feat: Add Nextcloud role and configure two-host setup

2025-09-01 18:04:53 +02:00 · 2025-09-01 18:04:53 +02:00 · 8411365d0c
commit 8411365d0c
parent fa0c63ab83
14 changed files with 305 additions and 21 deletions
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -1,16 +1,20 @@
 $ANSIBLE_VAULT;1.1;AES256
-36626339336631383230366330653234626435333066353638666561633262646636363537656636
-3934383761653837346335323261393035326539306563350a323965626530643162616430393064
-63326665366361396564306132626635386262613265333764323630633965326539383737653137
-6438646165666464630a396361306139323664366564376263636639643138316133333532363564
-35636635363137633438643464383933313361613333353766303631663738626333323937306235
-39313639353239393432646333316634333436343163386139363965313738346264623561633332
-65303733366430383438616164323538333564303961386637643130333862383836306133633131
-34393532353330623031373136636566626230616434386435333338626631656464333661633464
-32323330393038666564363965343632313230333833316365613537376633346362353730383965
-65643664386564346430303334643132633936663163666236396433666137613339343761373338
-61363335393637346134396165333437666364633639323431323833313932306237306430336530
-39393034303537633733306133373530303239333339336465386631393866323735313639626166
-32336564366263343539346139656665353830323533623233373061323837616132626238333632
-62383531373966373131633531306430316462393430623734323161643366316233396338306336
-376133653336343338303136316539643062
+66383465623264336234336665613539316135346265343564393666396566636137316131663731
+3063396330653439623765346564616539383933393239320a323961643536303333623434353337
+39303265323535633635653639656262396533383035653639643634656132653933383635613936
+6263343134616462350a666665363234613864353438313663393230313534346238633731623464
+65626432663566396237666232346537386332653634313137663238653631613031663038306161
+64316562393664393737303336646562323436323230303835323738633435613363363836646137
+32393766643936303732643164363433316239303065363438376431646131623038303238353564
+39306339373137623831396238643965636162383063353238376437653236383030633335326662
+61633136396461326264313339653937316332656635643230383539626136613666393438653637
+64393038643934366231323632663236343932333061316533666536656461373564616235303632
+61636231626533303730353563373664383337393866346437623538636130396565336639643137
+38616165343833366132346138333930393838303266633038303063626364376431653665303537
+36306661633133313839363630303332613164393261313139336239633964376631343732643061
+66613337333465333036333534666565373261313865333539666139663735363834643031333836
+65316232336363306561353339633364396638643937333830353262326138653231353863376635
+37633832323861623833383936383066366639653833356465393263376335333664323863363863
+63376235343461303163653662623765383530373561666365313165646161303635303536643137
+62613535306661663738363062326133343734313931653534326265313238623531376430613032
+356163313666656235343236333166653234
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -14,3 +14,10 @@ all:
          ansible_host: 141.147.24.166
          ansible_user: ubuntu
          ansible_ssh_private_key_file: ~/.ssh/ora-cloud/sublime-key.key
+        nextcloud:
+          ansible_host: 1.2.3.4 # Placeholder IP
+          ansible_user: ubuntu
+          ansible_ssh_private_key_file: ~/.ssh/ora-cloud/sublime-key.key
+    nextcloud_servers:
+      hosts:
+        nextcloud:
--- a/playbooks/main.yml
+++ b/playbooks/main.yml
@ -1,6 +1,3 @@
- name: Set up Portainer
-  hosts: sublimePorte
-  become: true
-  roles:
-    - docker
-    - portainer
+---
+- import_playbook: portainer.yml
+- import_playbook: nextcloud.yml
--- a/playbooks/nextcloud.yml
+++ b/playbooks/nextcloud.yml
@ -0,0 +1,5 @@
+- name: Set up Nextcloud
+  hosts: nextcloud_servers
+  become: true
+  roles:
+    - nextcloud
--- a/playbooks/portainer.yml
+++ b/playbooks/portainer.yml
@ -0,0 +1,6 @@
+- name: Set up Portainer
+  hosts: sublimePorte
+  become: true
+  roles:
+    - docker
+    - portainer
--- a/playbooks/roles/network/defaults/main.yml
+++ b/playbooks/roles/network/defaults/main.yml
@ -0,0 +1,22 @@
+---
+nginx_proxy_manager_image: "jc21/nginx-proxy-manager:latest"
+nginx_proxy_manager_container_name: "nginx-proxy-manager"
+nginx_proxy_manager_data_path: "/opt/nginx-proxy-manager/data"
+nginx_proxy_manager_letsencrypt_path: "/opt/nginx-proxy-manager/letsencrypt"
+nginx_proxy_manager_compose_path: "/opt/nginx-proxy-manager/docker-compose.yml"
+nginx_proxy_manager_admin_email: "tobend85@gmail.com"
+nginx_proxy_manager_admin_password: "{{ vault_nginx_proxy_manager_admin_password }}"
+nginx_proxy_manager_port: "9900"
+nginx_proxy_manager_ssl_port: "443"
+# Docker network configuration
+docker_network_name: "sublime-net"
+# Wireguard-Easy container configuration
+wireguard_easy_image: "ghcr.io/wg-easy/wg-easy"
+wireguard_easy_version: "latest"
+wireguard_easy_port: "51820"
+wireguard_easy_admin_port: "51821"
+wireguard_easy_data_dir: "/etc/wireguard"
+wireguard_easy_config_dir: "/opt/network"
+wireguard_easy_host: "130.162.231.152"
+wireguard_easy_password: "{{ vault_wireguard_easy_password }}"
+wireguard_easy_password_hash: ""
--- a/playbooks/roles/network/meta/main.yml
+++ b/playbooks/roles/network/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: portainer
--- a/playbooks/roles/network/tasks/main.yml
+++ b/playbooks/roles/network/tasks/main.yml
@ -0,0 +1,89 @@
+- name: Update apt cache
+  apt:
+    update_cache: true
+
+- name: Install WireGuard and required packages
+  apt:
+    name:
+      - wireguard
+      - wireguard-tools
+      - resolvconf
+    state: present
+
+- name: Ensure WireGuard module is loaded
+  modprobe:
+    name: wireguard
+    state: present
+
+- name: Enable IP forwarding
+  sysctl:
+    name: net.ipv4.ip_forward
+    value: '1'
+    state: present
+
+- name: Ensure wireguard config directory exists
+  file:
+    path: "{{ wireguard_easy_config_dir }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Ensure WireGuard configuration file exists (optional)
+  file:
+    path: "{{ wireguard_easy_data_dir }}/wg0.conf"
+    state: touch
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure nginx data directory exists
+  file:
+    path: "{{ nginx_proxy_manager_data_path }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Copy Nginx configuration files
+  copy:
+    src: nginx/data
+    dest: "{{ nginx_proxy_manager_data_path }}"
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Ensure Let's Encrypt directory exists
+  file:
+    path: "{{ nginx_proxy_manager_letsencrypt_path }}"
+    state: directory
+    mode: '0755'
+  become: true
+
+- name: Copy Let's Encrypt files
+  copy:
+    src: nginx/letsencrypt
+    dest: "{{ nginx_proxy_manager_letsencrypt_path }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Nginx
+
+- name: Generate Docker Compose file for Wireguard and Nginx
+  template:
+    src: docker-compose.j2
+    dest: /opt/network/docker-compose.yml
+    owner: root
+    group: root
+    mode: '0644'
+  become: true
+
+- name: Deploy Containers
+  community.docker.docker_compose_v2:
+    project_src: /opt/network
+    state: present
+    restart: true
+  become: true
+
+- name: Ensure Nginx container is running
+  community.docker.docker_container_info:
+    name: "{{ nginx_proxy_manager_container_name }}"
+  register: nginx_container_info
--- a/playbooks/roles/network/templates/docker-compose.j2
+++ b/playbooks/roles/network/templates/docker-compose.j2
@ -0,0 +1,48 @@
+services:
+  wireguard-easy:
+    image: "{{ wireguard_easy_image }}:{{ wireguard_easy_version }}"
+    container_name: wireguard-easy
+    devices:
+      - /dev/net/tun
+    environment:
+      - WG_HOST={{ wireguard_easy_host }}
+      - PASSWORD_HASH={{ wireguard_easy_password_hash }}
+    ports:
+      - "{{ wireguard_easy_port }}:51820/udp"
+      - "{{ wireguard_easy_admin_port }}:51821/tcp"
+      - "80:80"
+      - "{{ nginx_proxy_manager_port }}:81"
+      - "{{ nginx_proxy_manager_ssl_port }}:443"
+    volumes:
+      - "{{ wireguard_easy_data_dir }}:/etc/wireguard"
+      - "{{ wireguard_easy_config_dir }}:/opt/network"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    sysctls:
+      - net.ipv4.ip_forward=1
+      - net.ipv6.conf.all.disable_ipv6=0
+    networks:
+      - {{ docker_network_name }}
+    restart: unless-stopped
+
+  nginx-proxy-manager:
+    image: "{{ nginx_proxy_manager_image }}"
+    container_name: "{{ nginx_proxy_manager_container_name }}"
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: always
+    network_mode: service:wireguard-easy
+    depends_on:
+      - wireguard-easy
+    environment:
+      INITIAL_ADMIN_EMAIL: {{ nginx_proxy_manager_admin_email }}
+      INITIAL_ADMIN_PASSWORD: {{ nginx_proxy_manager_admin_password }}
+    volumes:
+      - "{{ nginx_proxy_manager_data_path }}:/data"
+      - "{{ nginx_proxy_manager_letsencrypt_path }}:/etc/letsencrypt"
+
+networks:
+  {{ docker_network_name }}:
+    driver: bridge
--- a/playbooks/roles/nextcloud/README.md
+++ b/playbooks/roles/nextcloud/README.md
@ -0,0 +1,36 @@
+# Ansible Role: Nextcloud Docker Compose
+
+An Ansible role to deploy Nextcloud using Docker Compose.
+
+## Requirements
+
+- Docker
+- Docker Compose
+
+## Role Variables
+
+Available variables are listed below, along with default values (see `defaults/main.yml`):
+
+```yaml
+nextcloud_data_dir: "/opt/nextcloud"
+nextcloud_port: 8080
+nextcloud_db_name: "nextcloud"
+nextcloud_db_user: "nextcloud"
+nextcloud_admin_user: "admin"
+```
+
+## Dependencies
+
+- docker
+
+## Example Playbook
+
+```yaml
+- hosts: "servers"
+  roles:
+    - role: "nextcloud"
+```
+
+## License
+
+MIT
--- a/playbooks/roles/nextcloud/defaults/main.yml
+++ b/playbooks/roles/nextcloud/defaults/main.yml
@ -0,0 +1,6 @@
+---
+nextcloud_data_dir: "/opt/nextcloud"
+nextcloud_port: 8080
+nextcloud_db_name: "nextcloud"
+nextcloud_db_user: "nextcloud"
+nextcloud_admin_user: "admin"
--- a/playbooks/roles/nextcloud/meta/main.yml
+++ b/playbooks/roles/nextcloud/meta/main.yml
@ -0,0 +1,12 @@
+galaxy_info:
+  author: "Your Name"
+  description: "An Ansible role to deploy Nextcloud using Docker Compose"
+  license: "MIT"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: "Ubuntu"
+      versions:
+        - "focal"
+        - "bionic"
+dependencies:
+  - role: docker
--- a/playbooks/roles/nextcloud/tasks/main.yml
+++ b/playbooks/roles/nextcloud/tasks/main.yml
@ -0,0 +1,16 @@
+---
+- name: "Create Nextcloud directory"
+  ansible.builtin.file:
+    path: "{{ nextcloud_data_dir }}"
+    state: "directory"
+    mode: "0755"
+
+- name: "Create Nextcloud docker-compose.yml"
+  ansible.builtin.template:
+    src: "docker-compose.yml.j2"
+    dest: "{{ nextcloud_data_dir }}/docker-compose.yml"
+
+- name: "Start Nextcloud services"
+  community.docker.docker_compose:
+    project_src: "{{ nextcloud_data_dir }}"
+    state: "present"
--- a/playbooks/roles/nextcloud/templates/docker-compose.yml.j2
+++ b/playbooks/roles/nextcloud/templates/docker-compose.yml.j2
@ -0,0 +1,33 @@
+version: '3'
+
+services:
+  db:
+    image: postgres
+    restart: always
+    volumes:
+      - db:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_DB={{ nextcloud_db_name }}
+      - POSTGRES_USER={{ nextcloud_db_user }}
+      - POSTGRES_PASSWORD={{ vault_nextcloud_db_password }}
+
+  app:
+    image: nextcloud
+    restart: always
+    ports:
+      - "{{ nextcloud_port }}:80"
+    links:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    environment:
+      - POSTGRES_HOST=db
+      - POSTGRES_DB={{ nextcloud_db_name }}
+      - POSTGRES_USER={{ nextcloud_db_user }}
+      - POSTGRES_PASSWORD={{ vault_nextcloud_db_password }}
+      - NEXTCLOUD_ADMIN_USER={{ nextcloud_admin_user }}
+      - NEXTCLOUD_ADMIN_PASSWORD={{ vault_nextcloud_admin_password }}
+
+volumes:
+  db:
+  nextcloud: