X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/fiche.php?a=blobdiff_plain;f=tasks%2Fconfig_nextcloud.yml;fp=tasks%2Fconfig_nextcloud.yml;h=a9042bfcb891264b84dcd8db3824fdea66cc361d;hb=f0a634c73af3548be7ea962f1065f6d1d9f69dd4;hp=0000000000000000000000000000000000000000;hpb=8a62800587fb3400465390d205c7d3d4574525bb;p=lhc%2Fansible.git diff --git a/tasks/config_nextcloud.yml b/tasks/config_nextcloud.yml new file mode 100644 index 0000000..a9042bf --- /dev/null +++ b/tasks/config_nextcloud.yml @@ -0,0 +1,211 @@ +- name: Install required packages + ansible.builtin.apt: + name: + - php-ctype + - php-curl + - php-dom + - php-fileinfo + - php-gd + - php-json + - php-libxml + - php-mbstring + - php-openssl + - php-posix + - php-session + - php-simplexml + - php-xmlreader + - php-xmlwriter + - php-zip + - php-zlib + - php-pdo_pgsql + - php-intl + - php-bz2 + - php-sodium + - php-gmp +# - php-exif + - php-redis + - php-imagick + state: present + +- name: Boucle d'ajout du user php dans plusieurs groupe + ansible.builtin.user: + name: "php_{{ SIGLE }}_{{ SITE }}" + groups: "{{ item }}" + append: true + loop: + - nextcloud + - postgres-data + - redis + - "site_{{ SIGLE }}_{{ SITE }}" + +- name: Bloc nextcloud_version + when: nouvelle_version is undefined + block: + - name: Demande la version de nextcloud à installer + ansible.builtin.pause: + prompt: "Quelle version de nextcloud doit être utilisée" + echo: true + register: nextcloud_version_prompt + + - name: Definir nouvelle_version + ansible.builtin.set_fact: + nouvelle_version: "{{ nextcloud_version.user_input }}" + + - name: Demande la version de nextcloud déjà installer + ansible.builtin.pause: + prompt: "Quelle version de nextcloud déjà installée" + echo: true + register: ancienne_version_prompt + + - name: Definir ancienne_version + ansible.builtin.set_fact: + ancienne_version: "{{ ancienne_version.user_input }}" + +- name: Inclure la verif de l'install nextcloud + ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml + +- name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created." + become_user: postgres + become: true + community.postgresql.postgresql_user: + name: "{{ nextcloud_websrv_user }}" + state: present + role_attr_flags: CREATEDB + +- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created." + become_user: postgres + become: true + community.postgresql.postgresql_db: + name: "{{ nextcloud_db_name }}" + state: "{{ item }}" + owner: "{{ nextcloud_websrv_user }}" + loop: + - absent + - present + +- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php + community.postgresql.postgresql_privs: + db: "{{ item.db }}" + privs: "{{ item.privs }}" + type: "{{ item.type }}" + objs: "{{ item.objs }}" + role: "{{ item.role }}" + grant_option: "{{ item.grant_option |default(false) }}" + loop_control: "{{ item.name }}" + loop: + - db: "{{ php_${SIGLE}_nuage }}" + privs: "ALL" + type: "schema" + objs: "public" + role: "{{ php_${SIGLE}_nuage }}" + grant_option: true + name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;" + - db: "{{ php_${SIGLE}_nuage }}" + privs: "USAGE,CREATE" + type: "schema" + objs: "public" + role: "{{ php_${SIGLE}_nuage }}" + name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;" + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_namespace" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_collation" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_index" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_attrdef" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_description" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + type: "table" + objs: "pg_settings" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage; + - db: "{{ php_${SIGLE}_nuage }}" + privs: "SELECT" + objs: "pg_database" + role: "{{ php_${SIGLE}_nuage }}" + name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage; + +- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud + community.postgresql.postgresql_pg_hba: + dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" + contype: local + users: "php_{{ SIGLE}}_{{SITE}}" + databases: "php_{{ SIGLE}}_{{SITE}}" + method: peer + keep_comments_at_rules: true + comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom" + +# - name: Update nextcloud root dir symbolic link +# become: true +# ansible.builtin.file: +# src: "{{ nextcloud_source }}" +# dest: "{{ nextcloud_webroot }}/nextcloud" +# owner: nextcloud +# group: nextcloud +# state: link +# follow: false + +# - name: Update nextcloud common app dir symbolic link +# become: true +# ansible.builtin.file: +# src: "{{ nextcloud_common }}" +# dest: "{{ nextcloud_webroot }}/common" +# owner: nextcloud +# group: nextcloud +# state: link +# follow: false + +# copy skeleton? + +# lancement de la commande d'installation + +# lien symbolic common conf + +- name: Create sigle nextcloud config + become_user: "{{ nextcloud_websrv_user }}" + become: true + ansible.builtin.template: + src: templates/sigle.config.php.j2 + dest: "{{ nextcloud_webroot }}/config/sigle.config.php" + owner: "{{ nextcloud_websrv_user }}" + group: "{{ nextcloud_websrv_user }}" + mode: '640' # or u=rwx,g=r,o= + +- name: Creation d'un fichier cron pour /etc/cron.d + ansible.builtin.cron: + name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan " + minute: "5" + user: "php_{{ SIGLE}}_{{SITE}}" + job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron" + +- name: Recharger plusieurs services + ansible.builtin.service: + name: "{{ item }}" + state: reloaded + loop: + - "postgresql" + - "php{{ php_version }}-fpm" + - "nginx"