+++ /dev/null
-- name: Install required packages
- ansible.builtin.apt:
- name:
- - php-ctype
- - php-curl
- - php-dom
- - php-fileinfo
- - php-gd
- - php-json
- - php-libxml
- - php-mbstring
- - php-openssl
- - php-posix
- - php-session
- - php-simplexml
- - php-xmlreader
- - php-xmlwriter
- - php-zip
- - php-zlib
- - php-pdo_pgsql
- - php-intl
- - php-bz2
- - php-sodium
- - php-gmp
-# - php-exif
- - php-redis
- - php-imagick
- state: present
-
-- name: Boucle d'ajout du user php dans plusieurs groupe
- ansible.builtin.user:
- name: "php_{{ SIGLE }}_{{ SITE }}"
- groups: "{{ item }}"
- append: true
- loop:
- - nextcloud
- - postgres-data
- - redis
- - "site_{{ SIGLE }}_{{ SITE }}"
-
-- name: Bloc nextcloud_version
- when: nouvelle_version is undefined
- block:
- - name: Demande la version de nextcloud à installer
- ansible.builtin.pause:
- prompt: "Quelle version de nextcloud doit être utilisée"
- echo: true
- register: nextcloud_version_prompt
-
- - name: Definir nouvelle_version
- ansible.builtin.set_fact:
- nouvelle_version: "{{ nextcloud_version.user_input }}"
-
- - name: Demande la version de nextcloud déjà installer
- ansible.builtin.pause:
- prompt: "Quelle version de nextcloud déjà installée"
- echo: true
- register: ancienne_version_prompt
-
- - name: Definir ancienne_version
- ansible.builtin.set_fact:
- ancienne_version: "{{ ancienne_version.user_input }}"
-
-- name: Inclure la verif de l'install nextcloud
- ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
-
-- name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created."
- become_user: postgres
- become: true
- community.postgresql.postgresql_user:
- name: "{{ nextcloud_websrv_user }}"
- state: present
- role_attr_flags: CREATEDB
-
-- name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created."
- become_user: postgres
- become: true
- community.postgresql.postgresql_db:
- name: "{{ nextcloud_db_name }}"
- state: "{{ item }}"
- owner: "{{ nextcloud_websrv_user }}"
- loop:
- - absent
- - present
-
-- name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
- community.postgresql.postgresql_privs:
- db: "{{ item.db }}"
- privs: "{{ item.privs }}"
- type: "{{ item.type }}"
- objs: "{{ item.objs }}"
- role: "{{ item.role }}"
- grant_option: "{{ item.grant_option |default(false) }}"
- loop_control: "{{ item.name }}"
- loop:
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "ALL"
- type: "schema"
- objs: "public"
- role: "{{ php_${SIGLE}_nuage }}"
- grant_option: true
- name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;"
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "USAGE,CREATE"
- type: "schema"
- objs: "public"
- role: "{{ php_${SIGLE}_nuage }}"
- name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;"
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_namespace"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_collation"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_index"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_attrdef"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_description"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- type: "table"
- objs: "pg_settings"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage;
- - db: "{{ php_${SIGLE}_nuage }}"
- privs: "SELECT"
- objs: "pg_database"
- role: "{{ php_${SIGLE}_nuage }}"
- name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage;
-
-- name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
- community.postgresql.postgresql_pg_hba:
- dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
- contype: local
- users: "php_{{ SIGLE}}_{{SITE}}"
- databases: "php_{{ SIGLE}}_{{SITE}}"
- method: peer
- keep_comments_at_rules: true
- comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom"
-
-# - name: Update nextcloud root dir symbolic link
-# become: true
-# ansible.builtin.file:
-# src: "{{ nextcloud_source }}"
-# dest: "{{ nextcloud_webroot }}/nextcloud"
-# owner: nextcloud
-# group: nextcloud
-# state: link
-# follow: false
-
-# - name: Update nextcloud common app dir symbolic link
-# become: true
-# ansible.builtin.file:
-# src: "{{ nextcloud_common }}"
-# dest: "{{ nextcloud_webroot }}/common"
-# owner: nextcloud
-# group: nextcloud
-# state: link
-# follow: false
-
-# copy skeleton?
-
-# lancement de la commande d'installation
-
-# lien symbolic common conf
-
-- name: Create sigle nextcloud config
- become_user: "{{ nextcloud_websrv_user }}"
- become: true
- ansible.builtin.template:
- src: templates/sigle.config.php.j2
- dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
- owner: "{{ nextcloud_websrv_user }}"
- group: "{{ nextcloud_websrv_user }}"
- mode: '640' # or u=rwx,g=r,o=
-
-- name: Creation d'un fichier cron pour /etc/cron.d
- ansible.builtin.cron:
- name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan "
- minute: "5"
- user: "php_{{ SIGLE}}_{{SITE}}"
- job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron"
-
-- name: Recharger plusieurs services
- ansible.builtin.service:
- name: "{{ item }}"
- state: reloaded
- loop:
- - "postgresql"
- - "php{{ php_version }}-fpm"
- - "nginx"