- name: Install required packages ansible.builtin.apt: name: - php-ctype - php-curl - php-dom - php-fileinfo - php-gd - php-json - php-libxml - php-mbstring - php-openssl - php-posix - php-session - php-simplexml - php-xmlreader - php-xmlwriter - php-zip - php-zlib - php-pdo_pgsql - php-intl - php-bz2 - php-sodium - php-gmp # - php-exif - php-redis - php-imagick state: present - name: Boucle d'ajout du user php dans plusieurs groupe ansible.builtin.user: name: "php_{{ SIGLE }}_{{ SITE }}" groups: "{{ item }}" append: true loop: - nextcloud - postgres-data - redis - "site_{{ SIGLE }}_{{ SITE }}" - name: Bloc nextcloud_version when: nouvelle_version is undefined block: - name: Demande la version de nextcloud à installer ansible.builtin.pause: prompt: "Quelle version de nextcloud doit être utilisée" echo: true register: nextcloud_version_prompt - name: Definir nouvelle_version ansible.builtin.set_fact: nouvelle_version: "{{ nextcloud_version.user_input }}" - name: Demande la version de nextcloud déjà installer ansible.builtin.pause: prompt: "Quelle version de nextcloud déjà installée" echo: true register: ancienne_version_prompt - name: Definir ancienne_version ansible.builtin.set_fact: ancienne_version: "{{ ancienne_version.user_input }}" - name: Inclure la verif de l'install nextcloud ansible.builtin.include_tasks: tasks/verif_installation_nextcloud.yml - name: "[PostgreSQL] - {{ nextcloud_websrv_user }} role is created." become_user: postgres become: true community.postgresql.postgresql_user: name: "{{ nextcloud_websrv_user }}" state: present role_attr_flags: CREATEDB - name: "[PostgreSQL] - {{ nextcloud_db_name }} database is created." become_user: postgres become: true community.postgresql.postgresql_db: name: "{{ nextcloud_db_name }}" state: "{{ item }}" owner: "{{ nextcloud_websrv_user }}" loop: - absent - present - name: Pour chaque base, ajouter les droits suivants à l'utilisateur php community.postgresql.postgresql_privs: db: "{{ item.db }}" privs: "{{ item.privs }}" type: "{{ item.type }}" objs: "{{ item.objs }}" role: "{{ item.role }}" grant_option: "{{ item.grant_option |default(false) }}" loop_control: "{{ item.name }}" loop: - db: "{{ php_${SIGLE}_nuage }}" privs: "ALL" type: "schema" objs: "public" role: "{{ php_${SIGLE}_nuage }}" grant_option: true name: "GRANT ALL ON SCHEMA public TO php_${SIGLE}_nuage WITH GRANT OPTION;" - db: "{{ php_${SIGLE}_nuage }}" privs: "USAGE,CREATE" type: "schema" objs: "public" role: "{{ php_${SIGLE}_nuage }}" name: "GRANT USAGE,CREATE ON SCHEMA public TO php_${SIGLE}_nuage;" - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_namespace" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_namespace TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_collation" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_collation TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_index" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_index TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_attrdef" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_attrdef TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_description" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_description TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" type: "table" objs: "pg_settings" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON TABLE pg_settings TO php_${SIGLE}_nuage; - db: "{{ php_${SIGLE}_nuage }}" privs: "SELECT" objs: "pg_database" role: "{{ php_${SIGLE}_nuage }}" name: GRANT SELECT ON pg_database TO php_${SIGLE}_nuage; - name: Autoriser l'utilisateur php à se connecter à la bdd nextcloud community.postgresql.postgresql_pg_hba: dest: "/etc/postgresql/{{ postgres_version }}/main/pg_hba.conf" contype: local users: "php_{{ SIGLE}}_{{SITE}}" databases: "php_{{ SIGLE}}_{{SITE}}" method: peer keep_comments_at_rules: true comment: "autoriser le user php_{{ SIGLE}}_{{SITE}} à se connecter à la bdd du meme nom" # - name: Update nextcloud root dir symbolic link # become: true # ansible.builtin.file: # src: "{{ nextcloud_source }}" # dest: "{{ nextcloud_webroot }}/nextcloud" # owner: nextcloud # group: nextcloud # state: link # follow: false # - name: Update nextcloud common app dir symbolic link # become: true # ansible.builtin.file: # src: "{{ nextcloud_common }}" # dest: "{{ nextcloud_webroot }}/common" # owner: nextcloud # group: nextcloud # state: link # follow: false # copy skeleton? # lancement de la commande d'installation # lien symbolic common conf - name: Create sigle nextcloud config become_user: "{{ nextcloud_websrv_user }}" become: true ansible.builtin.template: src: templates/sigle.config.php.j2 dest: "{{ nextcloud_webroot }}/config/sigle.config.php" owner: "{{ nextcloud_websrv_user }}" group: "{{ nextcloud_websrv_user }}" mode: '640' # or u=rwx,g=r,o= - name: Creation d'un fichier cron pour /etc/cron.d ansible.builtin.cron: name: "nextcloud {{ SIGLE }}_{{ SITE }} taches d'arriere plan " minute: "5" user: "php_{{ SIGLE}}_{{SITE}}" job: "/home/sites/data/{{ TLD }}/{{ DOMAIN }}/{{ SITE }}/cron" - name: Recharger plusieurs services ansible.builtin.service: name: "{{ item }}" state: reloaded loop: - "postgresql" - "php{{ php_version }}-fpm" - "nginx"