nextcloud: versión funcional de configuración de SMTP

nextcloud/ansible/.gitignore

@@ -7,8 +7,7 @@ files/backups/*
 
 # variable3s
 vars/main.*.yaml
-!vars/main.example.yaml
-!vars/main.test.yaml
+!vars/main.ejemplo.yaml
 
 # misc
 *~

nextcloud/ansible/deploy-example-talk-ha.yaml

@@ -32,6 +32,7 @@
   roles:
     - name: redis
 
+# Este es el collabora
 - hosts: coolwsd
   vars_files:
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
@@ -50,8 +51,8 @@
 
 - hosts: turn
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.example.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: turn
     - name: nats-server

nextcloud/ansible/deploy-test.yaml

@@ -1,7 +1,7 @@
 - hosts: localhost
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   vars:
     services:
       - nginx
@@ -11,37 +11,38 @@
     - name: certificates
 
 - hosts: all
+  serial: 1
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: common
 
 - hosts: postgresql
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: postgresql
 
 - hosts: redis
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: redis
 
 - hosts: coolwsd
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: coolwsd
 
 - hosts: nextcloud
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: nextcloud
     - name: coolwsd-nginx
@@ -49,10 +50,11 @@
 
 - hosts: turn
   vars_files:
-    - "vars/{{ ansible_facts['os_family'] }}.yaml"
     - vars/main.test.yaml
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: turn
     - name: nats-server
     - name: signaling-server
     - name: janus
+

nextcloud/ansible/inventory-example-single-no-talk-ha

@@ -1,29 +1,12 @@
-# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
-# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
-#
-# For example:
-#
-# /etc/hosts:
-# # Loopback entries; do not change.
-# For historical reasons, localhost precedes localhost.localdomain:
-# 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-# ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-#
-# # my nextcloud
-# 192.168.0.10 nx0.example.com nx0
-# 192.168.0.11 db0.example.com db0
-# 192.168.0.12 rds0.example.com rds0
-# 192.168.0.13 cl0.example.com cl0
-
-[nextcloud]
-nx0.example.com ansible_host=192.168.0.10
+[redis]
+<your server fqdn>
 
 [postgresql]
-db0.example.com ansible_host=192.168.0.11
+<your server fqdn>
 
-[redis]
-rds0.example.com ansible_host=192.168.0.12
+[nextcloud]
+<your server fqdn>
 
 [coolwsd]
-cl0.example.com ansible_host=192.168.0.13
+<your server fqdn>
 

nextcloud/ansible/inventory-example-talk-ha

@@ -1,42 +1,25 @@
-# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
-# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
-#
-# For example:
-#
-# /etc/hosts:
-# # Loopback entries; do not change.
-# For historical reasons, localhost precedes localhost.localdomain:
-# 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
-# ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
-#
-# # my nextcloud
-# 192.168.0.10 nx0.example.com nx0
-# 192.168.0.11 db0.example.com db0
-# 192.168.0.12 rds0.example.com rds0
-# 192.168.0.13 cl0.example.com cl0
-# 192.168.0.14 turn0.example.com turn0
-
-[nextcloud]
-nx0.example.com ansible_host=192.168.0.10
+[redis]
+<your server fqdn>
 
 [postgresql]
-db0.example.com ansible_host=192.168.0.11
+<your server fqdn>
 
-[redis]
-rds0.example.com ansible_host=192.168.0.12
+[nextcloud]
+<your server fqdn>
 
 [coolwsd]
-cl0.example.com ansible_host=192.168.0.13
+<your server fqdn>
 
-# Nextcloud Talk
+
+# Uncomment this if you're going to use HA with Nextcloud Talk
 [turn]
-turn0.example.com ansible_host=192.168.0.14
+<turn server fqdn>
 
 [nats]
-turn0.example.com ansible_host=192.168.0.14
+<nats server fqdn> ansible_host=<nats server IP>
 
 [signaling]
-turn0.example.com ansible_host=192.168.0.14
+<signaling spreed server fqdn> ansible_host=<signaling server IP>
 
 [janus]
-turn0.example.com ansible_host=192.168.0.14
+<janus server fqdn> ansible_host=<janus server IP>

nextcloud/ansible/inventory-test

@@ -1,23 +1,24 @@
 [nextcloud]
-nx0.test.virt.g02.org ansible_host=192.168.0.41
+nx0-test.libreoffice.gob.mx ansible_host=10.201.15.250
 
 [postgresql]
-db0.test.virt.g02.org ansible_host=192.168.0.40
+db0-test.libreoffice.gob.mx ansible_host=10.201.15.220
 
 [redis]
-rds0.test.virt.g02.org ansible_host=192.168.0.39
+rds0-test.libreoffice.gob.mx ansible_host=10.201.15.24
 
 [coolwsd]
-cl0.test.virt.g02.org ansible_host=192.168.0.42
+clwsd0-test.libreoffice.gob.mx ansible_host=10.201.15.132
 
 [turn]
-turn0.test.virt.g02.org ansible_host=192.168.0.43
+turn1.softwarelibre.mx
 
 [nats]
-turn0.test.virt.g02.org ansible_host=192.168.0.43
+nats1.softwarelibre.mx ansible_host=10.201.15.199
 
 [signaling]
-turn0.test.virt.g02.org ansible_host=192.168.0.43
+signaling1.softwarelibre.mx ansible_host=10.201.15.199
 
 [janus]
-turn0.test.virt.g02.org ansible_host=192.168.0.43
+janus1.softwarelibre.mx ansible_host=10.201.15.199
+

nextcloud/ansible/roles/common/tasks/main.yml

@@ -24,17 +24,3 @@
   include_tasks: redhat_tasks.yaml
   when: ansible_facts['os_family'] == 'RedHat'
 
-- name: "Set hostname"
-  ansible.builtin.hostname:
-    name: "{{ inventory_hostname }}"
-    use: systemd
-
-- name: "Build hosts file"
-  lineinfile:
-    dest: /etc/hosts
-    regexp: '.*{{ item }}$'
-    line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['ansible_fqdn'] }} {{ hostvars[item]['ansible_hostname'] }}"
-    state: present
-  when: hostvars[item].ansible_default_ipv4.address is defined
-  loop: "{{ groups['all'] }}"
-

nextcloud/ansible/roles/coolwsd-nginx/templates/coolwsd.conf.j2

@@ -37,7 +37,6 @@
 
     # static files
     location ^~ /browser {
-        rewrite ^/browser/([0-9]+(\.[0-9]+)+)/(.*)$ /browser/dist/$3 last;
         proxy_pass http://{{ coolwsd_host }}:9980;
         proxy_set_header Host $http_host;
     }

nextcloud/ansible/roles/coolwsd/tasks/main.yaml

@@ -1,45 +1,35 @@
 ---
-# tasks file for coolwsd
+  # tasks file for coolwsd
 
-- name: Import GobMx key
-  ansible.builtin.rpm_key:
-    state: present
-    key: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.gpg
+  #TODO: Esta parte hay que sacarla de nuestros propios repos
+  - name: Import Collabora key
+    ansible.builtin.rpm_key:
+      state: present
+      key: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/repodata/repomd.xml.key
 
-- name: Install libreoffice.gob.mx CentOS repo
-  get_url:
-    url: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.repo
-    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
-    mode: '0644'
-    owner: root
-    group: root
+  - name: Add Collabora repository for Red Hat distros
+    yum_repository:
+      name: CollaboraOnline
+      description: Collabora Online
+      baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8
 
-- name: Install Collabora Online Packages
-  package:
-    name:
-      - coolwsd
-    state: latest
+  - name: Install Collabora Online Packages
+    package: 
+      name:
+        - coolwsd
+        - CODE-brand
+      state: latest
 
-- name: Copy collabora configuration files
-  template:
-    src: templates/coolwsd.xml.j2
-    dest: /etc/coolwsd/coolwsd.xml
+  - name: Copy collabora configuration files
+    template:
+      src: templates/coolwsd.xml.j2
+      dest: /etc/coolwsd/coolwsd.xml
 
-- name: Enable Libre Office Web services
-  systemd:
-    name: coolwsd
-    enabled: yes
-    state: restarted
-  tags:
-    - nextcloud_collabora
-
-- name: Open up required firewall ports
-  block:
-    - name: Open ports for CODE service
-      ansible.posix.firewalld:
-        port: 9980/tcp
-        permanent: yes
-        immediate: true
-        state: enabled
-  when: code_firewalld_enabled | bool
+  - name: Enable Libre Office Web services
+    systemd:
+      name: coolwsd
+      enabled: yes
+      state: restarted
+    tags:
+      - nextcloud_collabora
 

nextcloud/ansible/roles/janus/tasks/main.yml

@@ -4,6 +4,14 @@
     name: '*'
     state: latest
 
+- name: Install libreoffice.gob.mx repo
+  get_url:
+    url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
+    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
+    mode: '0644'
+    owner: root
+    group: root
+
 - name: Install required packages
   ansible.builtin.package:
     name:

nextcloud/ansible/roles/nextcloud-spreed/tasks/main.yml

@@ -20,7 +20,7 @@
   ansible.builtin.shell:
     cmd: |
       /usr/bin/php "{{ nextcloud_occ }}" talk:turn:delete {{ turn_fqdn }}:3478 udp,tcp
-      /usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- turn,turns {{ turn_fqdn }}:3478 udp,tcp
+      /usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- {{ turn_fqdn }}:3478 udp,tcp
   become: true
   become_user: "{{ web_user }}"
 

nextcloud/ansible/roles/nextcloud/tasks/main.yml

@@ -3,7 +3,6 @@
   package:
     state: latest
     name:
-      - bzip2
       - nginx
       - php-cli
       - php-curl
@@ -19,8 +18,6 @@
       - php-json
       - php-ldap
       - php-mbstring
-      - php-memcache
-      - php-opcache
       - php-openssl
       - php-pcre
       - php-pdo
@@ -39,6 +36,7 @@
       - python3-pyOpenSSL
       - sudo
       - tar
+      - bzip2
 
 - name: Create nextcloud nginx configuration directory
   ansible.builtin.file:
@@ -139,24 +137,6 @@
     enabled: yes
     state: restarted
 
-
-- name: Open up required firewall ports
-  block:
-    - name: Open ports for HTTP service
-      ansible.posix.firewalld:
-        service: http
-        permanent: yes
-        immediate: true
-        state: enabled
-
-    - name: Open ports for HTTPS service
-      ansible.posix.firewalld:
-        service: https
-        permanent: yes
-        immediate: true
-        state: enabled
-  when: nextcloud_firewalld_enabled | bool
-
 - name: Remove config_is_read_only setting from config.php
   lineinfile:
     path: "{{ nextcloud_path }}/config/config.php"
@@ -403,6 +383,43 @@
     - redis
     - notify_push
 
+- name: Setup SMTP
+  block:
+    - name: Unset Nextcloud's config.php read-only setting.
+      lineinfile:
+        path: "{{ nextcloud_path }}/config/config.php"
+        state: absent
+        regexp: "config_is_read_only"
+
+    # TODO: Para que la configuración sea más flexible, debemos considerar que no todas estas variables se usan en todas las
+    #       permutaciones de la configuración. Necesitamos separarlas.
+    #
+    # issue: <pendiente>
+    - name: Configure SMTP
+      ansible.builtin.shell:
+        cmd: |
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtpmode --value={{ mail_smtpmode }} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_sendmailmode --value={{ mail_sendmailmode }} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtpsecure --value={{ mail_smtpsecure }} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_from_address --value={{ mail_from_address}} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_domain --value={{ mail_domain}} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtphost --value={{ mail_smtphost }} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtpport --value={{ mail_smtpport }} --type=integer
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtpauth --value={{ mail_smtpauth }} --type=integer
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtpname --value={{ mail_smtpname }} --type=string
+          /usr/bin/php {{ nextcloud_occ }} config:system:set mail_smtppassword  --value={{ mail_smtppassword }} --type=string
+      become: true
+      become_user: "{{ web_user }}"
+
+    - name: Set Nextcloud's config.php read only setting.
+      ansible.builtin.shell:
+        cmd: "/usr/bin/php {{ nextcloud_occ }} config:system:set config_is_read_only --value=true --type=bool"
+      become: true
+      become_user: "{{ web_user }}"
+  tags:
+    - smtp
+  when: mail_smtp_enabled
+
 - name: Enable Nextcloud Calendar
   ansible.builtin.shell:
     cmd: |

nextcloud/ansible/roles/postgresql/tasks/main.yml

@@ -75,13 +75,3 @@
   tags:
     - database
 
-- name: Open up required firewall ports
-  block:
-    - name: Open ports for PostgreSQL service
-      ansible.posix.firewalld:
-        service: postgresql
-        permanent: yes
-        immediate: true
-        state: enabled
-  when: postgresql_firewalld_enabled | bool
-

nextcloud/ansible/roles/pre/tasks/main.yml

@@ -1,31 +1,54 @@
 ---
 # tasks file for pre
-- name: Create fact directory
-  file:
-    path: /etc/ansible/facts.d/
-    state: directory
+  - name: Update the /etc/hosts file with node host name
+    tags: etchostsupdate
+    become: yes
+    become_user: root
+    lineinfile:
+      path: "/etc/hosts"
+      regexp: ".*\t{{ ansible_hostname }}"
+      #TODO: crear una variable que tenga la IP del balanceador
+      line: "{{ nextcloud_host_ip }}\t{{ nextcloud_fqdn }} {{ nextcloud_hostname }}"
+      state: present
+      backup: yes
+    register: etchostsupdate
 
-- name: Create nextcloud custom facts
-  copy:
-    src: nextcloud.fact
-    dest: /etc/ansible/facts.d/nextcloud.fact
-    mode: 0775
-    force: yes
-  tags:
-    - check_facts
+#  - name: Update the /etc/hosts file with node domain name
+#    tags: etchostsupdate_domain
+#    become: yes
+#    become_user: root
+#    lineinfile:
+#      path: "/etc/hosts"
+#      line: "{{ nextcloud_host }}\t{{ nextcloud_fqdn }}"
+#      state: present
+#      backup: yes
 
-- name: Check if nextcloud is unpacked
-  stat:
-    path: /var/www/html/config/config.sample.php
-  register: nextcloud_is_unpacked
+  - name: Create fact directory
+    file:
+      path: /etc/ansible/facts.d/
+      state: directory
 
-- name: Reload facts
-  setup:
-  tags:
-    - check_facts
+  - name: Create nextcloud custom facts
+    copy:
+      src: nextcloud.fact
+      dest: /etc/ansible/facts.d/nextcloud.fact
+      mode: 0775
+      force: yes
+    tags:
+      - check_facts
 
-- name: Pre tasks for Red Hat distros
-  include_tasks: redhat_pre_tasks.yaml
-  when:
-    ansible_facts['os_family'] == "RedHat"
+  - name: Check if nextcloud is unpacked
+    stat:
+      path: /var/www/html/config/config.sample.php
+    register: nextcloud_is_unpacked
+
+  - name: Reload facts
+    setup:
+    tags:
+      - check_facts
+
+  - name: Pre tasks for Red Hat distros
+    include_tasks: redhat_pre_tasks.yaml
+    when:
+      ansible_facts['os_family'] == "RedHat"
 

nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml

@@ -1,8 +1,5 @@
   - name: Enable The CRB Repository
     ansible.builtin.command: /usr/bin/dnf config-manager --set-enabled crb
-    when:
-      - ansible_os_family  == 'RedHat'
-      - ansible_distribution != 'Fedora'
 
 #- name: "Install Remi repo GPG key"
 #    rpm_key:
@@ -28,9 +25,6 @@
     ansible.builtin.rpm_key:
       state: present
       key: "https://rpms.remirepo.net/enterprise/{{ansible_distribution_major_version}}/RPM-GPG-KEY-remi"
-    when:
-      - ansible_os_family  == 'RedHat'
-      - ansible_distribution != 'Fedora'
 
   - name: Remi::Install REMI repository
     dnf:
@@ -56,9 +50,6 @@
 
   - name: Remi::Reset PHP module
     ansible.builtin.command: /usr/bin/dnf -y module reset php
-    when:
-      - ansible_os_family  == 'RedHat'
-      - ansible_distribution != 'Fedora'
 
   - name: Remi::Install PHP {{ php_version }} module
     ansible.builtin.command: /usr/bin/dnf -y module install php:remi-{{ php_version }}

nextcloud/ansible/roles/redis/tasks/main.yml

@@ -33,13 +33,3 @@
   tags:
     - check_redis
 
-- name: Open up required firewall ports
-  block:
-    - name: Open ports for Redis service
-      ansible.posix.firewalld:
-        service: redis
-        permanent: yes
-        immediate: true
-        state: enabled
-  when: redis_firewalld_enabled | bool
-

nextcloud/ansible/roles/signaling-server/handlers/main.yml

@@ -3,4 +3,4 @@
   ansible.builtin.systemd:
     state: restarted
     daemon_reload: yes
-    name: signaling
+    name: signaling-server

nextcloud/ansible/roles/signaling-server/tasks/main.yml

@@ -4,21 +4,29 @@
     state: latest
     name: '*'
 
-- name: Install libreoffice.gob.mx repo
-  get_url:
-    url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
-    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
-    mode: '0644'
-    owner: root
-    group: root
-
 - name: Install required packages
   ansible.builtin.package:
     state: latest
     name:
       - certbot
       - openssl
-      - nextcloud-spreed-signaling
+
+- name: Install signaling-server
+  block:
+    # TODO: Empaquetar signaling y proveerlo en Fedora
+    - name: Download signaling
+      get_url:
+        url: https://repos.libreoffice.gob.mx/signaling/signaling-latest.tar.gz
+        dest: /usr/src/signaling-latest.tar.gz
+        checksum: "{{ signaling_checksum }}"
+
+    - name: Unpack signaling-server
+      ansible.builtin.unarchive:
+        src: /usr/src/signaling-latest.tar.gz
+        dest: /
+        remote_src: yes
+        owner: root
+        group: root
 
 - name: Generate singaling hashkey and blockkey
   block:
@@ -40,6 +48,24 @@
       register: signaling_apikey
       failed_when: signaling_apikey.stdout | length != 32
 
+- name: Configure signaling-server
+  block:
+    - name: Create signaling-server system user
+      ansible.builtin.user:
+        name: signaling
+        system: yes
+        shell: /sbin/nologin
+        home: /var/lib/signaling
+        state: present
+
+    - name: Create configuration directory
+      ansible.builtin.file:
+        path: /etc/signaling
+        state: directory
+        mode: '0750'
+        owner: root
+        group: signaling
+
     - name: Setup configuration file
       ansible.builtin.template:
         src: signaling-server.conf.j2
@@ -49,6 +75,15 @@
         mode: '0640'
       notify: Systemd daemon-reload and restart
 
+    - name: Put signaling-server systemd service in place
+      ansible.builtin.copy:
+        src: signaling-server.service
+        dest: /etc/systemd/system/signaling-server.service
+        owner: root
+        group: root
+        mode: '0644'
+      notify: Systemd daemon-reload and restart
+
 - name: Open up required firewall ports
   block:
     - name: Open up TCP port 80 for LetsEncrypt
@@ -116,6 +151,6 @@
 
 - name: Start and enable signaling
   ansible.builtin.service:
-    name: signaling
+    name: signaling-server
     enabled: yes
 

nextcloud/ansible/vars/main.ejemplo.yaml

@@ -1,30 +1,39 @@
 ---
 
 # NextCloud
-# The nexctloud_checksum changes with every release to get this string go to:
-# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
-# for the proper version
 ## version
-nextcloud_version: 29.0.2
-nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
-nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
-php_version: 8.3
+nextcloud_version: 26.0.0
+nextcloud_url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2
+nextcloud_checksum: "sha256:f163150363aee9366ecb5cd5259bf6756ed4f073cea78b5fa515cada7a0d0c3d"
+php_version: 8.2
 
 ## credentials
-nextcloud_admin_user: admin
-nextcloud_admin_password: UnaContraseñaBienDifícil.
+nextcloud_admin_user: el_admin
+nextcloud_admin_password: Una contraseña bien difícil.
 
 ## domain
-nextcloud_fqdn: cs9-nc-nx0.test.virt.g02.org
-nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
-nextcloud_hostname: cs9-nc-nx0
+nextcloud_fqdn: nextcloud.midominio.tld
+nextcloud_host_ip: 10.0.5.33
+nextcloud_hostname: nextcloud
 
 ## db
-db_host: cs9-nc-db0.test.virt.g02.org
+db_host: 10.0.5.43
 nextcloud_db: nextcloud
 nextcloud_db_user: nextcloud
-nextcloud_db_user_password: Unacontraseñabien.
-postgresql_firewalld_enabled: true
+nextcloud_db_user_password: Una contraseña bien, pero bien difícil.
+
+## SMTP
+mail_smtp_enabled: false
+mail_smtpmode: smtp
+mail_sendmailmode: smtp
+mail_smtpsecure: ssl
+mail_from_address: CHANGEME
+mail_domain: CHANGEME
+mail_smtphost: CHANGEME
+mail_smtpport: 587
+mail_smtpauth: 0
+mail_smtpname: ''
+mail_smtppassword: ''
 
 ## LDAP
 ldap_enabled: false
@@ -49,7 +58,7 @@ ldapConfigurationActive: 1
 nextcloud_occ: "{{ nextcloud_path }}/occ"
 
 ## S3
-nextcloud_s3_enabled: false
+nextcloud_s3_enabled: true
 nextcloud_s3_hostname: dirección_ip_o_hostname  # cámbiame
 nextcloud_s3_key: usuario                       # cámbiame
 nextcloud_s3_secret: password_muy_difícil       # cámbiame
@@ -58,16 +67,14 @@ nextcloud_s3_bucket: contenedor                 # cámbiame
 ## security
 ## Set this to true for production
 nextcloud_config_is_read_only: true
-nextcloud_firewalld_enabled: true
 
 
 # Redis
-redis_host: cs9-nc-rds0.test.virt.g02.org
+redis_host: 10.0.5.53
 redis_user: nextcloud
 redis_password: ParángariCutirimiNoMeAcuerdoCuaro
 redis_url: "https://{{ redis_host }}"
 redis_path: /etc/redis
-redis_firewalld_enabled: true
 
 
 # SSL
@@ -79,40 +86,39 @@ generate_self_signed_cert: true
 
 
 # Colabora Online (coolwsd)
-coolwsd_host: cs9-nc-cl0.test.virt.g02.org
+coolwsd_host: 10.0.5.64
 code_enable_ssl: false
 code_enable_ssl_termination: true
 code_ssl_key: ""
 code_ssl_cert: ""
 code_ssl_ca: ""
-code_firewalld_enabled: true
 
 ## The only way to make notify_push work without a signed cert is to use plain http
 notify_push_nextcloud_url: http://localhost
 
 
 # reverse proxy
-reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
+reverse_proxy_ip: 10.0.5.1
 
 
 # turn
-turn_fqdn: f40-nc-turn0.test.virt.g02.org
+turn_fqdn: turn0.midominio.tld
 turn_firewalld_enabled: false
-turn_letsencrypt_certificate_enabled: false
+turn_letsencrypt_certificate_enabled: true
 turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
 
 
 # nats
-nats_fqdn: f40-nc-turn0.test.virt.g02.org
+nats_fqdn: turn0.midominio.tld
 nats_firewalld_enabled: false
 nats_letsencrypt_certificate_enabled: false
 
 
 # signaling
-signaling_fqdn: f40-nc-turn0.test.virt.g02.org
+signaling_fqdn: turn0.midominio.tld
 signaling_debug: false
 signaling_firewalld_enabled: false
-signaling_letsencrypt_certificate_enabled: false
+signaling_letsencrypt_certificate_enabled: true
 signaling_connections_per_host: 16
 signaling_backend_name: nextcloud
 signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76

nextcloud/ansible/vars/main.example.yaml

@@ -1,133 +0,0 @@
----
-
-# NextCloud
-# The nexctloud_checksum changes with every release to get this string go to:
-# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
-# for the proper version
-## version
-nextcloud_version: 29.0.2
-nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
-nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
-php_version: 8.3
-
-## credentials
-nextcloud_admin_user: admin
-nextcloud_admin_password: UnaContraseñaBienDifícil.
-
-## domain
-nextcloud_fqdn: nx0.example.com
-nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
-nextcloud_hostname: nx0
-
-## db
-db_host: db0.example.com
-nextcloud_db: nextcloud
-nextcloud_db_user: nextcloud
-nextcloud_db_user_password: Unacontraseñabien.
-postgresql_firewalld_enabled: true
-
-## LDAP
-ldap_enabled: false
-ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
-ldap_server_host: id0.example.com
-ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
-ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
-ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
-ldapAgentName: "cn=Directory Manager"
-ldapAgentPassword: "{{ ldap_agent_password }}"
-ldapHost: "{{ ldap_server_host }}"
-hasMemberOfFilterSupport: 1
-ldapEmailAttribute: mail
-ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
-ldapPort: 389
-ldapUserFilter: "(&(|(objectclass=posixAccount)))"
-ldapUserFilterObjectclass: posixAccount
-ldapConfigurationActive: 1
-
-
-## occ
-nextcloud_occ: "{{ nextcloud_path }}/occ"
-
-## S3
-nextcloud_s3_enabled: true
-nextcloud_s3_hostname: fqdn_or_ip               # change me
-nextcloud_s3_key: usuario                       # change me
-nextcloud_s3_secret: password_muy_difícil       # change me
-nextcloud_s3_bucket: contenedor                 # change me
-
-## security
-## Set this to true for production
-nextcloud_config_is_read_only: true
-nextcloud_firewalld_enabled: true
-
-
-# Redis
-redis_host: rds0.example.com
-redis_user: nextcloud
-redis_password: ParángariCutirimiNoMeAcuerdoCuaro
-redis_url: "https://{{ redis_host }}"
-redis_path: /etc/redis
-redis_firewalld_enabled: true
-
-
-# SSL
-key_size: 4096
-key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
-country_name: MX
-organization_name: Mi Organización bien chida, LTD
-generate_self_signed_cert: true
-
-
-# Colabora Online (coolwsd)
-coolwsd_host: cl0.example.com
-code_enable_ssl: false
-code_enable_ssl_termination: true
-code_ssl_key: ""
-code_ssl_cert: ""
-code_ssl_ca: ""
-code_firewalld_enabled: true
-
-## The only way to make notify_push work without a signed cert is to use plain http
-notify_push_nextcloud_url: http://localhost
-
-
-# reverse proxy
-reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
-
-
-# turn
-turn_fqdn: turn0.example.com
-turn_firewalld_enabled: false
-turn_letsencrypt_certificate_enabled: true
-turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
-
-
-# nats
-nats_fqdn: turn0.example.com
-nats_firewalld_enabled: false
-nats_letsencrypt_certificate_enabled: false
-
-
-# signaling
-signaling_fqdn: turn0.example.com
-signaling_debug: false
-signaling_firewalld_enabled: false
-signaling_letsencrypt_certificate_enabled: true
-signaling_connections_per_host: 16
-signaling_backend_name: nextcloud
-signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
-
-
-# janus
-janus_firewalld_enabled: false
-janus_letsencrypt_certificate_enabled: false
-janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
-janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
-
-
-# nextcloud spreed (talk)
-nextcloud_talk_turn_server: "{{ turn_fqdn }}"
-nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
-nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
-nextcloud_talk_stun_server: "{{ turn_fqdn }}"
-