hosting/cloudserve-infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
cloudserve-infrastructure/roles/nextcloud/README.md

136 lines
5.2 KiB
Markdown
Raw Blame History

# Nextcloud
A full office suite and groupware proposition,
though its main draw for most is the file synchronization abilities.
AKA Dropbox replacement.
This software can grow enormous and enormously complicated,
this Ansible setup role concentrates on 3 things:
- a stable and secure base setup from the official docker container
- automatic setup of an email pipeline so users can reset passwords and be updated of changes
- the ability to use S3 object storage as the primary way of storing users' files
The rest should be taken care of either automatically,
or supplied after the fact (if using different plugins or similar).
## Defaults
```yml
nextcloud_upstream_file_dir: "{{ docker_stack_files_dir }}/{{ stack_name }}"
```
The on-target directory where the proxy configuration files should be stashed.
```yml
nextcloud_use_https: true
```
Whether the service should be reachable through http (port 80) or through https (port 443) and provision an https certificate. Usually you will want this to stay `true` if facing the public internet.
```yml
nextcloud_version: fpm
nextcloud_db_version: 12
```
The docker image version to be used in stack creation.
The role sets up the `php-fpm` version of the official Nextcloud image.
That means, Caddy is used in front as the server which presents all pages
and access to files, the Nextcloud image itself only serves as the PHP data store.
If changing the version to one relying on Nextcloud's in-built Apache server,
take care to change where the upstream proxy is pointing to since the Caddy server in front loses its meaning.
The second variable points to the docker image that should be used for the PostgreSQL database,
with 12 pre-filled as default.
You can put this to latest, but should take care to migrate the database correctly when an update rolls around,
or it _will_ destroy your data at some point.
Generally, it seems easier to pin this to a specific version and then only update manually.
```yml
subdomain_alias: files
```
If the deployed container should be served over a uri that is not the stack name.
By default, it will be set to `files.yourdomain.com` -
if this option is not set it will be served on `nextcloud.yourdomain.com` instead.
If you change or delete this, you should also change what `nextcloud_trusted_domains` points to.
## Basic setup
```yml
nextcloud_app_admin_username: mynextcloudusername
nextcloud_app_admin_password: mynextcloudpassword
nextcloud_redis_password: myredispass
nextcloud_db_username: nextcloud
nextcloud_db_password: secretnextcloud
```
Sets the default username and password for application and database.
All of these variables are necessary to circumvent the manual installation process
you would usually be faced with on first creating a Nextcloud instance.
Ideally change all of these for your personal setup,
but it is especially important to change the app admin login data since they are what is public facing.
```yml
nextcloud_trusted_domains: "{{ subdomain_alias }}.{{ server_domain }}"
```
The domains that are allowed to access your Nextcloud instance.
Should point to any domains that you want it accessible on,
can be a space-separated list of them.
Take care to include the sub-domain if your are accessing it through one of them.
[Further explanation](https://blog.martyoeh.me/posts/2021-11-18-nextcloud-trusted-domains/).
## E-Mail setup
```yml
nextcloud_smtp_host: smtp.mailgun.org (no default)
nextcloud_smtp_secure: ssl
nextcloud_smtp_port: 465
nextcloud_smtp_authtype: LOGIN
nextcloud_smtp_username: <smtp-username> (no default)
nextcloud_smtp_password: <smtp-password> (no default)
nextcloud_smtp_from_address: noreply
nextcloud_smtp_from_domain: "{{ server_domain }}"
```
To set up e-mail routing you will need to provide your smtp details here.
The three lines absolutely necessary to fill in are:
```yml
nextcloud_smtp_host: smtp.mailgun.org (no default)
nextcloud_smtp_username: <smtp-username> (no default)
nextcloud_smtp_password: <smtp-password> (no default)
```
Since they carry no default, you will have to supply your own details here.
If the default settings of the other variables work for your provider,
e-mail sending will automatically be set up in your Nextcloud instance
(as for e.g. mailgun)
otherwise change those accordingly as well.
## Primary S3 object storage
```yml
nextcloud_s3_host: s3.eu-central-1.wasabisys.com (no default)
nextcloud_s3_bucket: nextcloud (no default)
nextcloud_s3_key: <s3-key> (no default)
nextcloud_s3_secret: <s3-secret> (no default)
nextcloud_s3_port: 443 (no default)
nextcloud_s3_ssl: true (no default)
nextcloud_s3_region: eu-central-1 (no default)
nextcloud_s3_usepath_style: true (no default)
```
To set up an object storage as primary file storage you will need to provide your S3-compatible details here.
All lines are necessary to fill out correctly to enable S3.
Since they carry no default, you will need to supply your own details for each variable.
If your details are correct, Nextcloud should automatically set up S3 as its primary object storage.
Be careful if you switch an existing data volume of the Nextcloud image to S3
as you will lose all access to existing files.
The files _should_ not be deleted at this point,
only access will be lost,
but you are playing with fire at this point.
Reference in a new issue View git blame Copy permalink