From 67185cc4b80886fbedc46ad7088572c90f991587 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 10 Sep 2019 15:12:46 +0200 Subject: [PATCH 01/10] Alternative ansible implementation --- .gitignore | 8 +- ansible.cfg | 5 + ansible.yml | 116 ++++++++++++++++++ inventory.example | 8 ++ ...se-base.yml => 01-docker-compose-base.yml} | 0 ...e.yml => 02-docker-compose-onlyoffice.yml} | 0 ...rks.yml => 03-docker-compose-networks.yml} | 0 templates/docker-compose/env | 27 ++++ .../docker}/docker-daemon.json | 2 +- templates/mail/update-notification.txt | 5 - 10 files changed, 158 insertions(+), 13 deletions(-) create mode 100644 ansible.cfg create mode 100644 ansible.yml create mode 100644 inventory.example rename templates/docker-compose/{docker-compose-base.yml => 01-docker-compose-base.yml} (100%) rename templates/docker-compose/{docker-compose-onlyoffice.yml => 02-docker-compose-onlyoffice.yml} (100%) rename templates/docker-compose/{docker-compose-networks.yml => 03-docker-compose-networks.yml} (100%) create mode 100644 templates/docker-compose/env rename {deployment/salt/base => templates/docker}/docker-daemon.json (75%) delete mode 100644 templates/mail/update-notification.txt diff --git a/.gitignore b/.gitignore index c393c8d..802a172 100644 --- a/.gitignore +++ b/.gitignore @@ -2,10 +2,4 @@ .idea *.iml -# docker config files -docker-compose.yml -.env - -# data for the local installation -config-dynamic/ -volumes/ +inventory diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..960a7c4 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,5 @@ +[defaults] +inventory=inventory + +[ssh_connection] +pipelining = True diff --git a/ansible.yml b/ansible.yml new file mode 100644 index 0000000..38e5fa2 --- /dev/null +++ b/ansible.yml @@ -0,0 +1,116 @@ +--- +- hosts: all + + # Install python if required + # https://www.josharcher.uk/code/ansible-python-connection-failure-ubuntu-server-1604/ + gather_facts: False + pre_tasks: + - name: install python for Ansible + raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal python-setuptools) + args: + executable: /bin/bash + register: output + changed_when: output.stdout != "" + - setup: # gather facts + + tasks: + - name: install dependencies + apt: + pkg: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'apache2-utils', + 'docker.io', 'docker-compose', 'gnupg2', 'pass', 'certbot'] + + - name: create folders + file: path={{item.path}} state=directory owner={{item.owner}} + with_items: + - { path: '/mnt/repo-base/', owner: root} + - { path: '/mnt/repo-base/volumes/', owner: root } + - { path: '/mnt/repo-base/volumes/nextcloud/config/', owner: www-data } + - { path: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/', owner: www-data } + - { path: '/mnt/repo-base/config-static/', owner: root } + - { path: '/mnt/repo-base/config-static/mail/', owner: root } + - { path: '/mnt/repo-base/config-static/nginx/', owner: root } + - { path: '/mnt/repo-base/config-dynamic/', owner: root } + - { path: '/mnt/repo-base/config-dynamic/automx/', owner: root } + - { path: '/mnt/repo-base/config-dynamic/letsencrypt/', owner: root } + - { path: '/mnt/repo-base/config-dynamic/nginx/', owner: root } + - { path: '/mnt/repo-base/scripts/', owner: root } + + - name: copy static config files + synchronize: + src: config-static/ + dest: /mnt/repo-base/config-static/ + recursive: yes + delete: yes + perms: yes + + - name: copy scripts + synchronize: + src: scripts/ + dest: /mnt/repo-base/scripts/ + recursive: yes + delete: yes + perms: yes + + - name: add all template files + template: src={{item.src}} dest={{item.dest}} + with_items: + - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env' } + - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf' } + - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php' } # TODO: need to read/generate instance id + - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini' } + - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json' } + vars: + postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" + +# TODO: doesnt account for multi domain installation + - name: create nginx config files + template: + src: {{ item }} + dest: /mnt/repo-base/config-dynamic/nginx/sites-enabled/{{ item | basename }} + with_fileglob: + - 'templates/nginx/sites-enabled/*' + + - name: generate docker-compose.yml + assemble: + src: templates/docker-compose/ + dest: /mnt/repo-base/docker-compose.yml + regexp: '*docker-compose-*.yml' + when: install_onlyoffice + + - name: generate docker-compose.yml + assemble: + src: templates/docker-compose/ + dest: /mnt/repo-base/docker-compose.yml + regexp: '01-docker-compose-base.yml|03-docker-compose-networks.yml' + when: not install_onlyoffice + +# TODO: doesnt account for multi domain installation + - name: request letsencrypt certificates + command: bash /mnt/repo-base/scripts/ssl-renew.sh + args: + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/{{domain}}/privkey.pem' + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/autoconfig.{{domain}}/privkey.pem' + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/autodiscover.{{domain}}/privkey.pem' + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/mail.{{domain}}/privkey.pem' + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/spam.{{domain}}/privkey.pem' + creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/welcome.{{domain}}/privkey.pem' + + - name: enable and start docker service + systemd: + name: docker + enabled: yes + state: started + + - name: start docker-compose + docker_compose: + project_src: /mnt/repo-base/ + state: present + pull: yes + restarted: yes + + - name: renew certbot certificates + cron: + special_time=daily + name=ssl-renew + job="bash /mnt/repo-base/scripts/ssl-renew.sh >> /mnt/repo-base/volumes/letsencrypt/letsencrypt-cron.log 2>&1" + diff --git a/inventory.example b/inventory.example new file mode 100644 index 0000000..667752c --- /dev/null +++ b/inventory.example @@ -0,0 +1,8 @@ +[peertube] +# define the username and hostname that you use for ssh connection, and specify the domain +myuser@example.com domain=example.com cache_size_gb=15 letsencrypt_contact_email=your@email.com +# you can also use a host that is defined in your ssh config +myserver domain=example.com install_onlyoffice=true/false contact_email=your@email.com + +[all:vars] +ansible_connection=ssh diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/01-docker-compose-base.yml similarity index 100% rename from templates/docker-compose/docker-compose-base.yml rename to templates/docker-compose/01-docker-compose-base.yml diff --git a/templates/docker-compose/docker-compose-onlyoffice.yml b/templates/docker-compose/02-docker-compose-onlyoffice.yml similarity index 100% rename from templates/docker-compose/docker-compose-onlyoffice.yml rename to templates/docker-compose/02-docker-compose-onlyoffice.yml diff --git a/templates/docker-compose/docker-compose-networks.yml b/templates/docker-compose/03-docker-compose-networks.yml similarity index 100% rename from templates/docker-compose/docker-compose-networks.yml rename to templates/docker-compose/03-docker-compose-networks.yml diff --git a/templates/docker-compose/env b/templates/docker-compose/env new file mode 100644 index 0000000..aa09daa --- /dev/null +++ b/templates/docker-compose/env @@ -0,0 +1,27 @@ +ALT_EMAIL=test@test.com +INSTALL_ONLYOFFICE=n +RSPAMD_PASSWORD=qvcNtUCr9Am26Oz9R7F0 +NEXTCLOUD_ADMIN_USER=ncadmin_ySPg +NEXTCLOUD_ADMIN_PASSWORD=vCTndg5dU0N3VGq0MWzA +MYSQL_USER_NC=nc_Gj5V +MYSQL_PASSWORD_NC=CkvAsU4W8WkO8BgIjMVp +MYSQL_DATABASE_NC=ncdb_8PBv +SMTP_PW=6YITMO2PniImXnYSPW09 +PFDB_DB=postfix +PFDB_USR=postfix +MYSQL_ROOT_PASSWORD=rf7ZwyEWdVHPeSVy4VwI +DBPASS=lu9yI6wOBw5cCEP1iHew +DBA_PASSWORD=ykoMKJ0k2ICjmu7a +DRIVE_SMTP_PASSWORD=tjZqpunzvfUQBjO1 +POSTFIXADMIN_SSH_PASSWORD=7R96sjOLTsf21IrEgL3K +CREATE_ACCOUNT_PASSWORD=MdQiho9wnEYZ3slH4uAc +PFA_SUPERADMIN_PASSWORD=1zMu74L4xAxM6J3Bw2 +ENABLE_POP3=false +DISABLE_RATELIMITING=false +DBA_USER=phpmyadmin +DOMAIN=cloudtest2.e.foundation +ADD_DOMAINS=cloudtest2.e.foundation +VHOSTS_ACCOUNTS=welcome.cloudtest2.e.foundation +SMTP_FROM=welcome@cloudtest2.e.foundation +SMTP_HOST=mail.cloudtest2.e.foundation +VIRTUAL_HOST=autoconfig.cloudtest2.e.foundation,autodiscover.cloudtest2.e.foundation diff --git a/deployment/salt/base/docker-daemon.json b/templates/docker/docker-daemon.json similarity index 75% rename from deployment/salt/base/docker-daemon.json rename to templates/docker/docker-daemon.json index 242c706..88efca4 100644 --- a/deployment/salt/base/docker-daemon.json +++ b/templates/docker/docker-daemon.json @@ -1,7 +1,7 @@ { "log-driver": "json-file", "log-opts": { - "max-size": "50m", + "max-size": "250m", "max-file": "4" } } diff --git a/templates/mail/update-notification.txt b/templates/mail/update-notification.txt deleted file mode 100644 index 04d42f8..0000000 --- a/templates/mail/update-notification.txt +++ /dev/null @@ -1,5 +0,0 @@ -Subject:Update available for @@@DOMAIN@@@ -A new update is available. Please login via ssh and run the following -command: - -bash /mnt/repo-base/scripts/update.sh -- GitLab From 39dc4dc5f8d92c4def9fdc8aabfc2f69fd845eb8 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 11 Sep 2019 16:11:49 +0200 Subject: [PATCH 02/10] various changes --- ansible.yml | 78 +++++++++++-------- inventory.example | 6 +- templates/automx/automx.conf | 6 +- templates/docker-compose/env | 16 ++-- templates/nextcloud/config.php | 12 +-- templates/nginx/sites-enabled/autoconfig.conf | 8 +- templates/nginx/sites-enabled/nextcloud.conf | 9 ++- templates/nginx/sites-enabled/onlyoffice.conf | 8 +- .../nginx/sites-enabled/postfixadmin.conf | 8 +- templates/nginx/sites-enabled/rspamd.conf | 8 +- templates/nginx/sites-enabled/welcome.conf | 8 +- 11 files changed, 89 insertions(+), 78 deletions(-) diff --git a/ansible.yml b/ansible.yml index 38e5fa2..0bf849b 100644 --- a/ansible.yml +++ b/ansible.yml @@ -35,56 +35,66 @@ - { path: '/mnt/repo-base/config-dynamic/nginx/', owner: root } - { path: '/mnt/repo-base/scripts/', owner: root } - - name: copy static config files - synchronize: - src: config-static/ - dest: /mnt/repo-base/config-static/ - recursive: yes - delete: yes - perms: yes + # TODO: synchronize is annoying because it prompts for ssh password every time + # we could use copy instead, but that wont delete old, unmanaged files + # https://stackoverflow.com/questions/16385507/ansible-delete-unmanaged-files-from-directory +# - name: copy static config files +# synchronize: +# src: config-static/ +# dest: /mnt/repo-base/config-static/ +# recursive: yes +# delete: yes +# perms: yes - - name: copy scripts - synchronize: - src: scripts/ - dest: /mnt/repo-base/scripts/ - recursive: yes - delete: yes - perms: yes +# - name: copy scripts +# synchronize: +# src: scripts/ +# dest: /mnt/repo-base/scripts/ +# recursive: yes +# delete: yes +# perms: yes - name: add all template files - template: src={{item.src}} dest={{item.dest}} + template: src={{item.src}} dest={{item.dest}} force={{item.force}} with_items: - - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env' } - - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf' } - - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php' } # TODO: need to read/generate instance id - - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini' } - - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json' } + - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env', force: yes } + - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf', force: yes } + - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php', force: no } + - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini', force: yes } + - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no } vars: postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" -# TODO: doesnt account for multi domain installation - - name: create nginx config files - template: - src: {{ item }} - dest: /mnt/repo-base/config-dynamic/nginx/sites-enabled/{{ item | basename }} - with_fileglob: - - 'templates/nginx/sites-enabled/*' + - name: add nginx config files + template: src=templates/nginx/sites-enabled/{{item.filename}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.filename}} + with_items: + - { filename: 'autoconfig.conf' } # TODO: need to copy this twice, as autoconfig and autodiscover (with different variables) + - { filename: 'nextcloud.conf' } + - { filename: 'postfixadmin.conf' } + - { filename: 'rspamd.conf' } + - { filename: 'welcome.conf' } + + - name: add onlyoffice nginx config file + template: src=templates/nginx/sites-enabled/onlyoffice.conf dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/onlyoffice.conf + when: install_onlyoffice - - name: generate docker-compose.yml + # TODO: check mode not supported for this task, wtf ansible + - name: generate docker-compose.yml with onlyoffice assemble: - src: templates/docker-compose/ + src: 'templates/docker-compose/' dest: /mnt/repo-base/docker-compose.yml + remote_src: no regexp: '*docker-compose-*.yml' - when: install_onlyoffice + when: install_onlyoffice - - name: generate docker-compose.yml + - name: generate docker-compose.yml without onlyoffice assemble: - src: templates/docker-compose/ + src: 'templates/docker-compose/' dest: /mnt/repo-base/docker-compose.yml + remote_src: no regexp: '01-docker-compose-base.yml|03-docker-compose-networks.yml' - when: not install_onlyoffice + when: not install_onlyoffice -# TODO: doesnt account for multi domain installation - name: request letsencrypt certificates command: bash /mnt/repo-base/scripts/ssl-renew.sh args: diff --git a/inventory.example b/inventory.example index 667752c..8240450 100644 --- a/inventory.example +++ b/inventory.example @@ -1,8 +1,8 @@ -[peertube] +[ecloud-selfhosting] # define the username and hostname that you use for ssh connection, and specify the domain -myuser@example.com domain=example.com cache_size_gb=15 letsencrypt_contact_email=your@email.com +myuser@example.com domain=example.com install_onlyoffice=True/False contact_email=your@email.com # you can also use a host that is defined in your ssh config -myserver domain=example.com install_onlyoffice=true/false contact_email=your@email.com +myserver domain=example.com install_onlyoffice=True/False contact_email=your@email.com [all:vars] ansible_connection=ssh diff --git a/templates/automx/automx.conf b/templates/automx/automx.conf index 8c69952..7b33f30 100644 --- a/templates/automx/automx.conf +++ b/templates/automx/automx.conf @@ -1,7 +1,7 @@ # file: /etc/automx.conf [automx] -provider = @@@DOMAIN@@@ +provider = {{ domain }} domains = * #debug = yes @@ -37,7 +37,7 @@ action = settings #sign_key = /certs/autodiscover.eelo.io.key smtp = yes -smtp_server = mail.@@@DOMAIN@@@ +smtp_server = mail.{{ domain }} smtp_port = 587 smtp_encryption = starttls smtp_auth = plaintext @@ -46,7 +46,7 @@ smtp_refresh_ttl = 6 smtp_default = yes imap = yes -imap_server = mail.@@@DOMAIN@@@ +imap_server = mail.{{ domain }} imap_port = 993 imap_encryption = ssl imap_auth = plaintext diff --git a/templates/docker-compose/env b/templates/docker-compose/env index aa09daa..291bb5d 100644 --- a/templates/docker-compose/env +++ b/templates/docker-compose/env @@ -1,5 +1,5 @@ -ALT_EMAIL=test@test.com -INSTALL_ONLYOFFICE=n +ALT_EMAIL={{ contact_email }} +INSTALL_ONLYOFFICE={{ install_onlyoffice }} RSPAMD_PASSWORD=qvcNtUCr9Am26Oz9R7F0 NEXTCLOUD_ADMIN_USER=ncadmin_ySPg NEXTCLOUD_ADMIN_PASSWORD=vCTndg5dU0N3VGq0MWzA @@ -19,9 +19,9 @@ PFA_SUPERADMIN_PASSWORD=1zMu74L4xAxM6J3Bw2 ENABLE_POP3=false DISABLE_RATELIMITING=false DBA_USER=phpmyadmin -DOMAIN=cloudtest2.e.foundation -ADD_DOMAINS=cloudtest2.e.foundation -VHOSTS_ACCOUNTS=welcome.cloudtest2.e.foundation -SMTP_FROM=welcome@cloudtest2.e.foundation -SMTP_HOST=mail.cloudtest2.e.foundation -VIRTUAL_HOST=autoconfig.cloudtest2.e.foundation,autodiscover.cloudtest2.e.foundation +DOMAIN={{ domain }} +ADD_DOMAINS={{ domain }} +VHOSTS_ACCOUNTS=welcome.{{ domain }} +SMTP_FROM=welcome@{{ domain }} +SMTP_HOST=mail.{{ domain }} +VIRTUAL_HOST=autoconfig.{{ domain }},autodiscover.{{ domain }} diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php index 1883133..a5cf715 100644 --- a/templates/nextcloud/config.php +++ b/templates/nextcloud/config.php @@ -1,6 +1,6 @@ 'https://mail.@@@DOMAIN@@@/users/password-recover.php', + 'lost_password_link' => 'https://mail.{{ domain }}/users/password-recover.php', 'htaccess.RewriteBase' => '/', 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\OC\Memcache\Redis', @@ -25,20 +25,20 @@ $CONFIG = array ( ), 'trusted_domains' => array ( - 0 => '@@@DOMAIN@@@', + 0 => '{{ domain }}', ), 'datadirectory' => '/var/www/html/data', - 'overwrite.cli.url' => 'https://@@@DOMAIN@@@', + 'overwrite.cli.url' => 'https://{{ domain }}', 'overwriteprotocol' => 'https', 'mysql.utf8mb4' => true, 'maintenance' => true, 'mail_from_address' => 'drive', 'mail_smtpmode' => 'smtp', 'mail_smtpauthtype' => 'PLAIN', - 'mail_domain' => '@@@DOMAIN@@@', + 'mail_domain' => '{{ domain }}', 'mail_smtpauth' => 1, - 'mail_smtphost' => 'mail.@@@DOMAIN@@@', - 'mail_smtpname' => 'drive@@@@DOMAIN@@@', + 'mail_smtphost' => 'mail.{{ domain }}', + 'mail_smtpname' => 'drive@{{ domain }}', 'mail_smtppassword' => '@@@DRIVE_SMTP_PASSWORD@@@', 'mail_smtpport' => '587', 'mail_smtpsecure' => 'tls', diff --git a/templates/nginx/sites-enabled/autoconfig.conf b/templates/nginx/sites-enabled/autoconfig.conf index b203a0b..ba378e8 100644 --- a/templates/nginx/sites-enabled/autoconfig.conf +++ b/templates/nginx/sites-enabled/autoconfig.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name @@@SERVICE@@@.@@@DOMAIN@@@; + server_name @@@SERVICE@@@.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name @@@SERVICE@@@.@@@DOMAIN@@@; + server_name @@@SERVICE@@@.{{ domain }}; - ssl_certificate /certs/live/@@@SERVICE@@@.@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/@@@SERVICE@@@.@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/@@@SERVICE@@@.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/@@@SERVICE@@@.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; diff --git a/templates/nginx/sites-enabled/nextcloud.conf b/templates/nginx/sites-enabled/nextcloud.conf index f8aebf5..220eba1 100644 --- a/templates/nginx/sites-enabled/nextcloud.conf +++ b/templates/nginx/sites-enabled/nextcloud.conf @@ -3,8 +3,9 @@ upstream php-handler { } server { +<<<<<<< HEAD listen 8000; - server_name @@@DOMAIN@@@; + server_name {{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -15,10 +16,10 @@ server { server { listen 4430 ssl http2; - server_name @@@DOMAIN@@@; + server_name {{ domain }}; - ssl_certificate /certs/live/@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; # We include these headers directly because some are already set by Nextcloud. diff --git a/templates/nginx/sites-enabled/onlyoffice.conf b/templates/nginx/sites-enabled/onlyoffice.conf index 25d7059..9d42cbe 100644 --- a/templates/nginx/sites-enabled/onlyoffice.conf +++ b/templates/nginx/sites-enabled/onlyoffice.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name office.@@@DOMAIN@@@; + server_name office.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name office.@@@DOMAIN@@@; + server_name office.{{ domain }}; - ssl_certificate /certs/live/office.@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/office.@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/office.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/office.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; diff --git a/templates/nginx/sites-enabled/postfixadmin.conf b/templates/nginx/sites-enabled/postfixadmin.conf index 714bef3..010872b 100644 --- a/templates/nginx/sites-enabled/postfixadmin.conf +++ b/templates/nginx/sites-enabled/postfixadmin.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name mail.@@@DOMAIN@@@; + server_name mail.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name mail.@@@DOMAIN@@@; + server_name mail.{{ domain }}; - ssl_certificate /certs/live/mail.@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/mail.@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/mail.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/mail.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; diff --git a/templates/nginx/sites-enabled/rspamd.conf b/templates/nginx/sites-enabled/rspamd.conf index 067b466..0925e24 100644 --- a/templates/nginx/sites-enabled/rspamd.conf +++ b/templates/nginx/sites-enabled/rspamd.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name spam.@@@DOMAIN@@@; + server_name spam.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name spam.@@@DOMAIN@@@; + server_name spam.{{ domain }}; - ssl_certificate /certs/live/spam.@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/spam.@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/spam.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/spam.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; diff --git a/templates/nginx/sites-enabled/welcome.conf b/templates/nginx/sites-enabled/welcome.conf index 25baf3f..5886eca 100644 --- a/templates/nginx/sites-enabled/welcome.conf +++ b/templates/nginx/sites-enabled/welcome.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name welcome.@@@DOMAIN@@@; + server_name welcome.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name welcome.@@@DOMAIN@@@; + server_name welcome.{{ domain }}; - ssl_certificate /certs/live/welcome.@@@DOMAIN@@@/fullchain.pem; - ssl_certificate_key /certs/live/welcome.@@@DOMAIN@@@/privkey.pem; + ssl_certificate /certs/live/welcome.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/welcome.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; -- GitLab From 5d9d59ccdd8cf3c054a1153a1e814d74fb809d73 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 13 Sep 2019 15:09:59 +0200 Subject: [PATCH 03/10] stuff --- ansible.yml | 17 ++++++++++------- templates/nginx/sites-enabled/autoconfig.conf | 8 ++++---- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ansible.yml b/ansible.yml index 0bf849b..bd64919 100644 --- a/ansible.yml +++ b/ansible.yml @@ -66,19 +66,22 @@ postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" - name: add nginx config files - template: src=templates/nginx/sites-enabled/{{item.filename}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.filename}} + template: src=templates/nginx/sites-enabled/{{item.src}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.dest}} with_items: - - { filename: 'autoconfig.conf' } # TODO: need to copy this twice, as autoconfig and autodiscover (with different variables) - - { filename: 'nextcloud.conf' } - - { filename: 'postfixadmin.conf' } - - { filename: 'rspamd.conf' } - - { filename: 'welcome.conf' } + # TODO: need to copy this twice, as autoconfig and autodiscover (with different variables) + # https://stackoverflow.com/a/40189525 + - { src: 'autoconfig.conf', dest: 'autodiscover.{{ domain }}.conf', service: 'autodiscover' } + - { src: 'autoconfig.conf', dest: 'autoconfig.{{ domain }}.conf', service: 'autoconfig' } + - { src: 'nextcloud.conf', dest: 'nextcloud.conf' } + - { src: 'postfixadmin.conf', dest: 'postfixadmin.conf' } + - { src: 'rspamd.conf', dest: 'rspamd.conf' } + - { src: 'welcome.conf', dest: 'welcome.conf' } - name: add onlyoffice nginx config file template: src=templates/nginx/sites-enabled/onlyoffice.conf dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/onlyoffice.conf when: install_onlyoffice - # TODO: check mode not supported for this task, wtf ansible + # TODO: check mode is not supported for this task, need to find an alternative so we can get diffs - name: generate docker-compose.yml with onlyoffice assemble: src: 'templates/docker-compose/' diff --git a/templates/nginx/sites-enabled/autoconfig.conf b/templates/nginx/sites-enabled/autoconfig.conf index ba378e8..8589dc9 100644 --- a/templates/nginx/sites-enabled/autoconfig.conf +++ b/templates/nginx/sites-enabled/autoconfig.conf @@ -1,6 +1,6 @@ server { listen 8000; - server_name @@@SERVICE@@@.{{ domain }}; + server_name {{ item.service }}.{{ domain }}; location /.well-known/acme-challenge/ { alias /etc/letsencrypt/acme-challenge/.well-known/acme-challenge/; } @@ -11,10 +11,10 @@ server { server { listen 4430 ssl http2; - server_name @@@SERVICE@@@.{{ domain }}; + server_name {{ item.service }}.{{ domain }}; - ssl_certificate /certs/live/@@@SERVICE@@@.{{ domain }}/fullchain.pem; - ssl_certificate_key /certs/live/@@@SERVICE@@@.{{ domain }}/privkey.pem; + ssl_certificate /certs/live/{{ item.service }}.{{ domain }}/fullchain.pem; + ssl_certificate_key /certs/live/{{ item.service }}.{{ domain }}/privkey.pem; include /etc/nginx/params/ssl_params; include /etc/nginx/params/headers_params; -- GitLab From cfa608e132225e9b2fcdc640a6ebc9d9308d3e36 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Fri, 13 Sep 2019 15:34:37 +0200 Subject: [PATCH 04/10] manage crontab --- ansible.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ansible.yml b/ansible.yml index bd64919..bb0c530 100644 --- a/ansible.yml +++ b/ansible.yml @@ -121,6 +121,16 @@ pull: yes restarted: yes + - name: remove unneeded lines from crontab + lineinfile: regexp={{item.regexp}} path=/var/spool/cron/crontabs/root state=absent + with_items: + - { regexp: 'Lines below here are managed by Salt, do not edit' } + - { regexp: 'SALT_CRON_IDENTIFIER:check-updates' } + - { regexp: 'SALT_CRON_IDENTIFIER:refresh-tls-certs' } + - { regexp: 'SALT_CRON_IDENTIFIER:sync-emails' } + - { regexp: 'bash /mnt/repo-base/scripts/sync-emails.sh' } + - { regexp: 'bash /mnt/repo-base/scripts/check-update.sh' } + - name: renew certbot certificates cron: special_time=daily -- GitLab From 6c87e1581374d2cccc4df4dc07b6e2859f0364a3 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Mon, 16 Sep 2019 16:35:16 +0200 Subject: [PATCH 05/10] various fixes --- .gitignore | 2 + ansible.yml | 123 ++++++++++++++++---------- scripts/postinstall.sh | 12 +++ templates/docker-compose/env | 27 +++--- templates/letsencrypt/ssl-domains.dat | 6 ++ 5 files changed, 107 insertions(+), 63 deletions(-) create mode 100644 templates/letsencrypt/ssl-domains.dat diff --git a/.gitignore b/.gitignore index 802a172..4403a68 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,6 @@ .idea *.iml +# ansible files inventory +passwords/ diff --git a/ansible.yml b/ansible.yml index bb0c530..d6987ea 100644 --- a/ansible.yml +++ b/ansible.yml @@ -19,6 +19,13 @@ pkg: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'apache2-utils', 'docker.io', 'docker-compose', 'gnupg2', 'pass', 'certbot'] + # TODO: in this case, it should read passwords etc from the server somehow + - name: detect if ecloud selfhosting is already installed (compatibility with old versions) + command: ls /mnt/repo-base/.git/ /mnt/repo-base/volumes/nextcloud/config/config.php && touch /mnt/repo-base/config-dynamic/.installation-complete + args: + creates: /mnt/repo-base/config-dynamic/.installation-complete + ignore_errors: yes + - name: create folders file: path={{item.path}} state=directory owner={{item.owner}} with_items: @@ -34,42 +41,49 @@ - { path: '/mnt/repo-base/config-dynamic/letsencrypt/', owner: root } - { path: '/mnt/repo-base/config-dynamic/nginx/', owner: root } - { path: '/mnt/repo-base/scripts/', owner: root } - - # TODO: synchronize is annoying because it prompts for ssh password every time - # we could use copy instead, but that wont delete old, unmanaged files - # https://stackoverflow.com/questions/16385507/ansible-delete-unmanaged-files-from-directory -# - name: copy static config files -# synchronize: -# src: config-static/ -# dest: /mnt/repo-base/config-static/ -# recursive: yes -# delete: yes -# perms: yes - -# - name: copy scripts -# synchronize: -# src: scripts/ -# dest: /mnt/repo-base/scripts/ -# recursive: yes -# delete: yes -# perms: yes + - { path: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew', owner: root } + - { path: '/mnt/repo-base/config-dynamic/nginx/sites-enabled', owner: root } + - { path: '/mnt/repo-base/volumes/accounts/', owner: www-data } + + # NOTE: This does not delete files that have been deleted from the repo, need to do that manually. + - name: copy static config files + copy: + src: config-static/ + dest: /mnt/repo-base/config-static/ + + - name: copy scripts + copy: + src: scripts/ + dest: /mnt/repo-base/scripts/ + mode: 0755 - name: add all template files - template: src={{item.src}} dest={{item.dest}} force={{item.force}} + template: src={{item.src}} dest={{item.dest}} force={{item.force}} owner={{item.owner}} with_items: - - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env', force: yes } - - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf', force: yes } - - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php', force: no } - - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini', force: yes } - - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no } + - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env', force: yes, owner: root } + - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf', force: yes, owner: www-data } + - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php', force: no, owner: www-data } + - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini', force: yes, owner: www-data } + - { src: 'templates/letsencrypt/ssl-domains.dat', dest: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat', force: yes, owner: root } + - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no, owner: root } vars: - postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" + rspamd_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/rspamd_password chars=ascii_letters,digits') }}" + nextcloud_admin_user: "ncadmin_{{ lookup('password', 'passwords/{{ inventory_hostname }}/nextcloud_admin_user chars=ascii_letters,digits', length=4) }}" + nextcloud_admin_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/nextcloud_admin_password chars=ascii_letters,digits') }}" + mysql_user_nextcloud: "nc_{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_user_nextcloud chars=ascii_letters,digits', length=4) }}" + mysql_password_nextcloud: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_password_nextcloud chars=ascii_letters,digits') }}" + mysql_database_nextcloud: "ncdb_{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_database_nextcloud chars=ascii_letters,digits', length=4) }}" + smtp_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/smtp_password chars=ascii_letters,digits') }}" + mysql_root_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_root_password chars=ascii_letters,digits') }}" + postfix_database_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postfix_database_password chars=ascii_letters,digits') }}" + drive_smtp_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/drive_smtp_password chars=ascii_letters,digits') }}" + postfixadmin_ssh_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postfixadmin_ssh_password chars=ascii_letters,digits') }}" + create_account_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/create_account_password chars=ascii_letters,digits') }}" + pfa_superadmin_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/pfa_superadmin_password chars=ascii_letters,digits') }}" - name: add nginx config files template: src=templates/nginx/sites-enabled/{{item.src}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.dest}} with_items: - # TODO: need to copy this twice, as autoconfig and autodiscover (with different variables) - # https://stackoverflow.com/a/40189525 - { src: 'autoconfig.conf', dest: 'autodiscover.{{ domain }}.conf', service: 'autodiscover' } - { src: 'autoconfig.conf', dest: 'autoconfig.{{ domain }}.conf', service: 'autoconfig' } - { src: 'nextcloud.conf', dest: 'nextcloud.conf' } @@ -81,32 +95,35 @@ template: src=templates/nginx/sites-enabled/onlyoffice.conf dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/onlyoffice.conf when: install_onlyoffice - # TODO: check mode is not supported for this task, need to find an alternative so we can get diffs - - name: generate docker-compose.yml with onlyoffice - assemble: - src: 'templates/docker-compose/' - dest: /mnt/repo-base/docker-compose.yml - remote_src: no - regexp: '*docker-compose-*.yml' + - name: generate docker-compose.yml with onlyoffice + copy: content={{ compose }} dest=/mnt/repo-base/docker-compose.yml + vars: + - { compose: "{{ lookup('file', 'templates/docker-compose/01-docker-compose-base.yml') }}\n{{ lookup('file', 'templates/docker-compose/02-docker-compose-onlyoffice.yml') }}\n{{ lookup('file', 'templates/docker-compose/03-docker-compose-networks.yml') }}\n" } when: install_onlyoffice - - name: generate docker-compose.yml without onlyoffice - assemble: - src: 'templates/docker-compose/' - dest: /mnt/repo-base/docker-compose.yml - remote_src: no - regexp: '01-docker-compose-base.yml|03-docker-compose-networks.yml' + - name: generate docker-compose.yml without onlyoffice + copy: content={{ compose }} dest=/mnt/repo-base/docker-compose.yml + vars: + - { compose: "{{ lookup('file', 'templates/docker-compose/01-docker-compose-base.yml') }}\n{{ lookup('file', 'templates/docker-compose/03-docker-compose-networks.yml') }}\n" } when: not install_onlyoffice - name: request letsencrypt certificates - command: bash /mnt/repo-base/scripts/ssl-renew.sh - args: - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/{{domain}}/privkey.pem' - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/autoconfig.{{domain}}/privkey.pem' - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/autodiscover.{{domain}}/privkey.pem' - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/mail.{{domain}}/privkey.pem' - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/spam.{{domain}}/privkey.pem' - creates: '/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/welcome.{{domain}}/privkey.pem' + command: "bash /mnt/repo-base/scripts/ssl-renew.sh creates=/mnt/repo-base/config-dynamic/letsencrypt/certstore/live/{{item.domain}}/privkey.pem" + with_items: + - { domain: '{{domain}}' } + - { domain: 'autoconfig.{{domain}}' } + - { domain: 'autodiscover.{{domain}}' } + - { domain: 'mail.{{domain}}' } + - { domain: 'spam.{{domain}}' } + - { domain: 'welcome.{{domain}}' } + + - name: add welcome config file + file: + path: /mnt/repo-base/volumes/accounts/auth.file.done + state: touch + owner: www-data + modification_time: preserve + access_time: preserve - name: enable and start docker service systemd: @@ -121,6 +138,14 @@ pull: yes restarted: yes + # NOTE: It is not possible to get realtime output from ansible tasks. + # https://github.com/ansible/ansible/issues/3887#issuecomment-54672569 + # TODO: fails with error Access denied for user 'root'@'localhost' (using password: YES) + - name: run postinstall script + command: bash /mnt/repo-base/scripts/postinstall.sh + args: + creates: /mnt/repo-base/config-dynamic/.installation-complete + - name: remove unneeded lines from crontab lineinfile: regexp={{item.regexp}} path=/var/spool/cron/crontabs/root state=absent with_items: diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh index 7d30ad4..84de862 100755 --- a/scripts/postinstall.sh +++ b/scripts/postinstall.sh @@ -3,6 +3,16 @@ set -e source /mnt/repo-base/scripts/base.sh +echo -e "\nHack: restart everything to ensure that database and nextcloud are initialized" +docker-compose restart + +printf "$(date): Waiting for Nextcloud to finish installation" +# sleep for 300 seconds +for i in {0..300}; do + sleep 1 + printf "." +done + # Create Nextcloud mysql database and user docker-compose exec -T mariadb mysql --user=root --password="$MYSQL_ROOT_PASSWORD" \ -e "CREATE USER '$MYSQL_USER_NC'@'%' IDENTIFIED BY '$MYSQL_PASSWORD_NC';" @@ -65,6 +75,8 @@ echo -e "\n\n\n" echo -e "Please add the following records to your domain's DNS configuration:\n" find /mnt/repo-base/volumes/mail/dkim/ -maxdepth 1 -mindepth 1 -type d | while read line; do DOMAIN=$(basename $line); echo " - DKIM record (TXT) for $DOMAIN:" && cat $line/public.key; done +touch "config-dynamic/.installation-complete" + echo "=================================================================================================================================" echo "=================================================================================================================================" echo "Your logins:" diff --git a/templates/docker-compose/env b/templates/docker-compose/env index 291bb5d..5b2caf3 100644 --- a/templates/docker-compose/env +++ b/templates/docker-compose/env @@ -1,21 +1,20 @@ ALT_EMAIL={{ contact_email }} INSTALL_ONLYOFFICE={{ install_onlyoffice }} -RSPAMD_PASSWORD=qvcNtUCr9Am26Oz9R7F0 -NEXTCLOUD_ADMIN_USER=ncadmin_ySPg -NEXTCLOUD_ADMIN_PASSWORD=vCTndg5dU0N3VGq0MWzA -MYSQL_USER_NC=nc_Gj5V -MYSQL_PASSWORD_NC=CkvAsU4W8WkO8BgIjMVp -MYSQL_DATABASE_NC=ncdb_8PBv -SMTP_PW=6YITMO2PniImXnYSPW09 +RSPAMD_PASSWORD={{ rspamd_password }} +NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }} +NEXTCLOUD_ADMIN_PASSWORD={{ nextcloud_admin_password }} +MYSQL_USER_NC={{ mysql_user_nextcloud }} +MYSQL_PASSWORD_NC={{ mysql_password_nextcloud }} +MYSQL_DATABASE_NC={{ mysql_database_nextcloud }} +SMTP_PW={{ smtp_password }} PFDB_DB=postfix PFDB_USR=postfix -MYSQL_ROOT_PASSWORD=rf7ZwyEWdVHPeSVy4VwI -DBPASS=lu9yI6wOBw5cCEP1iHew -DBA_PASSWORD=ykoMKJ0k2ICjmu7a -DRIVE_SMTP_PASSWORD=tjZqpunzvfUQBjO1 -POSTFIXADMIN_SSH_PASSWORD=7R96sjOLTsf21IrEgL3K -CREATE_ACCOUNT_PASSWORD=MdQiho9wnEYZ3slH4uAc -PFA_SUPERADMIN_PASSWORD=1zMu74L4xAxM6J3Bw2 +MYSQL_ROOT_PASSWORD={{ mysql_root_password }} +DBPASS={{ postfix_database_password }} +DRIVE_SMTP_PASSWORD={{ drive_smtp_password }} +POSTFIXADMIN_SSH_PASSWORD={{ postfixadmin_ssh_password }} +CREATE_ACCOUNT_PASSWORD={{ create_account_password }} +PFA_SUPERADMIN_PASSWORD={{ pfa_superadmin_password }} ENABLE_POP3=false DISABLE_RATELIMITING=false DBA_USER=phpmyadmin diff --git a/templates/letsencrypt/ssl-domains.dat b/templates/letsencrypt/ssl-domains.dat new file mode 100644 index 0000000..ca9a803 --- /dev/null +++ b/templates/letsencrypt/ssl-domains.dat @@ -0,0 +1,6 @@ +{{ domain }} +autoconfig.{{ domain }} +autodiscover.{{ domain }} +mail.{{ domain }} +spam.{{ domain }} +welcome.{{ domain }} -- GitLab From 98e842dbefd19fac130822b4b5d5e4052ee280ac Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Wed, 18 Sep 2019 12:34:43 +0200 Subject: [PATCH 06/10] add uninstall config --- ansible.yml | 2 +- uninstall.yml | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 uninstall.yml diff --git a/ansible.yml b/ansible.yml index d6987ea..3ed15ac 100644 --- a/ansible.yml +++ b/ansible.yml @@ -141,7 +141,7 @@ # NOTE: It is not possible to get realtime output from ansible tasks. # https://github.com/ansible/ansible/issues/3887#issuecomment-54672569 # TODO: fails with error Access denied for user 'root'@'localhost' (using password: YES) - - name: run postinstall script + - name: run postinstall script (this will take a while) command: bash /mnt/repo-base/scripts/postinstall.sh args: creates: /mnt/repo-base/config-dynamic/.installation-complete diff --git a/uninstall.yml b/uninstall.yml new file mode 100644 index 0000000..d97eeda --- /dev/null +++ b/uninstall.yml @@ -0,0 +1,50 @@ +--- +- hosts: all + + vars_prompt: + + - name: confirm_uninstall + prompt: "Do you really want to uninstall ecloud from domain? This will delete all data and can not be reverted [yes/no]" + private: no + + - name: delete_certs + prompt: "Delete certificates? Select 'no' if you want to reinstall ecloud [yes/no]" + private: no + + tasks: + - name: end play if no confirmation was given + debug: + msg: "Uninstall cancelled, doing nothing" + when: not confirm_uninstall|bool + + - meta: end_play + when: not confirm_uninstall|bool + + - name: stop docker-compose + docker_compose: + project_src: /mnt/repo-base/ + state: absent + + - name: delete data + file: path={{item.path}} state=absent + with_items: + - { path: '/mnt/repo-base/docker-compose.yml'} + - { path: '/mnt/repo-base/volumes/'} + - { path: '/mnt/repo-base/config-static/' } + - { path: '/mnt/repo-base/scripts/' } + - { path: '/mnt/repo-base/config-dynamic/automx/' } + - { path: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/' } + - { path: '/mnt/repo-base/config-dynamic/letsencrypt/acme-challenge/' } + - { path: '/mnt/repo-base/config-dynamic/nextcloud/' } + - { path: '/mnt/repo-base/config-dynamic/nginx/' } + + - name: delete entire ecloud folder + file: path='/mnt/repo-base/' state=absent + when: delete_certs|bool + + - name: remove certbot cronjob + cron: + name=ssl-renew + state=absent + +# TODO: might want to remove docker and other packages, but we dont know if they are used elsewhere -- GitLab From 2bba68dfae2bae1b035b8384454a372dde698678 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 19 Sep 2019 16:35:40 +0200 Subject: [PATCH 07/10] read passwords from server --- .gitignore | 2 +- ansible.yml | 82 ++++++++++++++----- .../docker-compose/01-docker-compose-base.yml | 1 - uninstall.yml | 3 +- 4 files changed, 63 insertions(+), 25 deletions(-) diff --git a/.gitignore b/.gitignore index 4403a68..1a462a9 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ # ansible files inventory -passwords/ +credentials/ diff --git a/ansible.yml b/ansible.yml index 3ed15ac..7b8cd87 100644 --- a/ansible.yml +++ b/ansible.yml @@ -19,12 +19,47 @@ pkg: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'apache2-utils', 'docker.io', 'docker-compose', 'gnupg2', 'pass', 'certbot'] - # TODO: in this case, it should read passwords etc from the server somehow - name: detect if ecloud selfhosting is already installed (compatibility with old versions) - command: ls /mnt/repo-base/.git/ /mnt/repo-base/volumes/nextcloud/config/config.php && touch /mnt/repo-base/config-dynamic/.installation-complete + shell: ls /mnt/repo-base/.git/ /mnt/repo-base/volumes/nextcloud/config/config.php && touch /mnt/repo-base/config-dynamic/.installation-complete args: creates: /mnt/repo-base/config-dynamic/.installation-complete ignore_errors: yes + register: installation_complete_result + + - name: fetch existing passwords from server + block: + - name: fetch env file to read passwords + fetch: + src: /mnt/repo-base/.env + dest: credentials/env + flat: yes + + - name: create credentials folder + shell: mkdir -p credentials/{{ inventory_hostname }}/ + delegate_to: localhost + + - name: read variables from env file and write to credentials folder + shell: grep {{ item.env_var }} credentials/env | cut -d '=' -f2 | sed -e "s/^{{ item.remove_prefix }}//" > credentials/{{ inventory_hostname }}/{{ item.credentials_var }} + delegate_to: localhost + with_items: + - { env_var: 'RSPAMD_PASSWORD', credentials_var: 'rspamd_password', remove_prefix: '' } + - { env_var: 'NEXTCLOUD_ADMIN_USER', credentials_var: 'nextcloud_admin_user', remove_prefix: 'ncadmin_' } + - { env_var: 'NEXTCLOUD_ADMIN_PASSWORD', credentials_var: 'nextcloud_admin_password', remove_prefix: '' } + - { env_var: 'MYSQL_USER_NC', credentials_var: 'mysql_user_nextcloud', remove_prefix: 'nc_' } + - { env_var: 'MYSQL_PASSWORD_NC', credentials_var: 'mysql_password_nextcloud', remove_prefix: '' } + - { env_var: 'MYSQL_DATABASE_NC', credentials_var: 'mysql_database_nextcloud', remove_prefix: 'ncdb_' } + - { env_var: 'SMTP_PW', credentials_var: 'smtp_password', remove_prefix: '' } + - { env_var: 'MYSQL_ROOT_PASSWORD', credentials_var: 'mysql_root_password', remove_prefix: '' } + - { env_var: 'DBPASS', credentials_var: 'postfix_database_password', remove_prefix: '' } + - { env_var: 'DRIVE_SMTP_PASSWORD', credentials_var: 'drive_smtp_password', remove_prefix: '' } + - { env_var: 'POSTFIXADMIN_SSH_PASSWORD', credentials_var: 'postfixadmin_ssh_password', remove_prefix: '' } + - { env_var: 'CREATE_ACCOUNT_PASSWORD', credentials_var: 'create_account_password', remove_prefix: '' } + - { env_var: 'PFA_SUPERADMIN_PASSWORD', credentials_var: 'pfa_superadmin_password', remove_prefix: '' } + + - name: remove local copy of env file + command: rm credentials/env + delegate_to: localhost + when: installation_complete_result is changed # meaning that an existing ecloud installation was found on the server - name: create folders file: path={{item.path}} state=directory owner={{item.owner}} @@ -58,28 +93,29 @@ mode: 0755 - name: add all template files - template: src={{item.src}} dest={{item.dest}} force={{item.force}} owner={{item.owner}} + template: src={{item.src}} dest={{item.dest}} force={{item.force}} owner={{item.owner}} mode={{item.mode}} with_items: - - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env', force: yes, owner: root } - - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf', force: yes, owner: www-data } - - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php', force: no, owner: www-data } - - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini', force: yes, owner: www-data } - - { src: 'templates/letsencrypt/ssl-domains.dat', dest: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat', force: yes, owner: root } - - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no, owner: root } + - { src: 'templates/docker-compose/env', dest: '/mnt/repo-base/.env', force: yes, owner: root, mode: '0600' } + - { src: 'templates/automx/automx.conf', dest: '/mnt/repo-base/config-dynamic/automx/automx.conf', force: yes, owner: www-data, mode: '0644' } + - { src: 'templates/nextcloud/config.php', dest: '/mnt/repo-base/volumes/nextcloud/config/config.php', force: no, owner: www-data, mode: '0644' } + - { src: 'templates/rainloop/domain-config.ini', dest: '/mnt/repo-base/volumes/nextcloud/data/rainloop-storage/_data_/_default_/domains/{{ domain }}.ini', force: yes, owner: www-data, mode: '0644' } + - { src: 'templates/letsencrypt/ssl-domains.dat', dest: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat', force: yes, owner: root, mode: '0644' } + - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no, owner: root, mode: '0644' } vars: - rspamd_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/rspamd_password chars=ascii_letters,digits') }}" - nextcloud_admin_user: "ncadmin_{{ lookup('password', 'passwords/{{ inventory_hostname }}/nextcloud_admin_user chars=ascii_letters,digits', length=4) }}" - nextcloud_admin_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/nextcloud_admin_password chars=ascii_letters,digits') }}" - mysql_user_nextcloud: "nc_{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_user_nextcloud chars=ascii_letters,digits', length=4) }}" - mysql_password_nextcloud: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_password_nextcloud chars=ascii_letters,digits') }}" - mysql_database_nextcloud: "ncdb_{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_database_nextcloud chars=ascii_letters,digits', length=4) }}" - smtp_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/smtp_password chars=ascii_letters,digits') }}" - mysql_root_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/mysql_root_password chars=ascii_letters,digits') }}" - postfix_database_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postfix_database_password chars=ascii_letters,digits') }}" - drive_smtp_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/drive_smtp_password chars=ascii_letters,digits') }}" - postfixadmin_ssh_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postfixadmin_ssh_password chars=ascii_letters,digits') }}" - create_account_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/create_account_password chars=ascii_letters,digits') }}" - pfa_superadmin_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/pfa_superadmin_password chars=ascii_letters,digits') }}" + # TODO: this is not gonna work if variables use a different format (eg oc_ instead of nc_ for database) + rspamd_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/rspamd_password chars=ascii_letters,digits') }}" + nextcloud_admin_user: "ncadmin_{{ lookup('password', 'credentials/{{ inventory_hostname }}/nextcloud_admin_user chars=ascii_letters,digits', length=4) }}" + nextcloud_admin_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/nextcloud_admin_password chars=ascii_letters,digits') }}" + mysql_user_nextcloud: "nc_{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_user_nextcloud chars=ascii_letters,digits', length=4) }}" + mysql_password_nextcloud: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_password_nextcloud chars=ascii_letters,digits') }}" + mysql_database_nextcloud: "ncdb_{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_database_nextcloud chars=ascii_letters,digits', length=4) }}" + smtp_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/smtp_password chars=ascii_letters,digits') }}" + mysql_root_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_root_password chars=ascii_letters,digits') }}" + postfix_database_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/postfix_database_password chars=ascii_letters,digits') }}" + drive_smtp_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/drive_smtp_password chars=ascii_letters,digits') }}" + postfixadmin_ssh_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/postfixadmin_ssh_password chars=ascii_letters,digits') }}" + create_account_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/create_account_password chars=ascii_letters,digits') }}" + pfa_superadmin_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/pfa_superadmin_password chars=ascii_letters,digits') }}" - name: add nginx config files template: src=templates/nginx/sites-enabled/{{item.src}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.dest}} @@ -141,6 +177,8 @@ # NOTE: It is not possible to get realtime output from ansible tasks. # https://github.com/ansible/ansible/issues/3887#issuecomment-54672569 # TODO: fails with error Access denied for user 'root'@'localhost' (using password: YES) + # TODO: this works fine: MYSQL_RANDOM_ROOT_PASSWORD=yes + # TODO: also works when passing password directly, without var - name: run postinstall script (this will take a while) command: bash /mnt/repo-base/scripts/postinstall.sh args: diff --git a/templates/docker-compose/01-docker-compose-base.yml b/templates/docker-compose/01-docker-compose-base.yml index 866834e..b71c817 100644 --- a/templates/docker-compose/01-docker-compose-base.yml +++ b/templates/docker-compose/01-docker-compose-base.yml @@ -66,7 +66,6 @@ services: - MYSQL_PASSWORD=${DBPASS} volumes: - /mnt/repo-base/volumes/mysql/db:/var/lib/mysql - - /mnt/repo-base/config-dynamic/nextcloud/database:/docker-entrypoint-initdb.d redis: image: redis:5.0-alpine diff --git a/uninstall.yml b/uninstall.yml index d97eeda..f9fc921 100644 --- a/uninstall.yml +++ b/uninstall.yml @@ -4,7 +4,7 @@ vars_prompt: - name: confirm_uninstall - prompt: "Do you really want to uninstall ecloud from domain? This will delete all data and can not be reverted [yes/no]" + prompt: "Do you really want to uninstall ecloud? This will delete all data and can not be reverted [yes/no]" private: no - name: delete_certs @@ -32,6 +32,7 @@ - { path: '/mnt/repo-base/volumes/'} - { path: '/mnt/repo-base/config-static/' } - { path: '/mnt/repo-base/scripts/' } + - { path: '/mnt/repo-base/config-dynamic/.installation-complete' } - { path: '/mnt/repo-base/config-dynamic/automx/' } - { path: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/' } - { path: '/mnt/repo-base/config-dynamic/letsencrypt/acme-challenge/' } -- GitLab From f41fdb41c36e910be97c028c462b0271c46d296a Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 3 Oct 2019 14:29:26 +0200 Subject: [PATCH 08/10] dunno stuff --- ansible.yml | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/ansible.yml b/ansible.yml index 7b8cd87..0c10489 100644 --- a/ansible.yml +++ b/ansible.yml @@ -39,22 +39,22 @@ delegate_to: localhost - name: read variables from env file and write to credentials folder - shell: grep {{ item.env_var }} credentials/env | cut -d '=' -f2 | sed -e "s/^{{ item.remove_prefix }}//" > credentials/{{ inventory_hostname }}/{{ item.credentials_var }} + shell: grep {{ item.env_var }} credentials/env | cut -d '=' -f2 > credentials/{{ inventory_hostname }}/{{ item.credentials_var }} delegate_to: localhost with_items: - - { env_var: 'RSPAMD_PASSWORD', credentials_var: 'rspamd_password', remove_prefix: '' } - - { env_var: 'NEXTCLOUD_ADMIN_USER', credentials_var: 'nextcloud_admin_user', remove_prefix: 'ncadmin_' } - - { env_var: 'NEXTCLOUD_ADMIN_PASSWORD', credentials_var: 'nextcloud_admin_password', remove_prefix: '' } - - { env_var: 'MYSQL_USER_NC', credentials_var: 'mysql_user_nextcloud', remove_prefix: 'nc_' } - - { env_var: 'MYSQL_PASSWORD_NC', credentials_var: 'mysql_password_nextcloud', remove_prefix: '' } - - { env_var: 'MYSQL_DATABASE_NC', credentials_var: 'mysql_database_nextcloud', remove_prefix: 'ncdb_' } - - { env_var: 'SMTP_PW', credentials_var: 'smtp_password', remove_prefix: '' } - - { env_var: 'MYSQL_ROOT_PASSWORD', credentials_var: 'mysql_root_password', remove_prefix: '' } - - { env_var: 'DBPASS', credentials_var: 'postfix_database_password', remove_prefix: '' } - - { env_var: 'DRIVE_SMTP_PASSWORD', credentials_var: 'drive_smtp_password', remove_prefix: '' } - - { env_var: 'POSTFIXADMIN_SSH_PASSWORD', credentials_var: 'postfixadmin_ssh_password', remove_prefix: '' } - - { env_var: 'CREATE_ACCOUNT_PASSWORD', credentials_var: 'create_account_password', remove_prefix: '' } - - { env_var: 'PFA_SUPERADMIN_PASSWORD', credentials_var: 'pfa_superadmin_password', remove_prefix: '' } + - { env_var: 'RSPAMD_PASSWORD', credentials_var: 'rspamd_password' } + #- { env_var: 'NEXTCLOUD_ADMIN_USER', credentials_var: 'nextcloud_admin_user' } + - { env_var: 'NEXTCLOUD_ADMIN_PASSWORD', credentials_var: 'nextcloud_admin_password' } + - { env_var: 'MYSQL_USER_NC', credentials_var: 'mysql_user_nextcloud' } + - { env_var: 'MYSQL_PASSWORD_NC', credentials_var: 'mysql_password_nextcloud' } + - { env_var: 'MYSQL_DATABASE_NC', credentials_var: 'mysql_database_nextcloud' } + - { env_var: 'SMTP_PW', credentials_var: 'smtp_password' } + - { env_var: 'MYSQL_ROOT_PASSWORD', credentials_var: 'mysql_root_password' } + - { env_var: 'DBPASS', credentials_var: 'postfix_database_password' } + - { env_var: 'DRIVE_SMTP_PASSWORD', credentials_var: 'drive_smtp_password' } + - { env_var: 'POSTFIXADMIN_SSH_PASSWORD', credentials_var: 'postfixadmin_ssh_password' } + - { env_var: 'CREATE_ACCOUNT_PASSWORD', credentials_var: 'create_account_password' } + - { env_var: 'PFA_SUPERADMIN_PASSWORD', credentials_var: 'pfa_superadmin_password' } - name: remove local copy of env file command: rm credentials/env @@ -92,6 +92,18 @@ dest: /mnt/repo-base/scripts/ mode: 0755 + - name: generate random usernames if they dont exist + shell: if [ ! -e "credentials/{{ inventory_hostname }}/{{ item.name }}" ]; then echo "{{ item.prefix }}{{ item.random_id }}" > "credentials/{{ inventory_hostname }}/{{ item.name }}"; fi + delegate_to: localhost + vars: + mysql_user_nextcloud: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=4') }}" + nextcloud_admin_user: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=4') }}" + mysql_database_nextcloud: "{{ lookup('password', '/dev/null chars=ascii_letters,digits length=4') }}" + with_items: + - { name: "mysql_user_nextcloud", prefix: 'nc_', random_id: "{{ mysql_user_nextcloud }}" } + - { name: "nextcloud_admin_user", prefix: 'ncadmin_', random_id: "{{ nextcloud_admin_user }}" } + - { name: "mysql_database_nextcloud", prefix: 'ncdb_', random_id: "{{ mysql_database_nextcloud }}" } + - name: add all template files template: src={{item.src}} dest={{item.dest}} force={{item.force}} owner={{item.owner}} mode={{item.mode}} with_items: @@ -102,13 +114,9 @@ - { src: 'templates/letsencrypt/ssl-domains.dat', dest: '/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat', force: yes, owner: root, mode: '0644' } - { src: 'templates/docker/docker-daemon.json', dest: '/etc/docker/daemon.json', force: no, owner: root, mode: '0644' } vars: - # TODO: this is not gonna work if variables use a different format (eg oc_ instead of nc_ for database) rspamd_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/rspamd_password chars=ascii_letters,digits') }}" - nextcloud_admin_user: "ncadmin_{{ lookup('password', 'credentials/{{ inventory_hostname }}/nextcloud_admin_user chars=ascii_letters,digits', length=4) }}" nextcloud_admin_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/nextcloud_admin_password chars=ascii_letters,digits') }}" - mysql_user_nextcloud: "nc_{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_user_nextcloud chars=ascii_letters,digits', length=4) }}" mysql_password_nextcloud: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_password_nextcloud chars=ascii_letters,digits') }}" - mysql_database_nextcloud: "ncdb_{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_database_nextcloud chars=ascii_letters,digits', length=4) }}" smtp_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/smtp_password chars=ascii_letters,digits') }}" mysql_root_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/mysql_root_password chars=ascii_letters,digits') }}" postfix_database_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/postfix_database_password chars=ascii_letters,digits') }}" @@ -116,6 +124,9 @@ postfixadmin_ssh_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/postfixadmin_ssh_password chars=ascii_letters,digits') }}" create_account_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/create_account_password chars=ascii_letters,digits') }}" pfa_superadmin_password: "{{ lookup('password', 'credentials/{{ inventory_hostname }}/pfa_superadmin_password chars=ascii_letters,digits') }}" + mysql_user_nextcloud: "{{ lookup('file', 'credentials/{{ inventory_hostname }}/mysql_user_nextcloud') }}" + nextcloud_admin_user: "{{ lookup('file', 'credentials/{{ inventory_hostname }}/nextcloud_admin_user') }}" + mysql_database_nextcloud: "{{ lookup('file', 'credentials/{{ inventory_hostname }}/mysql_database_nextcloud') }}" - name: add nginx config files template: src=templates/nginx/sites-enabled/{{item.src}} dest=/mnt/repo-base/config-dynamic/nginx/sites-enabled/{{item.dest}} -- GitLab From 18cb7d80a3512282455a227fcb54f91482477238 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 7 Nov 2019 13:30:37 +0100 Subject: [PATCH 09/10] use correct variables for nextcloud config --- templates/nextcloud/config.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/nextcloud/config.php b/templates/nextcloud/config.php index a5cf715..9f8b066 100644 --- a/templates/nextcloud/config.php +++ b/templates/nextcloud/config.php @@ -48,9 +48,9 @@ $CONFIG = array ( 'db_type' => 'mariadb', 'db_host' => 'mariadb', 'db_port' => '3306', - 'db_name' => '@@@PFDB_DB@@@', - 'db_user' => '@@@PFDB_USR@@@', - 'db_password' => '@@@DBPASS@@@', + 'db_name' => '{{ mysql_database_nextcloud }}', + 'db_user' => '{{ mysql_user_nextcloud }}', + 'db_password' => '{{ mysql_password_nextcloud }}', 'mariadb_charset' => 'utf8mb4', 'queries' => array ( -- GitLab From 7edf4d2d8f0dffceea38bd3da3ef84c26f23a45b Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Tue, 19 Nov 2019 12:06:50 +0100 Subject: [PATCH 10/10] add dnsutils --- ansible.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible.yml b/ansible.yml index 0c10489..c6b8237 100644 --- a/ansible.yml +++ b/ansible.yml @@ -17,7 +17,7 @@ - name: install dependencies apt: pkg: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'apache2-utils', - 'docker.io', 'docker-compose', 'gnupg2', 'pass', 'certbot'] + 'docker.io', 'docker-compose', 'gnupg2', 'pass', 'certbot', 'dnsutils'] - name: detect if ecloud selfhosting is already installed (compatibility with old versions) shell: ls /mnt/repo-base/.git/ /mnt/repo-base/volumes/nextcloud/config/config.php && touch /mnt/repo-base/config-dynamic/.installation-complete -- GitLab