Many updates and fixes
This commit is contained in:
parent
e64b31a675
commit
e622f7c97c
14 changed files with 319 additions and 110 deletions
3
nextcloud/ansible/.gitignore
vendored
3
nextcloud/ansible/.gitignore
vendored
|
@ -7,7 +7,8 @@ files/backups/*
|
||||||
|
|
||||||
# variable3s
|
# variable3s
|
||||||
vars/main.*.yaml
|
vars/main.*.yaml
|
||||||
!vars/main.ejemplo.yaml
|
!vars/main.example.yaml
|
||||||
|
!vars/main.test.yaml
|
||||||
|
|
||||||
# misc
|
# misc
|
||||||
*~
|
*~
|
||||||
|
|
|
@ -32,7 +32,6 @@
|
||||||
roles:
|
roles:
|
||||||
- name: redis
|
- name: redis
|
||||||
|
|
||||||
# Este es el collabora
|
|
||||||
- hosts: coolwsd
|
- hosts: coolwsd
|
||||||
vars_files:
|
vars_files:
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
@ -51,8 +50,8 @@
|
||||||
|
|
||||||
- hosts: turn
|
- hosts: turn
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.example.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.example.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: turn
|
- name: turn
|
||||||
- name: nats-server
|
- name: nats-server
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
- hosts: localhost
|
- hosts: localhost
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
vars:
|
vars:
|
||||||
services:
|
services:
|
||||||
- nginx
|
- nginx
|
||||||
|
@ -11,38 +11,37 @@
|
||||||
- name: certificates
|
- name: certificates
|
||||||
|
|
||||||
- hosts: all
|
- hosts: all
|
||||||
serial: 1
|
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: common
|
- name: common
|
||||||
|
|
||||||
- hosts: postgresql
|
- hosts: postgresql
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: postgresql
|
- name: postgresql
|
||||||
|
|
||||||
- hosts: redis
|
- hosts: redis
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: redis
|
- name: redis
|
||||||
|
|
||||||
- hosts: coolwsd
|
- hosts: coolwsd
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: coolwsd
|
- name: coolwsd
|
||||||
|
|
||||||
- hosts: nextcloud
|
- hosts: nextcloud
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: nextcloud
|
- name: nextcloud
|
||||||
- name: coolwsd-nginx
|
- name: coolwsd-nginx
|
||||||
|
@ -50,11 +49,10 @@
|
||||||
|
|
||||||
- hosts: turn
|
- hosts: turn
|
||||||
vars_files:
|
vars_files:
|
||||||
- vars/main.test.yaml
|
|
||||||
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
- "vars/{{ ansible_facts['os_family'] }}.yaml"
|
||||||
|
- vars/main.test.yaml
|
||||||
roles:
|
roles:
|
||||||
- name: turn
|
- name: turn
|
||||||
- name: nats-server
|
- name: nats-server
|
||||||
- name: signaling-server
|
- name: signaling-server
|
||||||
- name: janus
|
- name: janus
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,29 @@
|
||||||
[redis]
|
# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
|
||||||
<your server fqdn>
|
# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
|
||||||
|
#
|
||||||
[postgresql]
|
# For example:
|
||||||
<your server fqdn>
|
#
|
||||||
|
# /etc/hosts:
|
||||||
|
# # Loopback entries; do not change.
|
||||||
|
# For historical reasons, localhost precedes localhost.localdomain:
|
||||||
|
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
#
|
||||||
|
# # my nextcloud
|
||||||
|
# 192.168.0.10 nx0.example.com nx0
|
||||||
|
# 192.168.0.11 db0.example.com db0
|
||||||
|
# 192.168.0.12 rds0.example.com rds0
|
||||||
|
# 192.168.0.13 cl0.example.com cl0
|
||||||
|
|
||||||
[nextcloud]
|
[nextcloud]
|
||||||
<your server fqdn>
|
nx0.example.com ansible_host=192.168.0.10
|
||||||
|
|
||||||
|
[postgresql]
|
||||||
|
db0.example.com ansible_host=192.168.0.11
|
||||||
|
|
||||||
|
[redis]
|
||||||
|
rds0.example.com ansible_host=192.168.0.12
|
||||||
|
|
||||||
[coolwsd]
|
[coolwsd]
|
||||||
<your server fqdn>
|
cl0.example.com ansible_host=192.168.0.13
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,42 @@
|
||||||
[redis]
|
# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
|
||||||
<your server fqdn>
|
# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
|
||||||
|
#
|
||||||
[postgresql]
|
# For example:
|
||||||
<your server fqdn>
|
#
|
||||||
|
# /etc/hosts:
|
||||||
|
# # Loopback entries; do not change.
|
||||||
|
# For historical reasons, localhost precedes localhost.localdomain:
|
||||||
|
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||||
|
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||||
|
#
|
||||||
|
# # my nextcloud
|
||||||
|
# 192.168.0.10 nx0.example.com nx0
|
||||||
|
# 192.168.0.11 db0.example.com db0
|
||||||
|
# 192.168.0.12 rds0.example.com rds0
|
||||||
|
# 192.168.0.13 cl0.example.com cl0
|
||||||
|
# 192.168.0.14 turn0.example.com turn0
|
||||||
|
|
||||||
[nextcloud]
|
[nextcloud]
|
||||||
<your server fqdn>
|
nx0.example.com ansible_host=192.168.0.10
|
||||||
|
|
||||||
|
[postgresql]
|
||||||
|
db0.example.com ansible_host=192.168.0.11
|
||||||
|
|
||||||
|
[redis]
|
||||||
|
rds0.example.com ansible_host=192.168.0.12
|
||||||
|
|
||||||
[coolwsd]
|
[coolwsd]
|
||||||
<your server fqdn>
|
cl0.example.com ansible_host=192.168.0.13
|
||||||
|
|
||||||
|
# Nextcloud Talk
|
||||||
# Uncomment this if you're going to use HA with Nextcloud Talk
|
|
||||||
[turn]
|
[turn]
|
||||||
<turn server fqdn>
|
turn0.example.com ansible_host=192.168.0.14
|
||||||
|
|
||||||
[nats]
|
[nats]
|
||||||
<nats server fqdn> ansible_host=<nats server IP>
|
turn0.example.com ansible_host=192.168.0.14
|
||||||
|
|
||||||
[signaling]
|
[signaling]
|
||||||
<signaling spreed server fqdn> ansible_host=<signaling server IP>
|
turn0.example.com ansible_host=192.168.0.14
|
||||||
|
|
||||||
[janus]
|
[janus]
|
||||||
<janus server fqdn> ansible_host=<janus server IP>
|
turn0.example.com ansible_host=192.168.0.14
|
||||||
|
|
|
@ -1,24 +1,23 @@
|
||||||
[nextcloud]
|
[nextcloud]
|
||||||
nx0-test.libreoffice.gob.mx ansible_host=10.201.15.250
|
nx0.test.virt.g02.org ansible_host=192.168.0.41
|
||||||
|
|
||||||
[postgresql]
|
[postgresql]
|
||||||
db0-test.libreoffice.gob.mx ansible_host=10.201.15.220
|
db0.test.virt.g02.org ansible_host=192.168.0.40
|
||||||
|
|
||||||
[redis]
|
[redis]
|
||||||
rds0-test.libreoffice.gob.mx ansible_host=10.201.15.24
|
rds0.test.virt.g02.org ansible_host=192.168.0.39
|
||||||
|
|
||||||
[coolwsd]
|
[coolwsd]
|
||||||
clwsd0-test.libreoffice.gob.mx ansible_host=10.201.15.132
|
cl0.test.virt.g02.org ansible_host=192.168.0.42
|
||||||
|
|
||||||
[turn]
|
[turn]
|
||||||
turn1.softwarelibre.mx
|
turn0.test.virt.g02.org ansible_host=192.168.0.43
|
||||||
|
|
||||||
[nats]
|
[nats]
|
||||||
nats1.softwarelibre.mx ansible_host=10.201.15.199
|
turn0.test.virt.g02.org ansible_host=192.168.0.43
|
||||||
|
|
||||||
[signaling]
|
[signaling]
|
||||||
signaling1.softwarelibre.mx ansible_host=10.201.15.199
|
turn0.test.virt.g02.org ansible_host=192.168.0.43
|
||||||
|
|
||||||
[janus]
|
[janus]
|
||||||
janus1.softwarelibre.mx ansible_host=10.201.15.199
|
turn0.test.virt.g02.org ansible_host=192.168.0.43
|
||||||
|
|
||||||
|
|
|
@ -24,3 +24,17 @@
|
||||||
include_tasks: redhat_tasks.yaml
|
include_tasks: redhat_tasks.yaml
|
||||||
when: ansible_facts['os_family'] == 'RedHat'
|
when: ansible_facts['os_family'] == 'RedHat'
|
||||||
|
|
||||||
|
- name: "Set hostname"
|
||||||
|
ansible.builtin.hostname:
|
||||||
|
name: "{{ inventory_hostname }}"
|
||||||
|
use: systemd
|
||||||
|
|
||||||
|
- name: "Build hosts file"
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/hosts
|
||||||
|
regexp: '.*{{ item }}$'
|
||||||
|
line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['ansible_fqdn'] }} {{ hostvars[item]['ansible_hostname'] }}"
|
||||||
|
state: present
|
||||||
|
when: hostvars[item].ansible_default_ipv4.address is defined
|
||||||
|
loop: "{{ groups['all'] }}"
|
||||||
|
|
||||||
|
|
|
@ -33,3 +33,13 @@
|
||||||
tags:
|
tags:
|
||||||
- nextcloud_collabora
|
- nextcloud_collabora
|
||||||
|
|
||||||
|
- name: Open up required firewall ports
|
||||||
|
block:
|
||||||
|
- name: Open ports for CODE service
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: 9980/tcp
|
||||||
|
permanent: yes
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
when: code_firewalld_enabled | bool
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
package:
|
package:
|
||||||
state: latest
|
state: latest
|
||||||
name:
|
name:
|
||||||
|
- bzip2
|
||||||
- nginx
|
- nginx
|
||||||
- php-cli
|
- php-cli
|
||||||
- php-curl
|
- php-curl
|
||||||
|
@ -18,6 +19,8 @@
|
||||||
- php-json
|
- php-json
|
||||||
- php-ldap
|
- php-ldap
|
||||||
- php-mbstring
|
- php-mbstring
|
||||||
|
- php-memcache
|
||||||
|
- php-opcache
|
||||||
- php-openssl
|
- php-openssl
|
||||||
- php-pcre
|
- php-pcre
|
||||||
- php-pdo
|
- php-pdo
|
||||||
|
@ -36,7 +39,6 @@
|
||||||
- python3-pyOpenSSL
|
- python3-pyOpenSSL
|
||||||
- sudo
|
- sudo
|
||||||
- tar
|
- tar
|
||||||
- bzip2
|
|
||||||
|
|
||||||
- name: Create nextcloud nginx configuration directory
|
- name: Create nextcloud nginx configuration directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
@ -137,6 +139,24 @@
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
|
||||||
|
- name: Open up required firewall ports
|
||||||
|
block:
|
||||||
|
- name: Open ports for HTTP service
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: http
|
||||||
|
permanent: yes
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
|
||||||
|
- name: Open ports for HTTPS service
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: https
|
||||||
|
permanent: yes
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
when: nextcloud_firewalld_enabled | bool
|
||||||
|
|
||||||
- name: Remove config_is_read_only setting from config.php
|
- name: Remove config_is_read_only setting from config.php
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ nextcloud_path }}/config/config.php"
|
path: "{{ nextcloud_path }}/config/config.php"
|
||||||
|
|
|
@ -75,3 +75,13 @@
|
||||||
tags:
|
tags:
|
||||||
- database
|
- database
|
||||||
|
|
||||||
|
- name: Open up required firewall ports
|
||||||
|
block:
|
||||||
|
- name: Open ports for PostgreSQL service
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: postgresql
|
||||||
|
permanent: yes
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
when: postgresql_firewalld_enabled | bool
|
||||||
|
|
||||||
|
|
|
@ -1,54 +1,31 @@
|
||||||
---
|
---
|
||||||
# tasks file for pre
|
# tasks file for pre
|
||||||
- name: Update the /etc/hosts file with node host name
|
- name: Create fact directory
|
||||||
tags: etchostsupdate
|
file:
|
||||||
become: yes
|
path: /etc/ansible/facts.d/
|
||||||
become_user: root
|
state: directory
|
||||||
lineinfile:
|
|
||||||
path: "/etc/hosts"
|
|
||||||
regexp: ".*\t{{ ansible_hostname }}"
|
|
||||||
#TODO: crear una variable que tenga la IP del balanceador
|
|
||||||
line: "{{ nextcloud_host_ip }}\t{{ nextcloud_fqdn }} {{ nextcloud_hostname }}"
|
|
||||||
state: present
|
|
||||||
backup: yes
|
|
||||||
register: etchostsupdate
|
|
||||||
|
|
||||||
# - name: Update the /etc/hosts file with node domain name
|
- name: Create nextcloud custom facts
|
||||||
# tags: etchostsupdate_domain
|
copy:
|
||||||
# become: yes
|
src: nextcloud.fact
|
||||||
# become_user: root
|
dest: /etc/ansible/facts.d/nextcloud.fact
|
||||||
# lineinfile:
|
mode: 0775
|
||||||
# path: "/etc/hosts"
|
force: yes
|
||||||
# line: "{{ nextcloud_host }}\t{{ nextcloud_fqdn }}"
|
tags:
|
||||||
# state: present
|
- check_facts
|
||||||
# backup: yes
|
|
||||||
|
|
||||||
- name: Create fact directory
|
- name: Check if nextcloud is unpacked
|
||||||
file:
|
stat:
|
||||||
path: /etc/ansible/facts.d/
|
path: /var/www/html/config/config.sample.php
|
||||||
state: directory
|
register: nextcloud_is_unpacked
|
||||||
|
|
||||||
- name: Create nextcloud custom facts
|
- name: Reload facts
|
||||||
copy:
|
setup:
|
||||||
src: nextcloud.fact
|
tags:
|
||||||
dest: /etc/ansible/facts.d/nextcloud.fact
|
- check_facts
|
||||||
mode: 0775
|
|
||||||
force: yes
|
|
||||||
tags:
|
|
||||||
- check_facts
|
|
||||||
|
|
||||||
- name: Check if nextcloud is unpacked
|
- name: Pre tasks for Red Hat distros
|
||||||
stat:
|
include_tasks: redhat_pre_tasks.yaml
|
||||||
path: /var/www/html/config/config.sample.php
|
when:
|
||||||
register: nextcloud_is_unpacked
|
ansible_facts['os_family'] == "RedHat"
|
||||||
|
|
||||||
- name: Reload facts
|
|
||||||
setup:
|
|
||||||
tags:
|
|
||||||
- check_facts
|
|
||||||
|
|
||||||
- name: Pre tasks for Red Hat distros
|
|
||||||
include_tasks: redhat_pre_tasks.yaml
|
|
||||||
when:
|
|
||||||
ansible_facts['os_family'] == "RedHat"
|
|
||||||
|
|
||||||
|
|
|
@ -33,3 +33,13 @@
|
||||||
tags:
|
tags:
|
||||||
- check_redis
|
- check_redis
|
||||||
|
|
||||||
|
- name: Open up required firewall ports
|
||||||
|
block:
|
||||||
|
- name: Open ports for Redis service
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: redis
|
||||||
|
permanent: yes
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
when: redis_firewalld_enabled | bool
|
||||||
|
|
||||||
|
|
133
nextcloud/ansible/vars/main.example.yaml
Normal file
133
nextcloud/ansible/vars/main.example.yaml
Normal file
|
@ -0,0 +1,133 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# NextCloud
|
||||||
|
# The nexctloud_checksum changes with every release to get this string go to:
|
||||||
|
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
|
||||||
|
# for the proper version
|
||||||
|
## version
|
||||||
|
nextcloud_version: 29.0.2
|
||||||
|
nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
|
||||||
|
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
|
||||||
|
php_version: 8.3
|
||||||
|
|
||||||
|
## credentials
|
||||||
|
nextcloud_admin_user: admin
|
||||||
|
nextcloud_admin_password: UnaContraseñaBienDifícil.
|
||||||
|
|
||||||
|
## domain
|
||||||
|
nextcloud_fqdn: nx0.example.com
|
||||||
|
nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
|
||||||
|
nextcloud_hostname: nx0
|
||||||
|
|
||||||
|
## db
|
||||||
|
db_host: db0.example.com
|
||||||
|
nextcloud_db: nextcloud
|
||||||
|
nextcloud_db_user: nextcloud
|
||||||
|
nextcloud_db_user_password: Unacontraseñabien.
|
||||||
|
postgresql_firewalld_enabled: true
|
||||||
|
|
||||||
|
## LDAP
|
||||||
|
ldap_enabled: false
|
||||||
|
ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
|
||||||
|
ldap_server_host: id0.example.com
|
||||||
|
ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
|
||||||
|
ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
|
||||||
|
ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
|
||||||
|
ldapAgentName: "cn=Directory Manager"
|
||||||
|
ldapAgentPassword: "{{ ldap_agent_password }}"
|
||||||
|
ldapHost: "{{ ldap_server_host }}"
|
||||||
|
hasMemberOfFilterSupport: 1
|
||||||
|
ldapEmailAttribute: mail
|
||||||
|
ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
|
||||||
|
ldapPort: 389
|
||||||
|
ldapUserFilter: "(&(|(objectclass=posixAccount)))"
|
||||||
|
ldapUserFilterObjectclass: posixAccount
|
||||||
|
ldapConfigurationActive: 1
|
||||||
|
|
||||||
|
|
||||||
|
## occ
|
||||||
|
nextcloud_occ: "{{ nextcloud_path }}/occ"
|
||||||
|
|
||||||
|
## S3
|
||||||
|
nextcloud_s3_enabled: true
|
||||||
|
nextcloud_s3_hostname: fqdn_or_ip # change me
|
||||||
|
nextcloud_s3_key: usuario # change me
|
||||||
|
nextcloud_s3_secret: password_muy_difícil # change me
|
||||||
|
nextcloud_s3_bucket: contenedor # change me
|
||||||
|
|
||||||
|
## security
|
||||||
|
## Set this to true for production
|
||||||
|
nextcloud_config_is_read_only: true
|
||||||
|
nextcloud_firewalld_enabled: true
|
||||||
|
|
||||||
|
|
||||||
|
# Redis
|
||||||
|
redis_host: rds0.example.com
|
||||||
|
redis_user: nextcloud
|
||||||
|
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
|
||||||
|
redis_url: "https://{{ redis_host }}"
|
||||||
|
redis_path: /etc/redis
|
||||||
|
redis_firewalld_enabled: true
|
||||||
|
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
key_size: 4096
|
||||||
|
key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
|
||||||
|
country_name: MX
|
||||||
|
organization_name: Mi Organización bien chida, LTD
|
||||||
|
generate_self_signed_cert: true
|
||||||
|
|
||||||
|
|
||||||
|
# Colabora Online (coolwsd)
|
||||||
|
coolwsd_host: cl0.example.com
|
||||||
|
code_enable_ssl: false
|
||||||
|
code_enable_ssl_termination: true
|
||||||
|
code_ssl_key: ""
|
||||||
|
code_ssl_cert: ""
|
||||||
|
code_ssl_ca: ""
|
||||||
|
code_firewalld_enabled: true
|
||||||
|
|
||||||
|
## The only way to make notify_push work without a signed cert is to use plain http
|
||||||
|
notify_push_nextcloud_url: http://localhost
|
||||||
|
|
||||||
|
|
||||||
|
# reverse proxy
|
||||||
|
reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
|
||||||
|
|
||||||
|
|
||||||
|
# turn
|
||||||
|
turn_fqdn: turn0.example.com
|
||||||
|
turn_firewalld_enabled: false
|
||||||
|
turn_letsencrypt_certificate_enabled: true
|
||||||
|
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
|
||||||
|
|
||||||
|
|
||||||
|
# nats
|
||||||
|
nats_fqdn: turn0.example.com
|
||||||
|
nats_firewalld_enabled: false
|
||||||
|
nats_letsencrypt_certificate_enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
# signaling
|
||||||
|
signaling_fqdn: turn0.example.com
|
||||||
|
signaling_debug: false
|
||||||
|
signaling_firewalld_enabled: false
|
||||||
|
signaling_letsencrypt_certificate_enabled: true
|
||||||
|
signaling_connections_per_host: 16
|
||||||
|
signaling_backend_name: nextcloud
|
||||||
|
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
|
||||||
|
|
||||||
|
|
||||||
|
# janus
|
||||||
|
janus_firewalld_enabled: false
|
||||||
|
janus_letsencrypt_certificate_enabled: false
|
||||||
|
janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
|
||||||
|
janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
|
||||||
|
|
||||||
|
|
||||||
|
# nextcloud spreed (talk)
|
||||||
|
nextcloud_talk_turn_server: "{{ turn_fqdn }}"
|
||||||
|
nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
|
||||||
|
nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
|
||||||
|
nextcloud_talk_stun_server: "{{ turn_fqdn }}"
|
||||||
|
|
|
@ -5,25 +5,26 @@
|
||||||
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
|
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
|
||||||
# for the proper version
|
# for the proper version
|
||||||
## version
|
## version
|
||||||
nextcloud_version: 28.0.3
|
nextcloud_version: 29.0.2
|
||||||
nextcloud_checksum: "sha256:9ed413c0de16f5b033ceeffcca99c0d61fc698dbeb8db851ac9adf9eef951906"
|
nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
|
||||||
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-28.0.3.tar.bz2
|
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
|
||||||
php_version: 8.2
|
php_version: 8.3
|
||||||
|
|
||||||
## credentials
|
## credentials
|
||||||
nextcloud_admin_user: el_admin
|
nextcloud_admin_user: admin
|
||||||
nextcloud_admin_password: Una contraseña bien difícil.
|
nextcloud_admin_password: UnaContraseñaBienDifícil.
|
||||||
|
|
||||||
## domain
|
## domain
|
||||||
nextcloud_fqdn: nextcloud.midominio.tld
|
nextcloud_fqdn: cs9-nc-nx0.test.virt.g02.org
|
||||||
nextcloud_host_ip: 10.0.5.33
|
nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
|
||||||
nextcloud_hostname: nextcloud
|
nextcloud_hostname: cs9-nc-nx0
|
||||||
|
|
||||||
## db
|
## db
|
||||||
db_host: 10.0.5.43
|
db_host: cs9-nc-db0.test.virt.g02.org
|
||||||
nextcloud_db: nextcloud
|
nextcloud_db: nextcloud
|
||||||
nextcloud_db_user: nextcloud
|
nextcloud_db_user: nextcloud
|
||||||
nextcloud_db_user_password: Una contraseña bien, pero bien difícil.
|
nextcloud_db_user_password: Unacontraseñabien.
|
||||||
|
postgresql_firewalld_enabled: true
|
||||||
|
|
||||||
## LDAP
|
## LDAP
|
||||||
ldap_enabled: false
|
ldap_enabled: false
|
||||||
|
@ -48,7 +49,7 @@ ldapConfigurationActive: 1
|
||||||
nextcloud_occ: "{{ nextcloud_path }}/occ"
|
nextcloud_occ: "{{ nextcloud_path }}/occ"
|
||||||
|
|
||||||
## S3
|
## S3
|
||||||
nextcloud_s3_enabled: true
|
nextcloud_s3_enabled: false
|
||||||
nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame
|
nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame
|
||||||
nextcloud_s3_key: usuario # cámbiame
|
nextcloud_s3_key: usuario # cámbiame
|
||||||
nextcloud_s3_secret: password_muy_difícil # cámbiame
|
nextcloud_s3_secret: password_muy_difícil # cámbiame
|
||||||
|
@ -57,14 +58,16 @@ nextcloud_s3_bucket: contenedor # cámbiame
|
||||||
## security
|
## security
|
||||||
## Set this to true for production
|
## Set this to true for production
|
||||||
nextcloud_config_is_read_only: true
|
nextcloud_config_is_read_only: true
|
||||||
|
nextcloud_firewalld_enabled: true
|
||||||
|
|
||||||
|
|
||||||
# Redis
|
# Redis
|
||||||
redis_host: 10.0.5.53
|
redis_host: cs9-nc-rds0.test.virt.g02.org
|
||||||
redis_user: nextcloud
|
redis_user: nextcloud
|
||||||
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
|
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
|
||||||
redis_url: "https://{{ redis_host }}"
|
redis_url: "https://{{ redis_host }}"
|
||||||
redis_path: /etc/redis
|
redis_path: /etc/redis
|
||||||
|
redis_firewalld_enabled: true
|
||||||
|
|
||||||
|
|
||||||
# SSL
|
# SSL
|
||||||
|
@ -76,39 +79,40 @@ generate_self_signed_cert: true
|
||||||
|
|
||||||
|
|
||||||
# Colabora Online (coolwsd)
|
# Colabora Online (coolwsd)
|
||||||
coolwsd_host: 10.0.5.64
|
coolwsd_host: cs9-nc-cl0.test.virt.g02.org
|
||||||
code_enable_ssl: false
|
code_enable_ssl: false
|
||||||
code_enable_ssl_termination: true
|
code_enable_ssl_termination: true
|
||||||
code_ssl_key: ""
|
code_ssl_key: ""
|
||||||
code_ssl_cert: ""
|
code_ssl_cert: ""
|
||||||
code_ssl_ca: ""
|
code_ssl_ca: ""
|
||||||
|
code_firewalld_enabled: true
|
||||||
|
|
||||||
## The only way to make notify_push work without a signed cert is to use plain http
|
## The only way to make notify_push work without a signed cert is to use plain http
|
||||||
notify_push_nextcloud_url: http://localhost
|
notify_push_nextcloud_url: http://localhost
|
||||||
|
|
||||||
|
|
||||||
# reverse proxy
|
# reverse proxy
|
||||||
reverse_proxy_ip: 10.0.5.1
|
reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
|
||||||
|
|
||||||
|
|
||||||
# turn
|
# turn
|
||||||
turn_fqdn: turn0.midominio.tld
|
turn_fqdn: f40-nc-turn0.test.virt.g02.org
|
||||||
turn_firewalld_enabled: false
|
turn_firewalld_enabled: false
|
||||||
turn_letsencrypt_certificate_enabled: true
|
turn_letsencrypt_certificate_enabled: false
|
||||||
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
|
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
|
||||||
|
|
||||||
|
|
||||||
# nats
|
# nats
|
||||||
nats_fqdn: turn0.midominio.tld
|
nats_fqdn: f40-nc-turn0.test.virt.g02.org
|
||||||
nats_firewalld_enabled: false
|
nats_firewalld_enabled: false
|
||||||
nats_letsencrypt_certificate_enabled: false
|
nats_letsencrypt_certificate_enabled: false
|
||||||
|
|
||||||
|
|
||||||
# signaling
|
# signaling
|
||||||
signaling_fqdn: turn0.midominio.tld
|
signaling_fqdn: f40-nc-turn0.test.virt.g02.org
|
||||||
signaling_debug: false
|
signaling_debug: false
|
||||||
signaling_firewalld_enabled: false
|
signaling_firewalld_enabled: false
|
||||||
signaling_letsencrypt_certificate_enabled: true
|
signaling_letsencrypt_certificate_enabled: false
|
||||||
signaling_connections_per_host: 16
|
signaling_connections_per_host: 16
|
||||||
signaling_backend_name: nextcloud
|
signaling_backend_name: nextcloud
|
||||||
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
|
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
|
Loading…
Reference in a new issue