Compare commits
7 Commits
b7f30cf403
...
1490774f4a
Author | SHA1 | Date |
---|---|---|
Ethan Paul | 1490774f4a | |
Ethan Paul | a7012abf28 | |
Ethan Paul | 9ab3a40364 | |
Ethan Paul | 746399c1de | |
Ethan Paul | eb9d35ee56 | |
Ethan Paul | 1f9c4df494 | |
Ethan Paul | bb4fb4c48f |
|
@ -24,9 +24,9 @@
|
|||
- name: Configure local accounts
|
||||
hosts: all
|
||||
vars_files:
|
||||
- vars/accounts.yml
|
||||
- vars/secrets/passwords.yml
|
||||
- vars/sshkeys.yml
|
||||
- vars/accounts.yaml
|
||||
- vars/secrets/passwords.yaml
|
||||
- vars/sshkeys.yaml
|
||||
tasks:
|
||||
- name: Create omni group
|
||||
become: true
|
||||
|
|
|
@ -46,6 +46,16 @@
|
|||
group: "{{ omni_compose_apps[_runtime_application].account.name }}"
|
||||
mode: 0750
|
||||
|
||||
- name: Create datastore assets
|
||||
become: true
|
||||
template:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ omni_datastore_mount }}{{ omni_compose_apps[_runtime_application].datastore }}/{{ item.name }}"
|
||||
owner: "{{ omni_compose_apps[_runtime_application].account.name }}"
|
||||
group: "{{ omni_compose_apps[_runtime_application].account.name }}"
|
||||
mode: "{{ item.permissions | default(0644) }}"
|
||||
loop: "{{ omni_compose_apps[_runtime_application].assets | default([]) }}"
|
||||
|
||||
|
||||
- name: Configure docker stack
|
||||
hosts: jupiter
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
- name: Configure system settings
|
||||
hosts: all
|
||||
vars_files:
|
||||
- vars/packages.yml
|
||||
- vars/packages.yaml
|
||||
pre_tasks:
|
||||
- import_tasks: tasks/centos-8-kernelplus.yml
|
||||
tasks:
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
---
|
||||
version: "{{ omni_compose_version | string }}"
|
||||
|
||||
|
||||
networks:
|
||||
nextcloud:
|
||||
name: nextcloud
|
||||
driver: overlay
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: {{ omni_compose_apps.nextcloud.networks.main }}
|
||||
|
||||
|
||||
volumes:
|
||||
database:
|
||||
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/database
|
||||
driver: glusterfs
|
||||
data:
|
||||
name: datastore/{{ omni_compose_apps.nextcloud.datastore }}/userdata
|
||||
driver: glusterfs
|
||||
config:
|
||||
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/config
|
||||
driver: glusterfs
|
||||
proxy:
|
||||
name: datastore{{ omni_compose_apps.nextcloud.datastore }}/proxy
|
||||
driver: glusterfs
|
||||
|
||||
|
||||
services:
|
||||
database:
|
||||
image: mariadb:{{ omni_compose_apps.nextcloud.versions.database | default(omni_compose_apps.nextcloud.versions.default) }}
|
||||
hostname: nextcloud-database
|
||||
networks:
|
||||
- nextcloud
|
||||
volumes:
|
||||
- type: volume
|
||||
source: database
|
||||
target: /var/lib/mysql
|
||||
read_only: false
|
||||
environment:
|
||||
MYSQL_ROOT_PASSWORD: {{ omni_compose_app_secrets.nextcloud.database_password }}
|
||||
MYSQL_DATABASE: nextcloud
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
cache:
|
||||
image: redis:{{ omni_compose_apps.nextcloud.versions.cache | default(omni_compose_apps.nextcloud.versions.default) }}
|
||||
hostname: nextcloud-cache
|
||||
networks:
|
||||
- nextcloud
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
proxy:
|
||||
image: nginx:{{ omni_compose_apps.nextcloud.versions.proxy | default(omni_compose_apps.nextcloud.versions.default) }}
|
||||
hostname: nextcloud-proxy
|
||||
networks:
|
||||
- nextcloud
|
||||
depends_on:
|
||||
- server
|
||||
ports:
|
||||
- published: {{ omni_compose_apps.nextcloud.published.ports.80 }}
|
||||
target: 80
|
||||
protocol: tcp
|
||||
mode: ingress
|
||||
volumes:
|
||||
- type: volume
|
||||
source: config
|
||||
target: /usr/share/nginx/nextcloud
|
||||
read_only: true
|
||||
- type: volume
|
||||
source: proxy
|
||||
target: /etc/nginx/conf.d
|
||||
read_only: true
|
||||
deploy:
|
||||
replicas: 1
|
||||
|
||||
server:
|
||||
image: nextcloud:{{ omni_compose_apps.nextcloud.versions.server | default(omni_compose_apps.nextcloud.versions.default) }}
|
||||
hostname: nextcloud-server
|
||||
user: "{{ omni_compose_apps.nextcloud.account.uid }}"
|
||||
networks:
|
||||
- nextcloud
|
||||
depends_on:
|
||||
- database
|
||||
- cache
|
||||
volumes:
|
||||
- type: volume
|
||||
source: data
|
||||
target: /data
|
||||
read_only: false
|
||||
- type: volume
|
||||
source: config
|
||||
target: /var/www/html
|
||||
read_only: false
|
||||
environment:
|
||||
NEXTCLOUD_DATA_DIR: /data/
|
||||
NEXTCLOUD_ADMIN_USER: admin
|
||||
NEXTCLOUD_ADMIN_PASSWORD: {{ omni_compose_app_secrets.nextcloud.admin_password }}
|
||||
NEXTCLOUD_TRUSTED_DOMAINS: localhost {{ inventory_hostname }} {{ omni_compose_apps.nextcloud.published.host }}
|
||||
MYSQL_DATABASE: nextcloud
|
||||
MYSQL_USER: root
|
||||
MYSQL_PASSWORD: {{ omni_compose_app_secrets.nextcloud.database_password }}
|
||||
MYSQL_HOST: database
|
||||
REDIS_HOST: cache
|
||||
PHP_MEMORY_LIMIT: "4G"
|
||||
PHP_UPLOAD_LIMIT: "4G"
|
||||
deploy:
|
||||
replicas: 1
|
|
@ -0,0 +1,50 @@
|
|||
server {
|
||||
listen 80;
|
||||
root /usr/share/nginx/nextcloud;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~ [^/]\.php(/|$) {
|
||||
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
|
||||
if (!-f $document_root$fastcgi_script_name) {
|
||||
return 404;
|
||||
}
|
||||
|
||||
# Mitigate https://httpoxy.org/ vulnerabilities
|
||||
fastcgi_param HTTP_PROXY "";
|
||||
|
||||
fastcgi_pass server:9000;
|
||||
fastcgi_index index.php;
|
||||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param PATH_TRANSLATED /var/www/html$fastcgi_path_info;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT /var/www/html/;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
fastcgi_param HTTPS $https;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
fastcgi_param REDIRECT_STATUS 200;
|
||||
}
|
||||
}
|
|
@ -77,3 +77,8 @@ omni_users:
|
|||
uid: 1291
|
||||
targets: [datastore]
|
||||
svc: true
|
||||
|
||||
- name: mech_nextcloud
|
||||
uid: 1290
|
||||
targets: [datastore]
|
||||
svc: true
|
|
@ -109,3 +109,23 @@ omni_compose_apps:
|
|||
default: 1.1.2
|
||||
database: "10"
|
||||
cache: "6.2"
|
||||
|
||||
nextcloud:
|
||||
datastore: /appdata/nextcloud
|
||||
account:
|
||||
name: mech_nextcloud
|
||||
uid: 1290
|
||||
published:
|
||||
host: wsd.enp.one
|
||||
ports:
|
||||
80: 8082
|
||||
networks:
|
||||
main: 192.168.107.0/24
|
||||
versions:
|
||||
proxy: latest
|
||||
server: 21.0.1-fpm
|
||||
database: "10"
|
||||
cache: "6.2"
|
||||
assets:
|
||||
- src: nginx/nextcloud-proxy.conf
|
||||
name: proxy/nextcloud.conf
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 0248a5772ab9f35ce8cdf43dfe5926d59636baee
|
||||
Subproject commit 140d4a2a5a5cc57b091745d0b4ee26847817a70f
|
Reference in New Issue