This role installs and configures Nextcloud. It is also capable of installing, enabling and configuring additional apps, creating initial users and groups and setting up external users from an LDAP directory.
This role requires Ansible 2.10 and the community.general
collection.
nextcloud_use_pkg
Whether to prefer the distribution's package of Nextcloud. Defaults totrue
but is set tofalse
if the distribution is not known provide a package.nextcloud_version
What version of Nextcloud to install from https://nextcloud.com/. If left unset, the latest stable version is chosen. This setting is ignored when using a distribution package (cf.nextcloud_use_pkg
).nextcloud_web_root
The directory where Nextcloud is installed. If a distribution package is used to install Nextcloud, this setting is ignored. Defaults to/var/www/nextcloud/
.nextcloud_data_path
Path where Nextcloud's data is stored, such as users' files. Defaults to/var/lib/nextcloud/data/
.nextcloud_apps_path
Path where apps downloaded from the app store are installed. Apps that come with Nextcloud or are installed via the distribution's package manager are not stored here. Defaults toapps-appstore
innextcloud_web_root
. The apps directory may be placed outsidenextcloud_web_root
. Distribution packages may override this setting.nextcloud_log_file
Path to Nextcloud's log file. Defaults to/var/log/nextcloud/nextcloud.log
.nextcloud_skeleton_files
Path to a directory on the Ansible controller that contains files that should be copied to each new user's file store. Optional. If not set, new users start without any files, not even Nextcloud's default files.nextcloud_skeleton_path
Path to a directory on the remote system where the files fromnextcloud_skeleton_files
are copied to. Defaults to/var/lib/nextcloud/skeleton/
. To provide new users with Nextcloud's default files, set this to{{ nextcloud_web_root }}/core/skeleton/
.nextcloud_php_cli
Name of the PHP command line interpreter. May be an absolute path or the name of a executable in$PATH
. Defaults tophp
, which should rarely need changing.nextcloud_php_cli_env
A dictionary of environment variables and their values that should be set when running PHP cli commands. Optional.nextcloud_user
,nextcloud_group
Name of the system user and group running Nextcloud. This is usually the web server's user, such aswww-data
,www
,apache
,nginx
orhttp
. Defaults towww-data
.nextcloud_database_type
The type of database for Nextcloud to use. One ofsqlite
,mysql
orpgsql
. Defaults tosqlite
, which is, however, not recommended except for very small instances.nextcloud_database_host
The host name of the database server. If the database runs on the same system as Nextcloud, this may also be an absolute path to the database server's UNIX socket. Defaults tolocalhost
.nextcloud_database_port
The port where the database server is listening on. If not set, the default port for the respective database system is used.nextcloud_database_user
Name of the user account to connect to the database server. Defaults tonextcloud
.nextcloud_database_password
Password fornextcloud_database_user
. Optional.nextcloud_database_name
The name of the database for Nextcloud. Defaults tonextcloud
.nextcloud_enabled_apps
A list of Nextcloud apps to enable. All apps in this list are automatically downloaded from the app store, if necessary. Empty by default, which disabled all but the bare minimum of apps. Note that even apps shipped with Nextcloud are disabled if they are not listed here.nextcloud_extra_options
A dictionary of additionalconfig.php
settings for Nextcloud. Values that are lists or dictionaries are automatically converted to PHP arrays. Optional.nextcloud_app_options
A dictionary of settings for specific apps. Keys are app names and values are in turn dictionaries of the settings for the app. Optional.nextcloud_admin
Name of the user account created during initial Nextcloud setup. This account is granted administrative privileges. Defaults toadmin
.nextcloud_admin_password
The password fornextcloud_admin
. Optional. If not supplied, a random password is generated and the account is disabled.nextcloud_users
A list of local user accounts to set up within Nextcloud. Each list entry is a dictionary with the following keys:name
: The user's internal name. Mandatory.display_name
: The user's display name. Optional.password
: The user's initial password. Mandatory.
Note that this can not be used to modify existing users. Optional.
nextcloud_groups
A list of local groups to create within Nextcloud. Each list entry is a dictionary with the following keys:name
: The group's name. Mandatory.users
A list of users to be added to the group. This may include users from an LDAP back end. Optional.
Note that this only adds users to the given groups. Memberships not listed here are left unchanged. Optional.
nextcloud_ldap_backends
A list of LDAP authentication back ends to set up. Each list item is a dictionary of settings for the back end. Refer toocc ldap:show-config
and the documentation for valid options and their meaning. Optional.nextcloud_redis_host
If theredis
PHP extension is detected, Redis is set up as a cache for transactional file locking and -- if APCu is not available -- local caching. This setting configures the host name of the Redis instance to connect to. It may also be an absolute path to a UNIX socket, if Redis runs on the same system as Nextcloud. If set tofalse
, Redis is not used. Defaults tolocalhost
.nextcloud_redis_port
The TCP port Redis runs on. Ignored if Redis is not used ornextcloud_redis_host
is a path to a UNIX socket. Defaults to6379
.nextcloud_redis_password
The password required to connect to to Redit. Ignored if Redis is not used. Optional.nextcloud_redis_dbindex
The index of the Redis database to use. Optional.nextcloud_default_app
The name of the app to open on login. If this is a list, Nextcloud picks the first enabled app. Defaults tofiles
.nextcloud_trusted_domains
A list of domain names that are expected to refer to this system. Users can only log in to Nextcloud if they use one of these names. Defaults to the system's host name and fully qualified domain name as detected by Ansible.
Nextcloud requires a web server and possibly additional software, such as a SQL database management system or in-memory cache. As these dependencies are complex software of their own, they are not considered to be within the scope of this role.
The following is a short example for some of the configuration options this role provides:
nextcloud_database_type: mysql
nextcloud_database_host: '/run/mysqld/mysqld.sock'
nextcloud_database_name: nextcloud
nextcloud_database_user: nextcloud
nextcloud_enabled_apps:
- files_sharing
- twofactor_u2f
- twofactor_totp
- contacts
- calendar
nextcloud_extra_options:
lost_password_link: disabled
mail_smtpmode: sendmail
mail_sendmailmode: pipe
log_rotate_size: 1048576 # 1 MiB
simpleSignUpLink.shown: false
ldapUserCleanupInterval: 3600
overwritehost: "{{ ansible_facts['fqdn'] }}"
nextcloud_app_options:
dav:
sendEventReminders: 'no'
sendInvitations: 'no'
user_ldap:
background_sync_interval: 3600
nextcloud_ldap_backends:
- ldapHost: localhost
ldapPort: 389
ldapAgentName: 'cn=nextcloud,ou=machines,dc=my,dc=domain'
ldapAgentPassword: 'very secret'
ldapBase: 'dc=my,dc=domain'
ldapBaseUsers: 'ou=people,dc=my,dc=domain'
ldapBaseGroups: 'ou=groups,dc=my,dc=domain'
ldapUserFilter: '(&(objectClass=inetOrgPerson)(memberOf=cn=Nextcloud Users,ou=groups,dc=my,dc=domain))'
ldapLoginFilter: '(&(objectClass=inetOrgPerson)(memberOf=cn=Nextcloud Users,ou=groups,dc=my,dc=domain)(uid=%uid))'
ldapExpertUsernameAttr: uid
ldapExpertUUIDUserAttr: entryUUID
ldapExpertUUIDGroupAttr: entryUUID
nextcloud_users:
- name: user1
password: 'very secret'
nextcloud_groups:
- name: admin
users:
- ldap_user1
MIT