add bundle:nextcloud to carlene

This commit is contained in:
Franzi 2023-09-02 21:14:38 +02:00
parent 0001b5639b
commit ad24c0ea5b
Signed by: kunsi
GPG key ID: 12E3D2136B818350
5 changed files with 125 additions and 1 deletions

View file

@ -0,0 +1,87 @@
defaults = {
'backups': {
'paths': {
'/var/www/nextcloud',
},
},
'php': {
'clear_env': False,
'memory_limit': 512,
'packages': {
'bcmath',
'bz2',
'curl',
'gd',
'gmp',
'imagick',
'intl',
'mbstring',
'opcache',
'pgsql',
'redis',
'xml',
'yaml',
'zip',
},
},
'postgresql': {
'roles': {
'nextcloud': {
'password': repo.vault.password_for(f'{node.name} postgresql nextcloud'),
},
},
'databases': {
'nextcloud': {
'owner': 'nextcloud',
},
},
},
'systemd-timers': {
'timers': {
'nextcloud-cron': {
'command': '/usr/bin/php -f /var/www/nextcloud/cron.php',
'pwd': '/var/www/nextcloud',
'user': 'www-data',
'when': '*:00/5',
},
},
},
'zfs': {
'datasets': {
'tank/nextcloud': {
'mountpoint': '/var/www/nextcloud',
'needed_by': {
'directory:/var/www/nextcloud',
},
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts/nextcloud',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
return {
'nginx': {
'vhosts': {
'nextcloud': {
'domain': metadata.get('nextcloud/domain'),
'php': True,
'extras': True,
'index': [
'index.php',
'index.html',
'/index.php$request_uri',
],
'webroot_config': {
'owner': 'www-data',
},
},
},
},
}

31
data/nextcloud/nginx.conf Normal file
View file

@ -0,0 +1,31 @@
location ^~ /.well-known {
location = /.well-known/carddav { return 301 /remote.php/dav/; }
location = /.well-known/caldav { return 301 /remote.php/dav/; }
return 301 /index.php$request_uri;
}
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ {
try_files $uri /index.php$request_uri;
location ~ \.wasm$ {
default_type application/wasm;
}
}
location ~ \.woff2?$ {
try_files $uri /index.php$request_uri;
expires 7d;
}
location /remote {
return 301 /remote.php$request_uri;
}
location / {
try_files $uri $uri/ /index.php$request_uri;
}

View file

@ -0,0 +1 @@
../../../../nextcloud/nginx.conf

View file

@ -13,9 +13,10 @@ nameservers = [*nameservers_ipv4, *nameservers_ipv6]
redis_databases = {
'matrix-media-repo': 7,
'netbox': (4, 5),
'rspamd': 6,
'nextcloud': 7,
'paperless-ng': None, # probably 0, but undocumented
'pretalx': (1, 2, 3),
'rspamd': 6,
}
security_email = f'mailto:{hostmaster_email}'

View file

@ -15,6 +15,7 @@ bundles = [
"mautrix-whatsapp",
"miniflux",
"netbox",
"nextcloud",
"nodejs",
"ntfy",
"php",
@ -123,6 +124,9 @@ domain = "netbox.franzi.business"
version = "v3.6.0"
admins.kunsi = "hostmaster@kunbox.net"
[metadata.nextcloud]
domain = "warnochwas.de"
[metadata.nginx.'security.txt']
contact = "mailto:security@kunsmann.eu"
Encryption = "https://franzi.business/gpg_hi-kunsmann.eu.asc"