add nextcloud-aio wip

new-app

@@ -1,8 +1,13 @@
 #!/bin/bash
 
+set -euxo pipefail
+
 echo "creating directories for '$1'"
 mkdir -p "playbooks/apps/files/$1"
 mkdir -p "playbooks/apps/templates/$1"
 cp playbooks/apps/template.yaml.dist "playbooks/apps/$1.yaml"
 sed -i '' "s/==APP==/$1/g" "playbooks/apps/$1.yaml"
+git add .
+pre-commit run
+git add .
 echo "done"

playbooks/apps/all.yaml

@@ -14,8 +14,11 @@
 - import_playbook: manuels.yaml # noqa: name[play]
 - import_playbook: media.yaml # noqa: name[play]
 - import_playbook: miniflux.yaml # noqa: name[play]
+- import_playbook: nextcloud.yaml # noqa: name[play]
 - import_playbook: portainer.yaml # noqa: name[play]
 - import_playbook: privatebin.yaml # noqa: name[play]
 - import_playbook: shortener.yaml # noqa: name[play]
 - import_playbook: test_headers.yaml # noqa: name[play]
+- import_playbook: voice-pipeline.yaml # noqa: name[play]
 - import_playbook: wallabag.yaml # noqa: name[play]
+- import_playbook: ynab.yaml # noqa: name[play]

playbooks/apps/files/Caddyfile

@@ -129,6 +129,19 @@ tcl.augendre.info {
 	reverse_proxy localhost:8013
 }
 
+cloud-aio.augendre.info {
+	import common_headers
+	reverse_proxy localhost:8014
+}
+aio.augendre.info {
+	import common_headers
+	reverse_proxy https://localhost:8015 {
+		transport http {
+			tls_insecure_skip_verify
+		}
+	}
+}
+
 ## Ghost blogs (ports >=2368)
 #########################################################
 

playbooks/apps/files/nextcloud-aio/docker-compose.yaml

@@ -0,0 +1,19 @@
+services:
+  nextcloud:
+    image: nextcloud/all-in-one:latest
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config
+    environment:
+      APACHE_PORT: 8014
+      APACHE_IP_BINDING: 127.0.0.1
+      NEXTCLOUD_DATADIR: /mnt/data/nextcloud-aio/nextcloud_data
+    ports:
+      - "8015:8080"
+    restart: always
+    container_name: nextcloud-aio-mastercontainer
+    init: true
+
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer

playbooks/apps/files/nextcloud/README.md

@@ -0,0 +1,12 @@
+To get help: `occ help <command>`
+To list commands: `occ list`
+
+## Examples
+Rescan file for modifications that happened outside nextcloud (e.g. on the filesystem directly).
+
+```bash
+/usr/bin/docker-compose -f /home/gaugendre/nextcloud/docker-compose.yaml exec --user www-data nextcloud php occ files:scan -p gaugendre/files/Photos
+```
+
+Calling `files:scan` without arguments will scan all files for all users. This may take a very long time.
+Scope to a user or a path instead.

playbooks/apps/files/nextcloud/docker-compose.yaml

@@ -0,0 +1,89 @@
+services:
+  nextcloud:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    restart: always
+    ports:
+      - "8003:80"
+    volumes:
+      - ./nextcloud_data:/var/www/html
+    env_file: nextcloud.env
+    depends_on:
+      - db
+      - redis
+    mem_limit: 1g
+    cpus: 3
+  fulltextsearchindex:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    restart: always
+    working_dir: /var/www/html
+    command: /var/www/html/occ fulltextsearch:live -q
+    user: '33:33'
+    volumes:
+      - ./nextcloud_data:/var/www/html
+    env_file: nextcloud.env
+    depends_on:
+      - db
+      - elasticsearch
+    mem_limit: 100m
+    cpus: 1
+  notify_push:
+    build:
+      context: nextcloud_build
+      pull: true
+    image: nextcloud_local
+    working_dir: /var/www/html/config
+    command: /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push config.php
+    restart: always
+    volumes:
+      - ./nextcloud_data:/var/www/html:ro
+    env_file: nextcloud.env
+    environment:
+      RUST_BACKTRACE: full
+      COLORBT_SHOW_HIDDEN: 1
+#      NEXTCLOUD_URL: http://nextcloud/
+    depends_on:
+      - nextcloud
+    ports:
+      - "8004:7867"
+    mem_limit: 150m
+  db:
+    image: postgres:15
+    restart: always
+    env_file: postgres.env
+    volumes:
+      - ./db_data:/var/lib/postgresql/data
+    mem_limit: 1g
+  redis:
+    image: redis:7
+    restart: always
+    mem_limit: 150m
+  elasticsearch:
+    image: custom-elastic
+    build:
+      context: ./elasticsearch/
+      pull: true
+      args:
+        ELASTIC_VERSION: "8.9.2"
+    restart: always
+    env_file: elasticsearch.env
+    mem_limit: 8g
+    volumes:
+      - ./elastic_data:/usr/share/elasticsearch/data
+      - ./elastic_backups:/backups
+  kibana:
+    image: docker.elastic.co/kibana/kibana:8.9.1
+    restart: always
+    env_file: kibana.env
+    ports:
+      - "9009:5601"
+    volumes:
+      - ./kibana_data:/usr/share/kibana/data
+      - ./elastic_backups:/backups
+    depends_on:
+      - elasticsearch

playbooks/apps/files/nextcloud/update

@@ -0,0 +1,2 @@
+#!/bin/bash
+docker compose build --pull elasticsearch nextcloud; docker compose pull kibana redis db; docker compose up -d

playbooks/apps/files/voice-pipeline/docker-compose.yaml

@@ -0,0 +1,22 @@
+services:
+  piper:
+    image: rhasspy/wyoming-piper
+    restart: always
+    ports:
+      - '10200:10200'
+    volumes:
+      - './piper-data:/data'
+    command: --voice fr-siwis-medium
+    cpus: 1
+    mem_limit: 500m
+
+  whisper:
+    image: rhasspy/wyoming-whisper
+    restart: always
+    ports:
+      - '10300:10300'
+    volumes:
+      - './whisper-data:/data'
+    command: --model small --language fr --beam-size 10
+    cpus: 6
+    mem_limit: 8g

playbooks/apps/files/ynab/Dockerfile

@@ -0,0 +1,12 @@
+FROM debian:bullseye AS downloader
+WORKDIR /app
+RUN apt-get update && apt-get install -y wget
+ARG GECKODRIVER_VERSION="v0.30.0"
+ARG GECKODRIVER_FILENAME="geckodriver-$GECKODRIVER_VERSION-linux64"
+RUN wget -q https://github.com/mozilla/geckodriver/releases/download/v0.30.0/$GECKODRIVER_FILENAME.tar.gz && tar xvf $GECKODRIVER_FILENAME.tar.gz && rm $GECKODRIVER_FILENAME.tar.gz
+
+FROM python:3.10-slim-bullseye as final
+RUN apt-get update && apt-get install -y firefox-esr
+COPY --from=downloader /app/geckodriver /usr/local/bin/geckodriver
+RUN pip install ofx-processor==3.2.1
+CMD ["ynab", "lcl", "--download"]

playbooks/apps/files/ynab/config.ini

@@ -0,0 +1,40 @@
+$ANSIBLE_VAULT;1.1;AES256
+66323866373338366231613833303263636662663837326164633563646438353662333337356333
+3735363465313435306635303265633632343930366236650a373465346239393762666439333134
+39376535366433376535376530613261316563373730373664613033363662393463346235653361
+6131306264396333330a343665343131653366663761343637616136346165373133653931656132
+31373566336531363035666261316565366531626331613034356230663063343937316236373632
+65326639343439336466643430346530653065333564336338346434346466323861616334636234
+39323162343664663939656333353033656237366332653532343239373332663238376631393135
+33653936646362373231656635316133303365333931343665326538636334313236373432366537
+32366664653431616332616135373230666538643536383932326336643565373061353730393430
+63653037643364653936393334323865303162306239326663313565363031643639396130646239
+31613934373864616437646532623431383137643332333763623538633666306236616633666664
+38343162666331653739313764343461396461633233323030663663356364333563366234333533
+34313138336462313732366362383932396535643562633530326362336237616161323963666461
+35663930633166613131316438626234356331613164313566643463326263663339356539633137
+37626330646266663933623236333539363262326561313062303635373434653239653566633862
+66643164663032323861386431376261303163653338386334393334396532353933336631656166
+65376565626633333037393330373665383539666537626166646330353634653034393130343563
+30643363303439376334643965663666663164643666323032633036623738316365396666653564
+35653231353632303032346139656637383935323561343432333730306637663338316466373436
+30393031373263393263636361323930303738316438653562333737626163666364346135303661
+32366435653463636135386266373036393631643033303732393563336164646664616536346631
+34653563393638643765373232616530313933666665623637333965663662313532323334303636
+34653330393230613032333336353866393962613735343066363962333433343864616466343466
+62636663613037336437323539316535626630643137613734626137363536333863323336363261
+34646162623237666134356466316361663035333361663737616135333365373166343066306438
+63656634363338636434393538303965616435663033366334333265303933336139613931613438
+38636235346462653361373234643231376237366137363238306665396135616534633965393763
+35326533313933656431616238346263613433623931376233643234633737366361363830373431
+38373639666362383530323865326265323038353061363861363336373035666565376136363862
+31343030396237626534373263633131393964333563633434623131396638303138643466346538
+66356165396363643435646533663964353939646262626562303939326437316539373862343765
+35313865363232393865376235663762303939613238326530326332653437373436303030366165
+39386239336139653832353265313935363539626133333962313061333863646632366363333539
+66663463366339383033343830376334346165373264613964366638313966616331323662356561
+63346231663131663635363434313534306532316632373434303133656331633533666533626433
+62356333346539663161336237346236313732663966306563613832643632653433613735623261
+37346335373138623932383832616436346262643032363734313433663064623534613130343933
+35663237383536356332626231646135636334303037656631306235616137636639316561366531
+656337653332313532393239326431323831

playbooks/apps/files/ynab/docker-compose.yaml

@@ -0,0 +1,14 @@
+services:
+  ynab:
+    image: crocmagnon/ynab:latest
+    command:
+      - ynab
+      - lcl
+      - --download
+      - --send=home_assistant
+    restart: "no"
+    environment:
+      - PYTHONWARNINGS=ignore:The localize method is no longer necessary
+    volumes:
+      - ./config.ini:/root/.config/ofx_processor/config.ini:ro
+      - ./data:/data

playbooks/apps/files/ynab/run

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -uxo pipefail
+
+pushd /mnt/data/ynab
+docker compose --ansi never pull --quiet
+docker compose --ansi never down
+COMPOSE_HTTP_TIMEOUT=120 docker compose --ansi never up --abort-on-container-exit --exit-code-from ynab
+status=$?
+popd
+exit $status

playbooks/apps/nextcloud-aio.yaml

@@ -0,0 +1,11 @@
+---
+- name: Nextcloud2
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Docker
+      ansible.builtin.include_role:
+        name: docker
+
+  vars:
+    docker_app_name: nextcloud-aio

playbooks/apps/nextcloud.yaml

@@ -0,0 +1,35 @@
+---
+- name: Nextcloud
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Docker
+      ansible.builtin.include_role:
+        name: docker
+
+  vars:
+    docker_app_name: nextcloud
+    elastic_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      64313934396132333838376166663339376237643937366632636637323330303933343166303536
+      3138643465363162666237663032663165313837643763620a346662613162353337313436346335
+      63323765626463613535326564643262646431616531396361393864356237383663646666643330
+      3230653437316139630a653362653732626565353636383965303235633536646331313938613539
+      61313532653930333564613461363937643930313334373665353066323737346664
+    kibana_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      66326232323830316662373432326633396462366365656232306330343531363935393835306263
+      3963323930343533353336386633313465386264366130610a376331643364363436306161373239
+      66333833373038393761626438646530373831666637366634643462343936386635633135663436
+      6435336238376132610a303230613730313164653633656432633433356465643839376434396339
+      37633034623438623561373634653737323963326137663964396362356339326461
+    postgres_password: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      33656534393864633765356638633666343931396439343133643966333534383430373561386539
+      3266316439626465386234636533656231333930356632390a336631376266653038383837613861
+      33666239333333363536363338343639653535666161643965643338363562333230646263303032
+      3861623231343265640a663030316336393230633734643036633738393837353735313335343535
+      63383663363366336236653361623732383135333037613432393466626632353830323063663838
+      61333133303962363931633637646237343433303361656232653038323935623932333836663535
+      38613534316332393364363034366535373037373861363736613639656362643564393932356465
+      65626462626363633930

playbooks/apps/templates/nextcloud/elasticsearch.env.j2

@@ -0,0 +1,6 @@
+discovery.type=single-node
+xpack.security.enabled=true
+ES_JAVA_OPTS=-Xms2g -Xmx2g
+ELASTIC_PASSWORD={{ elastic_password }}
+KIBANA_PASSWORD={{ kibana_password }}
+path.repo=/backups

playbooks/apps/templates/nextcloud/kibana.env.j2

@@ -0,0 +1,3 @@
+ELASTICSEARCH_HOSTS=http://elasticsearch:9200
+ELASTICSEARCH_USERNAME=kibana_system
+ELASTICSEARCH_PASSWORD={{ kibana_password }}

playbooks/apps/templates/nextcloud/nextcloud.env.j2

@@ -0,0 +1,12 @@
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD={{ postgres_password }}
+POSTGRES_HOST=db
+
+NEXTCLOUD_TRUSTED_DOMAINS=cloud.augendre.info
+
+REDIS_HOST=redis
+OVERWRITEHOST=cloud.augendre.info
+OVERWRITEPROTOCOL=https
+TRUSTED_PROXIES=172.0.0.0/8
+APACHE_DISABLE_REWRITE_IP=1

playbooks/apps/templates/nextcloud/postgres.env.j2

@@ -0,0 +1,2 @@
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD={{ postgres_password }}

playbooks/apps/voice-pipeline.yaml

@@ -0,0 +1,11 @@
+---
+- name: Voice-pipeline
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Docker
+      ansible.builtin.include_role:
+        name: docker
+
+  vars:
+    docker_app_name: voice-pipeline

playbooks/apps/ynab.yaml

@@ -0,0 +1,24 @@
+---
+- name: YNAB
+  hosts: servers
+  gather_facts: false
+  tasks:
+    - name: Create dir
+      ansible.builtin.file:
+        path: "{{ dir }}"
+        state: directory
+        mode: "0775"
+    - name: Write files
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "{{ dir }}/"
+        mode: "0600"
+      with_fileglob:
+        - files/{{ app_name }}/*
+        - files/{{ app_name }}/.*
+      notify:
+        - Restart service
+
+  vars:
+    app_name: ynab
+    dir: /mnt/data/{{ app_name }}