/
main.yml
1890 lines (1511 loc) · 65.6 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# Default variables
# =================
# .. contents:: Sections
# :local:
#
# .. include:: includes/all.rst
#
# .. Role maintainer note:
# .. The official ownCloud documentation is also written is RST.
# .. https://github.com/owncloud/documentation/tree/master/admin_manual
# .. https://github.com/nextcloud/documentation/tree/master/admin_manual
# .. Packages and installation [[[1
#
# -----------------------------
# Packages and installation
# -----------------------------
# .. envvar:: owncloud__base_packages
#
# List of base packages required by ownCloud.
owncloud__base_packages:
- 'owncloud'
- '{{ [ ("owncloud-deps-php" + ansible_local.php.version) ]
if (ansible_local|d() and ansible_local.php|d() and
ansible_local.php.version|d())
else [] }}'
## https://doc.owncloud.org/server/9.0/admin_manual/installation/source_installation.html
## https://doc.owncloud.org/server/9.0/admin_manual/configuration_files/collaborative_documents_configuration.html
## FIXME: Is it necessary to install all LibreOffice packages? https://github.com/owncloud/documents#known-issues
## Upstream documentation does not specify it more clearly. Installing ``libreoffice`` just to be sure.
- '{{ [ "libreoffice" ] if (owncloud__app_documents_libreoffice_enabled|bool) else [] }}'
## Useful for debugging. Refer to `owncloud__base_php_packages` for the PHP packages
- '{{ [ "smbclient" ] if (owncloud__smb_support|bool) else [] }}'
- '{{ [ "libsmbclient" ] if (owncloud__smb_support|bool and owncloud__release | version_compare("9.0", ">=")) else [] }}'
# .. envvar:: owncloud__base_php_packages
#
# List of base PHP packages required by ownCloud.
owncloud__base_php_packages:
- '{{ [ "apcu" ] if (owncloud__apcu_enabled|bool) else [] }}'
- '{{ [ "mysql" ] if (owncloud__database in [ "mariadb", "mysql" ]) else [] }}'
- '{{ [ "pgsql" ] if (owncloud__database in [ "postgresql" ]) else [] }}'
- '{{ [ "redis" ] if (owncloud__redis_enabled | bool) else [] }}'
- '{{ [ "ldap" ] if (owncloud__ldap_enabled | bool) else [] }}'
## Seems to be required at least for PHP7.0 to fix:
## PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/redis.so'
## - /usr/lib/php/20151012/redis.so: undefined symbol: igbinary_serialize in Unknown on line 0
- '{{ [ "igbinary" ]
if (not (ansible_distribution == "Ubuntu" and (ansible_distribution_version|version_compare("15.10", "<"))))
else [] }}'
- '{{ [ "libsmbclient" ] if (owncloud__smb_support|bool and owncloud__release | version_compare("8.9.9", "<=")) else [] }}'
## Included in normal PHP installations but require it here because it is
## used internally by the role:
- 'json'
# .. envvar:: owncloud__optional_php_packages
#
# List of optional PHP packages for ownCloud.
owncloud__optional_php_packages:
- 'imagick'
# .. envvar:: owncloud__packages
#
# List of global packages for ownCloud.
# This variable is intended to be used in Ansible’s global inventory.
owncloud__packages: []
# .. envvar:: owncloud__group_packages
#
# List of group packages for ownCloud.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
owncloud__group_packages: []
# .. envvar:: owncloud__host_packages
#
# List of host packages for ownCloud.
# This variable is intended to be used in the inventory of hosts.
owncloud__host_packages: []
# .. envvar:: owncloud__dependent_packages
#
# List of APT packages to install for other Ansible roles, for usage as
# a dependent role.
owncloud__dependent_packages: []
# .. envvar:: owncloud__deploy_state
#
# What is the desired state which this role should achieve? Possible options:
#
# ``present``
# Default. Ensure that ownCloud is installed and configured as requested.
#
# ``absent``
# Ensure that owncloud is uninstalled and it's configuration is removed.
# Not fully supported yet.
# FIXME: This would remove all packages that are installed by the role!
# Package lists need to be split.
#
owncloud__deploy_state: 'present'
# .. ownCloud upgrades [[[1
#
# ---------------------
# ownCloud upgrades
# ---------------------
# .. envvar:: owncloud__auto_database_upgrade_enabled
#
# On each update of ownCloud, a database update must be performed before
# ownCloud can be used again.
# The ownCloud package maintainers have not automated this setup so that even
# security upgrades can not be installed unattended.
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/maintenance/package_upgrade.html#upgrade-quickstart>`__ for details.
#
# When this option is set to ``True``, the role enables a hook script for
# :command:`dpkg` so that when :command:`dpkg` upgrades ownCloud, the database upgrade is
# automatically performed.
#
# Change to ``False`` when you want to do database upgrades manually after upgrading the ownCloud packages.
#
# .. note:: :envvar:`owncloud__auto_database_upgrade_enabled` depends on
# automatic database upgrades to be enabled.
#
owncloud__auto_database_upgrade_enabled: True
# .. envvar:: owncloud__dpkg_hook_script
#
# File path where the package manager hook script is stored.
owncloud__dpkg_hook_script: '{{
(ansible_local.root.lib
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.lib|d())
else "/usr/local/lib") + "/owncloud_dpkg_hook" }}'
# .. envvar:: owncloud__auto_database_upgrade_migration_test
#
# Whether database schema migration should be simulated before upgrading the production database.
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/maintenance/package_upgrade.html#migration-test>`__ for details.
owncloud__auto_database_upgrade_migration_test: True
# .. envvar:: owncloud__auto_database_upgrade_3party_app_disable
#
# Should third party apps by disabled during/after upgrades? The upstream default as of ownCloud 9.0
# is ``True``.
owncloud__auto_database_upgrade_3party_app_disable: True
# .. envvar:: owncloud__auto_database_upgrade_hook_script_packages_trigger
#
# List of packages for which the package manager hook script should attempt to
# do a database upgrade when :envvar:`owncloud__auto_database_upgrade_enabled`
# is ``True``.
#
# This variable is currently not being used.
# The check if ownCloud needs an upgrade is performed for each
# installed/upgraded package but in an very efficient way.
owncloud__auto_database_upgrade_hook_script_packages_trigger:
- 'owncloud'
# .. envvar:: owncloud__auto_security_updates_enabled
#
# Whether automatic ownCloud upgrades should be performed by
# ``unattended_upgrades``.
#
# FIXME: Needs more testing before the role maintainers feel confident to enable this by default.
# Refer to: https://github.com/debops/ansible-owncloud/issues/28
owncloud__auto_security_updates_enabled: False
# .. envvar:: owncloud__post_upgrade_hook_role_list
#
# List of script file paths which should be executed after every ownCloud
# update.
# For more information refer to :ref:`owncloud__ref_post_upgrade_hook`.
# This variable is used by this role, controlled by other variables of this
# role.
owncloud__post_upgrade_hook_role_list: []
# .. envvar:: owncloud__post_upgrade_hook_list
#
# List of script file paths which should be executed after every ownCloud
# update.
# For more information refer to :ref:`owncloud__ref_post_upgrade_hook`.
# This variable is intended to be used in Ansible’s global inventory.
owncloud__post_upgrade_hook_list: []
# .. envvar:: owncloud__post_upgrade_hook_group_list
#
# List of script file paths which should be executed after every ownCloud
# update.
# For more information refer to :ref:`owncloud__ref_post_upgrade_hook`.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
owncloud__post_upgrade_hook_group_list: []
# .. envvar:: owncloud__post_upgrade_hook_host_list
#
# List of script file paths which should be executed after every ownCloud
# update.
# For more information refer to :ref:`owncloud__ref_post_upgrade_hook`.
# This variable is intended to be used in the inventory of hosts.
owncloud__post_upgrade_hook_host_list: []
# .. ownCloud source and deployment [[[1
#
# ----------------------------------
# ownCloud source and deployment
# ----------------------------------
# .. envvar:: owncloud__variant
#
# Which variant of the application should be used?
#
# Supported variants:
#
# * ``owncloud`` (main supported variant and used in production by the role maintainers)
#
# `NextCloud is currently not supported <https://github.com/debops/ansible-owncloud/issues/45>`_.
owncloud__variant: 'owncloud'
# .. envvar:: owncloud__variant_url_map
#
# URL map for :envvar:`owncloud__variant`.
owncloud__variant_url_map:
owncloud: 'https://owncloud.org/'
nextcloud: 'https://nextcloud.com/'
# .. envvar:: owncloud__variant_name_map
#
# Name map for :envvar:`owncloud__variant`.
owncloud__variant_name_map:
owncloud: 'ownCloud'
nextcloud: 'NextCloud'
# .. envvar:: owncloud__release
#
# Defaults to the latest stable release supported and tested with this role.
# This may not always be the latest stable release.
#
# Supported releases:
#
# * ownCloud ``8.1``
# * ownCloud ``8.2``
# * ownCloud ``9.0`` (main supported version and used in production by the role maintainers)
# * ownCloud ``9.1`` (setup should work but not yet well tested nor used in production by the role maintainers)
#
# Refer to the `ownCloud Maintenance and Release Schedule <https://github.com/owncloud/core/wiki/Maintenance-and-Release-Schedule>`_
# and the `package index <https://download.owncloud.org/download/repositories/>`_ for more details.
owncloud__release: '9.0'
# .. envvar:: owncloud__distribution
#
# Name and version of OS distribution to use for ownCloud packages.
owncloud__distribution: '{{ owncloud__distribution_name + "_" +
owncloud__distribution_version }}'
# .. envvar:: owncloud__distribution_name
#
# Name of the OS distribution to use for ownCloud URLs.
owncloud__distribution_name: '{{ ansible_distribution }}'
# .. envvar:: owncloud__distribution_version
#
# Version number of the OS distribution for ownCloud URLs.
owncloud__distribution_version: '{{ (ansible_distribution_major_version + ".0")
if ansible_distribution in [ "Debian" ]
else ansible_distribution_version }}'
# .. envvar:: owncloud__apt_repo_base
#
# Base APT repository URL starting at the authority part.
owncloud__apt_repo_base: 'download.owncloud.org/download/repositories/{{ owncloud__release }}'
# .. envvar:: owncloud__apt_repo_key_id
#
# OpenPGP public key specified by fingerprint which is used to sign the APT
# repository.
owncloud__apt_repo_key_id: 'DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B'
# .. envvar:: owncloud__old_apt_repo_keys
#
# Old or unused OpenPGP public keys specified by fingerprint which where
# previously used to sign the APT repository.
# The keys listed here are ensured to be absent to reduce the risk if one of
# the keys gets compromised.
owncloud__old_apt_repo_keys:
- 'F9EA4996747310AE79474F44977C43A8BA684223'
- 'BCECA90325B072AB1245F739AB7C32C35180350A'
# .. envvar:: owncloud__src_remote_dir
#
# File path used to store application sources on the remote system.
# This is currently only used to copy the OpenPGP public key to the remote.
owncloud__src_remote_dir: '{{
(ansible_local.root.src
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.src|d())
else "/usr/local/src") + "/owncloud" }}'
# .. envvar:: owncloud__apt_repo_source
#
# APT ``sources.list`` URL of the ownCloud ``.deb`` repository.
owncloud__apt_repo_source: '{{ "deb http://" + owncloud__apt_repo_base + "/" +
owncloud__distribution + "/ /" }}'
# .. envvar:: owncloud__user
#
# User that will be used for the ownCloud instance.
owncloud__user: '{{ ansible_local.nginx.user
if (ansible_local|d() and ansible_local.nginx|d() and
ansible_local.nginx.user|d())
else "www-data" }}'
# .. envvar:: owncloud__group
#
# Group that will be used for the ownCloud instance.
owncloud__group: '{{ owncloud__user }}'
# .. envvar:: owncloud__home
#
# Directory under which ownCloud will be installed.
owncloud__home: '/var/www/owncloud'
# .. envvar:: owncloud__data_path
#
# Path where ownCloud data directory and files are stored.
owncloud__data_path: '{{ owncloud__home }}/data'
# .. envvar:: owncloud__temp_path
#
# Directory which ownCloud will use as temp directory.
#
# In case :file:`/tmp` has limited space (for example is a ramdisk) or is otherwise
# restricted then it is a good idea to change the temp directory that ownCloud
# uses to a path with more space available.
#
# The default (empty string) is to let ownCloud figure out which temp directory
# it should use which probably results in :file:`/tmp/owncloudtemp` unless
# otherwise influenced by environment variables and such.
# See also :envvar:`owncloud__php_temp_path`.
owncloud__temp_path: ''
# .. envvar:: owncloud__deploy_path
#
# Where the ownCloud instance will be deployed (web root).
owncloud__deploy_path: '{{ owncloud__home }}'
# .. In memory caching [[[1
#
# ---------------------
# In memory caching
# ---------------------
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/caching_configuration.html>`__ for details.
# .. envvar:: owncloud__apcu_enabled
#
# Whether ``APCu`` should be used for local caching.
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/caching_configuration.html#id2>`__ for details.
owncloud__apcu_enabled: True
# .. envvar:: owncloud__redis_enabled
#
# Use Redis for file locking as recommended for small and large installations.
# The default is to auto detect if Redis is enabled on the remote server and in
# that case automatically use it for file locking.
# Note that ownCloud requires version 2.2.5+ of the ``redis`` PHP package. This
# requirement is not meet for Ubuntu trusty (neither in the release repos nor
# in backports) thus Redis will not be enabled automatically by the role.
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/caching_configuration.html#id4>`__ for details.
owncloud__redis_enabled: '{{ ansible_local|d() and ansible_local.redis|d() and
ansible_local.redis.enabled|d() | bool and
(not (ansible_distribution == "Ubuntu" and ansible_distribution_release == "trusty")) }}'
# .. envvar:: owncloud__redis_host
#
# Redis server to use when :envvar:`owncloud__redis_enabled` is ``True``.
owncloud__redis_host: '{{ ansible_local.redis.host
if (ansible_local|d() and ansible_local.redis|d() and
ansible_local.redis.host|d())
else "localhost" }}'
# .. envvar:: owncloud__redis_port
#
# Network port on which the Redis server is listening on.
owncloud__redis_port: '{{ ansible_local.redis.port
if (ansible_local|d() and ansible_local.redis|d() and
ansible_local.redis.port|d())
else "6379" }}'
# .. envvar:: owncloud__redis_password
#
# Redis server authentication password.
owncloud__redis_password: '{{ ansible_local.redis.password
if (ansible_local|d() and ansible_local.redis|d() and
ansible_local.redis.password|d())
else omit }}'
# .. Database configuration [[[1
#
# --------------------------
# Database configuration
# --------------------------
# .. envvar:: owncloud__database
#
# ownCloud recommends MySQL or MariaDB as database. Set to ``False`` to use SQLite.
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_database/linux_database_configuration.html>`__ for details.
# See the :envvar:`owncloud__database_map` for the databases support by this role.
owncloud__database: 'mariadb'
# .. envvar:: owncloud__database_server
#
# FQDN of the database server. It will be configured by
# the debops.mariadb_ or debops.postgresql_ role.
owncloud__database_server: '{{ ansible_local[owncloud__database].server }}'
# .. envvar:: owncloud__database_port
#
# Port database is listening on.
owncloud__database_port: '{{ ansible_local[owncloud__database].port }}'
# .. envvar:: owncloud__database_user
#
# Database user to use for ownCloud.
owncloud__database_user: 'owncloud'
# .. envvar:: owncloud__database_name
#
# Name of the database to use for ownCloud.
owncloud__database_name: 'owncloud'
# .. envvar:: owncloud__database_password_path
#
# Path to database password file.
owncloud__database_password_path: '{{ secret + "/" + owncloud__database + "/"
+ ansible_local[owncloud__database].delegate_to
+ (("/" + ansible_local[owncloud__database].port)
if (owncloud__database == "postgresql")
else "")
+ "/credentials/" + owncloud__database_user + "/password" }}'
# .. envvar:: owncloud__database_password
#
# Database password for ownCloud.
owncloud__database_password: '{{ lookup("password", owncloud__database_password_path + " length=48") }}'
# .. envvar:: owncloud__database_map
#
owncloud__database_map:
# MySQL/MariaDB database.
mariadb:
dbtype: 'mysql'
dbname: '{{ owncloud__database_name|d(owncloud__user) }}'
dbuser: '{{ owncloud__database_user|d(owncloud__user) }}'
dbpass: '{{ owncloud__database_password }}'
dbhost: '{{ owncloud__database_server|d("localhost") }}'
dbtableprefix: ''
# PostgreSQL database on localhost, connection through Unix socket, no default password.
postgresql:
dbtype: 'pgsql'
dbname: '{{ owncloud__database_name|d(owncloud__user) }}'
dbuser: '{{ owncloud__database_user|d(owncloud__user) }}'
dbpass: ''
dbhost: '{{ owncloud__database_server|d("/var/run/postgresql") }}'
dbtableprefix: ''
sqlite:
dbtype: 'sqlite'
# .. ownCloud admin login/password [[[1
#
# ---------------------------------
# ownCloud admin login/password
# ---------------------------------
# .. envvar:: owncloud__admin_username
#
# Default admin username, in the form 'admin-$USER'.
# Set to ``False`` to disable automatic username and password.
owncloud__admin_username: 'admin-{{ lookup("env","USER") }}'
# .. envvar:: owncloud__admin_password_path
#
# Path to database password file.
owncloud__admin_password_path: '{{ secret + "/credentials/" + ansible_fqdn +
"/owncloud/admin/" + owncloud__admin_username +
"/password" }}'
# .. envvar:: owncloud__password_length
#
# Length of randomly generated admin password.
owncloud__password_length: 20
# .. envvar:: owncloud__admin_password
#
# Default admin password.
# A random password will be generate by default as documented by the debops.secret_ role.
owncloud__admin_password: '{{ lookup("password", owncloud__admin_password_path
+ " length=" + (owncloud__password_length|string)) }}'
# .. envvar:: owncloud__autosetup
#
# Should Ansible automatically finish the ownCloud setup on
# it's own? Disabled if admin_username is set to ``False``.
owncloud__autosetup: True
# .. envvar:: owncloud__autosetup_url
#
# URL which will be called to finish autosetup of ownCloud 8.0. For newer
# ownCloud versions :command:`occ` will be used which is more reliable because
# it does not depend on the webserver nor network.
owncloud__autosetup_url: 'http://{{ owncloud__fqdn if owncloud__fqdn is string else owncloud__fqdn[0] }}/index.php'
# .. ownCloud configuration [[[1
#
# --------------------------
# ownCloud configuration
# --------------------------
# .. envvar:: owncloud__fqdn
#
# The Fully Qualified Domain Name to use for the ownCloud instance.
owncloud__fqdn: 'cloud.{{ owncloud__domain }}'
# .. envvar:: owncloud__domain
#
# Domain that will be configured for the ownCloud instance.
owncloud__domain: '{{ ansible_local.core.domain
if (ansible_local|d() and ansible_local.core|d() and
ansible_local.core.domain|d())
else (ansible_domain if ansible_domain else ansible_hostname) }}'
# .. envvar:: owncloud__upload_size
#
# Max upload size set in :program:`nginx` and PHP, with amount as M or G.
# Before you change this be sure to understand
# `Uploading big files > 512MB of the official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_files/big_file_upload_configuration.html>`__.
owncloud__upload_size: '2G'
# .. envvar:: owncloud__cron_minute
#
# At what time cron should execute background jobs
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/developer_manual/app/backgroundjobs.html>`__ for details.
owncloud__cron_minute: '*/15'
# .. envvar:: owncloud__timeout
#
# Timeouts in seconds for application requests.
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_files/big_file_upload_configuration.html>`__ for details.
owncloud__timeout: 3600
# .. envvar:: owncloud__app_user_webfinger_support
#
# Should the ``Webfinger`` application be supported?
# Set this to ``True`` if you are planning to use this app.
owncloud__app_user_webfinger_support: False
# .. ownCloud config.php configuration [[[1
#
# -------------------------------------
# ownCloud config.php configuration
# -------------------------------------
#
# The dicts of this section ends up in :file:`owncloud/config/debops.config.php` and override the values
# from :file:`owncloud/config/config.php`.
#
# TODO: Note that as of ownCloud 9.0, you can not unset a setting which was
# once set in :file:`debops.config.php` because ownCloud might copies it to
# :file:`config.php`. Possible fix: `occ config:system:set`
#
# For more information refer to :ref:`owncloud__ref_config`.
# .. envvar:: owncloud__role_config
#
# See `ownCloud config.php configuration`_.
# This variable is used by this role, controlled by other variables of this
# role.
owncloud__role_config:
trusted_domains: '{{ [ owncloud__fqdn ] if owncloud__fqdn is string else owncloud__fqdn }}'
## https://github.com/owncloud/core/issues/22257
## TODO: Temporary workaround until all package maintainers have caught up.
## Edit: Have caught up as of 9.0.2-1.1. Remove this config in a while when
## it is expected that all users are running 9.0.2 or later.
'updatechecker': False
'memcache.local':
state: '{{ "present" if (owncloud__apcu_enabled|bool) else "absent" }}'
value: '\\OC\\Memcache\\APCu'
'memcache.locking':
state: '{{ "present" if (owncloud__redis_enabled|bool) else "absent" }}'
value: '\\OC\\Memcache\\Redis'
'redis':
state: '{{ "present" if (owncloud__redis_enabled|bool) else "absent" }}'
value:
host: '{{ owncloud__redis_host }}'
port: '{{ owncloud__redis_port|int }}'
password: '{{ owncloud__redis_password }}'
'tempdirectory':
state: '{{ "present" if (owncloud__temp_path != "") else "absent" }}'
value: '{{ owncloud__temp_path }}'
# .. envvar:: owncloud__role_recommended_config
#
# See `ownCloud config.php configuration`_.
# This variable is a set of optional settings for ownCloud recommended by the
# maintainers of this role.
# Set:
#
# .. code-block:: yaml
# :linenos:
#
# owncloud__role_recommended_config: {}
#
# in your inventory when you want to disable it.
owncloud__role_recommended_config:
## The default timezone for logfiles is UTC.
logtimezone: '{{ ansible_local.timezone if (ansible_local|d() and ansible_local.timezone|d()) else "Etc/UTC" }}'
## Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info,
## 2 = Warning, 3 = Error, and 4 = Fatal. The default value is Warning.
loglevel: 2
## ISO 8601 datetime: 2004-02-12T15:19:21+00:00
logdateformat: 'Y-m-d H:i:s.u'
# .. envvar:: owncloud__config
#
# See `ownCloud config.php configuration`_.
# This variable is intended to be used in Ansible’s global inventory.
# More specific variables can overrule less specific variables.
owncloud__config: {}
# .. envvar:: owncloud__group_config
#
# See `ownCloud config.php configuration`_.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
owncloud__group_config: {}
# .. envvar:: owncloud__host_config
#
# See `ownCloud config.php configuration`_.
# This variable is intended to be used in the inventory of hosts.
owncloud__host_config: {}
# .. ownCloud applications configuration [[[1
#
# ---------------------------------------
# ownCloud applications configuration
# ---------------------------------------
# Dictionary of ownCloud application settings.
# Check the output of :command:`occ config:list` to see how the settings are called.
# You might need to change a particular setting via the web interface in order
# for it to appear in the output.
#
# Note that the :command:`occ` can also change ownCloud system settings but this should
# be done via `ownCloud config.php configuration`_.
#
# Examples:
#
# .. code-block:: yaml
# :linenos:
#
# owncloud__apps_config:
#
# ## Set the default quota for all users which don’t have more explicit
# ## quota settings to 100 MB.
# files:
# default_quota: '100 MB'
#
# ## Disable Federated Cloud Sharing:
# ## * Allow users on this server to send shares to other servers
# ## * Allow users on this server to receive shares from other servers
# core:
# incoming_server2server_share_enabled: 'no'
# outgoing_server2server_share_enabled: 'no'
# files_sharing:
# incoming_server2server_share_enabled: 'no'
# outgoing_server2server_share_enabled: 'no'
#
# ## Disable Federation:
# ## * Add server automatically once a federated share was created successfully
# federation:
# autoAddServers: '0'
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/occ_command.html#config-commands-label>`__ for details.
# .. envvar:: owncloud__optional_apps_config
#
# See `ownCloud applications configuration`_.
# Role dictionary of ownCloud application settings.
# This variable is a set of optional settings for ownCloud recommended by the
# maintainers of this role.
owncloud__role_apps_config:
documents:
enabled: '{{ "yes" if (owncloud__app_documents_enabled | bool) else "no" }}'
converter: 'local'
# .. envvar:: owncloud__apps_config
#
# See `ownCloud applications configuration`_.
# Global dictionary of ownCloud application settings.
# This variable is intended to be used in Ansible’s global inventory.
# More specific variables can overrule less specific variables.
owncloud__apps_config: {}
# .. envvar:: owncloud__group_apps_config
#
# See `ownCloud applications configuration`_.
# Group dictionary of ownCloud application settings.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
owncloud__group_apps_config: {}
# .. envvar:: owncloud__host_apps_config
#
# See `ownCloud applications configuration`_.
# Host dictionary of ownCloud application settings.
# This variable is intended to be used in the inventory of hosts.
owncloud__host_apps_config: {}
# .. envvar:: owncloud__dependent_apps_config
#
# See `ownCloud applications configuration`_.
# This variable is intended to be used from other Ansible roles, for usage as
# a dependent role.
owncloud__dependent_apps_config: {}
# .. envvar:: owncloud__app_documents_enabled
#
# Whether the `ownCloud documents application`_ should be enabled.
# Not enabled by default because, as of ownCloud 9.0, the application is not shipped by default.
# Note that this will install LibreOffice plus dependencies on the server.
owncloud__app_documents_enabled: False
# .. envvar:: owncloud__app_documents_libreoffice_enabled
#
# Should LibreOffice be installed on the server so that the documents app can
# work with proprietary document formats such as Microsoft Office?
owncloud__app_documents_libreoffice_enabled: False
# .. External storage [[[1
#
# --------------------
# External storage
# --------------------
# Refer to the :ref:`owncloud__ref_external_storage` section for more details.
# .. envvar:: owncloud__smb_support
#
# Should SMB/CIFS be support by installing the required system packages and
# enabling the required ownCloud application?
owncloud__smb_support: False
# .. ownCloud raw occ commands [[[1
#
# -----------------------------
# ownCloud raw occ commands
# -----------------------------
# List of :command:`occ` commands to run.
# It can be used to enable apps, add users and more which can be useful when
# deploying ownCloud.
#
# Examples:
#
# .. code-block:: yaml
# :linenos:
#
# owncloud__occ_cmd_list:
#
# - command: 'app:enable external'
#
# ## Create an additional admin account.
# - command: 'user:add --password-from-env --display-name="Administrator" --group="admin" admin'
# ## Does not work with ownCloud 8.0 or below so don’t run it there.
# when: '{{ owncloud__release | version_compare("8.1", ">=") }}'
# env:
# OC_PASS: "{{ lookup('password', secret + '/credentials/' +
# ansible_fqdn + '/owncloud/admin/' + 'admin' +
# '/password length=' + owncloud__password_length) }}"
#
# ## Create an regular user. Note that you probably want to use an existing
# ## user database like LDAP.
# - command: 'user:add --password-from-env --display-name="Normal user" user'
# when: '{{ owncloud__release | version_compare("8.1", ">=") }}'
# env:
# OC_PASS: "{{ lookup('password', secret + '/credentials/' +
# ansible_fqdn + '/owncloud/users/' + 'user' +
# '/password length=' + owncloud__password_length) }}"
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/admin_manual/configuration_server/occ_command.html>`__ for details.
# .. envvar:: owncloud__role_occ_cmd_list
#
# Default list of :command:`occ` commands to run.
# Command present of role to automate certain tasks.
# See `ownCloud raw occ commands`_.
owncloud__role_occ_cmd_list:
## Disable the updater because it does not work anyway with the way ownCloud
## is setup by this role using packages.
## Since ownCloud 9 it is called `updatenotification`.
- command: 'app:disable updater'
when: '{{ owncloud__release | version_compare("8.2", "<=") }}'
- command: 'app:enable user_ldap'
when: '{{ owncloud__ldap_enabled|bool }}'
- command: 'app:enable files_external'
when: '{{ owncloud__smb_support|bool }}'
# .. envvar:: owncloud__occ_cmd_list
#
# See `ownCloud raw occ commands`_.
# This variable is intended to be used in Ansible’s global inventory.
owncloud__occ_cmd_list: []
# .. envvar:: owncloud__group_occ_cmd_list
#
# See `ownCloud raw occ commands`_.
# This variable is intended to be used in a host inventory group of Ansible
# (only one host group is supported).
owncloud__group_occ_cmd_list: []
# .. envvar:: owncloud__host_occ_cmd_list
#
# See `ownCloud raw occ commands`_.
# This variable is intended to be used in the inventory of hosts.
owncloud__host_occ_cmd_list: []
# .. envvar:: owncloud__dependent_occ_cmd_list
#
# See `ownCloud raw occ commands`_.
# This variable is intended to be used from other Ansible roles, for usage as
# a dependent role.
owncloud__dependent_occ_cmd_list: []
# .. envvar:: owncloud__occ_bin_file_path
#
# Where the :command:`occ` wrapper script should be installed.
owncloud__occ_bin_file_path: '{{ (ansible_local.root.bin
if (ansible_local|d() and ansible_local.root|d() and
ansible_local.root.bin|d())
else "/usr/local/bin") + "/occ" }}'
# .. ownCloud user files [[[1
#
# -----------------------
# ownCloud user files
# -----------------------
# These lists allow you to manage files for ownCloud users, either by
# copying files from the Ansible Controller or providing the contents directly
# in Ansible inventory. You can use all parameters supported by the `Ansible
# copy module`_.
#
# See :ref:`owncloud__ref_owncloud__user_files` for more details.
# .. envvar:: owncloud__user_files
#
# Manage ownCloud user files on all hosts in Ansible’s inventory.
owncloud__user_files: []
# .. envvar:: owncloud__user_files_group
#
# Manage ownCloud user files on hosts in a specific Ansible inventory
# group.
owncloud__user_files_group: []
# .. envvar:: owncloud__user_files_host
#
# Manage ownCloud user files on specific hosts in Ansible’s inventory.
owncloud__user_files_host: []
# .. LDAP authentication [[[1
#
# .. _owncloud__ref_ldap_defaults:
#
# -----------------------
# LDAP authentication
# -----------------------
#
# Refer to the `official ownCloud documentation <https://doc.owncloud.org/server/9.0/go.php?to=admin-ldap>`__
# and to the :ref:`owncloud__ref_external_users` section for more details.
# .. envvar:: owncloud__ldap_enabled
#
# Enable LDAP support. ownCloud support multiple LDAP servers but this role
# configures only default one. If you need something more complex you can
# use :envvar:`owncloud__occ_cmd_list`.
owncloud__ldap_enabled: False
# .. envvar:: owncloud_ldap_update_settings