deploy nextcloud aio

host_vars/cm3588.yml

@@ -9,8 +9,127 @@ omz_zsh_theme: "clean"
 
 base_users_sshd_listen_address: "192.168.8.2"
 
-ip_before_reboot: "192.168.8.242"
+ip_before_reboot: "192.168.8.147"
 
 restart_host: true
 
+has_var_log_mount: true
+
 networking_restart_allow: true
+
+docker_daemon_options:
+  data-root: "/docker"
+  storage-driver: "overlay2"
+
+specific_packages:
+  - btrfs-progs
+
+btrfssubvol_mount_parent: "/btrfs"
+btrfssubvol_mount_options:
+  - noatime
+  - ssd
+  - discard=async
+  - noatime
+  - commit=10
+btrfssubvol_device_uuid: "c2fa6e88-e541-4e8f-aa7c-b17d0d665249"
+btrfssubvol_subvolumes:
+  - name: logs
+    mount_point: /var/log
+  - name: snapshots
+  - name: nextcloud
+    owner: reaper
+    mount_point: /nextcloud
+  - name: docker
+    mount_point: /docker
+  - name: compose
+    owner: reaper
+    mount_point: /compose
+
+# compose
+docker_compose_project_name: nextcloudaio
+docker_compose_data_dir: /compose/nextcloudaio
+docker_compose_dotenv: |
+  # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
+  APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+  # BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
+  # COLLABORA_SECCOMP_DISABLED: false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+  # DOCKER_API_VERSION: 1.44 # You can adjust the internally used docker api version with this variable. ⚠️⚠️⚠️ Warning: please note that only the default api version (unset this variable) is supported and tested by the maintainers of Nextcloud AIO. So use this on your own risk and things might break without warning. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-internally-used-docker-api-version
+  # FULLTEXTSEARCH_JAVA_OPTIONS: "-Xms1024M -Xmx1024M" # Allows to adjust the fulltextsearch java options. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-fulltextsearch-java-options
+  NEXTCLOUD_DATADIR: /nextcloud # Allows to set the host directory for Nextcloud's datadir. ⚠️⚠️⚠️ Warning: do not set or adjust this value after the initial Nextcloud installation is done! See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
+  # NEXTCLOUD_MOUNT: /mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
+  # NEXTCLOUD_UPLOAD_LIMIT: 16G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
+  # NEXTCLOUD_MAX_TIME: 3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
+  # NEXTCLOUD_MEMORY_LIMIT: 512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+  # NEXTCLOUD_TRUSTED_CACERTS_DIR: /path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
+  # NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+  # NEXTCLOUD_ADDITIONAL_APKS: imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
+  # NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+  # NEXTCLOUD_ENABLE_NVIDIA_GPU: true # This allows to enable the NVIDIA runtime and GPU access for containers that profit from it. ⚠️⚠️⚠️ Warning: this only works if an NVIDIA gpu is installed on the server. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud.
+  # NEXTCLOUD_KEEP_DISABLED_APPS: false # Setting this to true will keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed. See https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps
+  SKIP_DOMAIN_VALIDATION: true # This should only be set to true if things are correctly configured. See https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+  # TALK_PORT: 3478 # This allows to adjust the port that the talk container is using which is exposed on the host. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port
+  # WATCHTOWER_DOCKER_SOCKET_PATH: /var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+docker_compose_definition:
+  name: nextcloud-aio # Add the container to the same compose project like all the sibling containers are added to automatically.
+  services:
+    nextcloud-aio-mastercontainer:
+      image: ghcr.io/nextcloud-releases/all-in-one:latest # This is the container image used. You can switch to ghcr.io/nextcloud-releases/all-in-one:beta if you want to help testing new releases. See https://github.com/nextcloud/all-in-one#how-to-switch-the-channel
+      init: true # This setting makes sure that signals from main process inside the container are correctly forwarded to children. See https://docs.docker.com/reference/compose-file/services/#init
+      restart: always # This makes sure that the container starts always together with the host OS. See https://docs.docker.com/reference/compose-file/services/#restart
+      container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
+      volumes:
+        - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+        - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
+      # devices: ["/dev/dri"] # Uncomment to enable hardware acceleration. ⚠️⚠️⚠️ Warning: this only works if the '/dev/dri' device is present on the host! If it should not exist on your host, don't add this as otherwise the mastercontainer will fail to start! See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-acceleration-for-nextcloud
+      network_mode: bridge # This adds the container to the same network as docker run would do. Comment this line and uncomment the line below and the networks section at the end of the file if you want to define a custom MTU size for the docker network
+      # networks: ["nextcloud-aio"]
+      ports:
+        # - "80:80" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+        - "8080:8080" # This is the AIO interface, served via https and self-signed certificate. See https://github.com/nextcloud/all-in-one#explanation-of-used-ports
+        # - "8443:8443" # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # security_opt: ["label:disable"] # Is needed when using SELinux. See https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled
+      env_file: ".env"
+
+  #   # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/discussions/575
+  #   # Alternatively, use Tailscale if you don't have a domain yet. See https://github.com/nextcloud/all-in-one/discussions/6817
+  #   # Hint: You need to uncomment APACHE_PORT: 11000 above, adjust cloud.example.com to your domain and uncomment the necessary docker volumes at the bottom of this file in order to make it work
+  #   # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+    caddy:
+      image: caddy:alpine
+      restart: always
+      container_name: caddy
+      volumes:
+        - ./caddy_certs:/certs
+        - ./caddy_config:/config
+        - ./caddy_data:/data
+        - ./caddy_sites:/srv
+      network_mode: "host"
+      configs:
+        - source: Caddyfile
+          target: /etc/caddy/Caddyfile
+  configs:
+    Caddyfile:
+      content: |
+        # Adjust cloud.example.com to your domain below
+        https://nextcloud.homedungeon.loc:443 {
+          tls /certs/cert.pem /certs/key.pem
+          reverse_proxy localhost:11000
+        }
+
+  volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
+    nextcloud_aio_mastercontainer:
+      name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+    # caddy_certs:
+    # caddy_config:
+    # caddy_data:
+    # caddy_sites:
+
+  # # Adjust the MTU size of the docker network. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-mtu-size-of-the-docker-network
+  # networks:
+  #   nextcloud-aio:
+  #     name: nextcloud-aio
+  #     driver_opts:
+  #       com.docker.network.driver.mtu: 1440
+docker_group: "reaper"

nextcloudaio.yml

@@ -0,0 +1,4 @@
+- name: "Deploy nextcloudaio docker"
+  hosts: storage
+  roles:
+    - role: docker_compose

prepare.yml

@@ -1,26 +1,9 @@
-- name: install kernel headers
-  hosts: storage
-  # vars:
-  #   ansible_ssh_user: pi
-  #   ansible_sudo_pass: pi
-  #   ansible_ssh_pass: pi
-  #   ansible_host: "{{ ip_before_reboot }}"
-  tasks:
-    - name: install kernel headers
-      ansible.builtin.apt:
-        deb: /opt/archives/linux-headers-6.1.141_6.1.141-16_arm64.deb
-    - name: install zfs
-      ansible.builtin.apt:
-        name: zfsutils-linux
-        state: present
-        update_cache: yes
-
 - hosts: storage
-  # vars:
-  #   ansible_ssh_user: pi
-  #   ansible_sudo_pass: pi
-  #   ansible_ssh_pass: pi
-  #   ansible_host: "{{ ip_before_reboot }}"
+  vars:
+    ansible_ssh_user: pi
+    ansible_sudo_pass: pi
+    ansible_ssh_pass: pi
+    ansible_host: "{{ ip_before_reboot }}"
   roles:
     - role: dns
       tags: dns
@@ -81,32 +64,30 @@
         name: logrotate.timer
         daemon_reload: true
 
-# - name: "Mount new /var/log and move logs"
-#   hosts: storage
-#   tags: [ mount, logs ]
-#   roles:
-#     - role: mount
-#       device: "{{ default.log_mount.device }}"
-#       fstype: "{{ default.log_mount.fstype }}"
-#       mountpoint: "{{ default.log_mount.mountpoint }}"
-#       when: has_var_log_mount
-#   tasks:
-#     - name: "Check if /var/log/journal exists"
-#       stat:
-#         path: /var/log/journal
-#       register: _var_log_stat
-#       when: has_var_log_mount
+- name: "Mount new /var/log and move logs"
+  hosts: storage
+  tags: [ mount, logs ]
+  roles:
+    - role: lingling9000.btrfssubvol
+      tags: btrfssubvol
+      when: has_var_log_mount
+  tasks:
+    - name: "Check if /var/log/journal exists"
+      stat:
+        path: /var/log/journal
+      register: _var_log_stat
+      when: has_var_log_mount
 
-#     - name: "Move logs to new directory"
-#       when:
-#        - has_var_log_mount
-#        - _var_log_stat.stat.isdir is not defined or not _var_log_stat.stat.isdir
-#       block:
-#         - name: "Mount original rootfs and move files"
-#           shell: "mkdir /tmp/mnt-rootfs && mount --bind / /tmp/mnt-rootfs && mv /tmp/mnt-rootfs/var/log/* /var/log/ && umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
-#       rescue:
-#         - name: "Unmount rootfs"
-#           shell: "umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
+    - name: "Move logs to new directory"
+      when:
+       - has_var_log_mount
+       - _var_log_stat.stat.isdir is not defined or not _var_log_stat.stat.isdir
+      block:
+        - name: "Mount original rootfs and move files"
+          shell: "mkdir /tmp/mnt-rootfs && mount --bind / /tmp/mnt-rootfs && mv /tmp/mnt-rootfs/var/log/* /var/log/ && umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
+      rescue:
+        - name: "Unmount rootfs"
+          shell: "umount /tmp/mnt-rootfs && rmdir /tmp/mnt-rootfs"
 
 # - name: install victoria exporters
 #   hosts: storage

requirements.yml

@@ -18,6 +18,10 @@ roles:
     name: network_interfaces
   - src: https://github.com/geerlingguy/ansible-role-docker.git
     name: ansible-role-docker
+  - name: lingling9000.btrfssubvol
+    version: "v1.1.1"
+  - src: git+ssh://git@gitea.homedungeon.xyz:2222/roles/docker_compose.git
+    name: docker_compose
 
 collections:
 # Prepare