diff --git a/roles/nextcloud/defaults/main.yaml b/roles/nextcloud/defaults/main.yaml index 79fa7a2..a19b634 100644 --- a/roles/nextcloud/defaults/main.yaml +++ b/roles/nextcloud/defaults/main.yaml @@ -1,2 +1,3 @@ --- nextcloud_tag: stable +nextcloud_install_harp: false diff --git a/roles/nextcloud/meta/argument_specs.yaml b/roles/nextcloud/meta/argument_specs.yaml index 2ee1504..43346a7 100644 --- a/roles/nextcloud/meta/argument_specs.yaml +++ b/roles/nextcloud/meta/argument_specs.yaml @@ -8,7 +8,7 @@ argument_specs: type: list required: true elements: str - nextcloud_admin_pw: + nextcloud_admin_password: description: Password of the initial admin user type: str required: true @@ -17,3 +17,8 @@ argument_specs: type: str required: false default: stable + nextcloud_install_harp: + description: Whether to install HaRP for nextcloud + type: bool + required: false + default: false diff --git a/roles/nextcloud/tasks/main.yaml b/roles/nextcloud/tasks/main.yaml index a4f1d21..b4be6c4 100644 --- a/roles/nextcloud/tasks/main.yaml +++ b/roles/nextcloud/tasks/main.yaml @@ -14,8 +14,8 @@ source: data destination: /var/www/html service_container_secrets: - - name: adminpw - value: "{{ nextcloud_admin_pw }}" + - name: admin-password + value: "{{ nextcloud_admin_password }}" - name: harp-shared-key service_container_env: POSTGRES_HOST: postgres @@ -26,39 +26,6 @@ TRUSTED_PROXIES: 10.0.0.0/8 NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domains | join(' ') }}" NEXTCLOUD_ADMIN_USER: admin - NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/adminpw - service_additional_containers: - - name: cron - entrypoint: /cron.sh - - name: harp - add_capabilities: - - CAP_SYS_ADMIN - image: quay.io/podman/stable:latest - user: podman - entrypoint: /entrypoint.sh - devices: - - source: /dev/fuse - mounts: - - type: template - source: containers.conf.j2 - destination: /etc/containers/containers.conf - - type: template - source: harp_entrypoint.sh.j2 - destination: /entrypoint.sh - mode: "0755" - - type: volume - source: harp-certs - destination: /certs -# - type: volume -# source: harp-containers -# destination: /home/podman/.local/share/containers - env: {} - secrets: - - name: harp-shared-key - publish_ports: - - name: harp - type: socket - container_port: 8780 - service_vhost_locations: - - path: /exapps/* - proxy_target_socket: /run/nextcloud-harp-socat.sock + NEXTCLOUD_ADMIN_PASSWORD_FILE: /run/secrets/admin-password + service_additional_containers: "{{ _nextcloud_additional_containers }}" + service_vhost_locations: "{{ _nextcloud_vhost_locations }}" diff --git a/roles/nextcloud/vars/main.yaml b/roles/nextcloud/vars/main.yaml new file mode 100644 index 0000000..1c2c8c8 --- /dev/null +++ b/roles/nextcloud/vars/main.yaml @@ -0,0 +1,45 @@ +--- +_nextcloud_cron_container: + name: cron + entrypoint: /cron.sh +_nextcloud_harp_container: + name: harp + add_capabilities: + - CAP_SYS_ADMIN + image: quay.io/podman/stable:latest + user: podman + entrypoint: /entrypoint.sh + devices: + - source: /dev/fuse + mounts: + - type: template + source: containers.conf.j2 + destination: /etc/containers/containers.conf + - type: template + source: harp_entrypoint.sh.j2 + destination: /entrypoint.sh + mode: "0755" + - type: volume + source: harp-certs + destination: /certs + - type: volume + source: harp-containers + destination: /home/podman/.local/share/containers + env: {} + secrets: + - name: harp-shared-key + publish_ports: + - name: harp + type: socket + container_port: 8780 +_nextcloud_additional_containers: >- + {{ + [_nextcloud_cron_container] + + ([_nextcloud_harp_container] if nextcloud_install_harp else []) + }} + +_nextcloud_harp_vhost_locations: + - path: /exapps/* + proxy_target_socket: /run/nextcloud-harp-socat.sock +_nextcloud_vhost_locations: >- + {{ _nextcloud_harp_vhost_locations if nextcloud_install_harp else [] }}