Merge branch 'renich/varios' into 'master'

Many updates and fixes

See merge request strepsirrhini/lemur!30

Doc/Nextcloud.md

@@ -0,0 +1,64 @@
+\renewcommand{\contentsname}{Tabla de Contenido}
+\tableofcontents
+
+\newpage
+
+**Nextcloud**  
+
+# Introducción
+
+Nextcloud es un software de código abierto que ofrece soluciones prácticas, fáciles de usar y muy seguras de la cloud (Nube) para empresas, instituciones y personas. Es una herramienta que actua como un servidor de almacenamiento en la nube de: imagenes, documentos, fotgrafias, archivos, entre otros. 
+
+Permite su personalización a través de la instalación de apps o módulos, que sirven para tener funcionalidades más completas, según las necesidades de la empresa o institución. El acceso a los datos en la nube se realiza a través de la interfaz web y de diversas apps. Los directorios locales se sincronizarán de manera automática con el servidor. El resultado de un sistema así, es una plataforma segura que puede ser controlada y gestionada desde diferentes dispositivos.
+
+# Objetivo
+
+Facilitar la instalación de los distintos módulos de Nextcloud de acuerdo a las necesidades de las dependencias del Gobierno Federal, usando diferentes alternativas de software de código abierto. Proporcionar la información técnica necesaria para personalizar, instalar y mantener funcionando  los módulos que se requieran, así como incorporar por medio de Collabora, las mejoras y adecuaciones realizadas a LibreOffice, acordes a las necesidades del gobierno federal, como por ejemplo la tipografía específica que utiliza. 
+
+# Alcance
+
+Proporcionar la información necesaria para implementar diferentes arquitecturas con alternativas de software de código abierto ya analizadas y probadas, para la instalación y mantenimiento de Nextcloud y sus módulos o apps, con la intensión de que sea utilizado como una herramienta de uso generalizado dentro de las dependencias e instituciones del gobierno federal.  
+
+# Módulos de Nextcloud
+
+>* **Nextcloud files** .- Sincroniza y comparte archivos en tiempo real.
+
+1. **Collabora** .- Proporciona a los usuarios de Nextcloud un conjunto completo de documentos en la nube y maneja los principales formatos de documentos. Cuenta con una excelente interoperabilidad con los archivos de MS Office (LibreOffice) y ofrece una experiencia WYSIWYG excepcional. Acceda a un enorme repertorio de funciones cuando colabore en archivos de texto, presentaciones y hojas de cálculo.
+
+2. Conversación desde archivos.
+
+>* **Nextcloud Talk** .- Llamadas, Chats y reuniones a travéz de la web.
+
+1. Conversasiones uno a uno.
+2. Conversaciones grupales.
+4. Compartir pantalla
+3. Compartir archivos.
+
+>* **Nextcloud Groupware** .- Sistema de Calendario, Emails y contactos.  
+
+# Directrices 
+
+* Utilizar Collabora con la versión de LibreOffice modificada para el Gobierno Federal  
+* Reforzar la seguridad de la información  
+* Tener acceso a la información desde cualquier dispositivo  
+*   
+
+
+# Referencias
+
+## Referencias de Nextcloud 
+
+>* [Nextcloud](https://nextcloud.com/)
+>* [Parámetros configurables de Nextcloud](https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration)
+>* [Load Balancing](https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html)
+>* [Manual de Usuario de Nextcloud](https://docs.nextcloud.com/server/latest/user_manual/es/index.html)  
+>* [Manual de escritorio de Nextcloud](https://docs.nextcloud.com/desktop/latest/index.html)  
+
+## Referencias de Collabora
+
+>* [Collabora-Online](https://www.collaboraoffice.com/collabora-online/)  
+
+## LibreOffice  
+
+>* [LibreOffice](https://es.libreoffice.org/)
+

Doc/Referencias_Nextcloud.md

@@ -0,0 +1,126 @@
+# Documentación Nextcloud
+
+## Referencias
+
+### Instalación de  Nextcloud
+
+* Nextcloud Home Project 
+https://nextcloud.com/   
+
+* Load Balancing  
+https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html  
+
+* Maintenance and Release Schedule   
+https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule  
+
+* Guía de Instalación de Nextcloud para Ubuntu y Devian.  
+https://www.c-rieger.de/nextcloud-installationsanleitung/   
+(Página en Alemán con traducción al Inglés y Español)
+
+#### Configuración de Nextcloud:
+
+* Parámetros configurables del gráfico nextcloud  
+https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration  
+
+### Instalación del Signaling
+
+* Nextcloud HUB 4: Conversación/Señalización – Servidor v. 1.1.2  
+https://www.c-rieger.de/nextcloud-hub4-talk-signaling-server/   
+(Página en Alemán con traducción al Inglés y Español)
+
+* Nextcloud-spreed-signaling  
+https://github.com/strukturag/nextcloud-spreed-signaling  
+
+* Nextcloud-spreed-signaling V1.0.0  
+https://github.com/strukturag/nextcloud-spreed-signaling/releases/tag/v1.0.0  
+
+* Nextcloud-spreed-signaling Configuración  
+https://github.com/strukturag/nextcloud-spreed-signaling/blob/master/server.conf.in  
+
+* Módulo Talk y External Signaling Server  
+https://help.nextcloud.com/t/talk-external-signaling-server-hpb-only-working-with-mobile-app/103122
+
+* Configurando Nextcloud Signaling Server.  
+https://www.akirah.es/configurando-nextcloud-signaling-server/
+
+### Instalación de Janus
+
+Se requiere el janus para conectar con el spreed-singnaling server y tener el control de las comunicaciones en las conferencias. 
+
+* Janus Home Project  
+https://janus.conf.meetecho.com/
+
+* Janus gateway
+https://www.docker.com/swmansion/janus-gateway
+
+
+* High-Tech talk on Talk? STUN, TURN, Janus Signaling  
+https://help.nextcloud.com/t/high-tech-talk-on-talk-stun-turn-janus-signaling/81237
+
+#### Configuración de Janus
+
+* Setup nextcloud-spreed-signaling standalone server on Ubuntu  
+https://morph027.gitlab.io/blog/nextcloud-spreed-signaling/
+
+### Instalación de NATS
+
+* NATS Home Page Project  
+https://nats.io/
+
+* NATS Docs  
+https://docs.nats.io/running-a-nats-service/introduction/installation#installing-via-a-package-manager
+
+* Configuración del Servidor NATS  
+https://github.com/strukturag/nextcloud-spreed-signaling#setup-of-nats-server  
+
+* NATS Server Versión 2.8.4  
+https://github.com/nats-io/nats-server/releases/tag/v2.8.4  
+
+* Configuración NATS  
+https://github.com/nats-io/nats-server/blob/main/conf/simple.conf  
+
+* NATS RPM  
+https://github.com/nats-io/nats-server/releases/download/v2.8.4/nats-server-v2.8.4-amd64.rpm
+
+* NATS Util  
+https://github.com/nats-io/nats-server/tree/main/util  
+
+* NATS Configuración
+https://github.com/nats-io/nats-server/blob/main/util/nats-server-hardened.service
+
+
+### Configurar Janus y Nats en el Signaling
+
+
+### Instalar Collabora
+
+* Página de Collabora-Online  
+https://www.collaboraoffice.com/collabora-online/  
+
+* Proyecto de Collabora Online  
+https://github.com/CollaboraOnline/online
+
+* Enlace para bajar collabora para centos8  
+https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/
+
+### Referencias de LibreOffice OnLine:
+
+* Integrar LibreOffice Online con Nextcloud  
+https://ask.libreoffice.org/t/how-can-i-integrate-libreoffice-with-nextcloud-for-free-is-there-a-free-solution/25309
+
+* LibreOffice Online  
+https://es.libreoffice.org/descarga/libreoffice-online/  
+
+* Rpms LibreOffice  
+https://src.fedoraproject.org/rpms/libreoffice.git  
+
+### Referencias de LibreOffice 
+
+* LibreOffice  
+https://es.libreoffice.org/  
+
+* Versiones de LibreOffice  
+https://dev-builds.libreoffice.org/daily/
+
+Nuestro Repo:
+

Doc/nextcloud_tec/Nextcloud_Inf_Tec.md

@@ -0,0 +1,107 @@
+\renewcommand{\contentsname}{Tabla de Contenido}
+\tableofcontents
+
+\newpage
+
+**Nextcloud**  
+
+# Consideraciones Técnicas
+
+## Características de diseño 
+
+## Arquitectura 
+
+![Arquitectura de Alto Nivel](lemur_arquitectura_alto_nivel.png)
+
+Módulo de Archivos:
+Object Storage:  Almacenamiento de objetos  
+PostgreSQL DB:  
+Collabora OnLine:  
+
+Módulo Talk:  
+Signaling-Janus-Turn:  Servidor de Señalización - 
+
+IdM: Internet Download Manager
+
+![Arquitectura de Referencia 0](nextcloud_arquitectura_referencia_0.png)
+
+![Arquitectura de Referencia 1](nextcloud_arquitectura_referencia_1.png)
+
+![Arquitectura de Referencia 3](nextcloud_arquitectura_referencia_3.png)
+
+![Operador](nextcloud_operator.png)
+
+### Roles
+
+Certificates  
+Common  
+Coolwsd  (Collabora Módulo de Archivos)
+Coolwsd-nginx  
+Janus  (Módulo Talk)  
+nats-server  
+nextcloud  
+nextcloud-spreed  
+postgresql  (Base de datos)  
+
+Es un sistema de código abierto de administración de bases de datos del tipo relacional, las consultas relacionales se basan en SQL. Dos detalles a destacar de PostgreSQL es que posee data types (tipos de datos) avanzados y permite ejecutar optimizaciones de rendimiento avanzadas.   
+
+pre  
+redis  (Módulo Files)
+
+Redis es un almacén de estructura de datos de valores de clave en memoria rápido y de código abierto. Redis incorpora un conjunto de estructuras de datos en memoria versátiles que le permiten crear con facilidad diversas aplicaciones personalizadas. Entre los casos de uso principales de Redis se encuentran el almacenamiento en caché, la administración de sesiones, pub/sub y las clasificaciones.
+
+signaling-server  (Módulo Talk)  
+
+turn  (Módulo Talk)  
+
+
+
+Arquitectura de talk   
+
+LDap
+Sotorage Object
+Balanceador Externo
+
+PHP fn
+Redis
+PostgreSQL
+coolwsd (collabora online) 
+Notify Push
+Turn
+Nats
+Janus
+Signaling
+
+
+### Nextcloud Operador contenedrores
+
+Para instalar y mantenes a Nextcloud en contenedores.
+
+![Nextcloud Operador](nextcloud_operator.png)
+
+Principales Tareas:  
+
+* Define un (Custom Resource Definition "CRD") recurso personalizado que contiene las opciones de configuración requeridas para crear una instacia de Nextcloud HA  
+* Crea las instacias de Nextcloud HA cuando se cra un nuevo recurso.  
+* Actualiza la configuración de Nextcloud HA cuando detecta un cambio en el CRD.  
+* Comprueba si hay nuevas versiones de Nextcloud y notifica al administrador si hay una nueva versión compatible.  
+* Maneja las actualizaciones de nextcloud.  
+
+# Referencias Técnicas
+
+## Referencias de Nextcloud 
+
+>* [Nextcloud](https://nextcloud.com/)
+>* [Parámetros configurables de Nextcloud](https://github.com/nextcloud/helm/tree/master/charts/nextcloud#configuration)
+>* [Load Balancing](https://www.microfocus.com/documentation/filr/filr-4/filr-inst/t4duiofh1cz7.html)
+>* [Janus Home Project](https://janus.conf.meetecho.com/)
+
+## Referencias de Collabora
+
+>* [Collabora-Online](https://www.collaboraoffice.com/collabora-online/)  
+
+## LibreOffice  
+
+>* [LibreOffice](https://es.libreoffice.org/)
+
+

nextcloud/ansible/.gitignore

@@ -7,7 +7,8 @@ files/backups/*
 
 # variable3s
 vars/main.*.yaml
-!vars/main.ejemplo.yaml
+!vars/main.example.yaml
+!vars/main.test.yaml
 
 # misc
 *~

nextcloud/ansible/README.md

@@ -9,3 +9,17 @@ If you're using `ansible-core`, you need to install the requirements first.
 ```bash
 ansible-galaxy install -r requirements.yaml
 ```
+
+
+## Usage
+
+We have four types of installation:
+
+| Playbook      | Inventory |
+| ----------- | ----------- |
+| deploy-example-talk-ha.yaml      |    inventory-example-talk-ha    |
+| deploy-example-talk-ha.yaml      |    inventory-example-single-no-talk-ha    |
+| deploy-example-no-talk-ha.yaml   | inventory-example-talk-ha        |
+| deploy-example-no-talk-ha.yaml   | inventory-example-single-no-talk-ha        |
+
+

nextcloud/ansible/deploy-example-no-talk-ha.yaml

@@ -0,0 +1,63 @@
+- hosts: localhost
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  vars:
+    services:
+      - nginx
+      - postgresql
+      - redis
+  roles:
+    - name: certificates
+
+- hosts: all
+  serial: 1
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: common
+
+- hosts: postgresql
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: postgresql
+
+- hosts: redis
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: redis
+
+# Este es el collabora
+- hosts: coolwsd
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: coolwsd
+
+- hosts: nextcloud
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: nextcloud
+    - name: coolwsd-nginx
+
+# Enable this for Talk HA
+#    - name: nextcloud-spreed
+
+#- hosts: turn
+#  vars_files:
+#    - vars/main.example.yaml
+#    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+#  roles:
+#    - name: turn
+#    - name: nats-server
+#    - name: signaling-server
+#    - name: janus
+

nextcloud/ansible/deploy-example-talk-ha.yaml

@@ -0,0 +1,60 @@
+- hosts: localhost
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  vars:
+    services:
+      - nginx
+      - postgresql
+      - redis
+  roles:
+    - name: certificates
+
+- hosts: all
+  serial: 1
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: common
+
+- hosts: postgresql
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: postgresql
+
+- hosts: redis
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: redis
+
+- hosts: coolwsd
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: coolwsd
+
+- hosts: nextcloud
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: nextcloud
+    - name: coolwsd-nginx
+    - name: nextcloud-spreed
+
+- hosts: turn
+  vars_files:
+    - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.example.yaml
+  roles:
+    - name: turn
+    - name: nats-server
+    - name: signaling-server
+    - name: janus
+

nextcloud/ansible/deploy-test.yaml

@@ -1,7 +1,7 @@
 - hosts: localhost
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   vars:
     services:
       - nginx
@@ -11,38 +11,37 @@
     - name: certificates
 
 - hosts: all
-  serial: 1
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: common
 
 - hosts: postgresql
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: postgresql
 
 - hosts: redis
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: redis
 
 - hosts: coolwsd
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: coolwsd
 
 - hosts: nextcloud
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: nextcloud
     - name: coolwsd-nginx
@@ -50,11 +49,10 @@
 
 - hosts: turn
   vars_files:
-    - vars/main.test.yaml
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
+    - vars/main.test.yaml
   roles:
     - name: turn
     - name: nats-server
     - name: signaling-server
     - name: janus
-

nextcloud/ansible/deploy-turn.yaml

@@ -4,7 +4,4 @@
     - "vars/{{ ansible_facts['os_family'] }}.yaml"
   roles:
     - name: turn
-    - name: nats-server
-    - name: signaling-server
-    - name: janus
 

nextcloud/ansible/inventory-example-single-no-talk-ha

@@ -0,0 +1,29 @@
+# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
+# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
+#
+# For example:
+#
+# /etc/hosts:
+# # Loopback entries; do not change.
+# For historical reasons, localhost precedes localhost.localdomain:
+# 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+# ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+#
+# # my nextcloud
+# 192.168.0.10 nx0.example.com nx0
+# 192.168.0.11 db0.example.com db0
+# 192.168.0.12 rds0.example.com rds0
+# 192.168.0.13 cl0.example.com cl0
+
+[nextcloud]
+nx0.example.com ansible_host=192.168.0.10
+
+[postgresql]
+db0.example.com ansible_host=192.168.0.11
+
+[redis]
+rds0.example.com ansible_host=192.168.0.12
+
+[coolwsd]
+cl0.example.com ansible_host=192.168.0.13
+

nextcloud/ansible/inventory-example-talk-ha

@@ -0,0 +1,42 @@
+# If your FQDNs are resolvable, then you don't need the ansible_host= part. If they're not, you need to change the IPs and add all
+# these entries to the /etc/hosts file of the deployment server (a.k.a. where the ansible-playbooks reside).
+#
+# For example:
+#
+# /etc/hosts:
+# # Loopback entries; do not change.
+# For historical reasons, localhost precedes localhost.localdomain:
+# 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
+# ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
+#
+# # my nextcloud
+# 192.168.0.10 nx0.example.com nx0
+# 192.168.0.11 db0.example.com db0
+# 192.168.0.12 rds0.example.com rds0
+# 192.168.0.13 cl0.example.com cl0
+# 192.168.0.14 turn0.example.com turn0
+
+[nextcloud]
+nx0.example.com ansible_host=192.168.0.10
+
+[postgresql]
+db0.example.com ansible_host=192.168.0.11
+
+[redis]
+rds0.example.com ansible_host=192.168.0.12
+
+[coolwsd]
+cl0.example.com ansible_host=192.168.0.13
+
+# Nextcloud Talk
+[turn]
+turn0.example.com ansible_host=192.168.0.14
+
+[nats]
+turn0.example.com ansible_host=192.168.0.14
+
+[signaling]
+turn0.example.com ansible_host=192.168.0.14
+
+[janus]
+turn0.example.com ansible_host=192.168.0.14

nextcloud/ansible/inventory-test

@@ -1,24 +1,23 @@
 [nextcloud]
-nx0-test.libreoffice.gob.mx ansible_host=10.201.15.250
+nx0.test.virt.g02.org ansible_host=192.168.0.41
 
 [postgresql]
-db0-test.libreoffice.gob.mx ansible_host=10.201.15.220
+db0.test.virt.g02.org ansible_host=192.168.0.40
 
 [redis]
-rds0-test.libreoffice.gob.mx ansible_host=10.201.15.24
+rds0.test.virt.g02.org ansible_host=192.168.0.39
 
 [coolwsd]
-clwsd0-test.libreoffice.gob.mx ansible_host=10.201.15.132
+cl0.test.virt.g02.org ansible_host=192.168.0.42
 
 [turn]
-turn1.softwarelibre.mx
+turn0.test.virt.g02.org ansible_host=192.168.0.43
 
 [nats]
-nats1.softwarelibre.mx ansible_host=10.201.15.199
+turn0.test.virt.g02.org ansible_host=192.168.0.43
 
 [signaling]
-signaling1.softwarelibre.mx ansible_host=10.201.15.199
+turn0.test.virt.g02.org ansible_host=192.168.0.43
 
 [janus]
-janus1.softwarelibre.mx ansible_host=10.201.15.199
-
+turn0.test.virt.g02.org ansible_host=192.168.0.43

nextcloud/ansible/roles/common/tasks/main.yml

@@ -24,3 +24,17 @@
   include_tasks: redhat_tasks.yaml
   when: ansible_facts['os_family'] == 'RedHat'
 
+- name: "Set hostname"
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+    use: systemd
+
+- name: "Build hosts file"
+  lineinfile:
+    dest: /etc/hosts
+    regexp: '.*{{ item }}$'
+    line: "{{ hostvars[item]['ansible_default_ipv4']['address'] }} {{ hostvars[item]['ansible_fqdn'] }} {{ hostvars[item]['ansible_hostname'] }}"
+    state: present
+  when: hostvars[item].ansible_default_ipv4.address is defined
+  loop: "{{ groups['all'] }}"
+

nextcloud/ansible/roles/coolwsd-nginx/templates/coolwsd.conf.j2

@@ -37,6 +37,7 @@
 
     # static files
     location ^~ /browser {
+        rewrite ^/browser/([0-9]+(\.[0-9]+)+)/(.*)$ /browser/dist/$3 last;
         proxy_pass http://{{ coolwsd_host }}:9980;
         proxy_set_header Host $http_host;
     }

nextcloud/ansible/roles/coolwsd/tasks/main.yaml

@@ -1,35 +1,45 @@
 ---
-  # tasks file for coolwsd
+# tasks file for coolwsd
 
-  #TODO: Esta parte hay que sacarla de nuestros propios repos
-  - name: Import Collabora key
-    ansible.builtin.rpm_key:
-      state: present
-      key: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8/repodata/repomd.xml.key
+- name: Import GobMx key
+  ansible.builtin.rpm_key:
+    state: present
+    key: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.gpg
 
-  - name: Add Collabora repository for Red Hat distros
-    yum_repository:
-      name: CollaboraOnline
-      description: Collabora Online
-      baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos8
+- name: Install libreoffice.gob.mx CentOS repo
+  get_url:
+    url: https://repos.libreoffice.gob.mx/centos/libreoffice.gob.mx.repo
+    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
+    mode: '0644'
+    owner: root
+    group: root
 
-  - name: Install Collabora Online Packages
-    package: 
-      name:
-        - coolwsd
-        - CODE-brand
-      state: latest
+- name: Install Collabora Online Packages
+  package:
+    name:
+      - coolwsd
+    state: latest
 
-  - name: Copy collabora configuration files
-    template:
-      src: templates/coolwsd.xml.j2
-      dest: /etc/coolwsd/coolwsd.xml
+- name: Copy collabora configuration files
+  template:
+    src: templates/coolwsd.xml.j2
+    dest: /etc/coolwsd/coolwsd.xml
 
-  - name: Enable Libre Office Web services
-    systemd:
-      name: coolwsd
-      enabled: yes
-      state: restarted
-    tags:
-      - nextcloud_collabora
+- name: Enable Libre Office Web services
+  systemd:
+    name: coolwsd
+    enabled: yes
+    state: restarted
+  tags:
+    - nextcloud_collabora
+
+- name: Open up required firewall ports
+  block:
+    - name: Open ports for CODE service
+      ansible.posix.firewalld:
+        port: 9980/tcp
+        permanent: yes
+        immediate: true
+        state: enabled
+  when: code_firewalld_enabled | bool
 

nextcloud/ansible/roles/janus/tasks/main.yml

@@ -4,14 +4,6 @@
     name: '*'
     state: latest
 
-- name: Download libreoffice.gob.mx repo
-  get_url:
-    url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
-    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
-    mode: '0644'
-    owner: root
-    group: root
-
 - name: Install required packages
   ansible.builtin.package:
     name:

nextcloud/ansible/roles/nextcloud-spreed/tasks/main.yml

@@ -20,7 +20,7 @@
   ansible.builtin.shell:
     cmd: |
       /usr/bin/php "{{ nextcloud_occ }}" talk:turn:delete {{ turn_fqdn }}:3478 udp,tcp
-      /usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- {{ turn_fqdn }}:3478 udp,tcp
+      /usr/bin/php "{{ nextcloud_occ }}" talk:turn:add --secret={{ turn_static_auth_secret }} -- turn,turns {{ turn_fqdn }}:3478 udp,tcp
   become: true
   become_user: "{{ web_user }}"
 

nextcloud/ansible/roles/nextcloud/tasks/main.yml

@@ -3,6 +3,7 @@
   package:
     state: latest
     name:
+      - bzip2
       - nginx
       - php-cli
       - php-curl
@@ -18,6 +19,8 @@
       - php-json
       - php-ldap
       - php-mbstring
+      - php-memcache
+      - php-opcache
       - php-openssl
       - php-pcre
       - php-pdo
@@ -35,6 +38,7 @@
       - php-zip
       - python3-pyOpenSSL
       - sudo
+      - tar
 
 - name: Create nextcloud nginx configuration directory
   ansible.builtin.file:
@@ -55,15 +59,15 @@
 
 - name: Download Nextcloud
   get_url:
-    url: https://repos.libreoffice.gob.mx/nextcloud/nextcloud-{{nextcloud_version}}.tar.bz2
-    dest: /usr/src/nextcloud-{{nextcloud_version}}.tar.bz2
+    url: "{{ nextcloud_url }}"
+    dest: /usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2
     checksum: "{{ nextcloud_checksum }}"
   when:
     nextcloud_is_unpacked.stat.exists != true and ansible_local['nextcloud']['is_installed'] != true
 
 - name: Unpack Nextcloud
   ansible.builtin.unarchive:
-    src: "/usr/src/nextcloud-{{nextcloud_version}}.tar.bz2"
+    src: "/usr/src/nextcloud-{{ nextcloud_version }}.tar.bz2"
     dest: "{{ nextcloud_path }}"
     remote_src: yes
     owner: "{{ web_user }}"
@@ -135,6 +139,24 @@
     enabled: yes
     state: restarted
 
+
+- name: Open up required firewall ports
+  block:
+    - name: Open ports for HTTP service
+      ansible.posix.firewalld:
+        service: http
+        permanent: yes
+        immediate: true
+        state: enabled
+
+    - name: Open ports for HTTPS service
+      ansible.posix.firewalld:
+        service: https
+        permanent: yes
+        immediate: true
+        state: enabled
+  when: nextcloud_firewalld_enabled | bool
+
 - name: Remove config_is_read_only setting from config.php
   lineinfile:
     path: "{{ nextcloud_path }}/config/config.php"
@@ -251,7 +273,7 @@
       /usr/bin/php {{ nextcloud_occ }} config:system:set redis host --value={{ redis_host }}
       /usr/bin/php {{ nextcloud_occ }} config:system:set redis port --value=6379
       /usr/bin/php {{ nextcloud_occ }} config:system:set redis dbindex --value=0
-      #/usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }}
+      /usr/bin/php {{ nextcloud_occ }} config:system:set redis password user --value={{ redis_user }}
       #/usr/bin/php {{ nextcloud_occ }} config:system:set redis password password --value={{ redis_password }}
       /usr/bin/php {{ nextcloud_occ }} config:system:set redis password --value={{ redis_password }}
   become: true
@@ -296,27 +318,27 @@
       become_user: "{{ web_user }}"
       when: not ansible_local['nextcloud']['is_ldap_configured']
 
-      # TODO: quitar "hard-codeos"
     - name: Configure LDAP
       ansible.builtin.shell:
         cmd: |
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers cn=users,cn=accounts,dc=libreoffice,dc=gob,dc=mx
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "cn=Directory Manager"
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword {{ ldap_agent_password }}
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost {{ ldap_server_host }}
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport 1
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute mail
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort 389
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "(&(|(objectclass=posixAccount)))"
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass posixAccount
-          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive 1
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBase "{{ ldapBase }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseGroups "{{ ldapBaseGroups }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapBaseUsers "{{ ldapBaseUsers }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentName "{{ ldapAgentName }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapAgentPassword "{{ ldap_agent_password }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapHost "{{ ldap_server_host }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 hasMemberOfFilterSupport "{{ hasMemberOfFilterSupport }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapEmailAttribute "{{ ldapEmailAttribute }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapLoginFilter "{{ ldapLoginFilter }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapPort "{{ ldapPort }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilter "{{ ldapUserFilter }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapUserFilterObjectclass "{{ ldapUserFilterObjectclass }}"
+          /usr/bin/php "{{ nextcloud_occ }}" ldap:set-config s01 ldapConfigurationActive "{{ ldapConfigurationActive }}"
       become: true
       become_user: "{{ web_user }}"
   tags:
     - ldap
+  when: ldap_enabled
 
 - name: Set httpd_can_network_relay to allow nginx to proxy connections
   seboolean:
@@ -381,6 +403,15 @@
     - redis
     - notify_push
 
+- name: Enable Nextcloud Calendar
+  ansible.builtin.shell:
+    cmd: |
+      /usr/bin/php "{{ nextcloud_occ }}" app:install -f calendar
+      /usr/bin/php "{{ nextcloud_occ }}" app:enable calendar
+  become: true
+  become_user: "{{ web_user }}"
+  #when: (ansible_distribution == "Debian" and ansible_distribution_version != "10") or ansible_distribution == "RedHat"
+
 - name: Remove config_is_read_only setting from config.php
   lineinfile:
     path: "{{ nextcloud_path }}/config/config.php"

nextcloud/ansible/roles/nextcloud/templates/notify_push.service.j2

@@ -3,7 +3,7 @@ Description = Push daemon for Nextcloud clients
 Documentation=https://github.com/nextcloud/notify_push
 
 [Service]
-Environment = NEXTCLOUD_URL=http://{{ nextcloud_fqdn }}
+Environment = NEXTCLOUD_URL={{ notify_push_nextcloud_url }}
 ExecStart = /usr/local/bin/notify_push {{ nextcloud_path }}/config/config.php
 User={{ web_user }}
 

nextcloud/ansible/roles/postgresql/tasks/main.yml

@@ -31,7 +31,7 @@
   blockinfile:
     dest: "{{ postgresql_conf }}"
     block: |
-      listen_addresses = '{{ ansible_default_ipv4.address }}'
+      listen_addresses = '{{ db_host }}'
   tags:
     - database
     - database_access
@@ -75,3 +75,13 @@
   tags:
     - database
 
+- name: Open up required firewall ports
+  block:
+    - name: Open ports for PostgreSQL service
+      ansible.posix.firewalld:
+        service: postgresql
+        permanent: yes
+        immediate: true
+        state: enabled
+  when: postgresql_firewalld_enabled | bool
+

nextcloud/ansible/roles/pre/tasks/main.yml

@@ -1,54 +1,31 @@
 ---
 # tasks file for pre
-  - name: Update the /etc/hosts file with node host name
-    tags: etchostsupdate
-    become: yes
-    become_user: root
-    lineinfile:
-      path: "/etc/hosts"
-      regexp: ".*\t{{ ansible_hostname }}"
-      #TODO: crear una variable que tenga la IP del balanceador
-      line: "{{ nextcloud_host_ip }}\t{{ nextcloud_fqdn }} {{ nextcloud_hostname }}"
-      state: present
-      backup: yes
-    register: etchostsupdate
+- name: Create fact directory
+  file:
+    path: /etc/ansible/facts.d/
+    state: directory
 
-#  - name: Update the /etc/hosts file with node domain name
-#    tags: etchostsupdate_domain
-#    become: yes
-#    become_user: root
-#    lineinfile:
-#      path: "/etc/hosts"
-#      line: "{{ nextcloud_host }}\t{{ nextcloud_fqdn }}"
-#      state: present
-#      backup: yes
+- name: Create nextcloud custom facts
+  copy:
+    src: nextcloud.fact
+    dest: /etc/ansible/facts.d/nextcloud.fact
+    mode: 0775
+    force: yes
+  tags:
+    - check_facts
 
-  - name: Create fact directory
-    file:
-      path: /etc/ansible/facts.d/
-      state: directory
+- name: Check if nextcloud is unpacked
+  stat:
+    path: /var/www/html/config/config.sample.php
+  register: nextcloud_is_unpacked
 
-  - name: Create nextcloud custom facts
-    copy:
-      src: nextcloud.fact
-      dest: /etc/ansible/facts.d/nextcloud.fact
-      mode: 0775
-      force: yes
-    tags:
-      - check_facts
+- name: Reload facts
+  setup:
+  tags:
+    - check_facts
 
-  - name: Check if nextcloud is unpacked
-    stat:
-      path: /var/www/html/config/config.sample.php
-    register: nextcloud_is_unpacked
-
-  - name: Reload facts
-    setup:
-    tags:
-      - check_facts
-
-  - name: Pre tasks for Red Hat distros
-    include_tasks: redhat_pre_tasks.yaml
-    when:
-      ansible_facts['os_family'] == "RedHat"
+- name: Pre tasks for Red Hat distros
+  include_tasks: redhat_pre_tasks.yaml
+  when:
+    ansible_facts['os_family'] == "RedHat"
 

nextcloud/ansible/roles/pre/tasks/redhat_pre_tasks.yaml

@@ -1,38 +1,81 @@
-  - name: "Install Remi repo GPG key"
-    rpm_key:
-      state: present
-      key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018
-      #key: https://rpms.remirepo.net/RPM-GPG-KEY-remi
-    when: ansible_facts['distribution'] == 'CentOS'
+  - name: Enable The CRB Repository
+    ansible.builtin.command: /usr/bin/dnf config-manager --set-enabled crb
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution != 'Fedora'
+
+#- name: "Install Remi repo GPG key"
+#    rpm_key:
+#      state: present
+#      key: https://rpms.remirepo.net/RPM-GPG-KEY-remi2018
+#      #key: https://rpms.remirepo.net/RPM-GPG-KEY-remi
+#    when:
+#      - ansible_os_family  == 'RedHat'
+#      - ansible_distribution_major_version|int < 9
+#      - ansible_distribution != 'Fedora'
 
   - name: Install EPEL
     package:
       name:
         - epel-release
       state: latest
-    when: ansible_facts['distribution'] == 'CentOS'
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution != 'Fedora'
 
-  - name: Install REMI repository
+
+  - name: Import Remi GPG key
+    ansible.builtin.rpm_key:
+      state: present
+      key: "https://rpms.remirepo.net/enterprise/{{ansible_distribution_major_version}}/RPM-GPG-KEY-remi"
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution != 'Fedora'
+
+  - name: Remi::Install REMI repository
     dnf:
       name:
-        - https://rpms.remirepo.net/enterprise/remi-release-8.rpm
+        - "https://rpms.remirepo.net/enterprise/remi-release-{{ansible_distribution_major_version}}.rpm"
       state: latest
-      disable_gpg_check: yes
-    when: ansible_facts['distribution'] == 'CentOS'
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution != 'Fedora'
 
   # TODO: ya está en módulos de centos 8, modificar esto para usarlo
-  - name: Enable the PHP remi repository
-    dnf:
-      name: '@php:remi-7.4'
-      state: present
-    # EPEL 8 does not support modules properly so we have to use Remi's repo for
-    # php-pecl-redis to be available
-    # https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html
-    when: ansible_facts['distribution'] == 'CentOS'
+  #- name: Enable the PHP remi repository
+  #  dnf:
+  #    name: '@php:remi-7.4'
+  #    state: present
+  #  # EPEL 8 does not support modules properly so we have to use Remi's repo for
+  #  # php-pecl-redis to be available
+  #  # https://docs.nextcloud.com/server/latest/admin_manual/installation/example_centos.html
+  #  when:
+  #    - ansible_os_family  == 'RedHat'
+  #    - ansible_distribution_major_version|int < 9
+  #    - ansible_distribution != 'Fedora'
+
+  - name: Remi::Reset PHP module
+    ansible.builtin.command: /usr/bin/dnf -y module reset php
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution != 'Fedora'
+
+  - name: Remi::Install PHP {{ php_version }} module
+    ansible.builtin.command: /usr/bin/dnf -y module install php:remi-{{ php_version }}
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution_major_version|int >= 9
+      - ansible_distribution != 'Fedora'
+
+  - name: Remi::Update old versions
+    ansible.builtin.command: /usr/bin/dnf -y update
 
   - name: Enable the Redis 6 module
     dnf:
       name: '@redis:6'
       state: present
-    when: ansible_facts['distribution'] == 'CentOS'
+    when:
+      - ansible_os_family  == 'RedHat'
+      - ansible_distribution_major_version|int < 9
+      - ansible_distribution != 'Fedora'
 

nextcloud/ansible/roles/redis/tasks/main.yml

@@ -10,7 +10,7 @@
     src: certificates/redis_key.pem
     dest: "{{ redis_key }}"
     owner: root
-    group: nginx
+    group: redis
     mode: '0640'
 
 - name: Copy the redis Certificate to /etc/pki/tls/certs/
@@ -33,3 +33,13 @@
   tags:
     - check_redis
 
+- name: Open up required firewall ports
+  block:
+    - name: Open ports for Redis service
+      ansible.posix.firewalld:
+        service: redis
+        permanent: yes
+        immediate: true
+        state: enabled
+  when: redis_firewalld_enabled | bool
+

nextcloud/ansible/roles/redis/templates/redis.conf.j2

@@ -65,7 +65,7 @@
 # IF YOU ARE SURE YOU WANT YOUR INSTANCE TO LISTEN TO ALL THE INTERFACES
 # JUST COMMENT OUT THE FOLLOWING LINE.
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-bind {{ ansible_default_ipv4.address }}
+bind {{ redis_host }}
 
 # Protected mode is a layer of security protection, in order to avoid that
 # Redis instances left open on the internet are accessed and exploited.
@@ -769,8 +769,8 @@ user {{ redis_user }} on +@all -DEBUG ~* >{{ redis_password }}
 # ACL LOG
 #
 # The ACL Log tracks failed commands and authentication events associated
-# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked 
-# by ACLs. The ACL Log is stored in memory. You can reclaim memory with 
+# with ACLs. The ACL Log is useful to troubleshoot failed commands blocked
+# by ACLs. The ACL Log is stored in memory. You can reclaim memory with
 # ACL LOG RESET. Define the maximum entry length of the ACL Log below.
 acllog-max-len 128
 
@@ -1333,18 +1333,18 @@ lua-time-limit 5000
 # cluster-replica-no-failover no
 
 # This option, when set to yes, allows nodes to serve read traffic while the
-# the cluster is in a down state, as long as it believes it owns the slots. 
+# the cluster is in a down state, as long as it believes it owns the slots.
 #
-# This is useful for two cases.  The first case is for when an application 
+# This is useful for two cases.  The first case is for when an application
 # doesn't require consistency of data during node failures or network partitions.
 # One example of this is a cache, where as long as the node has the data it
-# should be able to serve it. 
+# should be able to serve it.
 #
-# The second use case is for configurations that don't meet the recommended  
-# three shards but want to enable cluster mode and scale later. A 
+# The second use case is for configurations that don't meet the recommended
+# three shards but want to enable cluster mode and scale later. A
 # master outage in a 1 or 2 shard configuration causes a read/write outage to the
 # entire cluster without this option set, with it set there is only a write outage.
-# Without a quorum of masters, slot ownership will not change automatically. 
+# Without a quorum of masters, slot ownership will not change automatically.
 #
 # cluster-allow-reads-when-down no
 

nextcloud/ansible/roles/signaling-server/handlers/main.yml

@@ -3,4 +3,4 @@
   ansible.builtin.systemd:
     state: restarted
     daemon_reload: yes
-    name: signaling-server
+    name: signaling

nextcloud/ansible/roles/signaling-server/tasks/main.yml

@@ -4,29 +4,21 @@
     state: latest
     name: '*'
 
+- name: Install libreoffice.gob.mx repo
+  get_url:
+    url: https://repos.libreoffice.gob.mx/fedora/libreoffice.gob.mx.repo
+    dest: /etc/yum.repos.d/libreoffice.gob.mx.repo
+    mode: '0644'
+    owner: root
+    group: root
+
 - name: Install required packages
   ansible.builtin.package:
     state: latest
     name:
       - certbot
       - openssl
-
-- name: Install signaling-server
-  block:
-    # TODO: Empaquetar signaling y proveerlo en Fedora
-    - name: Download signaling
-      get_url:
-        url: https://repos.libreoffice.gob.mx/signaling/signaling-latest.tar.gz
-        dest: /usr/src/signaling-latest.tar.gz
-        checksum: "{{ signaling_checksum }}"
-
-    - name: Unpack signaling-server
-      ansible.builtin.unarchive:
-        src: /usr/src/signaling-latest.tar.gz
-        dest: /
-        remote_src: yes
-        owner: root
-        group: root
+      - nextcloud-spreed-signaling
 
 - name: Generate singaling hashkey and blockkey
   block:
@@ -48,24 +40,6 @@
       register: signaling_apikey
       failed_when: signaling_apikey.stdout | length != 32
 
-- name: Configure signaling-server
-  block:
-    - name: Create signaling-server system user
-      ansible.builtin.user:
-        name: signaling
-        system: yes
-        shell: /sbin/nologin
-        home: /var/lib/signaling
-        state: present
-
-    - name: Create configuration directory
-      ansible.builtin.file:
-        path: /etc/signaling
-        state: directory
-        mode: '0750'
-        owner: root
-        group: signaling
-
     - name: Setup configuration file
       ansible.builtin.template:
         src: signaling-server.conf.j2
@@ -75,15 +49,6 @@
         mode: '0640'
       notify: Systemd daemon-reload and restart
 
-    - name: Put signaling-server systemd service in place
-      ansible.builtin.copy:
-        src: signaling-server.service
-        dest: /etc/systemd/system/signaling-server.service
-        owner: root
-        group: root
-        mode: '0644'
-      notify: Systemd daemon-reload and restart
-
 - name: Open up required firewall ports
   block:
     - name: Open up TCP port 80 for LetsEncrypt
@@ -151,6 +116,6 @@
 
 - name: Start and enable signaling
   ansible.builtin.service:
-    name: signaling-server
+    name: signaling
     enabled: yes
 

nextcloud/ansible/roles/turn/tasks/main.yml

@@ -88,6 +88,7 @@
           preconfigured-renewal = True
 
           # Info
+          # TODO: parametrizar este correo
           email = ca@softwarelibre.mx
         insertbefore: BOF
 

nextcloud/ansible/vars/RedHat.yaml

@@ -6,7 +6,7 @@ nginx_path: /etc/nginx/conf.d
 php_ini_path: /etc
 php_pool_path: /etc/php-fpm.d
 postgresql_path: /var/lib/pgsql/data
-redis_path: /etc
+redis_path: /etc/redis
 ssl_path: /etc/pki/tls
 
 # NextCloud

nextcloud/ansible/vars/main.ejemplo.yaml

@@ -1,104 +0,0 @@
----
-
-# NextCloud
-## version
-nextcloud_version: 24.0.6
-nextcloud_checksum: "sha256:b26dff9980a47e7e722805fdbbf87e07f59a3817b03ecc32698e028e9baf0301"
-
-## credentials
-nextcloud_admin_user: el_admin
-nextcloud_admin_password: Una contraseña bien difícil.
-
-## domain
-nextcloud_fqdn: nextcloud.midominio.tld
-nextcloud_host_ip: 10.0.5.33
-nextcloud_hostname: nextcloud
-
-## db
-db_host: 10.0.5.43
-nextcloud_db: nextcloud
-nextcloud_db_user: nextcloud
-nextcloud_db_user_password: Una contraseña bien, pero bien difícil.
-
-## occ
-nextcloud_occ: "{{ nextcloud_path }}/occ"
-
-## S3
-nextcloud_s3_enabled: true
-nextcloud_s3_hostname: dirección_ip_o_hostname  # cámbiame
-nextcloud_s3_key: usuario                       # cámbiame
-nextcloud_s3_secret: password_muy_difícil       # cámbiame
-nextcloud_s3_bucket: contenedor                 # cámbiame
-
-## security
-## Set this to true for production
-nextcloud_config_is_read_only: true
-
-
-# Redis
-redis_host: 10.0.5.53
-redis_user: nextcloud
-redis_password: ParángariCutirimiNoMeAcuerdoCuaro
-redis_url: "https://{{ redis_host }}"
-
-
-# SSL
-key_size: 4096
-key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
-country_name: MX
-organization_name: Mi Organización bien chida, LTD
-generate_self_signed_cert: true
-
-
-# Colabora Online (coolwsd)
-coolwsd_host: 10.0.5.64
-code_enable_ssl: false
-code_enable_ssl_termination: true
-code_ssl_key: ""
-code_ssl_cert: ""
-code_ssl_ca: ""
-
-## The only way to make notify_push work without a signed cert is to use plain http
-notify_push_nextcloud_url: http://localhost
-
-
-# reverse proxy
-reverse_proxy_ip: 10.0.5.1
-
-
-# turn
-turn_fqdn: turn0.midominio.tld
-turn_firewalld_enabled: false
-turn_letsencrypt_certificate_enabled: true
-turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
-
-
-# nats
-nats_fqdn: turn0.midominio.tld
-nats_firewalld_enabled: false
-nats_letsencrypt_certificate_enabled: false
-
-
-# signaling
-signaling_fqdn: turn0.midominio.tld
-signaling_debug: false
-signaling_firewalld_enabled: false
-signaling_letsencrypt_certificate_enabled: true
-signaling_connections_per_host: 16
-signaling_backend_name: nextcloud
-signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
-
-
-# janus
-janus_firewalld_enabled: false
-janus_letsencrypt_certificate_enabled: false
-janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
-janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
-
-
-# nextcloud spreed (talk)
-nextcloud_talk_turn_server: "{{ turn_fqdn }}"
-nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
-nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
-nextcloud_talk_stun_server: "{{ turn_fqdn }}"
-

nextcloud/ansible/vars/main.example.yaml

@@ -0,0 +1,133 @@
+---
+
+# NextCloud
+# The nexctloud_checksum changes with every release to get this string go to:
+# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
+# for the proper version
+## version
+nextcloud_version: 29.0.2
+nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
+nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
+php_version: 8.3
+
+## credentials
+nextcloud_admin_user: admin
+nextcloud_admin_password: UnaContraseñaBienDifícil.
+
+## domain
+nextcloud_fqdn: nx0.example.com
+nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
+nextcloud_hostname: nx0
+
+## db
+db_host: db0.example.com
+nextcloud_db: nextcloud
+nextcloud_db_user: nextcloud
+nextcloud_db_user_password: Unacontraseñabien.
+postgresql_firewalld_enabled: true
+
+## LDAP
+ldap_enabled: false
+ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
+ldap_server_host: id0.example.com
+ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapAgentName: "cn=Directory Manager"
+ldapAgentPassword: "{{ ldap_agent_password }}"
+ldapHost: "{{ ldap_server_host }}"
+hasMemberOfFilterSupport: 1
+ldapEmailAttribute: mail
+ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
+ldapPort: 389
+ldapUserFilter: "(&(|(objectclass=posixAccount)))"
+ldapUserFilterObjectclass: posixAccount
+ldapConfigurationActive: 1
+
+
+## occ
+nextcloud_occ: "{{ nextcloud_path }}/occ"
+
+## S3
+nextcloud_s3_enabled: true
+nextcloud_s3_hostname: fqdn_or_ip               # change me
+nextcloud_s3_key: usuario                       # change me
+nextcloud_s3_secret: password_muy_difícil       # change me
+nextcloud_s3_bucket: contenedor                 # change me
+
+## security
+## Set this to true for production
+nextcloud_config_is_read_only: true
+nextcloud_firewalld_enabled: true
+
+
+# Redis
+redis_host: rds0.example.com
+redis_user: nextcloud
+redis_password: ParángariCutirimiNoMeAcuerdoCuaro
+redis_url: "https://{{ redis_host }}"
+redis_path: /etc/redis
+redis_firewalld_enabled: true
+
+
+# SSL
+key_size: 4096
+key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
+country_name: MX
+organization_name: Mi Organización bien chida, LTD
+generate_self_signed_cert: true
+
+
+# Colabora Online (coolwsd)
+coolwsd_host: cl0.example.com
+code_enable_ssl: false
+code_enable_ssl_termination: true
+code_ssl_key: ""
+code_ssl_cert: ""
+code_ssl_ca: ""
+code_firewalld_enabled: true
+
+## The only way to make notify_push work without a signed cert is to use plain http
+notify_push_nextcloud_url: http://localhost
+
+
+# reverse proxy
+reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
+
+
+# turn
+turn_fqdn: turn0.example.com
+turn_firewalld_enabled: false
+turn_letsencrypt_certificate_enabled: true
+turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
+
+
+# nats
+nats_fqdn: turn0.example.com
+nats_firewalld_enabled: false
+nats_letsencrypt_certificate_enabled: false
+
+
+# signaling
+signaling_fqdn: turn0.example.com
+signaling_debug: false
+signaling_firewalld_enabled: false
+signaling_letsencrypt_certificate_enabled: true
+signaling_connections_per_host: 16
+signaling_backend_name: nextcloud
+signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
+
+
+# janus
+janus_firewalld_enabled: false
+janus_letsencrypt_certificate_enabled: false
+janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+
+
+# nextcloud spreed (talk)
+nextcloud_talk_turn_server: "{{ turn_fqdn }}"
+nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
+nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
+nextcloud_talk_stun_server: "{{ turn_fqdn }}"
+

nextcloud/ansible/vars/main.test.yaml

@@ -0,0 +1,133 @@
+---
+
+# NextCloud
+# The nexctloud_checksum changes with every release to get this string go to:
+# https://download.nextcloud.com/server/releases/ and download the *.sha256 file
+# for the proper version
+## version
+nextcloud_version: 29.0.2
+nextcloud_checksum: "sha256:2d49d297dc340092021057823e8e78a312bc00f56de7d8677ac790590918ab17"
+nextcloud_url: https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.tar.bz2
+php_version: 8.3
+
+## credentials
+nextcloud_admin_user: admin
+nextcloud_admin_password: UnaContraseñaBienDifícil.
+
+## domain
+nextcloud_fqdn: cs9-nc-nx0.test.virt.g02.org
+nextcloud_host_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
+nextcloud_hostname: cs9-nc-nx0
+
+## db
+db_host: cs9-nc-db0.test.virt.g02.org
+nextcloud_db: nextcloud
+nextcloud_db_user: nextcloud
+nextcloud_db_user_password: Unacontraseñabien.
+postgresql_firewalld_enabled: true
+
+## LDAP
+ldap_enabled: false
+ldap_agent_password: cIBI4mLESN1nSrAPr7pX3350NPXkD3vExjr27X1ju
+ldap_server_host: "10.254.1.1"
+ldapBase: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapBaseGroups: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapBaseUsers: "cn=users,cn=accounts,dc=softwarelibre,dc=mx"
+ldapAgentName: "cn=Directory Manager"
+ldapAgentPassword: "{{ ldap_agent_password }}"
+ldapHost: "{{ ldap_server_host }}"
+hasMemberOfFilterSupport: 1
+ldapEmailAttribute: mail
+ldapLoginFilter: "(&(&(|(objectclass=posixAccount)))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))))"
+ldapPort: 389
+ldapUserFilter: "(&(|(objectclass=posixAccount)))"
+ldapUserFilterObjectclass: posixAccount
+ldapConfigurationActive: 1
+
+
+## occ
+nextcloud_occ: "{{ nextcloud_path }}/occ"
+
+## S3
+nextcloud_s3_enabled: false
+nextcloud_s3_hostname: dirección_ip_o_hostname  # cámbiame
+nextcloud_s3_key: usuario                       # cámbiame
+nextcloud_s3_secret: password_muy_difícil       # cámbiame
+nextcloud_s3_bucket: contenedor                 # cámbiame
+
+## security
+## Set this to true for production
+nextcloud_config_is_read_only: true
+nextcloud_firewalld_enabled: true
+
+
+# Redis
+redis_host: cs9-nc-rds0.test.virt.g02.org
+redis_user: nextcloud
+redis_password: ParángariCutirimiNoMeAcuerdoCuaro
+redis_url: "https://{{ redis_host }}"
+redis_path: /etc/redis
+redis_firewalld_enabled: true
+
+
+# SSL
+key_size: 4096
+key_type: RSA # Others include DSA, ECC, Ed25519, Ed448, X25519, X448
+country_name: MX
+organization_name: Mi Organización bien chida, LTD
+generate_self_signed_cert: true
+
+
+# Colabora Online (coolwsd)
+coolwsd_host: cs9-nc-cl0.test.virt.g02.org
+code_enable_ssl: false
+code_enable_ssl_termination: true
+code_ssl_key: ""
+code_ssl_cert: ""
+code_ssl_ca: ""
+code_firewalld_enabled: true
+
+## The only way to make notify_push work without a signed cert is to use plain http
+notify_push_nextcloud_url: http://localhost
+
+
+# reverse proxy
+reverse_proxy_ip: "{{ hostvars['cs9-nc-nx0.test.virt.g02.org']['ansible_default_ipv4']['address'] }}"
+
+
+# turn
+turn_fqdn: f40-nc-turn0.test.virt.g02.org
+turn_firewalld_enabled: false
+turn_letsencrypt_certificate_enabled: false
+turn_static_auth_secret: OtroSecretoBienSuperDifícilDeAdivinar
+
+
+# nats
+nats_fqdn: f40-nc-turn0.test.virt.g02.org
+nats_firewalld_enabled: false
+nats_letsencrypt_certificate_enabled: false
+
+
+# signaling
+signaling_fqdn: f40-nc-turn0.test.virt.g02.org
+signaling_debug: false
+signaling_firewalld_enabled: false
+signaling_letsencrypt_certificate_enabled: false
+signaling_connections_per_host: 16
+signaling_backend_name: nextcloud
+signaling_checksum: sha256:fb505651bab4f91f6c60d2308541e1bf695f4177aa4f92e01bc1c8982bd3db76
+
+
+# janus
+janus_firewalld_enabled: false
+janus_letsencrypt_certificate_enabled: false
+janus_stun_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+janus_turn_server_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
+
+
+# nextcloud spreed (talk)
+nextcloud_talk_turn_server: "{{ turn_fqdn }}"
+nextcloud_talk_signaling_server: "https://{{ turn_fqdn }}:8443"
+nextcloud_talk_signaling_server_secret: ElMegaSecretoDeSignalingQueNadieSabe.
+nextcloud_talk_stun_server: "{{ turn_fqdn }}"
+