uumas/ansible-podman
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add nextcloud role

Browse Source
This commit is contained in:
uumas
2026-03-12 00:45:25 +02:00
parent ea2a2c3652
commit 61c0724801
7 changed files with 148 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/nextcloud/README.md Normal file
View File

@@ -0,0 +1 @@
Sets up a nextcloud podman container, including HaRP using podman in podman

2
roles/nextcloud/defaults/main.yaml Normal file
View File

@@ -0,0 +1,2 @@
---
nextcloud_tag: stable

29
roles/nextcloud/handlers/main.yaml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Unregister AppAPI daemon
containers.podman.podman_container_exec:
name: nextcloud
argv:
- /var/www/html/occ
- app_api:daemon:unregister
- harp
register: _nextcloud_appapi_unregister
changed_when: _nextcloud_appapi_unregister.rc == 0
failed_when: _nextcloud_appapi_unregister.rc not in [0, 1]
listen: Restart container service nextcloud-harp
- name: Register AppAPI daemon
containers.podman.podman_container_exec:
name: nextcloud
argv:
- /bin/sh
- -c
- >-
/var/www/html/occ app_api:daemon:register
--harp
--harp_frp_address=harp:8782
--harp_shared_key "$(cat /run/secrets/harp-shared-key)"
--net host
--set-default
--
harp HaRP docker-install http harp:8780 https://{{ nextcloud_domains[0] }}
listen: Restart container service nextcloud-harp

19
roles/nextcloud/meta/argument_specs.yaml Normal file
View File

@@ -0,0 +1,19 @@
---
argument_specs:
main:
description: "Sets up a nextcloud podman container, including HaRP using podman in podman"
options:
nextcloud_domains:
description: A list of domains nextcloud should listen on
type: list
required: true
elements: str
nextcloud_admin_pw:
description: Password of the initial admin user
type: str
required: true
nextcloud_tag:
description: Nextcloud version to use
type: str
required: false
default: stable

64
roles/nextcloud/tasks/main.yaml Normal file
View File

@@ -0,0 +1,64 @@
---
- name: Nextcloud service
ansible.builtin.import_role:
name: service
vars:
service_name: nextcloud
service_container_image: docker.io/library/nextcloud:{{ nextcloud_tag }}
service_container_http_port: 80
service_domains: "{{ nextcloud_domains }}"
service_database_type: postgres
service_redis: true
service_container_mounts:
- type: volume
source: data
destination: /var/www/html
service_container_secrets:
- name: adminpw
value: "{{ nextcloud_admin_pw }}"
- name: harp-shared-key
service_container_env:
POSTGRES_HOST: postgres
POSTGRES_DB: nextcloud
POSTGRES_USER: nextcloud
POSTGRES_PASSWORD_FILE: /run/secrets/postgres
REDIS_HOST: redis
TRUSTED_PROXIES: 10.0.0.0/8
NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domains | join(' ') }}"
NEXTCLOUD_ADMIN_USER: admin
NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/adminpw
service_additional_containers:
- name: cron
entrypoint: /cron.sh
- name: harp
add_capabilities:
- CAP_SYS_ADMIN
image: quay.io/podman/stable:latest
user: podman
entrypoint: /entrypoint.sh
devices:
- source: /dev/fuse
mounts:
- type: template
source: containers.conf.j2
destination: /etc/containers/containers.conf
- type: template
source: harp_entrypoint.sh.j2
destination: /entrypoint.sh
mode: "0755"
- type: volume
source: harp-certs
destination: /certs
# - type: volume
# source: harp-containers
# destination: /home/podman/.local/share/containers
env: {}
secrets:
- name: harp-shared-key
publish_ports:
- name: harp
type: socket
container_port: 8780
service_vhost_locations:
- path: /exapps/*
proxy_target_socket: /run/nextcloud-harp-socat.sock

9
roles/nextcloud/templates/containers.conf.j2 Normal file
View File

@@ -0,0 +1,9 @@
[containers]
ipcns = "host"
cgroupns = "host"
cgroups = "disabled"
log_driver = "k8s-file"
[engine]
cgroup_manager = "cgroupfs"
events_logger = "file"
runtime = "crun"

24
roles/nextcloud/templates/harp_entrypoint.sh.j2 Normal file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
# {{ ansible_managed }}
_term() {
echo "Received SIGTERM, stopping all containers"
kill "$child"
}
podman system service -t 0 &
podman run \
--rm \
-v /run/secrets/harp-shared-key:/run/secrets/harp-shared-key:ro \
-e HP_SHARED_KEY_FILE=/run/secrets/harp-shared-key \
-e NC_INSTANCE_URL="https://{{ nextcloud_domains[0] }}" \
-e HP_TRUSTED_PROXY_IPS="10.0.0.0/8" \
-v /tmp/storage-run-1000/podman/podman.sock:/var/run/docker.sock \
-v /certs:/certs \
--name harp \
--network host \
ghcr.io/nextcloud/nextcloud-appapi-harp:release &
child=$!
trap _term SIGTERM
wait