From cb1a16909119b4ce8bc5e5b760d8901bbe606cad Mon Sep 17 00:00:00 2001
From: Gabriel Augendre <gabriel@augendre.info>
Date: Sat, 12 Oct 2024 13:33:33 +0200
Subject: [PATCH] add nextcloud

---
 new-app                                       |  5 ++
 playbooks/apps/all.yaml                       |  1 +
 playbooks/apps/files/nextcloud/README.md      | 12 +++
 .../apps/files/nextcloud/docker-compose.yaml  | 89 +++++++++++++++++++
 playbooks/apps/files/nextcloud/update         |  2 +
 playbooks/apps/nextcloud.yaml                 | 35 ++++++++
 .../templates/nextcloud/elasticsearch.env.j2  |  6 ++
 .../apps/templates/nextcloud/kibana.env.j2    |  3 +
 .../apps/templates/nextcloud/nextcloud.env.j2 | 12 +++
 .../apps/templates/nextcloud/postgres.env.j2  |  2 +
 10 files changed, 167 insertions(+)
 create mode 100644 playbooks/apps/files/nextcloud/README.md
 create mode 100644 playbooks/apps/files/nextcloud/docker-compose.yaml
 create mode 100755 playbooks/apps/files/nextcloud/update
 create mode 100644 playbooks/apps/nextcloud.yaml
 create mode 100644 playbooks/apps/templates/nextcloud/elasticsearch.env.j2
 create mode 100644 playbooks/apps/templates/nextcloud/kibana.env.j2
 create mode 100644 playbooks/apps/templates/nextcloud/nextcloud.env.j2
 create mode 100644 playbooks/apps/templates/nextcloud/postgres.env.j2

diff --git a/new-app b/new-app
index 9f498f3..513c52f 100755
--- a/new-app
+++ b/new-app
@@ -1,8 +1,13 @@
 #!/bin/bash
 
+set -euxo pipefail
+
 echo "creating directories for '$1'"
 mkdir -p "playbooks/apps/files/$1"
 mkdir -p "playbooks/apps/templates/$1"
 cp playbooks/apps/template.yaml.dist "playbooks/apps/$1.yaml"
 sed -i '' "s/==APP==/$1/g" "playbooks/apps/$1.yaml"
+git add .
+pre-commit run
+git add .
 echo "done"
diff --git a/playbooks/apps/all.yaml b/playbooks/apps/all.yaml
index 81aded8..fb51fa4 100644
--- a/playbooks/apps/all.yaml
+++ b/playbooks/apps/all.yaml
@@ -14,6 +14,7 @@
 - import_playbook: manuels.yaml # noqa: name[play]
 - import_playbook: media.yaml # noqa: name[play]
 - import_playbook: miniflux.yaml # noqa: name[play]
+- import_playbook: nextcloud.yaml # noqa: name[play]
 - import_playbook: portainer.yaml # noqa: name[play]
 - import_playbook: privatebin.yaml # noqa: name[play]
 - import_playbook: shortener.yaml # noqa: name[play]
diff --git a/playbooks/apps/files/nextcloud/README.md b/playbooks/apps/files/nextcloud/README.md
new file mode 100644
index 0000000..e8d7e79
--- /dev/null
+++ b/playbooks/apps/files/nextcloud/README.md
@@ -0,0 +1,12 @@
+To get help: `occ help <command>`
+To list commands: `occ list`
+
+## Examples
+Rescan file for modifications that happened outside nextcloud (e.g. on the filesystem directly).
+
+```bash
+/usr/bin/docker-compose -f /home/gaugendre/nextcloud/docker-compose.yaml exec --user www-data nextcloud php occ files:scan -p gaugendre/files/Photos
+```
+
+Calling `files:scan` without arguments will scan all files for all users. This may take a very long time.
+Scope to a user or a path instead.
diff --git a/playbooks/apps/files/nextcloud/docker-compose.yaml b/playbooks/apps/files/nextcloud/docker-compose.yaml
new file mode 100644
index 0000000..ed89eec
--- /dev/null
+++ b/playbooks/apps/files/nextcloud/docker-compose.yaml
@@ -0,0 +1,89 @@
+services:
+  nextcloud:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    restart: always
+    ports:
+      - "8003:80"
+    volumes:
+      - ./nextcloud_data:/var/www/html
+    env_file: nextcloud.env
+    depends_on:
+      - db
+      - redis
+    mem_limit: 1g
+    cpus: 3
+  fulltextsearchindex:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    restart: always
+    working_dir: /var/www/html
+    command: /var/www/html/occ fulltextsearch:live -q
+    user: '33:33'
+    volumes:
+      - ./nextcloud_data:/var/www/html
+    env_file: nextcloud.env
+    depends_on:
+      - db
+      - elasticsearch
+    mem_limit: 100m
+    cpus: 1
+  notify_push:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    working_dir: /var/www/html/config
+    command: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push config.php
+    restart: always
+    volumes:
+      - ./nextcloud_data:/var/www/html:ro
+    env_file: nextcloud.env
+    environment:
+      RUST_BACKTRACE: full
+      COLORBT_SHOW_HIDDEN: 1
+#      NEXTCLOUD_URL: http://nextcloud/
+    depends_on:
+      - nextcloud
+    ports:
+      - "8004:7867"
+    mem_limit: 150m
+  db:
+    image: postgres:15
+    restart: always
+    env_file: postgres.env
+    volumes:
+      - ./db_data:/var/lib/postgresql/data
+    mem_limit: 1g
+  redis:
+    image: redis:7
+    restart: always
+    mem_limit: 150m
+  elasticsearch:
+    image: custom-elastic
+    build:
+      context: ./elasticsearch/
+      pull: true
+      args:
+        ELASTIC_VERSION: "8.9.2"
+    restart: always
+    env_file: elasticsearch.env
+    mem_limit: 8g
+    volumes:
+      - ./elastic_data:/usr/share/elasticsearch/data
+      - ./elastic_backups:/backups
+  kibana:
+    image: docker.elastic.co/kibana/kibana:8.9.1
+    restart: always
+    env_file: kibana.env
+    ports:
+      - "9009:5601"
+    volumes:
+      - ./kibana_data:/usr/share/kibana/data
+      - ./elastic_backups:/backups
+    depends_on:
+      - elasticsearch
diff --git a/playbooks/apps/files/nextcloud/update b/playbooks/apps/files/nextcloud/update
new file mode 100755
index 0000000..07e6ab5
--- /dev/null
+++ b/playbooks/apps/files/nextcloud/update
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker compose build --pull elasticsearch nextcloud; docker compose pull kibana redis db; docker compose up -d
diff --git a/playbooks/apps/nextcloud.yaml b/playbooks/apps/nextcloud.yaml
new file mode 100644
index 0000000..3bc2171
--- /dev/null
+++ b/playbooks/apps/nextcloud.yaml
@@ -0,0 +1,35 @@
+---
+- name: Nextcloud
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Docker
+      ansible.builtin.include_role:
+        name: docker
+
+  vars:
+    docker_app_name: nextcloud
+    elastic_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      64313934396132333838376166663339376237643937366632636637323330303933343166303536
+      3138643465363162666237663032663165313837643763620a346662613162353337313436346335
+      63323765626463613535326564643262646431616531396361393864356237383663646666643330
+      3230653437316139630a653362653732626565353636383965303235633536646331313938613539
+      61313532653930333564613461363937643930313334373665353066323737346664
+    kibana_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      66326232323830316662373432326633396462366365656232306330343531363935393835306263
+      3963323930343533353336386633313465386264366130610a376331643364363436306161373239
+      66333833373038393761626438646530373831666637366634643462343936386635633135663436
+      6435336238376132610a303230613730313164653633656432633433356465643839376434396339
+      37633034623438623561373634653737323963326137663964396362356339326461
+    postgres_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      33656534393864633765356638633666343931396439343133643966333534383430373561386539
+      3266316439626465386234636533656231333930356632390a336631376266653038383837613861
+      33666239333333363536363338343639653535666161643965643338363562333230646263303032
+      3861623231343265640a663030316336393230633734643036633738393837353735313335343535
+      63383663363366336236653361623732383135333037613432393466626632353830323063663838
+      61333133303962363931633637646237343433303361656232653038323935623932333836663535
+      38613534316332393364363034366535373037373861363736613639656362643564393932356465
+      65626462626363633930
diff --git a/playbooks/apps/templates/nextcloud/elasticsearch.env.j2 b/playbooks/apps/templates/nextcloud/elasticsearch.env.j2
new file mode 100644
index 0000000..40df803
--- /dev/null
+++ b/playbooks/apps/templates/nextcloud/elasticsearch.env.j2
@@ -0,0 +1,6 @@
+discovery.type=single-node
+xpack.security.enabled=true
+ES_JAVA_OPTS=-Xms2g -Xmx2g
+ELASTIC_PASSWORD={{ elastic_password }}
+KIBANA_PASSWORD={{ kibana_password }}
+path.repo=/backups
diff --git a/playbooks/apps/templates/nextcloud/kibana.env.j2 b/playbooks/apps/templates/nextcloud/kibana.env.j2
new file mode 100644
index 0000000..cbd1072
--- /dev/null
+++ b/playbooks/apps/templates/nextcloud/kibana.env.j2
@@ -0,0 +1,3 @@
+ELASTICSEARCH_HOSTS=http://elasticsearch:9200
+ELASTICSEARCH_USERNAME=kibana_system
+ELASTICSEARCH_PASSWORD={{ kibana_password }}
diff --git a/playbooks/apps/templates/nextcloud/nextcloud.env.j2 b/playbooks/apps/templates/nextcloud/nextcloud.env.j2
new file mode 100644
index 0000000..9af6210
--- /dev/null
+++ b/playbooks/apps/templates/nextcloud/nextcloud.env.j2
@@ -0,0 +1,12 @@
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD={{ postgres_password }}
+POSTGRES_HOST=db
+
+NEXTCLOUD_TRUSTED_DOMAINS=cloud.augendre.info
+
+REDIS_HOST=redis
+OVERWRITEHOST=cloud.augendre.info
+OVERWRITEPROTOCOL=https
+TRUSTED_PROXIES=172.0.0.0/8
+APACHE_DISABLE_REWRITE_IP=1
diff --git a/playbooks/apps/templates/nextcloud/postgres.env.j2 b/playbooks/apps/templates/nextcloud/postgres.env.j2
new file mode 100644
index 0000000..dca9bc8
--- /dev/null
+++ b/playbooks/apps/templates/nextcloud/postgres.env.j2
@@ -0,0 +1,2 @@
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD={{ postgres_password }}