Add protonmail + cloud + fix prometheus

2023-05-20 16:36:15 +02:00 · 2023-05-20 16:36:15 +02:00 · 427838c903
commit 427838c903
parent 525c6ed2a4
13 changed files with 106 additions and 2 deletions
--- a/roles/cloud/files/cron.sh
+++ b/roles/cloud/files/cron.sh
@ -0,0 +1,2 @@
+#!/bin/sh
+docker-compose exec -T nextcloud su - www-data -s /bin/bash -c 'php -f /var/www/html/cron.php'
--- a/roles/cloud/tasks/base.yml
+++ b/roles/cloud/tasks/base.yml
@ -0,0 +1,39 @@
+---
+
+- name: Check cloud directory exist
+  ansible.builtin.file:
+    path: cloud
+    state: directory
+
+- name: Copy cloud conf
+  ansible.builtin.copy:
+    backup: true
+    src: .
+    dest: cloud/
+  register: cloud_copy_files_results
+
+- name: Copy template conf
+  ansible.builtin.template:
+    backup: true
+    src: "{{ item.src }}"
+    dest: "cloud/{{ item.dest }}"
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+  register: cloud_copy_templates_results
+
+- name: Force update and restart container
+  community.docker.docker_compose:
+    project_src: cloud
+    state: present
+    pull: true
+    restarted: true
+  when: cloud_copy_files_results.changed or cloud_copy_templates_results.changed
+  become: true
+
+- name: Update or start container
+  community.docker.docker_compose:
+    project_src: cloud
+    state: present
+    pull: true
+  when: not cloud_copy_files_results.changed and not cloud_copy_templates_results.changed
+  become: true
--- a/roles/cloud/tasks/cron.yml
+++ b/roles/cloud/tasks/cron.yml
@ -0,0 +1,7 @@
+---
+
+- name: Ensure a job that run all 5 minutes for nextcloud cron
+  ansible.builtin.cron:
+    name: "check dirs"
+    minute: "*/5"
+    job: "cd {{ ansible_env.HOME }}/cloud && ./cron.sh"
--- a/roles/cloud/tasks/main.yml
+++ b/roles/cloud/tasks/main.yml
@ -0,0 +1,7 @@
+---
+
+- ansible.builtin.import_tasks: base.yml
+  name: base
+
+- ansible.builtin.import_tasks: cron.yml
+  name: cron
--- a/roles/cloud/templates/docker-compose.yml.j2
+++ b/roles/cloud/templates/docker-compose.yml.j2
@ -0,0 +1,70 @@
+version: '3'
+
+services:
+  db:
+    image: postgres:14
+    restart: always
+    container_name: nextcloud_db
+    networks:
+      - internal
+    volumes:
+      - db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=nextcloud
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_USER=nextcloud
+
+  nextcloud:
+    image: nextcloud
+    restart: always
+    container_name: nextcloud
+    networks:
+      - proxy
+      - protonmail
+      - internal
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.middlewares.nextcloud-compress.compress=true"
+      - "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.regex=https://(.*)/.well-known/(card|cal)dav"
+      - "traefik.http.middlewares.nextcloud-regex-redirect.redirectregex.replacement=https://$$1/remote.php/dav/"
+      - "traefik.http.middlewares.nextcloud-headers.headers.frameDeny=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.sslRedirect=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.contentTypeNosniff=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsIncludeSubdomains=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsPreload=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.stsSeconds=31536000"
+      - "traefik.http.middlewares.nextcloud-headers.headers.referrerPolicy=same-origin"
+      - "traefik.http.middlewares.nextcloud-headers.headers.browserXssFilter=true"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customRequestHeaders.X-Forwarded-Proto=https"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customRequestHeaders.X-Robots-Tag=none"
+      - "traefik.http.middlewares.nextcloud-headers.headers.customFrameOptionsValue=SAMEORIGIN"
+      - "traefik.http.routers.nextcloud-secure.entrypoints=https"
+      - "traefik.http.routers.nextcloud-secure.rule=Host(`mycld.{{ server.domain }}`)"
+      - "traefik.http.routers.nextcloud-secure.tls=true"
+      - "traefik.http.routers.nextcloud-secure.tls.certresolver=sslResolver"
+      - "traefik.http.routers.nextcloud-secure.middlewares=nextcloud-compress,nextcloud-regex-redirect,nextcloud-headers"
+      # - "traefik.http.routers.nextcloud-secure.service=nextcloud"
+      # - "traefik.http.services.nextcloud.loadbalancer.server.port=9002"
+      - "traefik.docker.network=proxy"
+    environment:
+      - POSTGRES_PASSWORD=nextcloud
+      - POSTGRES_DATABASE=nextcloud
+      - POSTGRES_USER=nextcloud
+      - POSTGRES_HOST=db
+      - OVERWRITEPROTOCOL=https
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  internal:
+  proxy:
+    external: true
+  protonmail:
+    external: true