--- - name: create required skudak cloud volumes become: true ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ podman_subuid.stdout }}" group: "{{ podman_subuid.stdout }}" mode: 0755 notify: restorecon podman loop: - "{{ cloud_skudak_path }}/apps" - "{{ cloud_skudak_path }}/config" - "{{ cloud_skudak_path }}/data" - "{{ cloud_skudak_path }}/mysql" - "{{ cloud_skudak_path }}/scripts" - name: unshare chown the skudak cloud volumes become: true become_user: "{{ podman_user }}" changed_when: false ansible.builtin.command: | podman unshare chown -R 33:33 {{ cloud_skudak_path }}/apps {{ cloud_skudak_path }}/data {{ cloud_skudak_path}}/config - name: flush handlers ansible.builtin.meta: flush_handlers - name: copy skudak cloud libresign setup script become: true ansible.builtin.template: src: nextcloud/libresign-setup.sh.j2 dest: "{{ cloud_skudak_path }}/scripts/libresign-setup.sh" owner: "{{ podman_subuid.stdout }}" group: "{{ podman_subuid.stdout }}" mode: 0755 notify: restorecon podman - import_tasks: podman/podman-check.yml vars: container_name: skudak-cloud-db container_image: "{{ db_image }}" - name: create skudak-cloud-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: skudak-cloud-db image: "{{ db_image }}" restart_policy: on-failure:3 log_driver: journald network: - shared env: MYSQL_ROOT_PASSWORD: "{{ cloud_skudak_db_root_pass }}" MYSQL_DATABASE: skucloud MYSQL_PASSWORD: "{{ cloud_skudak_db_pass }}" MYSQL_USER: skucloud volumes: - "{{ cloud_skudak_path }}/mysql:/var/lib/mysql" - name: create systemd startup job for skudak-cloud-db include_tasks: podman/systemd-generate.yml vars: container_name: skudak-cloud-db - import_tasks: podman/podman-check.yml vars: container_name: skudak-cloud container_image: "{{ image }}" - name: create skudak cloud container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: name: skudak-cloud image: "{{ image }}" restart_policy: on-failure:3 log_driver: journald network: - shared env: MYSQL_PASSWORD: "{{ cloud_skudak_db_pass }}" MYSQL_DATABASE: skucloud MYSQL_HOST: skudak-cloud-db MYSQL_USER: skucloud volumes: - "{{ cloud_skudak_path }}/apps:/var/www/html/custom_apps" - "{{ cloud_skudak_path }}/data:/var/www/html/data" - "{{ cloud_skudak_path }}/config:/var/www/html/config" - "{{ cloud_skudak_path }}/scripts/libresign-setup.sh:/docker-entrypoint-hooks.d/before-starting/libresign-setup.sh:ro" ports: - "8090:80" - name: create systemd startup job for cloud include_tasks: podman/systemd-generate.yml vars: container_name: skudak-cloud # Install poppler-utils for pdfsig/pdfinfo (LibreSign handles java/pdftk/jsignpdf via occ) # This needs to be reinstalled on each container recreation - name: install poppler-utils in skudak-cloud become: true become_user: "{{ podman_user }}" ansible.builtin.command: cmd: > podman exec -u 0 skudak-cloud sh -c "apt-get update && apt-get install -y --no-install-recommends poppler-utils && rm -rf /var/lib/apt/lists/*" register: poppler_install changed_when: "'is already the newest version' not in poppler_install.stdout" failed_when: false - name: disable nextcloud signup link in config become: true ansible.builtin.lineinfile: path: "{{ cloud_skudak_path }}/config/config.php" regexp: "^\\s*'simpleSignUpLink\\.shown'\\s*=>" line: " 'simpleSignUpLink.shown' => false," insertbefore: '^\);' create: false failed_when: false # Add cloud.skudak.com to Nextcloud trusted_domains - name: add cloud.skudak.com to nextcloud trusted_domains become: true become_user: "{{ podman_user }}" ansible.builtin.command: > podman exec -u www-data skudak-cloud php occ config:system:set trusted_domains 1 --value="cloud.skudak.com" register: trusted_domain_result changed_when: "'System config value trusted_domains' in trusted_domain_result.stdout" failed_when: false - include_tasks: containers/cloud-backup.yml vars: backup_name: skudak-cloud data_path: "{{ cloud_skudak_path }}/data" ssh_key_path: /root/.ssh/truenas_skudak ssh_key_content: "{{ cloud_skudak_backup_ssh_key }}" ssh_user: skucloud remote_path: /mnt/glacier/skudakcloud script_path: "{{ cloud_skudak_path }}/backup.sh"