tasks/config_nextcloud.yml

   1 - name: Install required packages
   2   ansible.builtin.apt:
   3     name:
   4       - php-ctype
   5       - php-curl
   6       - php-dom
   7       - php-fileinfo
   8       - php-gd
   9       - php-json
  10       - php-libxml
  11       - php-mbstring
  12       - php-openssl
  13       - php-posix
  14       - php-session
  15       - php-simplexml
  16       - php-xmlreader
  17       - php-xmlwriter
  18       - php-zip
  19       - php-zlib
  20       - php-pdo_pgsql
  21       - php-intl
  22       - php-bz2
  23       - php-sodium
  24       - php-gmp
  25 #      - php-exif
  26       - php-redis
  27       - php-imagick
  28     state: present
  29
  30 - name: Boucle d'ajout du user php dans plusieurs groupe
  31   ansible.builtin.user:
  32     name: "php_{{ SIGLE }}_{{ SITE }}"
  33     groups: "{{ item }}"
  34     append: true
  35   loop:
  36     - nextcloud
  37     - postgres-data
  38     - redis
  39     - "site_{{ SIGLE }}_{{ SITE }}"
  40
  41 - name: Bloc nextcloud_version
  42   when: nouvelle_version is undefined
  43   block:
  44     - name: Demande la version de nextcloud à installer
  45       ansible.builtin.pause:
  46         prompt: "Quelle version de nextcloud doit être utilisée"
  47         echo: true
  48       register: nextcloud_version_prompt
  49
  50     - name: Definir nouvelle_version
  51       ansible.builtin.set_fact:
  52         nouvelle_version: "{{ nextcloud_version.user_input }}"
  53
  54     - name: Demande la version de nextcloud déjà installer
  55       ansible.builtin.pause:
  56         prompt: "Quelle version de nextcloud déjà installée"
  57         echo: true
  58       register: ancienne_version_prompt
  59
  60     - name: Definir ancienne_version
  61       ansible.builtin.set_fact:
  62         ancienne_version: "{{ ancienne_version.user_input }}"
  63
  64 - name: Inclure la verif de l'install nextcloud
  65   ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
  66
  67 - name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created."
  68   become_user: postgres
  69   become: true
  70   community.postgresql.postgresql_user:
  71     name: "{{ nextcloud_websrv_user }}"
  72     state: present
  73     role_attr_flags: CREATEDB
  74
  75 - name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created."
  76   become_user: postgres
  77   become: true
  78   community.postgresql.postgresql_db:
  79     name: "{{ nextcloud_db_name }}"
  80     state: "{{ item }}"
  81     owner: "{{ nextcloud_websrv_user }}"
  82   loop:
  83     - absent
  84     - present
  85
  86 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  87   community.postgresql.postgresql_privs:
  88     db: "{{ item.db }}"
  89     privs: "{{ item.privs }}"
  90     type: "{{ item.type }}"
  91     objs: "{{ item.objs }}"
  92     role: "{{ item.role }}"
  93     grant_option: "{{ item.grant_option |default(false) }}"
  94   loop_control: "{{ item.name }}"
  95   loop:
  96     - db: "{{ php_${SIGLE}_nuage }}"
  97       privs: "ALL"
  98       type: "schema"
  99       objs: "public"
 100       role: "{{ php_${SIGLE}_nuage }}"
 101       grant_option: true
 102       name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;"
 103     - db: "{{ php_${SIGLE}_nuage }}"
 104       privs: "USAGE,CREATE"
 105       type: "schema"
 106       objs: "public"
 107       role: "{{ php_${SIGLE}_nuage }}"
 108       name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;"
 109     - db: "{{ php_${SIGLE}_nuage }}"
 110       privs: "SELECT"
 111       type: "table"
 112       objs: "pg_namespace"
 113       role: "{{ php_${SIGLE}_nuage }}"
 114       name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage;
 115     - db: "{{ php_${SIGLE}_nuage }}"
 116       privs: "SELECT"
 117       type: "table"
 118       objs: "pg_collation"
 119       role: "{{ php_${SIGLE}_nuage }}"
 120       name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage;
 121     - db: "{{ php_${SIGLE}_nuage }}"
 122       privs: "SELECT"
 123       type: "table"
 124       objs: "pg_index"
 125       role: "{{ php_${SIGLE}_nuage }}"
 126       name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage;
 127     - db: "{{ php_${SIGLE}_nuage }}"
 128       privs: "SELECT"
 129       type: "table"
 130       objs: "pg_attrdef"
 131       role: "{{ php_${SIGLE}_nuage }}"
 132       name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage;
 133     - db: "{{ php_${SIGLE}_nuage }}"
 134       privs: "SELECT"
 135       type: "table"
 136       objs: "pg_description"
 137       role: "{{ php_${SIGLE}_nuage }}"
 138       name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage;
 139     - db: "{{ php_${SIGLE}_nuage }}"
 140       privs: "SELECT"
 141       type: "table"
 142       objs: "pg_settings"
 143       role: "{{ php_${SIGLE}_nuage }}"
 144       name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage;
 145     - db: "{{ php_${SIGLE}_nuage }}"
 146       privs: "SELECT"
 147       objs: "pg_database"
 148       role: "{{ php_${SIGLE}_nuage }}"
 149       name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage;
 150
 151 - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
 152   community.postgresql.postgresql_pg_hba:
 153     dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
 154     contype: local
 155     users: "php_{{ SIGLE}}_{{SITE}}"
 156     databases: "php_{{ SIGLE}}_{{SITE}}"
 157     method: peer
 158     keep_comments_at_rules: true
 159     comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom"
 160
 161 # - name: Update nextcloud root dir symbolic link
 162 #   become: true
 163 #   ansible.builtin.file:
 164 #     src: "{{ nextcloud_source }}"
 165 #     dest: "{{ nextcloud_webroot }}/nextcloud"
 166 #     owner: nextcloud
 167 #     group: nextcloud
 168 #     state: link
 169 #     follow: false
 170
 171 # - name: Update nextcloud common app dir symbolic link
 172 #   become: true
 173 #   ansible.builtin.file:
 174 #     src: "{{ nextcloud_common }}"
 175 #     dest: "{{ nextcloud_webroot }}/common"
 176 #     owner: nextcloud
 177 #     group: nextcloud
 178 #     state: link
 179 #     follow: false
 180
 181 # copy skeleton?
 182
 183 # lancement de la commande d'installation
 184
 185 # lien symbolic common conf
 186
 187 - name: Create sigle nextcloud config
 188   become_user: "{{ nextcloud_websrv_user }}"
 189   become: true
 190   ansible.builtin.template:
 191     src: templates/sigle.config.php.j2
 192     dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
 193     owner: "{{ nextcloud_websrv_user }}"
 194     group: "{{ nextcloud_websrv_user }}"
 195     mode: '640' # or u=rwx,g=r,o=
 196
 197 - name: Creation d'un fichier cron pour  /etc/cron.d
 198   ansible.builtin.cron:
 199     name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan "
 200     minute: "5"
 201     user: "php_{{ SIGLE}}_{{SITE}}"
 202     job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron"
 203
 204 - name: Recharger plusieurs services
 205   ansible.builtin.service:
 206     name: "{{ item }}"
 207     state: reloaded
 208   loop:
 209     - "postgresql"
 210     - "php{{ php_version }}-fpm"
 211     - "nginx"