From d080a7ea84e344bab602ad78f3fb9e1aded71ad1 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 09:48:50 +0100 Subject: [PATCH 01/10] Move file permission seeting to a handler - it's fine to do that once in the end --- handlers/main.yml | 50 ++++++++++++++++++++++++++++++++++++++ tasks/core/install.yml | 54 +++++------------------------------------- 2 files changed, 56 insertions(+), 48 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 8b413d8..95d4cf8 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -29,3 +29,53 @@ state: directory recurse: true listen: set app files permissions + +- name: Set file permissions on Nextcloud files + block: + - name: Find Nextcloud files + find: + path: "{{ nextcloud_installation_dir }}" + file_type: any + register: nextcloud_installation_files + listen: nextcloud set secure file permissions + - name: Set permissions on directories + file: + path: "{{ item.path }}" + owner: "{{ nextcloud_file_owner }}" + group: "{{ nextcloud_file_owner }}" + mode: 0o750 + state: directory + recurse: true + loop: >- + {{ + nextcloud_installation_files.files + | selectattr('isdir') + | list + }} + listen: nextcloud set secure file permissions + # For files, we are using `shell` as `file` with a loop would take ages + # to complete. + - name: Set ownership on files + command: >- + find "{{ nextcloud_installation_dir }}" + -type f + -exec chown {{ + nextcloud_file_owner }}:{{ nextcloud_file_owner }} {} \; + -exec chmod 0640 {} \; + changed_when: false + listen: nextcloud set secure file permissions + - name: Set permissions on installation directory + file: + path: "{{ nextcloud_installation_dir }}" + owner: root + group: "{{ nextcloud_file_owner }}" + mode: 0o750 + state: directory + listen: nextcloud set secure file permissions + - name: Set permissions on htaccess file + file: + path: "{{ nextcloud_installation_dir }}/.htaccess" + owner: root + group: "{{ nextcloud_file_owner }}" + mode: 0o644 + listen: nextcloud set secure file permissions diff --git a/tasks/core/install.yml b/tasks/core/install.yml index 17befa0..26c9da6 100644 --- a/tasks/core/install.yml +++ b/tasks/core/install.yml @@ -85,53 +85,11 @@ creates: "{{ nextcloud_installation_dir }}/config/config.php" become: true become_user: "{{ nextcloud_file_owner }}" + notify: nextcloud set secure file permissions + + - name: Make occ executable + file: + path: "{{ nextcloud_installation_dir }}/occ" + mode: "u+x" - - name: Set file permissions on Nextcloud files - block: - - name: Find Nextcloud files - find: - path: "{{ nextcloud_installation_dir }}" - file_type: any - register: nextcloud_installation_files - - name: Set permissions on directories - file: - path: "{{ item.path }}" - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - mode: 0o750 - state: directory - recurse: true - loop: >- - {{ - nextcloud_installation_files.files - | selectattr('isdir') - | list - }} - # For files, we are using `shell` as `file` with a loop would take ages - # to complete. - - name: Set ownership on files - command: >- - find "{{ nextcloud_installation_dir }}" - -type f - -exec chown {{ - nextcloud_file_owner }}:{{ nextcloud_file_owner }} {} \; - -exec chmod 0640 {} \; - changed_when: false - - name: Set permissions on installation directory - file: - path: "{{ nextcloud_installation_dir }}" - owner: root - group: "{{ nextcloud_file_owner }}" - mode: 0o750 - state: directory - - name: Make occ executable - file: - path: "{{ nextcloud_installation_dir }}/occ" - mode: "u+x" - - name: Set permissions on htaccess file - file: - path: "{{ nextcloud_installation_dir }}/.htaccess" - owner: root - group: "{{ nextcloud_file_owner }}" - mode: 0o644 when: _result is not skipped From 8bf65398600a735c7899811ef5d70e401a3136e0 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 09:50:48 +0100 Subject: [PATCH 02/10] Remove update step from install yml --- tasks/core/install.yml | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/tasks/core/install.yml b/tasks/core/install.yml index 26c9da6..b9b719a 100644 --- a/tasks/core/install.yml +++ b/tasks/core/install.yml @@ -15,25 +15,6 @@ path: "{{ nextcloud_installation_dir }}/updater/updater.phar" register: _result -- name: Check if update is available - command: php updater/updater.phar - args: - chdir: "{{ nextcloud_installation_dir }}" - become: true - become_user: "{{ nextcloud_file_owner }}" - register: _result - changed_when: false - failed_when: - - _result is failed - # The updater will automatically try to install any updates if the shell is - # not interactive (as is the case with here). In that case, it means that - # Nextcloud has already been installed and an update was found. Assuming - # that Nextcloud was installed with this role, .htaccess will no be - # writtable. This will cause the updater to fail. But this is a failure we - # can expect. - - _result.stdout is not search('The following places can not be written to') - when: _result.stat.exists | bool - - name: Download nextcloud unarchive: src: "{{ nextcloud_download_url }}" @@ -42,9 +23,7 @@ owner: "{{ nextcloud_file_owner }}" group: "{{ nextcloud_file_owner }}" register: _result - when: >- - _result is skipped - or _result.stdout is not search("No update available") + when: not _result.stat.exists - block: # When extracting the downloaded nextcloud archive, the files are placed From a166da2ea2d03e0dd3f118487b291eb6cab7def2 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 09:53:12 +0100 Subject: [PATCH 03/10] Add updater step using updater.phar script --- tasks/core/upgrade.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tasks/core/upgrade.yml b/tasks/core/upgrade.yml index 1989d67..61df726 100644 --- a/tasks/core/upgrade.yml +++ b/tasks/core/upgrade.yml @@ -1,5 +1,39 @@ --- +- name: Check if update is available + command: php occ update:check --no-interaction + args: + chdir: "{{ nextcloud_installation_dir }}" + become: true + become_user: "{{ nextcloud_file_owner }}" + register: _result + changed_when: _result.stdout | regex_search('^Nextcloud .* is available') + failed_when: _result is failed + +- name: Make files writable by php user + file: + path: "{{ nextcloud_installation_dir }}" + mode: u=rwX,g=rX,o=rX + owner: "{{ nextcloud_file_owner }}" + group: "{{ nextcloud_file_owner }}" + recurse: true + when: _result.stdout | regex_search('^Nextcloud .* is available') + # Make sure to correctly set file permissions after the installation + notify: nextcloud set secure file permissions + +- name: Update Nextcloud installation + command: php updater/updater.phar --no-interaction + args: + chdir: "{{ nextcloud_installation_dir }}" + become: true + become_user: "{{ nextcloud_file_owner }}" + register: _result + failed_when: + - _result is failed + - _result.stdout is not search('Update successful') + # We only check for an upgrade of Nextcloud itself, not of the apps + when: _result.stdout | regex_search('^Nextcloud .* is available') + - name: Check if upgrade is needed command: ./occ status args: From 578f0836ed0f4bc2f5448cbe64441302413dca3e Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 16:57:53 +0100 Subject: [PATCH 04/10] Consistently use "php occ" instead of "./occ" --- tasks/core/apps.yml | 10 +++++----- tasks/core/upgrade.yml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tasks/core/apps.yml b/tasks/core/apps.yml index 63b983c..a384ceb 100644 --- a/tasks/core/apps.yml +++ b/tasks/core/apps.yml @@ -2,7 +2,7 @@ # Read all apps shipped by Nextcloud itself - name: Read shipped apps - command: ./occ app:list --shipped=true --no-warnings --output=json + command: php occ app:list --shipped=true --no-warnings --output=json args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -16,7 +16,7 @@ # Read all external apps which have been installed by in addition - name: Read installed external apps - command: ./occ app:list --shipped=false --no-warnings --output=json + command: php occ app:list --shipped=false --no-warnings --output=json args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -84,7 +84,7 @@ # Update list of available apps after installation and removal: - name: Re-read installed external apps - command: ./occ app:list --shipped=false --no-warnings --output=json + command: php occ app:list --shipped=false --no-warnings --output=json args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -113,7 +113,7 @@ # - are not yet enabled and # - have their state set to "enabled" - name: Enable apps - command: ./occ app:enable "{{ item.name }}" + command: php occ app:enable "{{ item.name }}" args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -128,7 +128,7 @@ # - are not yet disabled and # - have their state set to "disabled" - name: Disable apps - command: ./occ app:disable "{{ item.name }}" + command: php occ app:disable "{{ item.name }}" args: chdir: "{{ nextcloud_installation_dir }}" become: true diff --git a/tasks/core/upgrade.yml b/tasks/core/upgrade.yml index 61df726..cfb3172 100644 --- a/tasks/core/upgrade.yml +++ b/tasks/core/upgrade.yml @@ -35,7 +35,7 @@ when: _result.stdout | regex_search('^Nextcloud .* is available') - name: Check if upgrade is needed - command: ./occ status + command: php occ status args: chdir: "{{ nextcloud_installation_dir }}" register: nextcloud_status @@ -44,7 +44,7 @@ become_user: "{{ nextcloud_file_owner }}" - name: Upgrade Nextcloud installation - command: ./occ upgrade + command: php occ upgrade args: chdir: "{{ nextcloud_installation_dir }}" become: true From 5c917ab3ce7c90e8b86b461b087ee5b359cd2125 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 17:02:14 +0100 Subject: [PATCH 05/10] Simplify setting of file permissions --- handlers/main.yml | 31 +++---------------------------- 1 file changed, 3 insertions(+), 28 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 95d4cf8..e2efc48 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -32,38 +32,13 @@ - name: Set file permissions on Nextcloud files block: - - name: Find Nextcloud files - find: - path: "{{ nextcloud_installation_dir }}" - file_type: any - register: nextcloud_installation_files - listen: nextcloud set secure file permissions - - name: Set permissions on directories + - name: Set Nextcloud file permissions file: - path: "{{ item.path }}" + path: "{{ nextcloud_installation_dir }}" + mode: u=rwX,g=rX,o=0 owner: "{{ nextcloud_file_owner }}" group: "{{ nextcloud_file_owner }}" - mode: 0o750 - state: directory recurse: true - loop: >- - {{ - nextcloud_installation_files.files - | selectattr('isdir') - | list - }} - listen: nextcloud set secure file permissions - # For files, we are using `shell` as `file` with a loop would take ages - # to complete. - - name: Set ownership on files - command: >- - find "{{ nextcloud_installation_dir }}" - -type f - -exec chown {{ - nextcloud_file_owner }}:{{ nextcloud_file_owner }} {} \; - -exec chmod 0640 {} \; - changed_when: false - listen: nextcloud set secure file permissions - name: Set permissions on installation directory file: path: "{{ nextcloud_installation_dir }}" From 71f4a09f507102c27d3e73c415a019fdc8c85915 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 17:05:19 +0100 Subject: [PATCH 06/10] Rename handler --- handlers/main.yml | 5 +++-- tasks/core/install.yml | 2 +- tasks/core/upgrade.yml | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index e2efc48..23f9a07 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -39,6 +39,7 @@ owner: "{{ nextcloud_file_owner }}" group: "{{ nextcloud_file_owner }}" recurse: true + listen: nextcloud set file permissions - name: Set permissions on installation directory file: path: "{{ nextcloud_installation_dir }}" @@ -46,11 +47,11 @@ group: "{{ nextcloud_file_owner }}" mode: 0o750 state: directory - listen: nextcloud set secure file permissions + listen: nextcloud set file permissions - name: Set permissions on htaccess file file: path: "{{ nextcloud_installation_dir }}/.htaccess" owner: root group: "{{ nextcloud_file_owner }}" mode: 0o644 - listen: nextcloud set secure file permissions + listen: nextcloud set file permissions diff --git a/tasks/core/install.yml b/tasks/core/install.yml index b9b719a..c320cd7 100644 --- a/tasks/core/install.yml +++ b/tasks/core/install.yml @@ -64,7 +64,7 @@ creates: "{{ nextcloud_installation_dir }}/config/config.php" become: true become_user: "{{ nextcloud_file_owner }}" - notify: nextcloud set secure file permissions + notify: nextcloud set file permissions - name: Make occ executable file: diff --git a/tasks/core/upgrade.yml b/tasks/core/upgrade.yml index cfb3172..3bd0887 100644 --- a/tasks/core/upgrade.yml +++ b/tasks/core/upgrade.yml @@ -19,7 +19,7 @@ recurse: true when: _result.stdout | regex_search('^Nextcloud .* is available') # Make sure to correctly set file permissions after the installation - notify: nextcloud set secure file permissions + notify: nextcloud set file permissions - name: Update Nextcloud installation command: php updater/updater.phar --no-interaction From e850758ada845319f373a83345a1f25a1c155c06 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 17:05:36 +0100 Subject: [PATCH 07/10] Remove separate app dir permissions handler, just use global one --- handlers/main.yml | 10 ---------- tasks/core/apps.yml | 2 ++ 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 23f9a07..881d83a 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -20,16 +20,6 @@ mode: g-w listen: nextcloud update htaccess -- name: Set permissions on downloaded apps - file: - path: "{{ nextcloud_installation_dir }}/apps/" - mode: u=rwX,g=rX,o=rX - owner: "{{ nextcloud_file_owner }}" - group: "{{ nextcloud_file_owner }}" - state: directory - recurse: true - listen: set app files permissions - - name: Set file permissions on Nextcloud files block: - name: Set Nextcloud file permissions diff --git a/tasks/core/apps.yml b/tasks/core/apps.yml index a384ceb..95e8f12 100644 --- a/tasks/core/apps.yml +++ b/tasks/core/apps.yml @@ -81,6 +81,7 @@ - item.name not in (nextcloud_installed_apps.enabled | combine(nextcloud_installed_apps.disabled)) - item.state | default('enabled') != 'absent' + notify: nextcloud set file permissions # Update list of available apps after installation and removal: - name: Re-read installed external apps @@ -108,6 +109,7 @@ register: result failed_when: result.stdout is search('not installed') or result is failed changed_when: result.stdout is search('updated') and result is not failed + notify: nextcloud set file permissions # Enable all apps from the configured list which # - are not yet enabled and From 60f1a1f875b896b8ec1f5be1d0465971732f61b4 Mon Sep 17 00:00:00 2001 From: Simon Spannagel Date: Wed, 27 Nov 2019 17:22:49 +0100 Subject: [PATCH 08/10] Consistently call `php occ` --- handlers/main.yml | 2 +- tasks/core/config.yml | 4 ++-- tasks/core/integrity.yml | 8 ++++---- tasks/users/group.yml | 6 +++--- tasks/users/user.yml | 6 +++--- tasks/users/user_config.yml | 4 ++-- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 881d83a..356b365 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -8,7 +8,7 @@ mode: g+w listen: nextcloud update htaccess - name: Update .htaccess file - command: ./occ maintenance:update:htaccess --no-interaction + command: php occ maintenance:update:htaccess --no-interaction args: chdir: "{{ nextcloud_installation_dir }}" listen: nextcloud update htaccess diff --git a/tasks/core/config.yml b/tasks/core/config.yml index ba64940..da2d2b5 100644 --- a/tasks/core/config.yml +++ b/tasks/core/config.yml @@ -1,7 +1,7 @@ --- - name: Get global preferences - command: ./occ config:list --private --output=json + command: php occ config:list --private --output=json args: chdir: "{{ nextcloud_installation_dir }}" register: _result @@ -35,7 +35,7 @@ mode: 0o400 - name: Set up global preferences - command: ./occ config:import "{{ _result.path }}" + command: php occ config:import "{{ _result.path }}" args: chdir: "{{ nextcloud_installation_dir }}" become: true diff --git a/tasks/core/integrity.yml b/tasks/core/integrity.yml index 42cc74d..6c67609 100644 --- a/tasks/core/integrity.yml +++ b/tasks/core/integrity.yml @@ -3,7 +3,7 @@ - name: Read extra files block: - name: Run integrity check for core - command: "./occ integrity:check-core --output=json" + command: "php occ integrity:check-core --output=json" args: chdir: "{{ nextcloud_installation_dir }}" register: nextcloud_integrity_core @@ -13,7 +13,7 @@ changed_when: false - name: Run integrity check for apps - command: "./occ integrity:check-app {{ item }} --output=json" + command: "php occ integrity:check-app {{ item }} --output=json" args: chdir: "{{ nextcloud_installation_dir }}" register: nextcloud_integrity_apps @@ -70,7 +70,7 @@ warn: false - name: Re-run integrity check for core to update integrity results - command: "./occ integrity:check-core --output=json" + command: "php occ integrity:check-core --output=json" args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -79,7 +79,7 @@ changed_when: false - name: Re-run integrity check for apps to update integrity results - command: "./occ integrity:check-app {{ item }} --output=json" + command: "php occ integrity:check-app {{ item }} --output=json" args: chdir: "{{ nextcloud_installation_dir }}" loop: >- diff --git a/tasks/users/group.yml b/tasks/users/group.yml index 4864829..a517580 100644 --- a/tasks/users/group.yml +++ b/tasks/users/group.yml @@ -1,7 +1,7 @@ --- - name: Create user groups - command: ./occ group:add "{{ item }}" + command: php occ group:add "{{ item }}" args: chdir: "{{ nextcloud_installation_dir }}" loop: >- @@ -20,7 +20,7 @@ become_user: "{{ nextcloud_file_owner }}" - name: Get user info - command: ./occ user:info "{{ item.name }}" --output=json + command: php occ user:info "{{ item.name }}" --output=json args: chdir: "{{ nextcloud_installation_dir }}" register: _nextcloud_user_info @@ -30,7 +30,7 @@ become_user: "{{ nextcloud_file_owner }}" - name: Add users to groups - command: ./occ group:adduser "{{ item.1 }}" "{{ item.0.name }}" + command: php occ group:adduser "{{ item.1 }}" "{{ item.0.name }}" args: chdir: "{{ nextcloud_installation_dir }}" loop: "{{ nextcloud_users | subelements('groups') }}" diff --git a/tasks/users/user.yml b/tasks/users/user.yml index 7159606..ad24b04 100644 --- a/tasks/users/user.yml +++ b/tasks/users/user.yml @@ -1,7 +1,7 @@ --- - name: Get user list - command: ./occ user:list --output=json + command: php occ user:list --output=json args: chdir: "{{ nextcloud_installation_dir }}" register: nextcloud_online_users @@ -24,7 +24,7 @@ - name: Create users command: >- - ./occ user:add + php occ user:add "{{ item.name }}" --display-name "{{ item.display_name }}" --password-from-env @@ -38,7 +38,7 @@ become_user: "{{ nextcloud_file_owner }}" - name: Update user password - command: ./occ user:resetpassword "{{ item.name }}" --password-from-env + command: php occ user:resetpassword "{{ item.name }}" --password-from-env args: chdir: "{{ nextcloud_installation_dir }}" when: diff --git a/tasks/users/user_config.yml b/tasks/users/user_config.yml index cab3b95..0d42fc0 100644 --- a/tasks/users/user_config.yml +++ b/tasks/users/user_config.yml @@ -51,7 +51,7 @@ ] - name: Read existing config values - command: "./occ user:setting {{ item.user }} {{ item.app }} {{ item.key }}" + command: "php occ user:setting {{ item.user }} {{ item.app }} {{ item.key }}" args: chdir: "{{ nextcloud_installation_dir }}" become: true @@ -63,7 +63,7 @@ - name: Enable user settings command: >- - ./occ user:setting + php occ user:setting {{ item.0.user }} {{ item.0.app }} {{ item.0.key }} From cc4b316b20fd2de8f3b93383025a1dc2be8bc1f6 Mon Sep 17 00:00:00 2001 From: simonspa <1677436+simonspa@users.noreply.github.com> Date: Wed, 27 Nov 2019 17:49:50 +0100 Subject: [PATCH 09/10] chmod doesnt like mixing octal and symbolic --- handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 356b365..4fdb045 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -25,7 +25,7 @@ - name: Set Nextcloud file permissions file: path: "{{ nextcloud_installation_dir }}" - mode: u=rwX,g=rX,o=0 + mode: u=rwX,g=rX,o-rwx owner: "{{ nextcloud_file_owner }}" group: "{{ nextcloud_file_owner }}" recurse: true From cbf357f4181aaaed99f0fe313cea4002097df733 Mon Sep 17 00:00:00 2001 From: Nikolaos Kakouros Date: Sat, 6 Jun 2020 16:20:48 +0200 Subject: [PATCH 10/10] final touches --- README.md | 78 ++++++++++++++++++++++++++++--------- defaults/main.yml | 63 ++++++++++++++++-------------- filter_plugins/opml.py | 5 +-- tasks/apps/news.yml | 62 +++++++++++++++++++---------- tasks/core/apps.yml | 55 ++++++++++++++------------ tasks/core/install.yml | 19 +++++++-- tasks/core/integrity.yml | 2 +- tasks/users/user_config.yml | 4 +- 8 files changed, 184 insertions(+), 104 deletions(-) diff --git a/README.md b/README.md index 03c09fb..da15288 100644 --- a/README.md +++ b/README.md @@ -1,56 +1,96 @@ [![Build Status](https://travis-ci.com/nkakouros-original/ansible-role-nextcloud.svg?branch=master)](https://travis-ci.com/nkakouros-original/ansible-role-nextcloud) [![Galaxy](https://img.shields.io/badge/galaxy-nkakouros.nextcloud-blue.svg)](https://galaxy.ansible.com/nkakouros/nextcloud/) -Ansible Role: Nextcloud -========= +# Ansible Role: Nextcloud -Installs and upgrades Nextcloud and apps. **It only does that**, it does not install a web server, a db server, etc. +Installs and upgrades Nextcloud and apps. **It only does that**, it does not +install a web server, a db server, etc. -Features --------- +## Features This role allows you to: - install, update and configure Nextcloud core - install, update and configure Nextcloud apps available on the app store - create and update users and groups -Requirements ------------- +## Requirements Ansible >= 2.7 -While there are a bunch of other roles around to install Nextcloud, I did not found them useful as they try to do everything in one role, ie setup Apache, then MySQL, then install Nextcloud, etc. This might be useful for users who want to have a Nextcloud instance running as fast as possible. However, I find the approach too limiting as there are too many assumptions taking place. +While there are a bunch of other roles around to install Nextcloud, I did not +found them useful as they try to do everything in one role, ie setup Apache, +then MySQL, then install Nextcloud, etc. This might be useful for users who want +to have a Nextcloud instance running as fast as possible. However, I find the +approach too limiting as there are too many assumptions taking place. -This role does not care where you install Nextcloud. It only downloads, installs and configures Nextcloud itself. Its aim is to be used in a modular way alongside other roles. (Or at least it tries to make no assumptions. If you find any or cannot install nextcloud due to missing functionality, please open an issue or a PR. Currently it has been tested only on Ubuntu 16.04). +This role does not care where you install Nextcloud. It only downloads, installs +and configures Nextcloud itself. Its aim is to be used in a modular way +alongside other roles. (Or at least it tries to make no assumptions. If you find +any or cannot install nextcloud due to missing functionality, please open an +issue or a PR. Currently it has been tested only on Ubuntu 16.04). -See the [Example playbook](#example-playbook) on how a complete playbook that uses 3rd-party roles might look like. +See the [Example playbook](#example-playbook) on how a complete playbook that +uses 3rd-party roles might look like. -Versions ---- +The python `listparser` module should be installed if you want to import feeds +into the `News` app from an opml file. E.g.: -- _Supported Nextcloud versions_: Each release of the role will support all officially supported Nextcloud versions, starting from version 14. That is, versions older than Nextcloud 14 will not be supported ever by this role (for instance Nextcloud 13, although it is supported officially as of this writing). Also, with each new major version of Nextcloud, the version that this role installs by default will be updated to match that latest major release. +``` +pip install listaprser +``` -- _Supported Ansible versions_: I am using an installation of Ansible that is daily checked out from their [development branch](https://github.com/ansible/ansible/tree/devel/). With each new Ansible stable version (currently 2.7), a new release of this role will be created that will be compatible with that new Ansible version. Work following such a release will take place with the in-development next version of Ansible and might use new Ansible features. -For this above reasons, role releases will have names such as `v14-2.7-1.0`, where: +## Versions + +- _Supported Nextcloud versions_: Each release of the role will support all + officially supported Nextcloud versions, starting from version 14. That is, + versions older than Nextcloud 14 will not be supported ever by this role (for + instance Nextcloud 13, although it is supported officially as of this + writing). Also, with each new major version of Nextcloud, the version that + this role installs by default will be updated to match that latest major + release. + +- _Supported Ansible versions_: I am using an installation of Ansible that is + daily checked out from their [development + branch](https://github.com/ansible/ansible/tree/devel/). With each new Ansible + stable version (currently 2.7), a new release of this role will be created + that will be compatible with that new Ansible version. Work following such + a release will take place with the in-development next version of Ansible and + might use new Ansible features. + +For this above reasons, role releases will have names such as `v14-2.7-1.0`, +where: - `14` is the version of Nextcloud that this role will install by default - `2.7` is the Ansible version that the release will be compatible with -- `1.0` is semantic versioning of the role itself (reset when either of the two components above gets updated) +- `1.0` is semantic versioning of the role itself (reset when either of the two + components above gets updated) -The above release will of course also be compatible with later Ansible versions that are compatible with Ansible 2.7. +The above release will of course also be compatible with later Ansible versions +that are compatible with Ansible 2.7. Role Variables -------------- -See [defaults/main.yml](https://github.com/nkakouros-original/ansible-role-nextcloud/blob/master/defaults/main.yml) for a full list of variables together with documentation on how to use them to configure this role. +See +[defaults/main.yml](https://github.com/nkakouros-original/ansible-role-nextcloud/blob/master/defaults/main.yml) +for a full list of variables together with documentation on how to use them to +configure this role. Example Playbook ---------------- -See [molecule/default/prepare.yml](molecule/default/prepare.yml) and [molecule/default/playbook.yml](molecule/default/playbook.yml) for a working example of how to use this role in conjuction with other roles to get a complete server environment that runs Nextcloud. +See [molecule/default/prepare.yml](molecule/default/prepare.yml) and +[molecule/default/playbook.yml](molecule/default/playbook.yml) for a working +example of how to use this role in conjuction with other roles to get a complete +server environment that runs Nextcloud. License ------- GPLv3 + +Author Information +------------------ + +Nikolaos Kakouros diff --git a/defaults/main.yml b/defaults/main.yml index 293a11d..1831aa7 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,7 @@ nextcloud_enable: true # Set this to 'no' to completely disable the role +# Installation {{{ nextcloud_version: 17 # The major nextcloud version to install. You can use this to upgrade to a new # major version as well. Even if you set 'nextcloud_download_url' manually (see @@ -53,13 +54,8 @@ nextcloud_database: prefix: oc_ # Prefix for the nextcloud tables in the database. - -nextcloud_admin_user: admin -# The name of the admin user - -nextcloud_admin_pass: '' -# The password of the admin user. This variable should not be empty. - +# }}} +# Core configuration {{{ # TODO make this part of nextcloud_config_system nextcloud_enable_pretty_urls: true # Set to yes to enable urls of the form https://example.org/calendar replacing @@ -71,7 +67,37 @@ nextcloud_urls: # This is a list of urls where your nextcloud installation should be accessible. # You would normally need only one. If you specify more than one, the first one # will be as the "main" one, for pretty urls, etc. +# }}} +# Users {{{ +nextcloud_admin_user: admin +# The name of the admin user +nextcloud_admin_pass: '' +# The password of the admin user. This variable should not be empty. + +nextcloud_users: [] +# The ansible users to create, other than the admin. +# It is a list of hashes. Eg +# +# nextcloud_users: +# - name: alice +# pass: superstrongnot +# resetpassword: yes # reset the passsword every time the playbook is run +# display_name: Alice B. Charlie +# settings: +# - firstrunwizard: +# show: 0 +# - calendar: +# showWeekNr: 'yes' +# app_config: +# ... +# +# App and core configuration happens per user. To find out what config options +# are available, either make the changes manually and then the oc_preferences +# table in your nextcloud database or use the `occ config:list` command on your +# server to get a listing of the current configuration options. +# }}} +# Apps {{{ nextcloud_remove_unknown_apps: false # Setting to choose whether to remove or keep external apps which have not been # installed through this role, but manually or via the Nextcloud admin interface @@ -132,25 +158,4 @@ nextcloud_config: {} # | regex_replace('^/') # }} # ``` - -nextcloud_users: [] -# The ansible users to create, other than the admin. -# It is a list of hashes. Eg -# -# nextcloud_users: -# - name: alice -# pass: superstrongnot -# resetpassword: yes # reset the passsword every time the playbook is run -# display_name: Alice B. Charlie -# settings: -# - firstrunwizard: -# show: 0 -# - calendar: -# showWeekNr: 'yes' -# app_config: -# ... -# -# App and core configuration happens per user. To find out what config options -# are available, either make the changes manually and then the oc_preferences -# table in your nextcloud database or use the `occ config:list` command on your -# server to get a listing of the current configuration options. +# }}} diff --git a/filter_plugins/opml.py b/filter_plugins/opml.py index b7f2d07..07360a8 100644 --- a/filter_plugins/opml.py +++ b/filter_plugins/opml.py @@ -10,9 +10,8 @@ def read_opml(path): import listparser except Exception: raise errors.AnsibleFilterError( - 'the "opml" filter requires the \ - "listparser" python module, install with `pip install \ - listparser`' + 'the "opml" filter requires the "listparser" python module,' + + "install with `pip install listparser`" ) try: diff --git a/tasks/apps/news.yml b/tasks/apps/news.yml index 8954866..88ddf75 100644 --- a/tasks/apps/news.yml +++ b/tasks/apps/news.yml @@ -16,7 +16,6 @@ _nextcloud_news_users: >- {{ nextcloud_users - | selectattr('app_config', 'defined') | selectattr('app_config.news', 'defined') | list }} @@ -188,45 +187,66 @@ delegate_to: localhost # TODO: does not work, says method not allowed +# https://github.com/nextcloud/news/issues/711 # - name: Update feeds # uri: # method: PATCH # url: >- -# {{ -# nextcloud_urls[0] -# }}/apps/news/api/v1-2/feeds/{{ +# {{ _nextcloud_api_url_news }}/feeds/{{ # ( -# _nextcloud_existing_feeds.json.feeds -# | selectattr('url', 'equalto', item.url) +# _nextcloud_existing_feeds.results[ +# ( +# _nextcloud_news_users +# | map(attribute='name') +# | flatten +# ).index(item.0.name) +# ]['json']['feeds'] +# | selectattr('url', 'equalto', item.1.url) # | list # | last # )['id'] # }} # body_format: json # body: -# url: "{{ item.url }}" +# url: "{{ item.1.url }}" # folderId: >- # {{ # ( -# _nextcloud_existing_folders.json.folders -# | selectattr('name', 'equalto', 'kde') +# _nextcloud_existing_folders.results[ +# ( +# _nextcloud_news_users +# | map(attribute='name') +# | flatten +# ).index(item.0.name) +# ]['json']['folders'] +# | selectattr( +# 'name', +# 'equalto', +# item.1.folder +# | default([]) +# | first +# | default('') +# ) # | list -# | first +# | last +# | default('__undefined__') # )['id'] +# | default(omit) # }} # headers: -# Authorization: Basic {{ (item.name + ':' + item.pass) | b64encode }} +# Authorization: Basic {{ (item.0.name + ':' + item.0.pass) | b64encode }} # when: >- -# _nextcloud_existing_feeds.json.feeds -# | selectattr('url', 'equalto', item.url) +# _nextcloud_existing_feeds.results[ +# ( +# _nextcloud_news_users +# | map(attribute='name') +# | flatten +# ).index(item.0.name) +# ]['json']['feeds'] +# | selectattr('url', 'equalto', item.1.url) # | list -# | last -# | attr('folder') -# | default('__not_defined__') -# != -# item.folder -# | default('__not_defined__') +# | length > 0 # register: result -# # changed_when: result is success -# loop: "{{ nextcloud_users[0]['app_config']['news']['feeds'] }}" +# changed_when: result is success +# loop: "{{ _nextcloud_news_users | subelements('app_config.news.feeds') }}" # delegate_to: localhost diff --git a/tasks/core/apps.yml b/tasks/core/apps.yml index 95e8f12..c8cfeb0 100644 --- a/tasks/core/apps.yml +++ b/tasks/core/apps.yml @@ -1,7 +1,6 @@ --- -# Read all apps shipped by Nextcloud itself -- name: Read shipped apps +- name: Read apps shipped with Nextcloud command: php occ app:list --shipped=true --no-warnings --output=json args: chdir: "{{ nextcloud_installation_dir }}" @@ -14,8 +13,7 @@ set_fact: nextcloud_shipped_apps: "{{ _result.stdout | from_json }}" -# Read all external apps which have been installed by in addition -- name: Read installed external apps +- name: Read external apps installed by the user command: php occ app:list --shipped=false --no-warnings --output=json args: chdir: "{{ nextcloud_installation_dir }}" @@ -28,12 +26,14 @@ set_fact: nextcloud_installed_apps: "{{ _result.stdout | from_json }}" -# Remove all apps from the list of external apps which are not in the -# configured list of apps, if nextcloud_remove_unknown_apps is set to true - name: Remove unknown external apps - command: php occ app:remove "{{ item }}" - with_items: "{{ (nextcloud_installed_apps.enabled | - combine(nextcloud_installed_apps.disabled)) }}" + command: php occ app:remove "{{ item.key }}" + loop: >- + {{ + nextcloud_installed_apps.enabled + | combine(nextcloud_installed_apps.disabled) + | dict2items + }} become: true become_user: "{{ nextcloud_file_owner }}" args: @@ -42,13 +42,12 @@ failed_when: result.stdout is not search('removed') or result is failed changed_when: result is not failed when: - - nextcloud_remove_unknown_apps - - not (nextcloud_apps | selectattr('name', 'search', item) | list) + - nextcloud_remove_unknown_apps | bool + - not (nextcloud_apps | selectattr('name', 'search', item.key) | list) -# Remove all apps which have their state set to "absent" -- name: Remove external apps +- name: Remove unwanted external apps command: php occ app:remove "{{ item.name }}" - with_items: "{{ nextcloud_apps }}" + loop: "{{ nextcloud_apps }}" become: true become_user: "{{ nextcloud_file_owner }}" args: @@ -67,7 +66,7 @@ # - have their state not set to "absent" - name: Install external apps command: php occ app:install "{{ item.name }}" - with_items: "{{ nextcloud_apps }}" + loop: "{{ nextcloud_apps }}" become: true become_user: "{{ nextcloud_file_owner }}" args: @@ -99,9 +98,13 @@ # Check and update all external apps - name: Update external apps - command: php occ app:update "{{ item }}" - with_items: "{{ (nextcloud_installed_apps.enabled - | combine(nextcloud_installed_apps.disabled)) }}" + command: php occ app:update "{{ item.key }}" + loop: >- + {{ + nextcloud_installed_apps.enabled + | combine(nextcloud_installed_apps.disabled) + | dict2items + }} become: true become_user: "{{ nextcloud_file_owner }}" args: @@ -120,11 +123,13 @@ chdir: "{{ nextcloud_installation_dir }}" become: true become_user: "{{ nextcloud_file_owner }}" - with_items: "{{ nextcloud_apps }}" + loop: "{{ nextcloud_apps }}" when: - (item.state | default('enabled')) == 'enabled' - - item.name not in (nextcloud_installed_apps.enabled - | combine(nextcloud_shipped_apps.enabled)) + - item.name not in ( + nextcloud_installed_apps.enabled + | combine(nextcloud_shipped_apps.enabled) + ) # Disable all apps from the configured list which # - are not yet disabled and @@ -135,8 +140,10 @@ chdir: "{{ nextcloud_installation_dir }}" become: true become_user: "{{ nextcloud_file_owner }}" - with_items: "{{ nextcloud_apps }}" + loop: "{{ nextcloud_apps }}" when: - (item.state | default('enabled')) == 'disabled' - - item.name not in (nextcloud_installed_apps.disabled - | combine(nextcloud_shipped_apps.disabled)) + - item.name not in ( + nextcloud_installed_apps.disabled + | combine(nextcloud_shipped_apps.disabled) + ) diff --git a/tasks/core/install.yml b/tasks/core/install.yml index c320cd7..96dcf64 100644 --- a/tasks/core/install.yml +++ b/tasks/core/install.yml @@ -1,14 +1,23 @@ --- +# These tasks install Nextcloud if it is not installed on the system already. +# They should run only once. + - name: Install unzip package: name: unzip state: present when: download_file_type == '.zip' -- name: Install imagemagick +- name: Install dependencies package: - name: imagemagick + name: "{{ package }}" + loop: "{{ packages }}" + loop_control: + loop_var: package + vars: + packages: + - imagemagick - name: Check if nextcloud is already installed stat: @@ -25,7 +34,8 @@ register: _result when: not _result.stat.exists -- block: +- name: Install nextcloud + block: # When extracting the downloaded nextcloud archive, the files are placed # under a nextcloud folder. Here, we rename this folder if the user has # specified a different folder. @@ -48,7 +58,8 @@ - name: Install nextcloud command: >- - php occ maintenance:install --no-interaction + php occ maintenance:install + --no-interaction --database "{{ nextcloud_database.backend }}" --database-name "{{ nextcloud_database.name }}" --database-user "{{ nextcloud_database.user }}" diff --git a/tasks/core/integrity.yml b/tasks/core/integrity.yml index 6c67609..6f889fd 100644 --- a/tasks/core/integrity.yml +++ b/tasks/core/integrity.yml @@ -35,7 +35,7 @@ nextcloud_extra_files: >- [ {%- for result in nextcloud_integrity_apps.results -%} - {%- set appname=(result.cmd[3]) -%} + {%- set appname=result.item -%} {%- set files=(result.stdout_lines[-1] | from_json) -%} {%- if files is mapping and 'EXTRA_FILE' in files -%} "{{ [] diff --git a/tasks/users/user_config.yml b/tasks/users/user_config.yml index 0d42fc0..988c759 100644 --- a/tasks/users/user_config.yml +++ b/tasks/users/user_config.yml @@ -73,6 +73,4 @@ become: true become_user: "{{ nextcloud_file_owner }}" when: item.0.value != item.1.stdout - with_together: - - "{{ user_settings }}" - - "{{ user_config_values.results }}" + loop: "{{ user_settings | zip(user_config_values.results) | list }}"