# Nextcloud A full office suite and groupware proposition, though its main draw for most is the file synchronization abilities. AKA Dropbox replacement. This software can grow enormous and enormously complicated, this Ansible setup role concentrates on 3 things: * a stable and secure base setup from the official docker container * automatic setup of an email pipeline so users can reset passwords and be updated of changes * the ability to use S3 object storage as the primary way of storing users' files The rest should be taken care of either automatically, or supplied after the fact (if using different plugins or similar). ## Defaults ```yml nextcloud_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}" ``` The on-target directory where the proxy configuration files should be stashed. ```yml nextcloud_use_https: true ``` Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true` if facing the public internet. ```yml nextcloud_version: fpm nextcloud_db_version: 12 ``` The docker image version to be used in stack creation. The role sets up the `php-fpm` version of the official Nextcloud image. That means, Caddy is used in front as the server which presents all pages and access to files, the Nextcloud image itself only serves as the PHP data store. If changing the version to one relying on Nextcloud's in-built Apache server, take care to change where the upstream proxy is pointing to since the Caddy server in front loses its meaning. The second variable points to the docker image that should be used for the PostgreSQL database, with 12 pre-filled as default. You can put this to latest, but should take care to migrate the database correctly when an update rolls around, or it *will* destroy your data at some point. Generally, it seems easier to pin this to a specific version and then only update manually. ```yml subdomain_alias: files ``` If the deployed container should be served over a uri that is not the stack name. By default, it will be set to `files.yourdomain.com` - if this option is not set it will be served on `nextcloud.yourdomain.com` instead. If you change or delete this, you should also change what `nextcloud_trusted_domains` points to. ## Basic setup ```yml nextcloud_app_admin_username: mynextcloudusername nextcloud_app_admin_password: mynextcloudpassword nextcloud_redis_password: myredispass nextcloud_db_username: nextcloud nextcloud_db_password: secretnextcloud ``` Sets the default username and password for application and database. All of these variables are necessary to circumvent the manual installation process you would usually be faced with on first creating a Nextcloud instance. Ideally change all of these for your personal setup, but it is especially important to change the app admin login data since they are what is public facing. ```yml nextcloud_trusted_domains: "{{ subdomain_alias }}.{{ server_domain }}" ``` The domains that are allowed to access your Nextcloud instance. Should point to any domains that you want it accessible on, can be a space-separated list of them. Take care to include the sub-domain if your are accessing it through one of them. [Further explanation](https://blog.martyoeh.me/posts/2021-11-18-nextcloud-trusted-domains/). ## E-Mail setup ```yml nextcloud_smtp_host: smtp.mailgun.org (no default) nextcloud_smtp_secure: ssl nextcloud_smtp_port: 465 nextcloud_smtp_authtype: LOGIN nextcloud_smtp_username: (no default) nextcloud_smtp_password: (no default) nextcloud_smtp_from_address: noreply nextcloud_smtp_from_domain: "{{ server_domain }}" ``` To set up e-mail routing you will need to provide your smtp details here. The three lines absolutely necessary to fill in are: ```yml nextcloud_smtp_host: smtp.mailgun.org (no default) nextcloud_smtp_username: (no default) nextcloud_smtp_password: (no default) ``` Since they carry no default, you will have to supply your own details here. If the default settings of the other variables work for your provider, e-mail sending will automatically be set up in your Nextcloud instance (as for e.g. mailgun) otherwise change those accordingly as well. ## Primary S3 object storage ```yml nextcloud_s3_host: s3.eu-central-1.wasabisys.com (no default) nextcloud_s3_bucket: nextcloud (no default) nextcloud_s3_key: (no default) nextcloud_s3_secret: (no default) nextcloud_s3_port: 443 (no default) nextcloud_s3_ssl: true (no default) nextcloud_s3_region: eu-central-1 (no default) nextcloud_s3_usepath_style: true (no default) ``` To set up an object storage as primary file storage you will need to provide your S3-compatible details here. All lines are necessary to fill out correctly to enable S3. Since they carry no default, you will need to supply your own details for each variable. If your details are correct, Nextcloud should automatically set up S3 as its primary object storage. Be careful if you switch an existing data volume of the Nextcloud image to S3 as you will lose all access to existing files. The files *should* not be deleted at this point, only access will be lost, but you are playing with fire at this point.