Ansible Role - NextCloud deployment

Ansible Role to deploy NextCloud on a linux server.

Molecule Logs: Short, Full

Tested:

• Debian 11

Install

# latest
ansible-galaxy role install git+https://github.com/ansibleguy/sw_nextcloud

# from galaxy
ansible-galaxy install ansibleguy.sw_nextcloud

# or to custom role-path
ansible-galaxy install ansibleguy.sw_nextcloud --roles-path ./roles

# install dependencies
ansible-galaxy install -r requirements.yml

Better Alternative

If you are able to use a dockerized setup, it will be much easier for you to maintain the official dockerized installation!

Functionality

• Package installation

  • NextCloud Server
    • Dependencies (php, ...)
    • Apache2 => using THIS Role
    • MariaDB => using THIS Role

• Configuration

  • Default opt-ins:

    • Database setup
    • Webserver setup
    • Redis-server (increased performance)
    • PHP management

  • Default opt-outs:

    • Optional PHP modules
    • Admin-tools
    • Enhanced security config (functionality might be impacted)

  • Default config:

    • Logging to syslog
    • Upload size limit 20GB
    • Certificate signed by minimal CA

Info

• Note: Most of the role's functionality can be opted in or out.

  For all available options - see the default-config located in the main defaults-file!

• Note: this role currently only supports debian-based systems

• Info: You can add custom config-overrides for PHP and the NextCloud by providing key-value pairs!

  PHP: nextcloud.php.cli/srv/fpm/fpm_pool

  NextCloud: nextcloud.settings

• Note: You can configure any target version of NextCloud to be installed!

  BE AWARE that the hardcoded dependencies might not work with all versions!

• Disclaimer: I'm not an expert regarding PHP-Setups - therefore some default settings might not be optimal.

  I copied it from the official docker image.

  If you have experience in that field => you are welcome to point out any possible optimizations. Just open an issue (:

• Info: You might need to add the server's certificate to your browser's exceptions if you use the 'selfsigned' or 'ca' certificate-type.

• Info: The machine running NextCloud should AT LEAST have 1GB of RAM to run somewhat OK.

  2-4GB would be recommended for entry-level setups. You might want/have to update the php memory-limit nextcloud.php.srv.memory_limitif you have more than 1GB available!

Usage

Config

Define the nextcloud dictionary as needed.

nextcloud:
  enhanced_security: true
  tools: true  # install useful admin-tools

  # version: '24.0.3'
  # upgrade: true => set to upgrade to newer version
  
  php:  # php config-file overrides
    srv:
      timezone: 'Europe/Vienna'
      memory_limit: '2G'
      post_max_size: '200G'
      upload_max_filesize: '200G'
  
  settings:  # nextcloud config-file overrides
    path_data: '/mnt/data'
    default_language: 'de'
    default_locale: 'de_DE'
    mail_from_address: 'nextcloud@template.ansibleguy.net'
    mail_smtphost: 'mail.template.ansibleguy.net'
  
  apache:
    domain: 'nextcloud.template.ansibleguy.net'
    aliases: ['nc.template.ansibleguy.net']
    ip: '192.168.0.100'  # else access via ip will be 'untrusted'

    ssl:
      mode: 'letsencrypt'  # or selfsigned/ca
      #  if you use 'selfsigned' or 'ca':
      #    cert:
      #      cn: 'NextCloud Server'
      #      org: 'AnsibleGuy'
      #      email: 'nextcloud@template.ansibleguy.net'
    letsencrypt:
      email: 'nextcloud@template.ansibleguy.net'

Bare minimum example:

nextcloud:
  php:
    srv:
      timezone: 'Europe/Vienna'
  
  apache:
    domain: 'nextcloud.template.ansibleguy.net'

You might want to use 'ansible-vault' to encrypt your passwords:

ansible-vault encrypt_string

Execution

Run the playbook:

ansible-playbook -K -D -i inventory/hosts.yml playbook.yml --ask-vault-pass

There are also some useful tags available:

• config
• php
• db
• certs