nkakouros-original / ansible-role-nextcloud Goto Github PK

nextcloud_version is used to create the url where Nextcloud will be downloaded from. The role also checks if there is an update available and if there is it re-downloads Nextcloud and re-installs it. The problem is that the url will be for the version defined in nextcloud_version and not the newer version.

TODO

• Parse the output of updater/updater.phar to get the update url
• Check if the update concerns the major version defined in nextcloud_update
• Run the update if so
• Add a new nextcloud_update: true variable to toggle the update functionality

For me, the update of the configuration file with items from nextcloud_config does not work as expected - the local variable content just never ends up on the machine. What is currently happening is:

• fetch config dict from instance
• get dict from nextcloud_config key
• Do comparison of flattened dicts, skip all if nextcloud_config <= global_config.

There are two issues I believe:

• we might need to call occ config::list --private to also get the database passwords etc, otherwise these are just **REMOVED SENSITIVE VALUE** entries
• Alternatively we could only compare if keys exist, but this would not catch a change in a parameter.
• merge the two dicts and compare the result against the one from the instance to see if there was a change, and then invoke the occ import command with the provided configuration.

What do you think? Does this make sense? Or is this working for you?

The only other place that variable is mention is in the molecule playbook, and as such won't be missing when running tests through molecule.

Sometimes, even after the role has taken care of integrity errors, an error message is shown in the admin interface. If I click rescan, the error is gone.

I have had the following issue with a custom nextcloud_installation_dir.
The role fails at Install nextcloud in tasks/core/install.yml if the nextcloud_installation_dir is present on the system. This seems to be the case because the nextcloud folder will not be renamed but moved inside nextcloud_installation_dir, if it exists already (Move nextcloud folder).

The role works fine as it is, if I take the following precautions:

• define nextcloud_installation_dir without a trailing slash

• nextcloud_installation_dir should not exist on the system

I propose to update defaults/main.yml and add a comment for documentation.

The first are stored in oc_appconfig the other in oc_preferences.

Once nextcloud/server#8092 is resolved we can resort to simpler JSON out parsing using a filter:

   become_user: "{{ nextcloud_file_owner }}"
-  register: nextcloud_installed_apps
+  register: _result
   changed_when: false
 
 - name: Remove non-json text from command output
   set_fact:
-    nextcloud_installed_apps: >-
-      {{
-        nextcloud_installed_apps.stdout[
-          (nextcloud_installed_apps.stdout.find('{')):
-        ]
-      }}
+    nextcloud_installed_apps: "{{ _result.stdout | from_json }}"

Support:

• system configuration (config.php file)
• app/core global configuration
• app/core per user configuration

Maybe, maybe not.

I was wondering what the best way is to configure a memcache like Redis. I course I could simply add the relevant parameters to nextcloud_config but we could also add some logic, exposing the individual configuration parameters and then adding them to nextcloud using php occ config:set?

I was thinking of e.g. Redis, mail SMTP etc.

With this we could also add some magic like checking if variables from geerlinguy.redis are around and automatically configure it appropriately (redis_requirepass etc).

Let me know what you think.

In tasks/setup.yml, I use lineinfile and blockinfile to edit the config.php file. Check if I can do the same more reliably via occ config:system:set.

Currently we are running the following tasks to set file permissions:

    - name: Find Nextcloud files
      find:
        path: "{{ nextcloud_installation_dir }}"
        file_type: any
        register: nextcloud_installation_files
      listen: nextcloud set secure file permissions
    - name: Set permissions on directories
      file:
        path: "{{ item.path }}"
        owner: "{{ nextcloud_file_owner }}"
        group: "{{ nextcloud_file_owner }}"
        mode: 0o750
        state: directory
        recurse: true
      loop: >-
        {{
          nextcloud_installation_files.files
          | selectattr('isdir')
          | list
        }}
      listen: nextcloud set secure file permissions
    # For files, we are using `shell` as `file` with a loop would take ages
    # to complete.
    - name: Set ownership on files
      command: >-
        find "{{ nextcloud_installation_dir }}"
          -type f
          -exec chown {{
                    nextcloud_file_owner }}:{{ nextcloud_file_owner }} {} \;
          -exec chmod 0640 {} \;
      changed_when: false

The only thing this does as far as I can see is to set 640 on all files and 650 on all directories, all with the nextcloud_file_owner user and group. We could simplify this to

    - name: Set Nextcloud file permissions
      file:
        path: "{{ nextcloud_installation_dir }}"
        mode: u=rwX,g=rX,o=0
        owner: "{{ nextcloud_file_owner }}"
        group: "{{ nextcloud_file_owner }}"
        recurse: true 

using the capital X notation of chmod:

execute/search only if the file is a directory or already has execute permission for some user (X)

This should give us the same result.

If the specified app is not found in the store, fail with a relevant error message.

Check also this

With Travis or sth else.