud_webroot}}/data',
- 'overwrite.cli.url' => 'https://nuage.migration.org',
- 'dbtype' => 'pgsql',
- 'dbname' => '{{ nextcloud_db_name }}',
- 'dbhost' => '/run/postgresql',
- 'dbport' => '',
- 'dbtableprefix' => 'oc_',
- 'dbuser' => '{{ nextcloud_websrv_user}}',
- 'dbpassword' => '',
- 'installed' => true,
- 'apps_paths' =>
- array (
- 0 =>
- array (
- 'path' => '{{ nextcloud_webroot}}/nextcloud/apps/',
- 'url' => '/apps',
- 'writable' => false,
- ),
- 1 =>
- array (
- 'path' => '{{ nextcloud_webroot}}/common/',
- 'url' => '/common-apps',
- 'writable' => false,
- ),
- ),
- 'theme' => '',
- 'loglevel' => 2,
-);
--- /dev/null
+server {
+ listen 80;
+ server_name
+ {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ disable_symlinks if_not_owner;
+ access_log /home/sites/log/nginx/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/org/{{ SITE }}/{{ DOMAIN }}/{{ TLD }}error.log warn;
+ root /home/sites/data/{{TLD }}/{{ DOMAIN }}/{{SITE }}/;
+}
\ No newline at end of file
--- /dev/null
+# Set the `immutable` cache control options only for assets with a cache busting `v` argument
+map $arg_v $asset_immutable {
+ "" "";
+ default "immutable";
+}
+server {
+ listen 80;
+ server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+ #disable_symlinks if_not_owner;
+
+ # Prevent nginx HTTP Server Detection
+ server_tokens off;
+
+ # Enforce HTTPS
+ return 301 https://$server_name$request_uri;
+
+
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+}
+server {
+ listen 443 ssl http2;
+ server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+
+ # Path to the root of your installation
+ root /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/nextcloud;
+
+ disable_symlinks if_not_owner;
+{% if besoin_https == 'oui' %}
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+{% endif %}
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+
+ # Prevent nginx HTTP Server Detection
+ server_tokens off;
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.{{ TLD }}/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
+
+ # set max upload size and increase upload timeout:
+ client_max_body_size 512M;
+ client_body_timeout 300s;
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # The settings allows you to optimize the HTTP2 bandwitdth.
+ # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
+ # for tunning hints
+ client_body_buffer_size 512k;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Add .mjs as a file extension for javascript
+ # Either include it in the default mime.types list
+ # or include you can include that list explicitly and add the file extension
+ # only for Nextcloud like below:
+ include mime.types;
+ types {
+ text/javascript js mjs;
+ }
+
+ location ~ /common-apps/(.*)$ {
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common/$1;
+ }
+
+ location ~ /instance-apps/(.*)$ {
+ alias /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/apps/$1;
+ }
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The rules in this block are an adaptation of the rules
+ # in the Nextcloud `.htaccess` that concern `/.well-known`.
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+
+ location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
+ location /.well-known/pki-validation { try_files $uri $uri/ =404; }
+
+ # Let Nextcloud's API for `/.well-known` URIs handle all other
+ # requests by passing them to the front-end controller.
+ return 301 /index.php$request_uri;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends
+ # `/index.php` to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ # Required for legacy support
+ # commented lines from nextcloud nginx template are already in /etc/nginx/conf.d/fastcgi.conf
+ rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ #set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include /etc/nginx/conf.d/fastcgi.conf;
+ #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ #fastcgi_param PATH_INFO $path_info;
+ fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+
+ fastcgi_param NEXTCLOUD_CONFIG_DIR /home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/config;
+ fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
+
+ #fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+
+ #fastcgi_max_temp_file_size 0; #2M in /etc/nginx/conf.d/fastcgi.conf
+ }
+
+ # Serve static files
+ location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
+ try_files $uri /index.php$request_uri;
+ add_header Cache-Control "public, max-age=15778463, $asset_immutable";
+ access_log off; # Optional: Don't log access to assets
+
+ location ~ \.wasm$ {
+ default_type application/wasm;
+ }
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ # Rule borrowed from `.htaccess`
+ location /remote {
+ return 301 /remote.php$request_uri;
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+}
\ No newline at end of file
--- /dev/null
+server_name {{ SITE }}.{{ DOMAIN }}.{{ TLD }};
+root /home/www/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/www;
+
+location / {
+ try_files $uri $uri/ /_route.php?$query_string;
+ index index.php /_route.php;
+}
+
+location ~ \.php {
+ try_files $uri $uri/ /_route.php?$query_string;
+ include /etc/nginx/conf.d/fastcgi.conf;
+ fastcgi_index index.php ;
+ fastcgi_param REDIRECT_STATUS 200;
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+
+ fastcgi_pass unix:/run/php{{ php_version}}/fpm/php_{{ SIGLE }}_{{ SITE }};
+}
\ No newline at end of file
--- /dev/null
+server {
+ listen 80;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+ access_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/www/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ return 301 https://{{ SITE }}.{{ DOMAIN }}.{{ TLD }}$request_uri;
+ }
+server {
+ listen 443;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+{% if besoin_https == 'oui' %}
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+{% endif %}
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+}
--- /dev/null
+server_name
+ {{ DOMAIN }}.{{ TLD }}
+ www.{{ DOMAIN }}.{{ TLD }};
+root /home/site/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/;
+index index.html;
+
+client_body_buffer_size 8k;
+client_max_body_size 10m;
+
+error_page 404 404.html;
\ No newline at end of file
--- /dev/null
+server {
+ listen 80;
+ server_name {{ DOMAIN }}.{{ TLD }};
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+ return 301 https://{{ DOMAIN }}.{{ TLD }}$request_uri;
+}
+server {
+ listen 443 ssl;
+ include /etc/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/common.conf;
+{% if besoin_https == 'oui' %}
+ ssl_certificate /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ SITE }}.{{ DOMAIN }}.{{ TLD }}/privkey.pem;
+{% endif %}
+ access_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log main buffer=32k;
+ error_log /home/sites/log/nginx/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/error.log warn;
+}
\ No newline at end of file
--- /dev/null
+[{{ TLD }}/{{ DOMAIN }}/{{ SITE }}]
+access.log = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/access.log
+catch_workers_output = no
+chdir = /
+env[HOSTNAME] = $HOSTNAME
+env[TEMP] = /tmp
+env[TMPDIR] = /tmp
+env[TMP] = /tmp
+env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+group = php_{{ SIGLE }}_{{ SITE }}
+;listen = 127.0.0.1:9000
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+listen.backlog = -1
+listen.group = www-data
+listen.mode = 0660
+;listen.allowed_clients = 127.0.0.1
+;listen.owner = www-data
+;opcache.enable_cli = 1
+;opcache.enable=1
+;opcache.interned_strings_buffer=8
+;opcache.jit = 1255
+;opcache.jit_buffer_size = 128M
+;opcache.max_accelerated_files=10000
+;opcache.memory_consumption=128
+;opcache.revalidate_freq=60
+;opcache.validate_timestamps=0
+;opcache.save_comments=1
+;php_admin_value[extension] = curl.so
+;php_admin_value[extension] = pdo_mysql.so
+php_admin_value[memory_limit] = 512M
+ping.path = /ping
+pm = dynamic
+pm.max_children = 10
+pm.max_requests = 1000
+pm.max_spare_servers = 7
+pm.min_spare_servers = 2
+pm.process_idle_timeout = 60s
+pm.start_servers = 2
+pm.status_path = /status
+;request_slowlog_timeout = 5s
+request_terminate_timeout = 120s
+rlimit_core = unlimited
+rlimit_files = 131072
+security.limit_extensions = .php
+slowlog = /home/sites/log/php/fpm/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/slow.log
+user = php_{{ SIGLE }}_{{ SITE }}
\ No newline at end of file
--- /dev/null
+[{{ TLD}}/{{ DOMAIN}}/{{ SITE}}]
+user = php_{{ SIGLE }}_{{ SITE }}
+group = php_{{ SIGLE }}_{{ SITE }}
+
+listen = /run/php{{ php_version }}/fpm/php_{{ SIGLE }}_{{ SITE }}
+
+listen.group = www-data
+
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+access.log = /home/sites/log/php/fpm/{{ TLD}}/{{ DOMAIN}}/{{ SITE}}/access.log
\ No newline at end of file
--- /dev/null
+<?php
+{# have to be completed with value from config.php from ateliers #}
+$CONFIG = array (
+ 'instanceid' => 'oc2ls3ih38ml',
+ 'passwordsalt' => 'eKxcXZBq+rTNj8fCWQ5/Iw+GJPpEVo',
+ 'secret' => 'tEVNpFGKZVmab4zIjZq5qeBNjJtgDc50Ezz9zvebjIGwxcIf',
+ 'version' => '22.2.0.2',
+ 'installed' => true,
+ 'maintenance' => false,
+);
--- /dev/null
+<?php
+$CONFIG = array (
+ 'appstoreenabled' => false,
+ 'trusted_domains' =>
+ array (
+ 0 => 'nuage.migration.org',
+ ),
+ 'datadirectory' => '{{ nextcloud_webroot}}/data',
+ 'overwrite.cli.url' => 'https://nuage.migration.org',
+ 'dbtype' => 'pgsql',
+ 'dbname' => '{{ nextcloud_db_name }}',
+ 'dbhost' => '/run/postgresql',
+ 'dbport' => '',
+ 'dbtableprefix' => 'oc_',
+ 'dbuser' => '{{ nextcloud_websrv_user}}',
+ 'dbpassword' => '',
+ 'installed' => true,
+ 'apps_paths' =>
+ array (
+ 0 =>
+ array (
+ 'path' => '{{ nextcloud_webroot}}/nextcloud/apps/',
+ 'url' => '/apps',
+ 'writable' => false,
+ ),
+ 1 =>
+ array (
+ 'path' => '{{ nextcloud_webroot}}/common/',
+ 'url' => '/common-apps',
+ 'writable' => false,
+ ),
+ ),
+ 'theme' => '',
+ 'loglevel' => 2,
+);
- hosts: ligatures
vars:
- nouvelle_version: 27.1.1
+ domain: chatperche
ancienne_version: 27.1.0
- tasks:
-
- # - name: Vérif si le dossier common app est créé
- # become: true
- # ansible.builtin.stat:
- # path: "/home/sites/data/nextcloud/common/nextcloud-{{ nouvelle_version }}"
- # register: new_nextcloud_common
+ nouvelle_version: 27.1.4
- # - name: create new app common folder from old version one
- # become_user: nextcloud
- # become: true
- # ansible.builtin.copy:
- # src: "/home/sites/data/nextcloud/common/nextcloud-{{ ancienne_version }}"
- # dest: "/home/sites/data/nextcloud/common/nextcloud-{{ nouvelle_version }}"
- # remote_src: yes #because the config file is already in the nextcloud_tmp_path
- # mode: '754'
- # when: not new_nextcloud_common.stat.exists
+ tasks:
- - name: Extract downloaded archive
- become: true
- become_user: nextcloud
- ansible.builtin.unarchive:
- src: "/tmp/test_nextcloud/groupfolder_v15.3.1.tar.gz"
- dest: "/tmp/test_nextcloud/"
- # mode: '755' #or u=rwx,g=rx,o=rx
- remote_src: yes
+ # - name: Synchronisation des fichiers nextcloud présent sur ateliers dans la vm de migration nextcloud
+ # ansible.builtin.command: "rsync --delay-updates -F --compress --archive --partial rominique@ateliers.heureux-cyclage.org:{{ item }} /opt/nuage/backups/{{ domain }}/"
+ # delegate_to: vm_debian11
+ # loop:
+ # - "{{ nextcloud_webroot }}/config/config.php"
+ # register: my_output
- - name: "rename"
- become: true
- become_user: nextcloud
- ansible.builtin.copy:
- src: "/tmp/test_nextcloud/groupfolders-15.3.1/"
- dest: "/tmp/test_nextcloud/groupfolder"
- remote_src: yes #because the config file is already in the nextcloud_tmp_path
+ # - name: Debug
+ # ansible.builtin.debug:
+ # var: my_output
- - name: deleted downloaded nextcloud files
- become: true
- become_user: nextcloud
- ansible.builtin.file:
- path: "{{ item }}"
- state: absent
- loop:
- - "/tmp/test_nextcloud/groupfolders-15.3.1"
\ No newline at end of file
+ - name: Download nextcloud source
+ become: true
+ become_user: nextcloud
+ ansible.builtin.get_url:
+ url: "{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2"
+ dest: "{{ nextcloud_sources_files_path }}/"
+ mode: '755' # or u=rwx,g=rx,o=rx
+ checksum: "md5:{{ nextcloud_repo_url }}/nextcloud-{{ nouvelle_version }}.tar.bz2.md5"
---
# commande pour lancer le playbook: ansible-playbook update_nuage_instance.yml
-# ATTENTION pour l'instance "test-nuage" il faut lancer commande pour lancer le playbook: ansible-playbook update_nuage_instance.yml --extra-vars "nextcloud_websrv_user=php_lhc_test_nuage nextcloud_webroot=/home/sites/data/org/heureux-cyclage/test-nuage"
+# ATTENTION pour l'instance "test-nuage" il faut lancer commande pour lancer le playbook:
+# ansible-playbook update_nuage_instance.yml --extra-vars "nextcloud_websrv_user=php_lhc_test_nuage nextcloud_webroot=/home/sites/data/org/heureux-cyclage/test-nuage"
- name: Promp pour définir les variables
hosts: ligatures
prompt: 'Nouvelle version nextcloud à télécharger?(ex: 27.1.0)'
private: false
- - name: tld
+ - name: TLD
prompt: 'TLD du site à mettre à jour?(ex: org)'
private: false
- - name: domain
+ - name: DOMAIN
prompt: 'Domaine du site à mettre à jour?(ex: heureux-cyclage)'
private: false
- - name: sigle
+ - name: SIGLE
prompt: 'Sigle du site à mettre à jour?(ex: lhc)'
private: false
pre_tasks:
- - name: Vérif' si la source nextcloud est téléchargée
+ - name: Vérif si la source nextcloud est téléchargée
become: true
ansible.builtin.stat:
path: "{{ nextcloud_source }}"