strepsirrhini/lemur
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: strepsirrhini:master
Branches Tags
strepsirrhini:master
strepsirrhini:renich/cleanup
strepsirrhini:specs
strepsirrhini:imcsk8/add-email-settings
strepsirrhini:renich/doc
strepsirrhini:renich/titulos
strepsirrhini:jueves-de-hacking
..
compare: strepsirrhini:renich/doc
Branches Tags
strepsirrhini:renich/cleanup
strepsirrhini:master
strepsirrhini:specs
strepsirrhini:imcsk8/add-email-settings
strepsirrhini:renich/doc
strepsirrhini:renich/titulos
strepsirrhini:jueves-de-hacking

3 commits
master ... renich/doc

Author SHA1 Message Date
Renich Bon Ćirić
c4f1eb6cc9 nats: título de tarea más adecuado 
Se instalan dos paquetes: nats-server y certbot. El título decía
"Install certbot" y eso no era adecuado.
 2023-02-28 14:22:51 -06:00
Renich Bon Ćirić
d2ad0ea297 signaling: agregué un TODO para considerar si se usa letsencrypt 2023-02-28 14:04:18 -06:00
Renich Bon Ćirić
0f32a0c690 janus: agregué un TODO para configurar certificados 2023-02-28 14:01:51 -06:00
41 changed files with 314 additions and 1024 deletions
Show stats Expand all files Collapse all files

64
Doc/Nextcloud.md
View file

@ -1,64 +0,0 @@
\renewcommand{\contentsname}{Tabla de Contenido}
\tableofcontents
\newpage
**Nextcloud**
# Introducción
Nextcloud es un software de código abierto que ofrece soluciones prácticas, fáciles de usar y muy seguras de la cloud (Nube) para empresas, instituciones y personas. Es una herramienta que actua como un servidor de almacenamiento en la nube de: imagenes, documentos, fotgrafias, archivos, entre otros.
Permite su personalización a través de la instalación de apps o módulos, que sirven para tener funcionalidades más completas, según las necesidades de la empresa o institución. El acceso a los datos en la nube se realiza a través de la interfaz web y de diversas apps. Los directorios locales se sincronizarán de manera automática con el servidor. El resultado de un sistema así, es una plataforma segura que puede ser controlada y gestionada desde diferentes dispositivos.
# Objetivo
Facilitar la instalación de los distintos módulos de Nextcloud de acuerdo a las necesidades de las dependencias del Gobierno Federal, usando diferentes alternativas de software de código abierto. Proporcionar la información técnica necesaria para personalizar, instalar y mantener funcionando los módulos que se requieran, así como incorporar por medio de Collabora, las mejoras y adecuaciones realizadas a LibreOffice, acordes a las necesidades del gobierno federal, como por ejemplo la tipografía específica que utiliza.
# Alcance
Proporcionar la información necesaria para implementar diferentes arquitecturas con alternativas de software de código abierto ya analizadas y probadas, para la instalación y mantenimiento de Nextcloud y sus módulos o apps, con la intensión de que sea utilizado como una herramienta de uso generalizado dentro de las dependencias e instituciones del gobierno federal.
# Módulos de Nextcloud
>* **Nextcloud files** .- Sincroniza y comparte archivos en tiempo real.
1. **Collabora** .- Proporciona a los usuarios de Nextcloud un conjunto completo de documentos en la nube y maneja los principales formatos de documentos. Cuenta con una excelente interoperabilidad con los archivos de MS Office (LibreOffice) y ofrece una experiencia WYSIWYG excepcional. Acceda a un enorme repertorio de funciones cuando colabore en archivos de texto, presentaciones y hojas de cálculo.
2. Conversación desde archivos.
>* **Nextcloud Talk** .- Llamadas, Chats y reuniones a travéz de la web.
1. Conversasiones uno a uno.
2. Conversaciones grupales.
4. Compartir pantalla
3. Compartir archivos.
>* **Nextcloud Groupware** .- Sistema de Calendario, Emails y contactos.
# Directrices
* Utilizar Collabora con la versión de LibreOffice modificada para el Gobierno Federal
* Reforzar la seguridad de la información
* Tener acceso a la información desde cualquier dispositivo
*
# Referencias
## Referencias de Nextcloud
>* [Nextcloud](https://nextcloud.com/)
>* [Parámetros configurables de Nextcloud](https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration)
>* [Load Balancing](https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html)
>* [Manual de Usuario de Nextcloud](https://docs.nextcloud.com/server/latest/user_manual/es/index.html)
>* [Manual de escritorio de Nextcloud](https://docs.nextcloud.com/desktop/latest/index.html)
## Referencias de Collabora
>* [Collabora-Online](https://www.collaboraoffice.com/collabora-online/)
## LibreOffice
>* [LibreOffice](https://es.libreoffice.org/)

126
Doc/Referencias_Nextcloud.md
View file

@ -1,126 +0,0 @@
# Documentación Nextcloud
## Referencias
### Instalación de Nextcloud
* Nextcloud Home Project
https://nextcloud.com/
* Load Balancing
https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html
* Maintenance and Release Schedule
https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule
* Guía de Instalación de Nextcloud para Ubuntu y Devian.
https://www.c-rieger.de/nextcloud-installationsanleitung/
(Página en Alemán con traducción al Inglés y Español)
#### Configuración de Nextcloud:
* Parámetros configurables del gráfico nextcloud
https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration
### Instalación del Signaling
* Nextcloud HUB 4: Conversación/Señalización Servidor v. 1.1.2
https://www.c-rieger.de/nextcloud-hub4-talk-signaling-server/
(Página en Alemán con traducción al Inglés y Español)
* Nextcloud-spreed-signaling
https://github.com/strukturag/nextcloud-spreed-signaling
* Nextcloud-spreed-signaling V1.0.0
https://github.com/strukturag/nextcloud-spreed-signaling/releases/tag/v1.0.0
* Nextcloud-spreed-signaling Configuración
https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in
* Módulo Talk y External Signaling Server
https://help.nextcloud.com/t/talk-external-signaling-server-hpb-only-working-with-mobile-app/103122
* Configurando Nextcloud Signaling Server.
https://www.akirah.es/configurando-nextcloud-signaling-server/
### Instalación de Janus
Se requiere el janus para conectar con el spreed-singnaling server y tener el control de las comunicaciones en las conferencias.
* Janus Home Project
https://janus.conf.meetecho.com/
* Janus gateway
https://www.docker.com/swmansion/janus-gateway
* High-Tech talk on Talk? STUN, TURN, Janus Signaling
https://help.nextcloud.com/t/high-tech-talk-on-talk-stun-turn-janus-signaling/81237
#### Configuración de Janus
* Setup nextcloud-spreed-signaling standalone server on Ubuntu
https://morph027.gitlab.io/blog/nextcloud-spreed-signaling/
### Instalación de NATS
* NATS Home Page Project
https://nats.io/
* NATS Docs
https://docs.nats.io/running-a-nats-service/introduction/installation#installing-via-a-package-manager
* Configuración del Servidor NATS
https://github.com/strukturag/nextcloud-spreed-signaling#setup-of-nats-server
* NATS Server Versión 2.8.4
https://github.com/nats-io/nats-server/releases/tag/v2.8.4
* Configuración NATS
https://github.com/nats-io/nats-server/blob/main/conf/simple.conf
* NATS RPM
https://github.com/nats-io/nats-server/releases/download/v2.8.4/nats-server-v2.8.4-amd64.rpm
* NATS Util
https://github.com/nats-io/nats-server/tree/main/util
* NATS Configuración
https://github.com/nats-io/nats-server/blob/main/util/nats-server-hardened.service
### Configurar Janus y Nats en el Signaling
### Instalar Collabora
* Página de Collabora-Online
https://www.collaboraoffice.com/collabora-online/
* Proyecto de Collabora Online
https://github.com/CollaboraOnline/online
* Enlace para bajar collabora para centos8
https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/
### Referencias de LibreOffice OnLine:
* Integrar LibreOffice Online con Nextcloud
https://ask.libreoffice.org/t/how-can-i-integrate-libreoffice-with-nextcloud-for-free-is-there-a-free-solution/25309
* LibreOffice Online
https://es.libreoffice.org/descarga/libreoffice-online/
* Rpms LibreOffice
https://src.fedoraproject.org/rpms/libreoffice.git
### Referencias de LibreOffice
* LibreOffice
https://es.libreoffice.org/
* Versiones de LibreOffice
https://dev-builds.libreoffice.org/daily/
Nuestro Repo:

107
Doc/nextcloud_tec/Nextcloud_Inf_Tec.md
View file

@ -1,107 +0,0 @@
\renewcommand{\contentsname}{Tabla de Contenido}
\tableofcontents
\newpage
**Nextcloud**
# Consideraciones Técnicas
## Características de diseño
## Arquitectura
![Arquitectura de Alto Nivel](lemur_arquitectura_alto_nivel.png)
Módulo de Archivos:
Object Storage: Almacenamiento de objetos
PostgreSQL DB:
Collabora OnLine:
Módulo Talk:
Signaling-Janus-Turn: Servidor de Señalización -
IdM: Internet Download Manager
![Arquitectura de Referencia 0](nextcloud_arquitectura_referencia_0.png)
![Arquitectura de Referencia 1](nextcloud_arquitectura_referencia_1.png)
![Arquitectura de Referencia 3](nextcloud_arquitectura_referencia_3.png)
![Operador](nextcloud_operator.png)
### Roles
Certificates
Common
Coolwsd (Collabora Módulo de Archivos)
Coolwsd-nginx
Janus (Módulo Talk)
nats-server
nextcloud
nextcloud-spreed
postgresql (Base de datos)
Es un sistema de código abierto de administración de bases de datos del tipo relacional, las consultas relacionales se basan en SQL. Dos detalles a destacar de PostgreSQL es que posee data types (tipos de datos) avanzados y permite ejecutar optimizaciones de rendimiento avanzadas.
pre
redis (Módulo Files)
Redis es un almacén de estructura de datos de valores de clave en memoria rápido y de código abierto. Redis incorpora un conjunto de estructuras de datos en memoria versátiles que le permiten crear con facilidad diversas aplicaciones personalizadas. Entre los casos de uso principales de Redis se encuentran el almacenamiento en caché, la administración de sesiones, pub/sub y las clasificaciones.
signaling-server (Módulo Talk)
turn (Módulo Talk)
Arquitectura de talk
LDap
Sotorage Object
Balanceador Externo
PHP fn
Redis
PostgreSQL
coolwsd (collabora online)
Notify Push
Turn
Nats
Janus
Signaling
### Nextcloud Operador contenedrores
Para instalar y mantenes a Nextcloud en contenedores.
![Nextcloud Operador](nextcloud_operator.png)
Principales Tareas:
* Define un (Custom Resource Definition "CRD") recurso personalizado que contiene las opciones de configuración requeridas para crear una instacia de Nextcloud HA
* Crea las instacias de Nextcloud HA cuando se cra un nuevo recurso.
* Actualiza la configuración de Nextcloud HA cuando detecta un cambio en el CRD.
* Comprueba si hay nuevas versiones de Nextcloud y notifica al administrador si hay una nueva versión compatible.
* Maneja las actualizaciones de nextcloud.
# Referencias Técnicas
## Referencias de Nextcloud
>* [Nextcloud](https://nextcloud.com/)
>* [Parámetros configurables de Nextcloud](https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration)
>* [Load Balancing](https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html)
>* [Janus Home Project](https://janus.conf.meetecho.com/)
## Referencias de Collabora
>* [Collabora-Online](https://www.collaboraoffice.com/collabora-online/)
## LibreOffice
>* [LibreOffice](https://es.libreoffice.org/)

BIN
Doc/nextcloud_tec/lemur_arquitectura_alto_nivel.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 74 KiB

BIN
Doc/nextcloud_tec/nextcloud_arquitectura_referencia_0.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 77 KiB

BIN
Doc/nextcloud_tec/nextcloud_arquitectura_referencia_1.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 62 KiB

BIN
Doc/nextcloud_tec/nextcloud_arquitectura_referencia_3.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 53 KiB

BIN
Doc/nextcloud_tec/nextcloud_operator.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 96 KiB

3
nextcloud/ansible/.gitignore vendored
View file

@ -7,8 +7,7 @@ files/backups/*
# variable3s
vars/main.*.yaml
!vars/main.example.yaml
!vars/main.test.yaml
!vars/main.ejemplo.yaml
# misc
*~

14
nextcloud/ansible/README.md
View file

@ -9,17 +9,3 @@ If you're using `ansible-core`, you need to install the requirements first.
```bash
ansible-galaxy install -r requirements.yaml
```
## Usage
We have four types of installation:
| Playbook | Inventory |
| ----------- | ----------- |
| deploy-example-talk-ha.yaml | inventory-example-talk-ha |
| deploy-example-talk-ha.yaml | inventory-example-single-no-talk-ha |
| deploy-example-no-talk-ha.yaml | inventory-example-talk-ha |
| deploy-example-no-talk-ha.yaml | inventory-example-single-no-talk-ha |

63
nextcloud/ansible/deploy-example-no-talk-ha.yaml
View file

@ -1,63 +0,0 @@
- hosts: localhost
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
vars:
services:
- nginx
- postgresql
- redis
roles:
- name: certificates
- hosts: all
serial: 1
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: common
- hosts: postgresql
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: postgresql
- hosts: redis
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: redis
# Este es el collabora
- hosts: coolwsd
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: coolwsd
- hosts: nextcloud
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: nextcloud
- name: coolwsd-nginx
# Enable this for Talk HA
# - name: nextcloud-spreed
#- hosts: turn
# vars_files:
# - vars/main.example.yaml
# - "vars/{{ ansible_facts['os_family'] }}.yaml"
# roles:
# - name: turn
# - name: nats-server
# - name: signaling-server
# - name: janus

60
nextcloud/ansible/deploy-example-talk-ha.yaml
View file

@ -1,60 +0,0 @@
- hosts: localhost
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
vars:
services:
- nginx
- postgresql
- redis
roles:
- name: certificates
- hosts: all
serial: 1
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: common
- hosts: postgresql
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: postgresql
- hosts: redis
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: redis
- hosts: coolwsd
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: coolwsd
- hosts: nextcloud
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: nextcloud
- name: coolwsd-nginx
- name: nextcloud-spreed
- hosts: turn
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.example.yaml
roles:
- name: turn
- name: nats-server
- name: signaling-server
- name: janus

16
nextcloud/ansible/deploy-test.yaml
View file

@ -1,7 +1,7 @@
- hosts: localhost
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
vars:
services:
- nginx
@ -11,37 +11,38 @@
- name: certificates
- hosts: all
serial: 1
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: common
- hosts: postgresql
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: postgresql
- hosts: redis
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: redis
- hosts: coolwsd
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: coolwsd
- hosts: nextcloud
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: nextcloud
- name: coolwsd-nginx
@ -49,10 +50,11 @@
- hosts: turn
vars_files:
- "vars/{{ ansible_facts['os_family'] }}.yaml"
- vars/main.test.yaml
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: turn
- name: nats-server
- name: signaling-server
- name: janus

3
nextcloud/ansible/deploy-turn.yaml
View file

@ -4,4 +4,7 @@
- "vars/{{ ansible_facts['os_family'] }}.yaml"
roles:
- name: turn
- name: nats-server
- name: signaling-server
- name: janus

29
nextcloud/ansible/inventory-example-single-no-talk-ha
View file

@ -1,29 +0,0 @@
# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
#
# For example:
#
# /etc/hosts:
# # Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#
# # my nextcloud
# 192.168.0.10 nx0.example.com nx0
# 192.168.0.11 db0.example.com db0
# 192.168.0.12 rds0.example.com rds0
# 192.168.0.13 cl0.example.com cl0
[nextcloud]
nx0.example.com ansible_host=192.168.0.10
[postgresql]
db0.example.com ansible_host=192.168.0.11
[redis]
rds0.example.com ansible_host=192.168.0.12
[coolwsd]
cl0.example.com ansible_host=192.168.0.13

42
nextcloud/ansible/inventory-example-talk-ha
View file

@ -1,42 +0,0 @@
# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
#
# For example:
#
# /etc/hosts:
# # Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#
# # my nextcloud
# 192.168.0.10 nx0.example.com nx0
# 192.168.0.11 db0.example.com db0
# 192.168.0.12 rds0.example.com rds0
# 192.168.0.13 cl0.example.com cl0
# 192.168.0.14 turn0.example.com turn0
[nextcloud]
nx0.example.com ansible_host=192.168.0.10
[postgresql]
db0.example.com ansible_host=192.168.0.11
[redis]
rds0.example.com ansible_host=192.168.0.12
[coolwsd]
cl0.example.com ansible_host=192.168.0.13
# Nextcloud Talk
[turn]
turn0.example.com ansible_host=192.168.0.14
[nats]
turn0.example.com ansible_host=192.168.0.14
[signaling]
turn0.example.com ansible_host=192.168.0.14
[janus]
turn0.example.com ansible_host=192.168.0.14

17
nextcloud/ansible/inventory-test
View file

@ -1,23 +1,24 @@
[nextcloud]
nx0.test.virt.g02.org ansible_host=192.168.0.41
nx0-test.libreoffice.gob.mx ansible_host=10.201.15.250
[postgresql]
db0.test.virt.g02.org ansible_host=192.168.0.40
db0-test.libreoffice.gob.mx ansible_host=10.201.15.220
[redis]
rds0.test.virt.g02.org ansible_host=192.168.0.39
rds0-test.libreoffice.gob.mx ansible_host=10.201.15.24
[coolwsd]
cl0.test.virt.g02.org ansible_host=192.168.0.42
clwsd0-test.libreoffice.gob.mx ansible_host=10.201.15.132
[turn]
turn0.test.virt.g02.org ansible_host=192.168.0.43
turn1.softwarelibre.mx
[nats]
turn0.test.virt.g02.org ansible_host=192.168.0.43
nats1.softwarelibre.mx ansible_host=10.201.15.199
[signaling]
turn0.test.virt.g02.org ansible_host=192.168.0.43
signaling1.softwarelibre.mx ansible_host=10.201.15.199
[janus]
turn0.test.virt.g02.org ansible_host=192.168.0.43
janus1.softwarelibre.mx ansible_host=10.201.15.199

14
nextcloud/ansible/roles/common/tasks/main.yml
View file

@ -24,17 +24,3 @@
include_tasks: redhat_tasks.yaml
when: ansible_facts['os_family'] == 'RedHat'
- name: "Set hostname"
ansible.builtin.hostname:
name: "{{ inventory_hostname }}"
use: systemd
- name: "Build hosts file"
lineinfile:
dest: /etc/hosts
regexp: '.*{{ item }}$'
line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['ansible_fqdn'] }} {{ hostvars[item]['ansible_hostname'] }}"
state: present
when: hostvars[item].ansible_default_ipv4.address is defined
loop: "{{ groups['all'] }}"

1
nextcloud/ansible/roles/coolwsd-nginx/templates/coolwsd.conf.j2
View file

@ -37,7 +37,6 @@
# static files
location ^~ /browser {
rewrite ^/browser/([0-9]+(\.[0-9]+)+)/(.*)$ /browser/dist/$3 last;
proxy_pass http://{{ coolwsd_host }}:9980;
proxy_set_header Host $http_host;
}

66
nextcloud/ansible/roles/coolwsd/tasks/main.yaml
View file

@ -1,45 +1,35 @@
---
# tasks file for coolwsd
# tasks file for coolwsd
- name: Import GobMx key
ansible.builtin.rpm_key:
state: present
key: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.gpg
#TODO: Esta parte hay que sacarla de nuestros propios repos
- name: Import Collabora key
ansible.builtin.rpm_key:
state: present
key: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/repodata/repomd.xml.key
- name: Install libreoffice.gob.mx CentOS repo
get_url:
url: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.repo
dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
mode: '0644'
owner: root
group: root
- name: Add Collabora repository for Red Hat distros
yum_repository:
name: CollaboraOnline
description: Collabora Online
baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8
- name: Install Collabora Online Packages
package:
name:
- coolwsd
state: latest
- name: Install Collabora Online Packages
package:
name:
- coolwsd
- CODE-brand
state: latest
- name: Copy collabora configuration files
template:
src: templates/coolwsd.xml.j2
dest: /etc/coolwsd/coolwsd.xml
- name: Copy collabora configuration files
template:
src: templates/coolwsd.xml.j2
dest: /etc/coolwsd/coolwsd.xml
- name: Enable Libre Office Web services
systemd:
name: coolwsd
enabled: yes
state: restarted
tags:
- nextcloud_collabora
- name: Open up required firewall ports
block:
- name: Open ports for CODE service
ansible.posix.firewalld:
port: 9980/tcp
permanent: yes
immediate: true
state: enabled
when: code_firewalld_enabled | bool
- name: Enable Libre Office Web services
systemd:
name: coolwsd
enabled: yes
state: restarted
tags:
- nextcloud_collabora

8
nextcloud/ansible/roles/janus/tasks/main.yml
View file

@ -4,6 +4,14 @@
name: '*'
state: latest
- name: Download libreoffice.gob.mx repo
get_url:
url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
mode: '0644'
owner: root
group: root
- name: Install required packages
ansible.builtin.package:
name:

1
nextcloud/ansible/roles/janus/templates/janus.jcfg.j2
View file

@ -33,6 +33,7 @@ general: {
]
}
# TODO: agregar lógica para usar certificados SSL
certificates: {
}

1
nextcloud/ansible/roles/janus/templates/janus.transport.http.jcfg.j2
View file

@ -16,5 +16,6 @@ admin: {
cors: {
}
# TODO: agregar lógica para usar certificados SSL
certificates: {
}

1
nextcloud/ansible/roles/janus/templates/janus.transport.websockets.jcfg.j2
View file

@ -15,5 +15,6 @@ admin: {
cors: {
}
# TODO: agregar lógica para usar certificados SSL
certificates: {
}

2
nextcloud/ansible/roles/nats-server/tasks/main.yml
View file

@ -4,7 +4,7 @@
name: '*'
state: latest
- name: Install certbot
- name: Install required packages
ansible.builtin.package:
name:
- certbot

2
nextcloud/ansible/roles/nextcloud-spreed/tasks/main.yml
View file

@ -20,7 +20,7 @@
ansible.builtin.shell:
cmd: |
/usr/bin/php "{{ nextcloud_occ }}" talk:turn:delete {{ turn_fqdn }}:3478 udp,tcp
/usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- turn,turns {{ turn_fqdn }}:3478 udp,tcp
/usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- {{ turn_fqdn }}:3478 udp,tcp
become: true
become_user: "{{ web_user }}"

67
nextcloud/ansible/roles/nextcloud/tasks/main.yml
View file

@ -3,7 +3,6 @@
package:
state: latest
name:
- bzip2
- nginx
- php-cli
- php-curl
@ -19,8 +18,6 @@
- php-json
- php-ldap
- php-mbstring
- php-memcache
- php-opcache
- php-openssl
- php-pcre
- php-pdo
@ -38,7 +35,6 @@
- php-zip
- python3-pyOpenSSL
- sudo
- tar
- name: Create nextcloud nginx configuration directory
ansible.builtin.file:
@ -59,15 +55,15 @@
- name: Download Nextcloud
get_url:
url: "{{ nextcloud_url }}"
dest: /usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2
url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2
dest: /usr/src/nextcloud-{{nextcloud_version}}.tar.bz2
checksum: "{{ nextcloud_checksum }}"
when:
nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true
- name: Unpack Nextcloud
ansible.builtin.unarchive:
src: "/usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2"
src: "/usr/src/nextcloud-{{nextcloud_version}}.tar.bz2"
dest: "{{ nextcloud_path }}"
remote_src: yes
owner: "{{ web_user }}"
@ -139,24 +135,6 @@
enabled: yes
state: restarted
- name: Open up required firewall ports
block:
- name: Open ports for HTTP service
ansible.posix.firewalld:
service: http
permanent: yes
immediate: true
state: enabled
- name: Open ports for HTTPS service
ansible.posix.firewalld:
service: https
permanent: yes
immediate: true
state: enabled
when: nextcloud_firewalld_enabled | bool
- name: Remove config_is_read_only setting from config.php
lineinfile:
path: "{{ nextcloud_path }}/config/config.php"
@ -273,7 +251,7 @@
/usr/bin/php {{ nextcloud_occ }} config:system:set redis host --value={{ redis_host }}
/usr/bin/php {{ nextcloud_occ }} config:system:set redis port --value=6379
/usr/bin/php {{ nextcloud_occ }} config:system:set redis dbindex --value=0
/usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }}
#/usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }}
#/usr/bin/php {{ nextcloud_occ }} config:system:set redis password password --value={{ redis_password }}
/usr/bin/php {{ nextcloud_occ }} config:system:set redis password --value={{ redis_password }}
become: true
@ -318,27 +296,27 @@
become_user: "{{ web_user }}"
when: not ansible_local['nextcloud']['is_ldap_configured']
# TODO: quitar "hard-codeos"
- name: Configure LDAP
ansible.builtin.shell:
cmd: |
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase "{{ ldapBase }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups "{{ ldapBaseGroups }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers "{{ ldapBaseUsers }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "{{ ldapAgentName }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword "{{ ldap_agent_password }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost "{{ ldap_server_host }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport "{{ hasMemberOfFilterSupport }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute "{{ ldapEmailAttribute }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "{{ ldapLoginFilter }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort "{{ ldapPort }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "{{ ldapUserFilter }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass "{{ ldapUserFilterObjectclass }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive "{{ ldapConfigurationActive }}"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "cn=Directory Manager"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword {{ ldap_agent_password }}
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost {{ ldap_server_host }}
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport 1
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute mail
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort 389
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "(&(|(objectclass=posixAccount)))"
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass posixAccount
/usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive 1
become: true
become_user: "{{ web_user }}"
tags:
- ldap
when: ldap_enabled
- name: Set httpd_can_network_relay to allow nginx to proxy connections
seboolean:
@ -403,15 +381,6 @@
- redis
- notify_push
- name: Enable Nextcloud Calendar
ansible.builtin.shell:
cmd: |
/usr/bin/php "{{ nextcloud_occ }}" app:install -f calendar
/usr/bin/php "{{ nextcloud_occ }}" app:enable calendar
become: true
become_user: "{{ web_user }}"
#when: (ansible_distribution == "Debian" and ansible_distribution_version != "10") or ansible_distribution == "RedHat"
- name: Remove config_is_read_only setting from config.php
lineinfile:
path: "{{ nextcloud_path }}/config/config.php"

2
nextcloud/ansible/roles/nextcloud/templates/notify_push.service.j2
View file

@ -3,7 +3,7 @@ Description = Push daemon for Nextcloud clients
Documentation=https://github.com/nextcloud/notify_push
[Service]
Environment = NEXTCLOUD_URL={{ notify_push_nextcloud_url }}
Environment = NEXTCLOUD_URL=http://{{ nextcloud_fqdn }}
ExecStart = /usr/local/bin/notify_push {{ nextcloud_path }}/config/config.php
User={{ web_user }}

12
nextcloud/ansible/roles/postgresql/tasks/main.yml
View file

@ -31,7 +31,7 @@
blockinfile:
dest: "{{ postgresql_conf }}"
block: |
listen_addresses = '{{ db_host }}'
listen_addresses = '{{ ansible_default_ipv4.address }}'
tags:
- database
- database_access
@ -75,13 +75,3 @@
tags:
- database
- name: Open up required firewall ports
block:
- name: Open ports for PostgreSQL service
ansible.posix.firewalld:
service: postgresql
permanent: yes
immediate: true
state: enabled
when: postgresql_firewalld_enabled | bool

71
nextcloud/ansible/roles/pre/tasks/main.yml
View file

@ -1,31 +1,54 @@
---
# tasks file for pre
- name: Create fact directory
file:
path: /etc/ansible/facts.d/
state: directory
- name: Update the /etc/hosts file with node host name
tags: etchostsupdate
become: yes
become_user: root
lineinfile:
path: "/etc/hosts"
regexp: ".*\t{{ ansible_hostname }}"
#TODO: crear una variable que tenga la IP del balanceador
line: "{{ nextcloud_host_ip }}\t{{ nextcloud_fqdn }} {{ nextcloud_hostname }}"
state: present
backup: yes
register: etchostsupdate
- name: Create nextcloud custom facts
copy:
src: nextcloud.fact
dest: /etc/ansible/facts.d/nextcloud.fact
mode: 0775
force: yes
tags:
- check_facts
# - name: Update the /etc/hosts file with node domain name
# tags: etchostsupdate_domain
# become: yes
# become_user: root
# lineinfile:
# path: "/etc/hosts"
# line: "{{ nextcloud_host }}\t{{ nextcloud_fqdn }}"
# state: present
# backup: yes
- name: Check if nextcloud is unpacked
stat:
path: /var/www/html/config/config.sample.php
register: nextcloud_is_unpacked
- name: Create fact directory
file:
path: /etc/ansible/facts.d/
state: directory
- name: Reload facts
setup:
tags:
- check_facts
- name: Create nextcloud custom facts
copy:
src: nextcloud.fact
dest: /etc/ansible/facts.d/nextcloud.fact
mode: 0775
force: yes
tags:
- check_facts
- name: Pre tasks for Red Hat distros
include_tasks: redhat_pre_tasks.yaml
when:
ansible_facts['os_family'] == "RedHat"
- name: Check if nextcloud is unpacked
stat:
path: /var/www/html/config/config.sample.php
register: nextcloud_is_unpacked
- name: Reload facts
setup:
tags:
- check_facts
- name: Pre tasks for Red Hat distros
include_tasks: redhat_pre_tasks.yaml
when:
ansible_facts['os_family'] == "RedHat"

83
nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml
View file

@ -1,81 +1,38 @@
- name: Enable The CRB Repository
ansible.builtin.command: /usr/bin/dnf config-manager --set-enabled crb
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
#- name: "Install Remi repo GPG key"
# rpm_key:
# state: present
# key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018
# #key: https://rpms.remirepo.net/RPM-GPG-KEY-remi
# when:
# - ansible_os_family == 'RedHat'
# - ansible_distribution_major_version|int < 9
# - ansible_distribution != 'Fedora'
- name: "Install Remi repo GPG key"
rpm_key:
state: present
key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018
#key: https://rpms.remirepo.net/RPM-GPG-KEY-remi
when: ansible_facts['distribution'] == 'CentOS'
- name: Install EPEL
package:
name:
- epel-release
state: latest
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
when: ansible_facts['distribution'] == 'CentOS'
- name: Import Remi GPG key
ansible.builtin.rpm_key:
state: present
key: "https://rpms.remirepo.net/enterprise/{{ansible_distribution_major_version}}/RPM-GPG-KEY-remi"
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- name: Remi::Install REMI repository
- name: Install REMI repository
dnf:
name:
- "https://rpms.remirepo.net/enterprise/remi-release-{{ansible_distribution_major_version}}.rpm"
- https://rpms.remirepo.net/enterprise/remi-release-8.rpm
state: latest
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
disable_gpg_check: yes
when: ansible_facts['distribution'] == 'CentOS'
# TODO: ya está en módulos de centos 8, modificar esto para usarlo
#- name: Enable the PHP remi repository
# dnf:
# name: '@php:remi-7.4'
# state: present
# # EPEL 8 does not support modules properly so we have to use Remi's repo for
# # php-pecl-redis to be available
# # https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html
# when:
# - ansible_os_family == 'RedHat'
# - ansible_distribution_major_version|int < 9
# - ansible_distribution != 'Fedora'
- name: Remi::Reset PHP module
ansible.builtin.command: /usr/bin/dnf -y module reset php
when:
- ansible_os_family == 'RedHat'
- ansible_distribution != 'Fedora'
- name: Remi::Install PHP {{ php_version }} module
ansible.builtin.command: /usr/bin/dnf -y module install php:remi-{{ php_version }}
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version|int >= 9
- ansible_distribution != 'Fedora'
- name: Remi::Update old versions
ansible.builtin.command: /usr/bin/dnf -y update
- name: Enable the PHP remi repository
dnf:
name: '@php:remi-7.4'
state: present
# EPEL 8 does not support modules properly so we have to use Remi's repo for
# php-pecl-redis to be available
# https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html
when: ansible_facts['distribution'] == 'CentOS'
- name: Enable the Redis 6 module
dnf:
name: '@redis:6'
state: present
when:
- ansible_os_family == 'RedHat'
- ansible_distribution_major_version|int < 9
- ansible_distribution != 'Fedora'
when: ansible_facts['distribution'] == 'CentOS'

12
nextcloud/ansible/roles/redis/tasks/main.yml
View file

@ -10,7 +10,7 @@
src: certificates/redis_key.pem
dest: "{{ redis_key }}"
owner: root
group: redis
group: nginx
mode: '0640'
- name: Copy the redis Certificate to /etc/pki/tls/certs/
@ -33,13 +33,3 @@
tags:
- check_redis
- name: Open up required firewall ports
block:
- name: Open ports for Redis service
ansible.posix.firewalld:
service: redis
permanent: yes
immediate: true
state: enabled
when: redis_firewalld_enabled | bool

18
nextcloud/ansible/roles/redis/templates/redis.conf.j2
View file

@ -65,7 +65,7 @@
# IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
# JUST COMMENT OUT THE FOLLOWING LINE.
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bind {{ redis_host }}
bind {{ ansible_default_ipv4.address }}
# Protected mode is a layer of security protection, in order to avoid that
# Redis instances left open on the internet are accessed and exploited.
@ -769,8 +769,8 @@ user {{ redis_user }} on +@all -DEBUG ~* >{{ redis_password }}
# ACL LOG
#
# The ACL Log tracks failed commands and authentication events associated
# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
# ACL LOG RESET. Define the maximum entry length of the ACL Log below.
acllog-max-len 128
@ -1333,18 +1333,18 @@ lua-time-limit 5000
# cluster-replica-no-failover no
# This option, when set to yes, allows nodes to serve read traffic while the
# the cluster is in a down state, as long as it believes it owns the slots.
# the cluster is in a down state, as long as it believes it owns the slots.
#
# This is useful for two cases. The first case is for when an application
# This is useful for two cases. The first case is for when an application
# doesn't require consistency of data during node failures or network partitions.
# One example of this is a cache, where as long as the node has the data it
# should be able to serve it.
# should be able to serve it.
#
# The second use case is for configurations that don't meet the recommended
# three shards but want to enable cluster mode and scale later. A
# The second use case is for configurations that don't meet the recommended
# three shards but want to enable cluster mode and scale later. A
# master outage in a 1 or 2 shard configuration causes a read/write outage to the
# entire cluster without this option set, with it set there is only a write outage.
# Without a quorum of masters, slot ownership will not change automatically.
# Without a quorum of masters, slot ownership will not change automatically.
#
# cluster-allow-reads-when-down no

2
nextcloud/ansible/roles/signaling-server/handlers/main.yml
View file

@ -3,4 +3,4 @@
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: signaling
name: signaling-server

55
nextcloud/ansible/roles/signaling-server/tasks/main.yml
View file

@ -4,21 +4,29 @@
state: latest
name: '*'
- name: Install libreoffice.gob.mx repo
get_url:
url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
mode: '0644'
owner: root
group: root
- name: Install required packages
ansible.builtin.package:
state: latest
name:
- certbot
- openssl
- nextcloud-spreed-signaling
- name: Install signaling-server
block:
# TODO: Empaquetar signaling y proveerlo en Fedora
- name: Download signaling
get_url:
url: https://repos.libreoffice.gob.mx/signaling/signaling-latest.tar.gz
dest: /usr/src/signaling-latest.tar.gz
checksum: "{{ signaling_checksum }}"
- name: Unpack signaling-server
ansible.builtin.unarchive:
src: /usr/src/signaling-latest.tar.gz
dest: /
remote_src: yes
owner: root
group: root
- name: Generate singaling hashkey and blockkey
block:
@ -40,6 +48,24 @@
register: signaling_apikey
failed_when: signaling_apikey.stdout | length != 32
- name: Configure signaling-server
block:
- name: Create signaling-server system user
ansible.builtin.user:
name: signaling
system: yes
shell: /sbin/nologin
home: /var/lib/signaling
state: present
- name: Create configuration directory
ansible.builtin.file:
path: /etc/signaling
state: directory
mode: '0750'
owner: root
group: signaling
- name: Setup configuration file
ansible.builtin.template:
src: signaling-server.conf.j2
@ -49,6 +75,15 @@
mode: '0640'
notify: Systemd daemon-reload and restart
- name: Put signaling-server systemd service in place
ansible.builtin.copy:
src: signaling-server.service
dest: /etc/systemd/system/signaling-server.service
owner: root
group: root
mode: '0644'
notify: Systemd daemon-reload and restart
- name: Open up required firewall ports
block:
- name: Open up TCP port 80 for LetsEncrypt
@ -116,6 +151,6 @@
- name: Start and enable signaling
ansible.builtin.service:
name: signaling
name: signaling-server
enabled: yes

3
nextcloud/ansible/roles/signaling-server/templates/signaling-server.conf.j2
View file

@ -1,5 +1,8 @@
[https]
listen = {{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}:8443
# TODO: hay que considerar si se activó el soporte para certificados o no en vars.
# Hay un ejemplo en en template de turn.
certificate = /etc/pki/tls/certs/signaling.crt
key = /etc/pki/tls/private/signaling.key

1
nextcloud/ansible/roles/turn/tasks/main.yml
View file

@ -88,7 +88,6 @@
preconfigured-renewal = True
# Info
# TODO: parametrizar este correo
email = ca@softwarelibre.mx
insertbefore: BOF

2
nextcloud/ansible/vars/RedHat.yaml
View file

@ -6,7 +6,7 @@ nginx_path: /etc/nginx/conf.d
php_ini_path: /etc
php_pool_path: /etc/php-fpm.d
postgresql_path: /var/lib/pgsql/data
redis_path: /etc/redis
redis_path: /etc
ssl_path: /etc/pki/tls
# NextCloud

104
nextcloud/ansible/vars/main.ejemplo.yaml Normal file
View file

@ -0,0 +1,104 @@
---
# NextCloud
## version
nextcloud_version: 24.0.6
nextcloud_checksum: "sha256:b26dff9980a47e7e722805fdbbf87e07f59a3817b03ecc32698e028e9baf0301"
## credentials
nextcloud_admin_user: el_admin
nextcloud_admin_password: Una contraseña bien difícil.
## domain
nextcloud_fqdn: nextcloud.midominio.tld
nextcloud_host_ip: 10.0.5.33
nextcloud_hostname: nextcloud
## db
db_host: 10.0.5.43
nextcloud_db: nextcloud
nextcloud_db_user: nextcloud
nextcloud_db_user_password: Una contraseña bien, pero bien difícil.
## occ
nextcloud_occ: "{{ nextcloud_path }}/occ"
## S3
nextcloud_s3_enabled: true
nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame
nextcloud_s3_key: usuario # cámbiame
nextcloud_s3_secret: password_muy_difícil # cámbiame
nextcloud_s3_bucket: contenedor # cámbiame
## security
## Set this to true for production
nextcloud_config_is_read_only: true
# Redis
redis_host: 10.0.5.53
redis_user: nextcloud
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
redis_url: "https://{{ redis_host }}"
# SSL
key_size: 4096
key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
country_name: MX
organization_name: Mi Organización bien chida, LTD
generate_self_signed_cert: true
# Colabora Online (coolwsd)
coolwsd_host: 10.0.5.64
code_enable_ssl: false
code_enable_ssl_termination: true
code_ssl_key: ""
code_ssl_cert: ""
code_ssl_ca: ""
## The only way to make notify_push work without a signed cert is to use plain http
notify_push_nextcloud_url: http://localhost
# reverse proxy
reverse_proxy_ip: 10.0.5.1
# turn
turn_fqdn: turn0.midominio.tld
turn_firewalld_enabled: false
turn_letsencrypt_certificate_enabled: true
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
# nats
nats_fqdn: turn0.midominio.tld
nats_firewalld_enabled: false
nats_letsencrypt_certificate_enabled: false
# signaling
signaling_fqdn: turn0.midominio.tld
signaling_debug: false
signaling_firewalld_enabled: false
signaling_letsencrypt_certificate_enabled: true
signaling_connections_per_host: 16
signaling_backend_name: nextcloud
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
# janus
janus_firewalld_enabled: false
janus_letsencrypt_certificate_enabled: false
janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
# nextcloud spreed (talk)
nextcloud_talk_turn_server: "{{ turn_fqdn }}"
nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
nextcloud_talk_stun_server: "{{ turn_fqdn }}"

133
nextcloud/ansible/vars/main.example.yaml
View file

@ -1,133 +0,0 @@
---
# NextCloud
# The nexctloud_checksum changes with every release to get this string go to:
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
# for the proper version
## version
nextcloud_version: 29.0.2
nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
php_version: 8.3
## credentials
nextcloud_admin_user: admin
nextcloud_admin_password: UnaContraseñaBienDifícil.
## domain
nextcloud_fqdn: nx0.example.com
nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
nextcloud_hostname: nx0
## db
db_host: db0.example.com
nextcloud_db: nextcloud
nextcloud_db_user: nextcloud
nextcloud_db_user_password: Unacontraseñabien.
postgresql_firewalld_enabled: true
## LDAP
ldap_enabled: false
ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
ldap_server_host: id0.example.com
ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapAgentName: "cn=Directory Manager"
ldapAgentPassword: "{{ ldap_agent_password }}"
ldapHost: "{{ ldap_server_host }}"
hasMemberOfFilterSupport: 1
ldapEmailAttribute: mail
ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
ldapPort: 389
ldapUserFilter: "(&(|(objectclass=posixAccount)))"
ldapUserFilterObjectclass: posixAccount
ldapConfigurationActive: 1
## occ
nextcloud_occ: "{{ nextcloud_path }}/occ"
## S3
nextcloud_s3_enabled: true
nextcloud_s3_hostname: fqdn_or_ip # change me
nextcloud_s3_key: usuario # change me
nextcloud_s3_secret: password_muy_difícil # change me
nextcloud_s3_bucket: contenedor # change me
## security
## Set this to true for production
nextcloud_config_is_read_only: true
nextcloud_firewalld_enabled: true
# Redis
redis_host: rds0.example.com
redis_user: nextcloud
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
redis_url: "https://{{ redis_host }}"
redis_path: /etc/redis
redis_firewalld_enabled: true
# SSL
key_size: 4096
key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
country_name: MX
organization_name: Mi Organización bien chida, LTD
generate_self_signed_cert: true
# Colabora Online (coolwsd)
coolwsd_host: cl0.example.com
code_enable_ssl: false
code_enable_ssl_termination: true
code_ssl_key: ""
code_ssl_cert: ""
code_ssl_ca: ""
code_firewalld_enabled: true
## The only way to make notify_push work without a signed cert is to use plain http
notify_push_nextcloud_url: http://localhost
# reverse proxy
reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
# turn
turn_fqdn: turn0.example.com
turn_firewalld_enabled: false
turn_letsencrypt_certificate_enabled: true
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
# nats
nats_fqdn: turn0.example.com
nats_firewalld_enabled: false
nats_letsencrypt_certificate_enabled: false
# signaling
signaling_fqdn: turn0.example.com
signaling_debug: false
signaling_firewalld_enabled: false
signaling_letsencrypt_certificate_enabled: true
signaling_connections_per_host: 16
signaling_backend_name: nextcloud
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
# janus
janus_firewalld_enabled: false
janus_letsencrypt_certificate_enabled: false
janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
# nextcloud spreed (talk)
nextcloud_talk_turn_server: "{{ turn_fqdn }}"
nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
nextcloud_talk_stun_server: "{{ turn_fqdn }}"

133
nextcloud/ansible/vars/main.test.yaml
View file

@ -1,133 +0,0 @@
---
# NextCloud
# The nexctloud_checksum changes with every release to get this string go to:
# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
# for the proper version
## version
nextcloud_version: 29.0.2
nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
php_version: 8.3
## credentials
nextcloud_admin_user: admin
nextcloud_admin_password: UnaContraseñaBienDifícil.
## domain
nextcloud_fqdn: cs9-nc-nx0.test.virt.g02.org
nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
nextcloud_hostname: cs9-nc-nx0
## db
db_host: cs9-nc-db0.test.virt.g02.org
nextcloud_db: nextcloud
nextcloud_db_user: nextcloud
nextcloud_db_user_password: Unacontraseñabien.
postgresql_firewalld_enabled: true
## LDAP
ldap_enabled: false
ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
ldap_server_host: "10.254.1.1"
ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
ldapAgentName: "cn=Directory Manager"
ldapAgentPassword: "{{ ldap_agent_password }}"
ldapHost: "{{ ldap_server_host }}"
hasMemberOfFilterSupport: 1
ldapEmailAttribute: mail
ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
ldapPort: 389
ldapUserFilter: "(&(|(objectclass=posixAccount)))"
ldapUserFilterObjectclass: posixAccount
ldapConfigurationActive: 1
## occ
nextcloud_occ: "{{ nextcloud_path }}/occ"
## S3
nextcloud_s3_enabled: false
nextcloud_s3_hostname: dirección_ip_o_hostname # cámbiame
nextcloud_s3_key: usuario # cámbiame
nextcloud_s3_secret: password_muy_difícil # cámbiame
nextcloud_s3_bucket: contenedor # cámbiame
## security
## Set this to true for production
nextcloud_config_is_read_only: true
nextcloud_firewalld_enabled: true
# Redis
redis_host: cs9-nc-rds0.test.virt.g02.org
redis_user: nextcloud
redis_password: ParángariCutirimiNoMeAcuerdoCuaro
redis_url: "https://{{ redis_host }}"
redis_path: /etc/redis
redis_firewalld_enabled: true
# SSL
key_size: 4096
key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
country_name: MX
organization_name: Mi Organización bien chida, LTD
generate_self_signed_cert: true
# Colabora Online (coolwsd)
coolwsd_host: cs9-nc-cl0.test.virt.g02.org
code_enable_ssl: false
code_enable_ssl_termination: true
code_ssl_key: ""
code_ssl_cert: ""
code_ssl_ca: ""
code_firewalld_enabled: true
## The only way to make notify_push work without a signed cert is to use plain http
notify_push_nextcloud_url: http://localhost
# reverse proxy
reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
# turn
turn_fqdn: f40-nc-turn0.test.virt.g02.org
turn_firewalld_enabled: false
turn_letsencrypt_certificate_enabled: false
turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
# nats
nats_fqdn: f40-nc-turn0.test.virt.g02.org
nats_firewalld_enabled: false
nats_letsencrypt_certificate_enabled: false
# signaling
signaling_fqdn: f40-nc-turn0.test.virt.g02.org
signaling_debug: false
signaling_firewalld_enabled: false
signaling_letsencrypt_certificate_enabled: false
signaling_connections_per_host: 16
signaling_backend_name: nextcloud
signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
# janus
janus_firewalld_enabled: false
janus_letsencrypt_certificate_enabled: false
janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
# nextcloud spreed (talk)
nextcloud_talk_turn_server: "{{ turn_fqdn }}"
nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
nextcloud_talk_stun_server: "{{ turn_fqdn }}"