Browse Source

1.0

master
Blagovest Petrov 5 years ago
parent
commit
325adbc97f
11 changed files with 287 additions and 12 deletions
  1. +8
    -0
      TODO
  2. +15
    -0
      defaults/main.yml
  3. +1
    -0
      files/redis.ini
  4. +14
    -0
      handlers/main.yml
  5. +73
    -12
      tasks/main.yml
  6. +42
    -0
      tasks/php-redis.yml
  7. +11
    -0
      templates/logrotate.j2
  8. +93
    -0
      templates/nginx/owncloud.j2
  9. +16
    -0
      templates/owncloud/autoconfig.php.j2
  10. +9
    -0
      templates/owncloud/redis.config.php.j2
  11. +5
    -0
      vars/main.yml

+ 8
- 0
TODO View File

@ -0,0 +1,8 @@
* Generate random passwords for the OwnCloud admin and MySQL
* Deploy a custom theme from a given GIT repo
* Manage LDAP

+ 15
- 0
defaults/main.yml View File

@ -0,0 +1,15 @@
owncloud_hostname: 'cloud.example.com'
owncloud_data_dir: '/var/owncloud/data'
owncloud_mysql_user: 'owncloud'
owncloud_mysql_dbname: 'owncloud'
owncloud_mysql_password: 'fkerfkoenjknjkwcw'
owncloud_adminlogin: 'ocadmin'
owncloud_adminpass: 'adminpass'
redis_enabled: True
redis_host: 'localhost'
redis_port: '6379'

+ 1
- 0
files/redis.ini View File

@ -0,0 +1 @@
extension=redis.so

+ 14
- 0
handlers/main.yml View File

@ -0,0 +1,14 @@
- name: Restart nginx
service:
name : nginx
state: restarted
- name: Restart mysql
service:
name : mysql
state: restarted
- name: Restart php-fpm
service:
name : 'php7.0-fpm'
state: restarted

+ 73
- 12
tasks/main.yml View File

@ -1,15 +1,4 @@
- name: Add MariaDB Repository Key
apt_key:
state : 'present'
keyserver: 'keyserver.ubuntu.com'
id : '0xcbcb082a1bb943db'
- name: Setup MariaDB Repo
apt_repository:
repo: 'deb [arch=amd64,i386] http://ftp.hosteurope.de/mirror/mariadb.org/repo/10.1/ubuntu xenial main'
- name: Install MariaDB
apt: name=mariadb-server state=latest update_cache=yes
---
- name: Add OwnCloud Repository Key
apt_key:
@ -20,3 +9,75 @@
apt_repository:
repo: 'deb http://download.owncloud.org/download/repositories/stable/xUbuntu_16.04/ /'
- name: Update apt cache
apt: update_cache=yes
- name: Install OwnCloud Packages
apt: name='{{ item }}'
with_items: '{{ owncloud_packages }}'
- name: Configure nginx vhost
template:
src : 'nginx/owncloud.j2'
dest: '/etc/nginx/sites-enabled/owncloud'
mode: 0755
notify: Restart nginx
- name: Set MySQL log format to Mixed
ini_file:
dest: '/etc/mysql/my.cnf'
section: 'mysqld'
option: 'binlog_format'
value: 'MIXED'
state: 'present'
backup: 'yes'
notify: Restart mysql
- name: php-redis
include: 'php-redis.yml'
- name: Create MySQL database for OwnCloud
mysql_db:
db : '{{ owncloud_mysql_dbname }}'
state: 'present'
- name: Create MySQL user for OwnCloud
mysql_user:
name : '{{ owncloud_mysql_user }}'
password : '{{ owncloud_mysql_password }}'
state : 'present'
append_privs: yes
priv : 'owncloud.*:ALL'
- name: Ensure that OwnCloud data dir is present
file:
path : '{{ owncloud_data_dir }}'
state : directory
owner : 'www-data'
group : 'www-data'
recurse: yes
- name: Setup Logrotate for owncloud.log
template:
src : 'logrotate.j2'
dest : '/etc/logrotate.d/owncloud'
owner: 'root'
group: 'root'
mode : 0644
- name: Configure OwnCloud Autoconfig
template:
src : 'owncloud/autoconfig.php.j2'
dest : '/var/www/owncloud/config/autoconfig.php'
mode : 0744
owner: 'www-data'
group: 'www-data'
- name: Connect OwnCloud to Redis
template:
src : 'owncloud/redis.config.php.j2'
dest: '/var/www/owncloud/config/redis.config.php'
when: '{{ redis_enabled }}'

+ 42
- 0
tasks/php-redis.yml View File

@ -0,0 +1,42 @@
---
#- name: Install PHP Redis
# pear:
# name : 'redis'
# state: 'present'
#
# php-redis module is still not compiled for php7 in Pear
- name: Install Php redis dev packages
apt: name='{{ item }}'
with_items: '{{ php_redis_packages }}'
- name: Clone php-redis git repository
git:
repo : 'https://github.com/phpredis/phpredis.git'
dest : '/usr/src/phpredis'
version: 'php7'
- name: Phpize
command: '/usr/bin/phpize'
args:
chdir: '/usr/src/phpredis'
- name: Compile and install phpredis
command: '{{ item }}'
args:
chdir: '/usr/src/phpredis'
with_items:
- ./configure
- make
- make install
- name: Copy redis.ini
copy:
src : 'files/redis.ini'
dest: '/etc/php/7.0/mods-available'
- name: Enable PHP Redis module
command: '/usr/sbin/phpenmod redis'
notify: Restart php-fpm

+ 11
- 0
templates/logrotate.j2 View File

@ -0,0 +1,11 @@
# {{ ansible_managed }}
{{ owncloud_data_dir }}/owncloud.log {
rotate 12
weekly
missingok
notifempty
compress
su www-data www-data
delaycompress
}

+ 93
- 0
templates/nginx/owncloud.j2 View File

@ -0,0 +1,93 @@
upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
server {
listen 80;
server_name {{ owncloud_hostname }};
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}

+ 16
- 0
templates/owncloud/autoconfig.php.j2 View File

@ -0,0 +1,16 @@
<?php
$AUTOCONFIG = array(
"directory" => "{{ owncloud_data_dir }}",
"dbtype" => "mysql",
"dbname" => "{{ owncloud_mysql_dbname }}",
"dbuser" => "{{ owncloud_mysql_user }}",
"dbpass" => "{{ owncloud_mysql_password }}",
"dbhost" => "localhost",
"dbtablepredfix" => "oc_",
"adminlogin" => "{{ owncloud_adminlogin }}",
"adminpass" => "{{ owncloud_adminpass }}",
);

+ 9
- 0
templates/owncloud/redis.config.php.j2 View File

@ -0,0 +1,9 @@
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => '{{ redis_host }}',
'port' => {{ redis_port }},
),
'memcache.locking' => '\OC\Memcache\Redis',
);

+ 5
- 0
vars/main.yml View File

@ -21,6 +21,11 @@ owncloud_packages:
- 'php7.0-fpm'
- 'php7.0-ldap'
- 'php-smbclient'
- 'php-pear'
- 's-nail'
- 'libreoffice'
- 'imagemagick'
php_redis_packages:
- 'build-essential'
- 'php7.0-dev'

Loading…
Cancel
Save