tasks/config_nuage.yml

   1 - name: Etckeeper commit if necessary
   2   ansible.builtin.command: etckeeper commit "commit by ansible because installing {{ DOMAIN }}/{{ SITE }}"
   3
   4 - name: Install required packages
   5   ansible.builtin.apt:
   6     name:
   7 #      - php-ctype
   8       - php-curl
   9 #      - php-dom
  10 #      - php-fileinfo
  11       - php-gd
  12       - php-json
  13       - "php{{ php_version }}-xml"
  14       - php-mbstring
  15 #      - php-openssl
  16 #      - php-posix
  17 #      - php-session
  18 #      - php-simplexml
  19 #      - php-xmlreader
  20 #      - php-xmlwriter
  21       - php-zip
  22 #      - php-zlib
  23 #      - php-pdo_pgsql
  24       - "php{{ php_version }}-pgsql"
  25       - php-pgsql
  26       - php-intl
  27       - php-bz2
  28 #      - php-sodium
  29       - php-gmp
  30 #      - php-exif
  31       - php-redis
  32       - php-imagick
  33       - python3-psycopg2 # module ansible psql
  34     state: present
  35
  36 - name: Boucle d'ajout du user php dans plusieurs groupe
  37   ansible.builtin.user:
  38     name: "php_{{ SIGLE }}_{{ SITE }}"
  39     groups: "{{ item }}"
  40     append: true
  41   loop:
  42     - nextcloud
  43     - postgres-data
  44     - redis
  45     - "site_{{ SIGLE }}_{{ SITE }}"
  46
  47 - name: Bloc nextcloud_version
  48   when: nouvelle_version is undefined
  49   block:
  50     - name: Demande la version de nextcloud à installer
  51       ansible.builtin.pause:
  52         prompt: "Quelle version de nextcloud doit être utilisée"
  53         echo: true
  54       register: nextcloud_version_prompt
  55
  56     - name: Definir nouvelle_version
  57       ansible.builtin.set_fact:
  58         nouvelle_version: "{{ nextcloud_version_prompt.user_input }}"
  59
  60     - name: Demande la version de nextcloud déjà installée
  61       ansible.builtin.pause:
  62         prompt: "Quelle version de nextcloud déjà installée"
  63         echo: true
  64       register: ancienne_version_prompt
  65
  66     - name: Definir ancienne_version
  67       ansible.builtin.set_fact:
  68         ancienne_version: "{{ ancienne_version_prompt.user_input }}"
  69
  70 - name: Inclure la verif de l'install nextcloud
  71   ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml
  72
  73 - name: PostgreSQL - nextcloud_php_user role is created
  74   become_user: postgres
  75   become: true
  76   community.postgresql.postgresql_user:
  77     name: "{{ nextcloud_php_user }}"
  78     state: present
  79     role_attr_flags: CREATEDB
  80
  81 - name: PostgreSQL -  nextcloud_db_name  database is created
  82   become_user: postgres
  83   become: true
  84   community.postgresql.postgresql_db:
  85     name: "{{ nextcloud_db_name }}"
  86     state: "{{ item }}"
  87     owner: "{{ nextcloud_php_user }}"
  88   loop:
  89     - absent
  90     - present
  91
  92 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
  93   become_user: postgres
  94   become: true
  95   community.postgresql.postgresql_privs:
  96     db: "{{ item.db }}"
  97     privs: "{{ item.privs }}"
  98     type: "{{ item.type |default(omit) }}"
  99     objs: "{{ item.objs }}"
 100     role: "{{ item.role }}"
 101     grant_option: "{{ item.grant_option |default(omit) }}"
 102   loop_control:
 103     label: "{{ item.name }}"
 104   loop:
 105     - db: "{{ nextcloud_db_name }}"
 106       privs: "ALL"
 107       type: "schema"
 108       objs: "public"
 109       role: "{{ nextcloud_php_user }}"
 110       grant_option: true
 111       name: "GRANT ALL ON SCHEMA public TO php_{{ SIGLE }}_nuage WITH GRANT OPTION;"
 112
 113 - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud
 114   community.postgresql.postgresql_pg_hba:
 115     dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf"
 116     contype: local
 117     users: "php_{{ SIGLE }}_{{ SITE }}"
 118     databases: "php_{{ SIGLE }}_{{ SITE }}"
 119     method: peer
 120     keep_comments_at_rules: true
 121     comment: "autoriser le user php_{{ SIGLE }}_{{ SITE }} à se connecter à la bdd du meme nom"
 122
 123 - name: Boucle création des répertoires app, config et data nextcloud
 124   ansible.builtin.file:
 125     path: "{{ item.path }}"
 126     state: "{{ item.state }}"
 127     owner: "{{ item.owner }}"
 128     group: "{{ item.group }}"
 129     mode: "{{ item.mode }}"
 130   loop_control:
 131     label: "{{ item.path }}"
 132   loop:
 133     - path: "{{ nextcloud_webroot }}/apps"
 134       state: directory
 135       owner: "{{ nextcloud_php_user }}"
 136       group: "{{ nextcloud_websrv_user }}"
 137       mode: '2750'
 138     - path: "{{ nextcloud_webroot }}/config"
 139       state: directory
 140       owner: "{{ nextcloud_php_user }}"
 141       group: "{{ nextcloud_websrv_user }}"
 142       mode: '2750'
 143     - path: "{{ nextcloud_webroot }}/data"
 144       state: directory
 145       owner: "{{ nextcloud_php_user }}"
 146       group: "{{ nextcloud_websrv_user }}"
 147       mode: '2750'
 148
 149 - name: Create nextcloud root dir symbolic link
 150   ansible.builtin.file:
 151     src: "{{ nextcloud_symbolic_source }}"
 152     dest: "{{ nextcloud_webroot }}/nextcloud"
 153     owner: nextcloud
 154     group: nextcloud
 155     state: link
 156     follow: false
 157
 158 - name: Create nextcloud common app dir symbolic link
 159   ansible.builtin.file:
 160     src: "{{ nextcloud_symbolic_common }}"
 161     dest: "{{ nextcloud_webroot }}/common"
 162     owner: nextcloud
 163     group: nextcloud
 164     state: link
 165     follow: false
 166
 167 - name: Créer les fichiers spécifiques nextcloud
 168   ansible.builtin.template:
 169     src: "templates/{{ item.src }}"
 170     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 171     owner: "{{ item.owner }}"
 172     group: "{{ item.group }}"
 173     mode: "{{ item.mode }}"
 174   loop:
 175     - src: "nextcloud_cron.j2"
 176       dest: "cron"
 177       owner: "{{ nextcloud_php_user }}"
 178       group: "{{ nextcloud_websrv_user }}"
 179       mode: '750'
 180     - src: "nextcloud_console.j2"
 181       dest: "console"
 182       owner: "{{ nextcloud_websrv_user }}"
 183       group: "{{ nextcloud_websrv_user }}"
 184       mode: '750'
 185     - src: "nextcloud_install_config.j2"
 186       dest: "config/config.php"
 187       owner: "{{ nextcloud_php_user }}"
 188       group: "{{ nextcloud_websrv_user }}"
 189       mode: '640'
 190
 191 - name: Lancement du script d'installation nextcloud # noqa : command-instead-of-module
 192   become_user: "{{ nextcloud_php_user }}"
 193   become: true
 194   ansible.builtin.command: >
 195           ./console maintenance:install
 196           --database='pgsql'
 197           --database-name="php_{{ SIGLE }}_{{ SITE }}"
 198           --database-user="php_{{ SIGLE }}_{{ SITE }}/data/"
 199           --database-host="/var/run/postgresql/"
 200           --admin-user='admin'
 201           --admin-pass='ckoideja'
 202           --data-dir="/home/sites/data/$TLD/{{ DOMAIN }}/{{ SITE }}/data/"
 203   args:
 204     chdir: "{{ nextcloud_webroot }}"
 205   register: install_result
 206   ignore_errors: true
 207
 208 - name: Afficher les logs du script d'install
 209   ansible.builtin.debug:
 210     var: install_result
 211   when: install_result is defined
 212
 213 - name: Créer les fichiers spécifiques nextcloud
 214   ansible.builtin.template:
 215     src: "templates/{{ item.src }}"
 216     dest: "{{ nextcloud_webroot }}/{{ item.dest }}"
 217     owner: "{{ item.owner }}"
 218     group: "{{ item.group }}"
 219     mode: "{{ item.mode }}"
 220   loop:
 221     - src: "nextcloud_sigle_config.j2"
 222       dest: "config/{{ SIGLE }}.config.php"
 223       owner: "{{ nextcloud_php_user }}"
 224       group: "{{ nextcloud_websrv_user }}"
 225       mode: '640'
 226
 227 - name: Creation d'un lien symbolique vers le configuration nextcloud commun
 228   ansible.builtin.file:
 229     src: "../../../../nextcloud/common/common.config.php"
 230     dest: "config/common.config.php"
 231     owner: nextcloud
 232     group: nextcloud
 233     state: link
 234     follow: false
 235
 236 - name: Create sigle nextcloud config
 237   become_user: "{{ nextcloud_php_user }}"
 238   become: true
 239   ansible.builtin.template:
 240     src: templates/sigle.config.php.j2
 241     dest: "{{ nextcloud_webroot }}/config/sigle.config.php"
 242     owner: "{{ nextcloud_php_user }}"
 243     group: "{{ nextcloud_websrv_user }}"
 244     mode: '640' # or u=rwx,g=r,o=
 245
 246 - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php
 247   become_user: postgres
 248   become: true
 249   community.postgresql.postgresql_privs:
 250     db: "{{ item.db }}"
 251     privs: "{{ item.privs }}"
 252     type: "{{ item.type |default(omit) }}"
 253     objs: "{{ item.objs }}"
 254     role: "{{ item.role }}"
 255     grant_option: "{{ item.grant_option |default(omit) }}"
 256   loop_control:
 257     label: "{{ item.name }}"
 258   loop:
 259     - db: "{{ nextcloud_db_name }}"
 260       privs: "USAGE,CREATE"
 261       type: "schema"
 262       objs: "public"
 263       role: "{{ nextcloud_php_user }}"
 264       name: "GRANT USAGE,CREATE ON SCHEMA public TO php_{{ SIGLE }}_nuage;"
 265     - db: "{{ nextcloud_db_name }}"
 266       privs: "SELECT"
 267       type: "table"
 268       objs: "pg_namespace"
 269       role: "{{ nextcloud_php_user }}"
 270       name: "GRANT SELECT ON TABLE pg_namespace TO php_{{ SIGLE }}_nuage;"
 271     - db: "{{ nextcloud_db_name }}"
 272       privs: "SELECT"
 273       type: "table"
 274       objs: "pg_collation"
 275       role: "{{ nextcloud_php_user }}"
 276       name: "GRANT SELECT ON TABLE pg_collation TO php_{{ SIGLE }}_nuage;"
 277     - db: "{{ nextcloud_db_name }}"
 278       privs: "SELECT"
 279       type: "table"
 280       objs: "pg_index"
 281       role: "{{ nextcloud_php_user }}"
 282       name: "GRANT SELECT ON TABLE pg_index TO php_{{ SIGLE }}_nuage;"
 283     - db: "{{ nextcloud_db_name }}"
 284       privs: "SELECT"
 285       type: "table"
 286       objs: "pg_attrdef"
 287       role: "{{ nextcloud_php_user }}"
 288       name: "GRANT SELECT ON TABLE pg_attrdef TO php_{{ SIGLE }}_nuage;"
 289     - db: "{{ nextcloud_db_name }}"
 290       privs: "SELECT"
 291       type: "table"
 292       objs: "pg_description"
 293       role: "{{ nextcloud_php_user }}"
 294       name: "GRANT SELECT ON TABLE pg_description TO php_{{ SIGLE }}_nuage;"
 295     - db: "{{ nextcloud_db_name }}"
 296       privs: "SELECT"
 297       type: "table"
 298       objs: "pg_settings"
 299       role: "{{ nextcloud_php_user }}"
 300       name: "GRANT SELECT ON TABLE pg_settings TO php_{{ SIGLE }}_nuage;"
 301     - db: "{{ nextcloud_db_name }}"
 302       privs: "SELECT"
 303       objs: "pg_database"
 304       role: "{{ nextcloud_php_user }}"
 305       name: "GRANT SELECT ON pg_database TO php_{{ SIGLE }}_nuage;"
 306
 307 - name: Creation d'un fichier cron pour /etc/cron.d
 308   ansible.builtin.cron:
 309     name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan toutes les 5 mins"
 310     minute: "*/5"
 311     user: "php_{{ SIGLE }}_{{ SITE }}"
 312     job: "{{ nextcloud_webroot }}/cron"
 313
 314 - name: Recharger plusieurs services
 315   ansible.builtin.service:
 316     name: "{{ item }}"
 317     state: reloaded
 318   loop:
 319     - "postgresql"
 320     - "php{{ php_version }}-fpm"
 321     - "nginx"