phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2026-02-08 17:07:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add mailu and nextcloud

Browse source
This commit is contained in:
Paul-Henri Froidmont 2017-12-31 14:03:28 +01:00
parent 409828214b
commit 643ab3229a
20 changed files with 583 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/nextcloud-docker/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
---

14
roles/nextcloud-docker/files/nextcloud/Dockerfile.cron Normal file
View file

@ -0,0 +1,14 @@
FROM nextcloud:fpm
RUN apt-get update && apt-get install -y \
supervisor \
cron \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /var/log/supervisord /var/run/supervisord && \
echo "*/15 * * * * su - www-data -s /bin/bash -c \"php -f /var/www/html/cron.php\""| crontab -
COPY supervisord.conf /etc/supervisor/supervisord.conf
CMD ["/usr/bin/supervisord"]

15
roles/nextcloud-docker/files/nextcloud/config/.htaccess Executable file
View file

@ -0,0 +1,15 @@
# line below if for Apache 2.4
<ifModule mod_authz_core.c>
Require all denied
</ifModule>
# line below if for Apache 2.2
<ifModule !mod_authz_core.c>
deny from all
</ifModule>
# section for Apache 2.2 and 2.4
<ifModule mod_autoindex.c>
IndexIgnore *
</ifModule>

4
roles/nextcloud-docker/files/nextcloud/config/apcu.config.php Executable file
View file

@ -0,0 +1,4 @@
<?php
$CONFIG = array (
'memcache.local' => '\OC\Memcache\APCu',
);

15
roles/nextcloud-docker/files/nextcloud/config/apps.config.php Executable file
View file

@ -0,0 +1,15 @@
<?php
$CONFIG = array (
"apps_paths" => array (
0 => array (
"path" => OC::$SERVERROOT."/apps",
"url" => "/apps",
"writable" => false,
),
1 => array (
"path" => OC::$SERVERROOT."/custom_apps",
"url" => "/custom_apps",
"writable" => true,
),
),
);

111
roles/nextcloud-docker/files/nextcloud/config/nginx.conf Normal file
View file

@ -0,0 +1,111 @@
user www-data;
events {
worker_connections 768;
}
http {
upstream backend {
server app:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80;
# Add headers to serve security related headers
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 64 4K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# collabora static files
location ^~ /loleaflet {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://collabora:9980;
proxy_set_header Host $http_host;
}
# collabora websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://collabora:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
}

77
roles/nextcloud-docker/files/nextcloud/docker-compose.yml Normal file
View file

@ -0,0 +1,77 @@
version: '2.2'
networks:
proxy-tier:
external:
name: nginx-proxy
services:
web:
image: nginx
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf:ro
links:
- app
- collabora
volumes_from:
- app
environment:
- VIRTUAL_HOST=${CLOUD_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
networks:
- proxy-tier
restart: always
app:
build:
context: .
dockerfile: Dockerfile.cron
links:
- db
volumes:
- /var/lib/nextcloud/apps:/var/www/html/apps
- ./config:/var/www/html/config
- /var/lib/nextcloud/data:/var/www/html/data
- /media:/media
networks:
- proxy-tier
restart: always
db:
image: mariadb
volumes:
- /var/lib/nextcloud/db:/var/lib/mysql
- /backups/nextcloud:/backups
environment:
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
- MYSQL_DATABASE=${MYSQL_DATABASE}
- MYSQL_USER=${MYSQL_USER}
- MYSQL_PASSWORD=${MYSQL_PASSWORD}
networks:
- proxy-tier
restart: always
redis:
image: redis
networks:
- proxy-tier
restart: always
collabora:
image: collabora/code
cap_add:
- MKNOD
expose:
- 9980
environment:
- domain=${CLOUD_DOMAIN}
- VIRTUAL_HOST=${COLLABORA_DOMAIN}
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=9980
#- VIRTUAL_PROTO=https
# - LETSENCRYPT_HOST=${COLLABORA_DOMAIN}
# - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
networks:
- proxy-tier
restart: always

23
roles/nextcloud-docker/files/nextcloud/supervisord.conf Normal file
View file

@ -0,0 +1,23 @@
[supervisord]
nodaemon=true
logfile=/var/log/supervisord/supervisord.log
pidfile=/var/run/supervisord/supervisord.pid
childlogdir=/var/log/supervisord/
logfile_maxbytes=50MB ; maximum size of logfile before rotation
logfile_backups=10 ; number of backed up logfiles
loglevel=error
[program:php-fpm]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=php-fpm
[program:cron]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
command=cron -f

2
roles/nextcloud-docker/meta/main.yml Normal file
View file

@ -0,0 +1,2 @@
dependencies:
- nginx-proxy-docker

36
roles/nextcloud-docker/tasks/main.yml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Copy nextcloud docker files
copy:
src: nextcloud
dest: "{{docker_compose_files_folder}}"
- name: Create nextcloud .env
template:
src: nextcloud/.env
dest: "{{docker_compose_files_folder}}/nextcloud/.env"
- name: Create nextcloud config
template:
src: nextcloud/config/config.php
dest: "{{docker_compose_files_folder}}/nextcloud/config/config.php"
- name: Change config folder owner to http
file:
path: "{{docker_compose_files_folder}}/nextcloud/config"
owner: http
group: http
recurse: yes
- name: Build and start nextcloud docker project
docker_service:
project_src: "{{docker_compose_files_folder}}/nextcloud"
build: yes
state: present
- name: Check if database tables exist
command: docker-compose exec -T db mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud -e "show tables;"
args:
chdir: "{{docker_compose_files_folder}}/nextcloud/"
register: db_tables_exist
ignore_errors: true
changed_when: db_tables_exist.stdout_lines|length == 0
- name: Restore database
command: docker-compose exec -T db sh -c "mysql -u nextcloud -p{{nextcloud_mysql_password}} nextcloud < /backups/database.dmp"
args:
chdir: "{{docker_compose_files_folder}}/nextcloud/"
when: db_tables_exist.stdout_lines|length == 0

15
roles/nextcloud-docker/templates/nextcloud/.env Normal file
View file

@ -0,0 +1,15 @@
COMPOSE_PROJECT_NAME=nextcloud
#Domains
CLOUD_DOMAIN=cloud.banditlair.com
COLLABORA_DOMAIN=office.banditlair.com
#Letsencrypt
LETSENCRYPT_EMAIL=banditlair@outlook.com
#MySQL
MYSQL_ROOT_PASSWORD={{nextcloud_mysql_root_password}}
MYSQL_DATABASE=nextcloud
MYSQL_USER=nextcloud
MYSQL_PASSWORD={{nextcloud_mysql_password}}

61
roles/nextcloud-docker/templates/nextcloud/config/config.php Normal file
View file

@ -0,0 +1,61 @@
<?php
$CONFIG = array (
'instanceid' => 'ocbsz7gnyjst',
'passwordsalt' => '{{nextcloud_passwordsalt}}',
'secret' => '{{nextcloud_secret}}',
'trusted_domains' =>
array (
0 => 'localhost',
2 => 'cloud.banditlair.com',
),
'datadirectory' => '/var/www/html/data',
'overwrite.cli.url' => 'https://cloud.banditlair.com',
'dbtype' => 'mysql',
'version' => '12.0.4.3',
'dbname' => 'nextcloud',
'dbhost' => 'db',
'dbport' => '3306',
'dbtableprefix' => 'oc_',
'dbuser' => 'nextcloud',
'dbpassword' => '{{nextcloud_mysql_password}}',
'installed' => true,
'memcache.local' => '\\OC\\Memcache\\APCu',
'htaccess.RewriteBase' => '/',
'apps_paths' =>
array (
0 =>
array (
'path' => '/var/www/html/apps',
'url' => '/apps',
'writable' => false,
),
1 =>
array (
'path' => '/var/www/html/custom_apps',
'url' => '/custom_apps',
'writable' => true,
),
),
'maintenance' => false,
'updater.release.channel' => 'stable',
'loglevel' => '1',
'mail_smtpmode' => 'smtp',
'mail_smtpauthtype' => 'LOGIN',
'mail_smtpsecure' => 'ssl',
'mail_smtpauth' => 1,
'mail_from_address' => 'noreply',
'mail_domain' => 'banditlair.com',
'mail_smtphost' => 'mail.banditlair.com',
'mail_smtpport' => '465',
'mail_smtpname' => 'noreply@banditlair.com',
'mail_smtppassword' => '{{email_password}}',
'filelocking.enabled' => true,
'memcache.locking' => '\\OC\\Memcache\\Redis',
'redis' =>
array (
'host' => 'redis',
'port' => 6379,
'timeout' => 0.0,
'password' => '',
),
);