hosting/cloudserve-infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
cloudserve-infrastructure/roles/nextcloud
History
Exact
Marty Oehme 0d7e99763f
feat(nextcloud): Add caddy server HSTS preload, webfinger
2025-02-03 21:34:58 +01:00
..
defaults fix(nextcloud): Default to backups enabled 2025-02-03 18:57:52 +01:00
files feat(nextcloud): Add caddy server HSTS preload, webfinger 2025-02-03 21:34:58 +01:00
handlers Apply prettier formatting 2024-06-24 20:36:55 +02:00
meta Apply prettier formatting 2024-06-24 20:36:55 +02:00
tasks chore(nextcloud): Update to Nextcloud 30 2025-01-28 15:55:28 +01:00
templates feat(restic): Add restic backup maintenance stack 2025-02-03 18:45:33 +01:00
vars Apply prettier formatting 2024-06-24 20:36:55 +02:00
README.md Apply prettier formatting 2024-06-24 20:36:55 +02:00

README.md

Nextcloud

A full office suite and groupware proposition, though its main draw for most is the file synchronization abilities. AKA Dropbox replacement.

This software can grow enormous and enormously complicated, this Ansible setup role concentrates on 3 things:

  • a stable and secure base setup from the official docker container
  • automatic setup of an email pipeline so users can reset passwords and be updated of changes
  • the ability to use S3 object storage as the primary way of storing users' files

The rest should be taken care of either automatically, or supplied after the fact (if using different plugins or similar).

Defaults

nextcloud_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"

The on-target directory where the proxy configuration files should be stashed.

nextcloud_use_https: true

Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay true if facing the public internet.

nextcloud_version: fpm
nextcloud_db_version: 12

The docker image version to be used in stack creation. The role sets up the php-fpm version of the official Nextcloud image. That means, Caddy is used in front as the server which presents all pages and access to files, the Nextcloud image itself only serves as the PHP data store.

If changing the version to one relying on Nextcloud's in-built Apache server, take care to change where the upstream proxy is pointing to since the Caddy server in front loses its meaning.

The second variable points to the docker image that should be used for the PostgreSQL database, with 12 pre-filled as default. You can put this to latest, but should take care to migrate the database correctly when an update rolls around, or it will destroy your data at some point. Generally, it seems easier to pin this to a specific version and then only update manually.

subdomain_alias: files

If the deployed container should be served over a uri that is not the stack name. By default, it will be set to files.yourdomain.com - if this option is not set it will be served on nextcloud.yourdomain.com instead. If you change or delete this, you should also change what nextcloud_trusted_domains points to.

Basic setup

nextcloud_app_admin_username: mynextcloudusername
nextcloud_app_admin_password: mynextcloudpassword
nextcloud_redis_password: myredispass
nextcloud_db_username: nextcloud
nextcloud_db_password: secretnextcloud

Sets the default username and password for application and database. All of these variables are necessary to circumvent the manual installation process you would usually be faced with on first creating a Nextcloud instance. Ideally change all of these for your personal setup, but it is especially important to change the app admin login data since they are what is public facing.

nextcloud_trusted_domains: "{{ subdomain_alias }}.{{ server_domain }}"

The domains that are allowed to access your Nextcloud instance. Should point to any domains that you want it accessible on, can be a space-separated list of them. Take care to include the sub-domain if your are accessing it through one of them. Further explanation.

E-Mail setup

nextcloud_smtp_host: smtp.mailgun.org (no default)
nextcloud_smtp_secure: ssl
nextcloud_smtp_port: 465
nextcloud_smtp_authtype: LOGIN
nextcloud_smtp_username: <smtp-username> (no default)
nextcloud_smtp_password: <smtp-password> (no default)
nextcloud_smtp_from_address: noreply
nextcloud_smtp_from_domain: "{{ server_domain }}"

To set up e-mail routing you will need to provide your smtp details here. The three lines absolutely necessary to fill in are:

nextcloud_smtp_host: smtp.mailgun.org (no default)
nextcloud_smtp_username: <smtp-username> (no default)
nextcloud_smtp_password: <smtp-password> (no default)

Since they carry no default, you will have to supply your own details here. If the default settings of the other variables work for your provider, e-mail sending will automatically be set up in your Nextcloud instance (as for e.g. mailgun) otherwise change those accordingly as well.

Primary S3 object storage

nextcloud_s3_host: s3.eu-central-1.wasabisys.com (no default)
nextcloud_s3_bucket: nextcloud (no default)
nextcloud_s3_key: <s3-key> (no default)
nextcloud_s3_secret: <s3-secret> (no default)
nextcloud_s3_port: 443 (no default)
nextcloud_s3_ssl: true (no default)
nextcloud_s3_region: eu-central-1 (no default)
nextcloud_s3_usepath_style: true (no default)

To set up an object storage as primary file storage you will need to provide your S3-compatible details here. All lines are necessary to fill out correctly to enable S3. Since they carry no default, you will need to supply your own details for each variable.

If your details are correct, Nextcloud should automatically set up S3 as its primary object storage.

Be careful if you switch an existing data volume of the Nextcloud image to S3 as you will lose all access to existing files. The files should not be deleted at this point, only access will be lost, but you are playing with fire at this point.