Add nextcloud role

roles/nextcloud/templates/containers.conf.j2

@@ -0,0 +1,9 @@
+[containers]
+ipcns = "host"
+cgroupns = "host"
+cgroups = "disabled"
+log_driver = "k8s-file"
+[engine]
+cgroup_manager = "cgroupfs"
+events_logger = "file"
+runtime = "crun"

roles/nextcloud/templates/harp_entrypoint.sh.j2

@@ -0,0 +1,24 @@
+#!/bin/bash
+# {{ ansible_managed }}
+_term() {
+	echo "Received SIGTERM, stopping all containers"
+	kill "$child"
+}
+
+podman system service -t 0 &
+
+podman run \
+	--rm \
+	-v /run/secrets/harp-shared-key:/run/secrets/harp-shared-key:ro \
+	-e HP_SHARED_KEY_FILE=/run/secrets/harp-shared-key \
+	-e NC_INSTANCE_URL="https://{{ nextcloud_domains[0] }}" \
+	-e HP_TRUSTED_PROXY_IPS="10.0.0.0/8" \
+	-v /tmp/storage-run-1000/podman/podman.sock:/var/run/docker.sock \
+	-v /certs:/certs \
+	--name harp \
+	--network host \
+	ghcr.io/nextcloud/nextcloud-appapi-harp:release &
+
+child=$!
+trap _term SIGTERM
+wait