Initial commit, finally got around to cleanup and make it into a

gitrepo.

3 files changed, 143 insertions, 0 deletions

diff --git a/roles/owncloud/meta/main.yml b/roles/owncloud/meta/main.yml
new file mode 100644
index 0000000..3553996
--- /dev/null
+++ b/roles/owncloud/meta/main.yml
@@ -0,0 +1,5 @@
+---
+dependencies:
+  - { role: nginx }
+  - { role: php-fpm }
+  - { role: mariadb }
diff --git a/roles/owncloud/tasks/main.yml b/roles/owncloud/tasks/main.yml
new file mode 100644
index 0000000..012efac
--- /dev/null
+++ b/roles/owncloud/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: Install owncloud
+  become: yes
+  pacman: name=owncloud state=present update_cache=yes
+
+- name: Create owncloud database user
+  mysql_user: login_user=root login_password="{{ mysql_root_password }}" name=owncloud password={{ owncloud_database_password }}
+
+- name: Copy the owncloud database dump
+  copy: src=owncloud.sql.xz dest=/tmp/
+
+- name: Create owncloud database
+  mysql_db: login_user=root login_password={{ mysql_root_password }} name=owncloud state=present
+
+- name: Import owncloud database
+  mysql_db: login_user=root login_password={{ mysql_root_password }} name=owncloud state=import target=/tmp/owncloud.sql.xz
+
+- name: Grant rights to the owncloud user
+  mysql_user: login_user=root login_password="{{ mysql_root_password }}" name=owncloud priv=owncloud.*:ALL,GRANT state=present
+
+- name: Make app dir http writable
+  become: yes
+  file: path=/usr/share/webapps/owncloud/apps mode=g+w
+
+- name: Make data folder writable
+  become: yes
+  file: path=/usr/share/webapps/owncloud/data state=directory mode=g+w owner=root group={{ www_user }} mode=0770
+
+- name: Copy virtual host file
+  become: yes
+  template: src=owncloud.j2 dest=/etc/nginx/sites-available/owncloud
+
+- name: Enable mysql driver
+  become: yes
+  lineinfile: dest=/etc/php/php.ini regexp="^;extension=pdo_mysql.so$" line="extension=pdo_mysql.so"
+
+- name: install php-gd
+  become: yes
+  pacman: name=php-gd state=installed update_cache=yes
+
+- name: Enable php-gd driver
+  become: yes
+  lineinfile: dest=/etc/php/php.ini regexp="^;extension=gd.so$" line="extension=gd.so"
+
+- name: restart php-fpm
+  become: yes
+  service: name=php-fpm state=restarted
+
+- name: enable owncloud
+  become: yes
+  file: state=link src=/etc/nginx/sites-available/owncloud dest=/etc/nginx/sites-enabled/owncloud
+
+- name: restart nginx
+  become: yes
+  service: name=nginx state=restarted
diff --git a/roles/owncloud/templates/owncloud.j2 b/roles/owncloud/templates/owncloud.j2
new file mode 100644
index 0000000..4410ade
--- /dev/null
+++ b/roles/owncloud/templates/owncloud.j2
@@ -0,0 +1,83 @@
+
+server {
+	include	mime.types;
+	default_type application/octet-stream;
+
+	listen 444 ssl;
+	listen [::]:444 ssl;
+
+	ssl_certificate /etc/letsencrypt/live/{{ lets_encrypt_domains[0] }}/fullchain.pem;
+	ssl_certificate_key /etc/letsencrypt/live/{{ lets_encrypt_domains[0] }}/privkey.pem;
+
+	server_name www.brentj.es brentj.es www.alexstrasza.kassala.de alexstrasza.kassala.de;
+
+	# Add headers to serve security related headers
+	add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
+	add_header X-Content-Type-Options nosniff;
+	add_header X-Frame-Options "SAMEORIGIN";
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Robots-Tag none;
+
+	# Path to the root of your installation
+	root /usr/share/webapps/owncloud;
+	# set max upload size
+	client_max_body_size 10G;
+	fastcgi_buffers 64 4K;
+
+	# Disable gzip to avoid the removal of the ETag header
+	gzip off;
+
+	# Uncomment if your server is build with the ngx_pagespeed module
+	# This module is currently not supported.
+	#pagespeed off;
+
+	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+
+	index index.php;
+	error_page 403 /core/templates/403.php;
+	error_page 404 /core/templates/404.php;
+
+	location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	}
+
+	location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
+		deny all;
+	}
+
+	location / {
+		# The following 2 rules are only needed with webfinger
+		rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+		rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
+
+		rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
+		rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
+
+		rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
+
+		try_files $uri $uri/ /index.php;
+	}
+
+	location ~ \.php(?:$|/) {
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+		include fastcgi_params;
+		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+		fastcgi_param PATH_INFO $fastcgi_path_info;
+		fastcgi_param HTTPS on;
+		fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+		# Unix domain sockets are faster than TCP sockets
+		fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
+	}
+
+	# Optional: set long EXPIRES header on static assets
+	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
+		expires 30d;
+		# Optional: Don't log access to assets
+		access_log off;
+	}
+
+}