Compare commits
	
		
			9 Commits
		
	
	
		
			0.1.0
			...
			feadc801d5
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| feadc801d5 | |||
| 3b2957492e | |||
| dd5223afaa | |||
| dd295b4129 | |||
| 5d00b7637d | |||
| 5bc19d4ddc | |||
| 80317cae6a | |||
| f2e66f002b | |||
| 1caf613ff2 | 
| @@ -7,12 +7,12 @@ and managing nextcloud installations | ||||
|  | ||||
| ## Roles | ||||
|  | ||||
| - [`roles/nextcloud`](roles/nextcloud/README.md): For deploying | ||||
| - [`roles/server`](roles/server/README.md): For deploying | ||||
|   and configuring a bare nextcloud instance in a docker container. | ||||
|   Supports both the `-apache` (default) and `-fpm` variants. | ||||
| - [`roles/nextcloud-apps`](roles/nextcloud-apps/README.md): | ||||
| - [`roles/apps`](roles/apps/README.md): | ||||
|   For managing nextcloud apps in an already installed nextcloud | ||||
|   instance. Can install, remove, enable/disable and update apps. | ||||
|   server instance. Can install, remove, enable/disable and update apps. | ||||
|  | ||||
| ## License | ||||
|  | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| namespace: finallycoffee | ||||
| name: nextcloud | ||||
| version: 0.1.0 | ||||
| version: 0.2.0 | ||||
| readme: README.md | ||||
| authors: | ||||
| - Johanna Dorothea Reichmann <transcaffeine@finallycoffee.eu> | ||||
|   | ||||
| @@ -1,14 +0,0 @@ | ||||
| opcache.enable=1 | ||||
| opcache.interned_strings_buffer=32 | ||||
| ; next prime in the set which is suitable for large installations | ||||
| ; default for this setting is 10000 which picks the prime 7963, | ||||
| ; but default installation of nextcloud has already ~9k php files | ||||
| ; see https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.max-accelerated-files | ||||
| opcache.max_accelerated_files=32531 | ||||
| opcache.memory_consumption=256 | ||||
| ; deconstructor optimizations | ||||
| opcache.fast_shutdown=1 | ||||
| ;opcache.save_comments=1 | ||||
| ; not used if validate_timestamps=0 | ||||
| ;opcache.revalidate_freq=1 | ||||
| opcache.validate_timestamps=0 | ||||
| @@ -1,14 +0,0 @@ | ||||
| [www] | ||||
|  | ||||
| user = www-data | ||||
| group = www-data | ||||
|  | ||||
| listen = 127.0.0.1:9000 | ||||
|  | ||||
| pm = dynamic | ||||
| pm.max_children = 64 | ||||
| pm.start_servers = 32 | ||||
| pm.min_spare_servers = 24 | ||||
| pm.max_spare_servers = 48 | ||||
|  | ||||
| ;pm.max_requests=500 | ||||
| @@ -6,3 +6,9 @@ regardless of wether the `apache` or `fpm` docker image is used. | ||||
| It provides various common (optimization) configuration options | ||||
| and creates a user on the host which is mapped into the container, | ||||
| so the host file permissions remain comprehensible. | ||||
| 
 | ||||
| ## Configuration | ||||
| 
 | ||||
| - `nextcloud_socket_path`: Setting this (to, for example, `{{ nextcloud_basepath }}/socket`), | ||||
|   will make FPM listen on `{{ nextcloud_socket_path }}/nextcloud.sock` on the host, enabling | ||||
|   you to use FPM to interface with nextcloud. | ||||
| @@ -9,6 +9,9 @@ nextcloud_data_path: "{{ nextcloud_basepath }}/data" | ||||
| # Where user data like media, documents etc are persisted | ||||
| nextcloud_storage_path: "{{ nextcloud_basepath }}/storage" | ||||
| nextcloud_fpm_config_path: "{{ nextcloud_basepath }}/fpm-config" | ||||
| #nextcloud_socket_path: "{{ nextcloud_basepath }}/socket" | ||||
| 
 | ||||
| nextcloud_background_job_mode: cron | ||||
| 
 | ||||
| nextcloud_database_type: sqlite | ||||
| nextcloud_database_name: nextcloud | ||||
| @@ -30,6 +33,7 @@ nextcloud_container_base_volumes: | ||||
|   - "{{ nextcloud_data_path }}:/var/www/html:z" | ||||
|   - "{{ nextcloud_fpm_config_path }}/opcache.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:z" | ||||
|   - "{{ nextcloud_fpm_config_path }}/fpm.ini:/usr/local/etc/php-fpm.d/www.conf:z" | ||||
|   - "{{ nextcloud_fpm_config_path }}/fpm-docker.ini:/usr/local/etc/php-fpm.d/zz-docker.conf:z" | ||||
|   - "{{ nextcloud_basepath }}/nextcloud-passwd:/etc/passwd:z" | ||||
|   - "{{ nextcloud_basepath }}/nextcloud-group:/etc/group:z" | ||||
| nextcloud_container_extra_volumes: [] | ||||
| @@ -56,3 +60,22 @@ nextcloud_paths: | ||||
|     mode: "0770" | ||||
|     owner: "{{ nextcloud_user_info.uid|default(nextcloud_user) }}" | ||||
|     group: "root" | ||||
| 
 | ||||
| # PHP OpCache tuning | ||||
| nextcloud_opcache_enable: 1 | ||||
| nextcloud_opcache_interned_strings_buffer_mb: 32 | ||||
| nextcloud_opcache_max_accelerated_files: 32531 | ||||
| nextcloud_opcache_memory_consumption_mb: 256 | ||||
| nextcloud_opcache_fast_shutdown: 1 | ||||
| nextcloud_opcache_save_comments: 1 | ||||
| nextcloud_opcache_revalidate_freq: 1 | ||||
| nextcloud_opcache_validate_timestamps: 0 | ||||
| 
 | ||||
| # FPM config | ||||
| nextcloud_fpm_max_children: 64 | ||||
| nextcloud_fpm_start_servers: "{{ nextcloud_fpm_max_children / 2 | int }}" | ||||
| nextcloud_fpm_min_spare_servers: "{{ nextcloud_fpm_max_children / 4 | int }}" | ||||
| nextcloud_fpm_max_spare_servers: "{{ nextcloud_fpm_max_children * 3/4 | int }}" | ||||
| 
 | ||||
| nextcloud_php_memory_limit: 1024M | ||||
| nextcloud_php_upload_limit: 1024M | ||||
| @@ -7,6 +7,19 @@ | ||||
|     system: yes | ||||
|   register: nextcloud_user_info | ||||
| 
 | ||||
| - name: Map nextcloud socket path if defined | ||||
|   set_fact: | ||||
|     nextcloud_paths: "{{ nextcloud_paths + [ socket_dir ] }}" | ||||
|     nextcloud_container_base_volumes: "{{ nextcloud_container_base_volumes + [ socket_map ] }}" | ||||
|   vars: | ||||
|     socket_dir: | ||||
|       path: "{{ nextcloud_socket_path }}" | ||||
|       mode: "0755" | ||||
|       owner: "{{ nextcloud_user_info.uid|default(nextcloud_user) }}" | ||||
|       group: "{{ nextcloud_user_info.uid|default(nextcloud_user) }}" | ||||
|     socket_map: "{{ nextcloud_socket_path }}:{{ nextcloud_container_php_socket_path }}:z" | ||||
|   when: nextcloud_socket_path is defined and nextcloud_socket_path is string | ||||
| 
 | ||||
| - name: Ensure nextcloud directories exist and have correct permissions | ||||
|   file: | ||||
|     path: "{{ item.path }}" | ||||
| @@ -43,6 +56,16 @@ | ||||
|   notify: | ||||
|     - reload-nextcloud | ||||
| 
 | ||||
| - name: Template PHP FPM docker-specific configuration | ||||
|   template: | ||||
|     src: nextcloud-fpm-docker.ini.j2 | ||||
|     dest: "{{ nextcloud_fpm_config_path }}/fpm-docker.ini" | ||||
|     mode: "0640" | ||||
|     owner: "root" | ||||
|     group: "root" | ||||
|   notify: | ||||
|     - reload-nextcloud | ||||
| 
 | ||||
| - name: Template modified /etc/passwd for nextcloud container | ||||
|   template: | ||||
|     src: nextcloud-passwd.j2 | ||||
| @@ -70,6 +93,7 @@ | ||||
|     mode: "0640" | ||||
|     owner: root | ||||
|     group: root | ||||
|   when: nextcloud_background_job_mode == 'cron' | ||||
|   notify: | ||||
|     - reload-systemd | ||||
| 
 | ||||
| @@ -80,21 +104,12 @@ | ||||
|     mode: "0640" | ||||
|     owner: root | ||||
|     group: root | ||||
|   when: nextcloud_background_job_mode == 'cron' | ||||
|   notify: | ||||
|     - reload-systemd | ||||
| 
 | ||||
| - meta: flush_handlers | ||||
| 
 | ||||
| - name: Enable systemd timer for nextcloud cron | ||||
|   systemd: | ||||
|     name: "nextcloud-cron.timer" | ||||
|     enabled: yes | ||||
| 
 | ||||
| - name: Ensure systemd timer for nextcloud cron is started | ||||
|   systemd: | ||||
|     name: "nextcloud-cron.timer" | ||||
|     state: started | ||||
| 
 | ||||
| - name: Flush handlers now to ensure systemd can know about the timer before it's enabled | ||||
|   meta: flush_handlers | ||||
| 
 | ||||
| - name: Ensure docker container for nextcloud is running | ||||
|   docker_container: | ||||
| @@ -107,3 +122,53 @@ | ||||
|     purge_networks: "{{ nextcloud_container_purge_other_networks }}" | ||||
|     restart_policy: "{{ nextcloud_container_restart_policy }}" | ||||
|     state: started | ||||
| 
 | ||||
| - name: Enable systemd timer for nextcloud cron | ||||
|   systemd: | ||||
|     name: "nextcloud-cron.timer" | ||||
|     enabled: yes | ||||
|   when: nextcloud_background_job_mode == 'cron' | ||||
| 
 | ||||
| - name: Ensure systemd timer for nextcloud cron is started | ||||
|   systemd: | ||||
|     name: "nextcloud-cron.timer" | ||||
|     state: started | ||||
|   when: nextcloud_background_job_mode == 'cron' | ||||
| 
 | ||||
| - name: Check nextcloud background job mode | ||||
|   community.docker.docker_container_exec: | ||||
|     container: "{{ nextcloud_container_name }}" | ||||
|     command: "{{ nextcloud_occ_command }} config:app:get core backgroundjobs_mode" | ||||
|     user: "{{ nextcloud_user_info.uid }}" | ||||
|     tty: yes | ||||
|   register: nextcloud_current_backgroundjob_mode | ||||
|   # As nextcloud might still be starting, retry this task | ||||
|   retries: 5 | ||||
|   delay: 5 | ||||
|   changed_when: false | ||||
| 
 | ||||
| - name: Set nextcloud background job mode to {{ nextcloud_background_job_mode }} | ||||
|   community.docker.docker_container_exec: | ||||
|     container: "{{ nextcloud_container_name }}" | ||||
|     command: "{{ nextcloud_occ_command }} config:app:set core backgroundjobs_mode {{ nextcloud_background_job_mode }}" | ||||
|     user: "{{ nextcloud_user_info.uid }}" | ||||
|     tty: yes | ||||
|   when: nextcloud_current_backgroundjob_mode.stdout != nextcloud_background_job_mode | ||||
| 
 | ||||
| - name: Check nextcloud database host | ||||
|   community.docker.docker_container_exec: | ||||
|     container: "{{ nextcloud_container_name }}" | ||||
|     command: "{{ nextcloud_occ_command }} config:system:get dbhost" | ||||
|     user: "{{ nextcloud_user_info.uid }}" | ||||
|     tty: yes | ||||
|   register: nextcloud_current_dbhost | ||||
|   changed_when: false | ||||
| 
 | ||||
| - name: Set nextcloud database host mode to {{ nextcloud_database_host }} | ||||
|   community.docker.docker_container_exec: | ||||
|     container: "{{ nextcloud_container_name }}" | ||||
|     command: "{{ nextcloud_occ_command }} config:system:set dbhost --value={{ nextcloud_database_host }} --update-only -n" | ||||
|     user: "{{ nextcloud_user_info.uid }}" | ||||
|     tty: yes | ||||
|   when: nextcloud_current_dbhost.stdout != nextcloud_database_host | ||||
|   notify: restart-nextcloud | ||||
							
								
								
									
										2
									
								
								roles/server/templates/nextcloud-fpm-docker.ini.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								roles/server/templates/nextcloud-fpm-docker.ini.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,2 @@ | ||||
| [global] | ||||
| daemonize = no | ||||
							
								
								
									
										14
									
								
								roles/server/templates/nextcloud-fpm-opcache.ini.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										14
									
								
								roles/server/templates/nextcloud-fpm-opcache.ini.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,14 @@ | ||||
| opcache.enable={{ nextcloud_opcache_enable }} | ||||
| opcache.interned_strings_buffer={{ nextcloud_opcache_interned_strings_buffer_mb }} | ||||
| ; next prime in the set which is suitable for large installations | ||||
| ; default for this setting is 10000 which picks the prime 7963, | ||||
| ; but default installation of nextcloud has already ~9k php files | ||||
| ; see https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.max-accelerated-files | ||||
| opcache.max_accelerated_files={{ nextcloud_opcache_max_accelerated_files }} | ||||
| opcache.memory_consumption={{ nextcloud_opcache_memory_consumption_mb }} | ||||
| ; deconstructor optimizations | ||||
| opcache.fast_shutdown={{ nextcloud_opcache_fast_shutdown }} | ||||
| opcache.save_comments={{ nextcloud_opcache_save_comments }} | ||||
| ; not used if validate_timestamps=0 | ||||
| opcache.revalidate_freq={{ nextcloud_opcache_revalidate_freq }} | ||||
| opcache.validate_timestamps={{ nextcloud_opcache_validate_timestamps }} | ||||
							
								
								
									
										21
									
								
								roles/server/templates/nextcloud-fpm.ini.j2
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								roles/server/templates/nextcloud-fpm.ini.j2
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| [www] | ||||
|  | ||||
| user = www-data | ||||
| group = www-data | ||||
|  | ||||
| {% if nextcloud_socket_path is defined and nextcloud_socket_path is string %} | ||||
| listen = {{ nextcloud_container_php_socket_path }}/nextcloud.sock | ||||
| listen.owner = www-data | ||||
| listen.group = www-data | ||||
| listen.mode = 0666 | ||||
| {% else %} | ||||
| ;listen = 0.0.0.0:9000 | ||||
| {% endif %} | ||||
|  | ||||
| pm = dynamic | ||||
| pm.max_children = {{ nextcloud_fpm_max_children }} | ||||
| pm.start_servers = {{ nextcloud_fpm_start_servers }} | ||||
| pm.min_spare_servers = {{ nextcloud_fpm_min_spare_servers }} | ||||
| pm.max_spare_servers = {{ nextcloud_fpm_max_spare_servers }} | ||||
|  | ||||
| ;pm.max_requests=500 | ||||
| @@ -22,3 +22,8 @@ nextcloud_container_base_environment_yaml: |+2 | ||||
|   {% elif nextcloud_database_type == 'sqlite' %} | ||||
|   SQLITE_DATABASE: "{{ nextcloud_database_name }}" | ||||
|   {% endif %} | ||||
|   PHP_MEMORY_LIMIT: "{{ nextcloud_php_memory_limit }}" | ||||
|   PHP_UPLOAD_LIMIT: "{{ nextcloud_php_upload_limit }}" | ||||
| 
 | ||||
| nextcloud_occ_command: "php occ" | ||||
| nextcloud_container_php_socket_path: /var/run/php | ||||
		Reference in New Issue
	
	Block a user