infra/roles/nextcloud/tasks/nextcloud.yml

---

- name: install certs
  copy:
    src: "/usr/local/etc/letsencrypt/live/{{ item.url }}"
    dest: "/usr/local/etc/certs/"
    owner: root
    group: root
    mode: 0755
  loop_control:
    label: "{{ item.url }}"
  tags:
    - letsencrypt
    - letsencrypt-certs
    - nextcloud-nginx
    - nextcloud-letsencrypt
  notify: reload nginx
  vars:
    prediff_cmd: echo
  with_items:
    - "{{ nextclouds }}"

- name: create log dir
  file:
    path: /var/log/{{ item.name }}
    state: directory
    mode: "0755"
    owner: www-data
    group: www-data
  loop_control:
    label: /var/log/{{ item.name }}
  with_items: "{{ nextclouds }}"

- name: create dir structure
  file:
    path: "{{ item[1].root }}/{{ item[0].dir }}"
    state: directory
    mode: "{{ item[0].mode }}"
    owner: "{{ item[0].owner }}"
    group: "{{ item[0].group }}"
  loop_control:
    label: "{{ item[1].root }}/{{ item[0].dir }}"
  with_nested:
    - - dir: html
        owner: www-data
        group: www-data
        mode: "0755"
      - dir: data
        owner: www-data
        group: www-data
        mode: "0750"
      - dir: php-fpm.d
        owner: www-data
        group: www-data
        mode: "0750"
    - "{{ nextclouds }}"

- name: copy our php-fpm.d/www.conf
  copy:
    src: php-fpm.d/www.conf
    dest: "{{ item.root }}/php-fpm.d/www.conf"
    owner: root
    group: root
    mode: "0750"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{item.root}}/php-fpm.d/www.conf"
  notify: restart nextcloud
  tags:
    - nextcloud-php
    - nextcloud-php-www.conf

- name: copy our php-fpm.d/docker.conf
  copy:
    src: php-fpm.d/docker.conf
    dest: "{{ item.root }}/php-fpm.d/docker.conf"
    owner: root
    group: root
    mode: "0750"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{item.root}}/php-fpm.d/docker.conf"
  notify: restart nextcloud
  tags:
    - nextcloud-php

- name: copy our php-fpm.d/zz-docker.conf
  copy:
    src: php-fpm.d/zz-docker.conf
    dest: "{{ item.root }}/php-fpm.d/zz-docker.conf"
    owner: root
    group: root
    mode: "0750"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{item.root}}/php-fpm.d/zz-docker.conf"
  notify: restart nextcloud
  tags:
    - nextcloud-php

- name: template scripts
  template:
    src: "{{ item }}.j2"
    dest: /usr/local/bin/{{ item }}
    mode: 0775
    owner: root
    group: root
  with_items:
    - nextcloudversion.sh
    - nextcloud-influx.py

- name: versions to variable
  command: /usr/local/bin/nextcloudversion.sh
  register: cmdnextcloudversion
  check_mode: no  # warning: dragons
  changed_when: false

- set_fact:
    nc_versions: "{{ cmdnextcloudversion.stdout | from_json }}"
  check_mode: no

- debug:
    var:
      nc_versions

- name: template config.php
  template:
    src: config.php.j2
    dest: "{{ item.root }}/html/config/config.php"
    mode: 0750
    owner: www-data
    group: www-data
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{ item.name }}"
  when: false

- name: redis containers
  docker_container:
    name: "redis_{{ item.name }}"
    image: "redis:latest"
    hostname: "redis_{{ item.name }}"
    auto_remove: false
    detach: true
    pull: yes
    state: "{{ item.state | default('started') }}"
    restart_policy: "unless-stopped"
    container_default_behavior: compatibility
    env:
      REDIS_HOST: "redis_{{ item.name }}"
    networks_cli_compatible: false
    networks:
      - name: bridgewithdns
    healthcheck:
      interval: 30s
      timeout: 60s
      start_period: 10s
      test: "redis-cli --raw incr ping"
  when: item.redis
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "redis_{{ item.name }} [{{ item.state }}]"
  tags:
    - nextcloud-container
    - redis
    - docker-containers

# Had to copy ssl_match_hostname from
#   /usr/local/lib/python2.7/dist-pacakges/backports
# to
#  /usr/lib/python2.7/dist-packages/backports
# after upgrading debian
- name: nextcloud containers
  docker_container:
    name: "{{ item.name }}"
    hostname: "{{ item.name }}"
    image: "nextcloud:{{ item.version }}"
    auto_remove: false
    detach: true
    pull: true
    state: "{{ item.state | default('started') }}"
    restart_policy: "unless-stopped"
    container_default_behavior: compatibility
    env:
      NEXTCLOUD_DATA_DIR: "/data"
      PHP_MEMORY_LIMIT: "2048M"
    ports:
      - 127.0.0.1:{{ item.exposed_port }}:9000
    mounts:
      - type: bind
        source: "{{ item.root }}/data"
        target: /data
      - type: bind
        source: "{{ item.root }}/html"
        target: /var/www/html
      - type: bind
        source: "{{ item.root }}/php-fpm.d"
        target: /usr/local/etc/php-fpm.d
      - type: bind
        source: /var/log/{{ item.name }}
        target: /var/log
    networks_cli_compatible: false
    networks:
      - name: bridgewithdns
        ipv4_address: "{{ item.docker_ip }}"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{ item.name }} [{{ item.state }}]"
  tags:
    - nextcloud-container
    - docker-containers

- name: template nginx vhost
  template:
    src: "01-{{ item.name }}.conf.j2"
    dest: "/etc/nginx/sites-enabled/01-{{ item.name }}"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "01-{{ item.name }}"
  tags:
    - nginx
    - nextcloud-nginx
  notify: reload nginx

- name: template cron file
  template:
    src: nextcloud-cron.j2
    dest: /etc/cron.d/nextcloud
  tags:
    - cron
    - nextcloud-cron

- name: wait for nextclouds
  wait_for:
    port: "9000"
    host: "{{ item.docker_ip }}"
    sleep: 2
  when:
    - item.docker_ip is defined
    - item.state == "started"
  with_items: "{{ nextclouds }}"
  loop_control:
    label: "{{ item.name }}"
  tags:
    - docker

- name: template filebeat config
  template:
    src: filebeat-nextcloud.yml.j2
    dest: "/etc/filebeat/inputs.d/nextcloud.yml"
    owner: root
    group: root
    mode: 0644
  tags:
    - filebeat
    - filebeat-input
    - filebeat-nextcloud
  notify: restart filebeat