ldap: support nextcloud_ldap_expert_username_attr setting

defaults/main.yml

@@ -1,25 +1,82 @@
 ---
 # domain, webroot
-wordpress_domain: example.com
+nextcloud_domain: example.com
-wordpress_web_root: /
+nextcloud_web_root: /
 
 # database
-wordpress_db_host: localhost
+nextcloud_db_engine: sqlite
-wordpress_db_user: wordpress
-wordpress_db_password: password
-wordpress_db_name: wordpress
-wordpress_table_prefix: wp
 
-# debug: cualquier valor distinto de "" es si
+# db name or path (sqlite)
-wordpress_debug: ""
+nextcloud_db_name: nextcloud
 
-# configuracion extra - va literal al config.php
+# mysql, mariadb, postgresql
-wordpress_config_extra: ""
+nextcloud_db_host: localhost
+nextcloud_db_user: nextcloud
+nextcloud_db_password: password
+nextcloud_table_prefix: ""
+
+# data dir (inside container)
+nextcloud_data_dir: /var/www/html/data
+
+# admin user
+nextcloud_admin_user: admin
+nextcloud_admin_password: password
+
+# space separated trusted domains
+nextcloud_trusted_domains:
+  - "{{ nextcloud_domain }}"
+
+# The install and update script is only triggered when a default command
+# is used (apache-foreground or php-fpm). If you use a custom command
+# you have to enable the install / update with
+nextcloud_update: ""
+
+# The use of Redis is recommended to prevent file locking problems. See
+# the examples for further instructions.
+# If you want to use Redis you have to create a separate Redis container
+# in your setup / in your docker-compose file. To inform Nextcloud about
+# the Redis container add:
+nextcloud_redis_host: ""
+nextcloud_redis_port: "6379"
+
+# smtp
+nextcloud_smtp_host: ""
+nextcloud_smtp_secure: ""
+nextcloud_smtp_port: ""
+nextcloud_smtp_authtype: LOGIN
+nextcloud_smtp_user: ""
+nextcloud_smtp_password: ""
+nextcloud_mail_from_address: ""
+nextcloud_mail_domain: "{{ nextcloud_domain }}"
+
+# ldap
+nextcloud_ldap_enable: false
+nextcloud_ldap_host: "{{ ldap_uri | default('openldap') | regex_replace(':[0-9]+$') }}"
+nextcloud_ldap_port: "389"
+#nextcloud_ldap_backup_host: ""
+nextcloud_ldap_backup_port: "389"
+#nextcloud_ldap_agent_name: ""
+#nextcloud_ldap_agent_password: ""
+nextcloud_ldap_base: "dc={{ openldap_domain | default('example.com') | replace('.', ',dc=') }}"
+#nextcloud_ldap_base_users: ""
+#nextcloud_ldap_base_groups: ""
+#nextcloud_ldap_user_filter_objectclass: ""
+#nextcloud_ldap_user_filter: ""
+#nextcloud_ldap_login_filter: ""
+#nextcloud_ldap_group_filter_objectclass: ""
+#nextcloud_ldap_group_filter: ""
+#nextcloud_ldap_gid_number: ""
+#nextcloud_ldap_user_display_name: ""
+#nextcloud_ldap_user_display_name_2: ""
+#nextcloud_ldap_group_display_name: ""
+#nextcloud_ldap_email_attribute: ""
+#nextcloud_ldap_group_member_assoc_attr: ""
+#nextcloud_ldap_expert_username_attr: ""
 
 # container
-wordpress_image: wordpress
+nextcloud_image: eumau/nextcloud
-wordpress_container: wordpress
+nextcloud_container: nextcloud
-wordpress_volume: wordpress
+nextcloud_volume: nextcloud
 
 # definido por rol docker
-docker_network_name: dockernet
+docker_network: dockernet

tasks/main.yml

@@ -1,95 +1,133 @@
 ---
-- name: create wordpress database
+# TODO: postgres support
+# - name: create nextcloud database (pg)
+#   postgresql_db:
+#     state: present
+#     name: "{{ nextcloud_db_name }}"
+#     login_host: "{{ postgresql_host }}"
+#     login_port: "{{ postgresql_port }}"
+#     login_user: "{{ postgresql_root_password }}"
+#     login_password: "{{ postgresql_root_password }}"
+
+# - name: create nextcloud db user (pg)
+#   postgresql_user:
+#     state: present
+#     name: "{{ nextcloud_db_user }}"
+#     password: "{{ nextcloud_db_password }}"
+#     priv: "{{ nextcloud_db_name }}.*:ALL"
+#     login_host: "{{ postgresql_host }}"
+#     login_port: "{{ postgresql_port }}"
+#     login_user: root
+#     login_password: "{{ postgresql_root_password }}"
+
+- name: create nextcloud database
   mysql_db:
     state: present
-    name: "{{ wordpress_db_name }}"
+    name: "{{ nextcloud_db_name }}"
     login_host: "{{ mariadb_host }}"
     login_port: "{{ mariadb_port }}"
     login_user: root
     login_password: "{{ mariadb_root_password }}"
+  when: nextcloud_db_engine in ('mariadb','mysql')
 
-- name: create wordpress db user
+- name: create nextcloud db user
   mysql_user:
     state: present
-    name: "{{ wordpress_db_user }}"
+    name: "{{ nextcloud_db_user }}"
     host: "%"
-    password: "{{ wordpress_db_password }}"
+    password: "{{ nextcloud_db_password }}"
-    priv: "{{ wordpress_db_name }}.*:ALL"
+    priv: "{{ nextcloud_db_name }}.*:ALL"
     login_host: "{{ mariadb_host }}"
     login_port: "{{ mariadb_port }}"
     login_user: root
     login_password: "{{ mariadb_root_password }}"
+  when: nextcloud_db_engine in ('mariadb','mysql')
 
-- name: start wordpress container
+- name: start nextcloud container
   docker_container:
-    image: "{{ wordpress_image }}"
+    image: "{{ nextcloud_image }}"
-    name: "{{ wordpress_container }}"
+    name: "{{ nextcloud_container }}"
     volumes:
-      - "{{ wordpress_volume }}:/var/www/html"
+      - "{{ nextcloud_volume }}:/var/www/html"
     env:
-      WORDPRESS_DB_HOST: "{{ mariadb_container }}"
+      SQLITE_DATABASE:
-      WORDPRESS_DB_USER: "{{ wordpress_db_user }}"
+        "{{ nextcloud_db_name if nextcloud_db_engine == 'sqlite' else '' }}"
-      WORDPRESS_DB_PASSWORD: "{{ wordpress_db_password }}"
+      MYSQL_DATABASE:
-      WORDPRESS_DB_NAME: "{{ wordpress_db_name }}"
+        "{{ nextcloud_db_name if nextcloud_db_engine in ('mysql','mariadb') else '' }}"
-      WORDPRESS_TABLE_PREFIX: "{{ wordpress_table_prefix }}"
+      MYSQL_USER:
-      # (default to unique random SHA1s, but only if other environment
+        "{{ nextcloud_db_user if nextcloud_db_engine in ('mysql','mariadb') else '' }}"
-      # variable configuration is provided)
+      MYSQL_PASSWORD:
-      # WORDPRESS_AUTH_KEY:
+        "{{ nextcloud_db_password if nextcloud_db_engine in ('mysql','mariadb') else '' }}"
-      # WORDPRESS_SECURE_AUTH_KEY:
+      MYSQL_HOST:
-      # WORDPRESS_LOGGED_IN_KEY:
+        "{{ nextcloud_db_host if nextcloud_db_engine in ('mysql','mariadb') else '' }}"
-      # WORDPRESS_NONCE_KEY:
+      POSTGRES_DB:
-      # WORDPRESS_AUTH_SALT:
+        "{{ nextcloud_db_name if 'postgres' in nextcloud_db_engine else '' }}"
-      # WORDPRESS_SECURE_AUTH_SALT:
+      POSTGRES_USER:
-      # WORDPRESS_LOGGED_IN_SALT:
+        "{{ nextcloud_db_user if 'postgres' in nextcloud_db_engine else '' }}"
-      # WORDPRESS_NONCE_SALT:
+      POSTGRES_PASSWORD:
-      # (defaults to disabled, non-empty value will enable WP_DEBUG in
+        "{{ nextcloud_db_password if 'postgres' in nextcloud_db_engine else '' }}"
-      # wp-config.php)
+      POSTGRES_HOST:
-      WORDPRESS_DEBUG: "{{ wordpress_debug }}"
+        "{{ nextcloud_db_host if 'postgres' in nextcloud_db_engine else '' }}"
-      # (defaults to nothing, non-empty value will be embedded verbatim
+      NEXTCLOUD_TABLE_PREFIX: "{{ nextcloud_table_prefix }}"
-      # inside wp-config.php -- especially useful for applying extra
+      NEXTCLOUD_ADMIN_USER: "{{ nextcloud_admin_user }}"
-      # configuration values this image does not provide by default such
+      NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin_password }}"
-      # as WP_ALLOW_MULTISITE; see docker-library/wordpress#142 for more
+      NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_trusted_domains | join(' ')}}"
-      # details)
+      NEXTCLOUD_UPDATE: "{{ nextcloud_update }}"
-      WORDPRESS_CONFIG_EXTRA: "{{ wordpress_config_extra }}"
+      REDIS_HOST: "{{ nextcloud_redis_host }}"
+      REDIS_HOST_PORT: "{{ nextcloud_redis_port }}"
+      SMTP_HOST: "{{ nextcloud_smtp_host }}"
+      SMTP_SECURE: "{{ nextcloud_smtp_secure }}"
+      SMTP_PORT: "{{ nextcloud_smtp_port }}"
+      SMTP_AUTHTYPE: "{{ nextcloud_smtp_authtype }}"
+      SMTP_NAME: "{{ nextcloud_smtp_user }}"
+      SMTP_PASSWORD: "{{ nextcloud_smtp_password }}"
+      MAIL_FROM_ADDRESS: "{{ nextcloud_mail_from_address }}"
+      MAIL_DOMAIN: "{{ nextcloud_mail_domain }}"
+      LDAP_ENABLE: "{{ 'true' if nextcloud_ldap_enable else 'false' }}"
+      LDAP_HOST: "{{ nextcloud_ldap_host }}"
+      LDAP_PORT: "{{ nextcloud_ldap_port | string }}"
+      LDAP_BACKUP_HOST: "{{ nextcloud_ldap_backup_host | default(omit) }}"
+      LDAP_BACKUP_PORT: "{{ nextcloud_ldap_backup_port | string }}"
+      LDAP_AGENT_NAME: "{{ nextcloud_ldap_agent_name | default(omit) }}"
+      LDAP_AGENT_PASSWORD: "{{ nextcloud_ldap_agent_password | default(omit) }}"
+      LDAP_BASE: "{{ nextcloud_ldap_base }}"
+      LDAP_BASE_USERS: "{{ nextcloud_ldap_base_users | default(omit) }}"
+      LDAP_BASE_GROUPS: "{{ nextcloud_ldap_base_groups | default(omit) }}"
+      LDAP_USER_FILTER_OBJECTCLASS: "{{ nextcloud_ldap_user_filter_objectclass | default(omit) }}"
+      LDAP_USER_FILTER: "{{ nextcloud_ldap_user_filter | default(omit) }}"
+      LDAP_LOGIN_FILTER: "{{ nextcloud_ldap_login_filter | default(omit) }}"
+      LDAP_GROUP_FILTER_OBJECTCLASS: "{{ nextcloud_ldap_group_filter_objectclass | default(omit) }}"
+      LDAP_GROUP_FILTER: "{{ nextcloud_ldap_group_filter | default(omit) }}"
+      LDAP_GID_NUMBER: "{{ nextcloud_ldap_gid_number | default(omit) }}"
+      LDAP_USER_DISPLAY_NAME: "{{ nextcloud_ldap_user_display_name | default(omit) }}"
+      LDAP_USER_DISPLAY_NAME_2: "{{ nextcloud_ldap_user_display_name_2 | default(omit) }}"
+      LDAP_GROUP_DISPLAY_NAME: "{{ nextcloud_ldap_group_display_name | default(omit) }}"
+      LDAP_EMAIL_ATTRIBUTE: "{{ nextcloud_ldap_email_attribute | default(omit) }}"
+      LDAP_GROUP_MEMBER_ASSOC_ATTR: "{{ nextcloud_ldap_group_member_assoc_attr | default(omit) }}"
+      LDAP_EXPERT_USERNAME_ATTR: "{{ nextcloud_ldap_expert_username_attr | default(omit) }}"
     networks:
-      - name: "{{ docker_network_name }}"
+      - name: "{{ docker_network }}"
     ports:
 
-- name: template nginx config
+- name: export nginx config
-  copy:
+  set_fact:
-    content: |
+    nginx_config: >-
-      server {
+      {{ nginx_config | default({}) | combine({
-        listen 80; # para debug
+        nextcloud_domain: {
-        listen 443 ssl;
+          "locations": {
-        server_name {{ wordpress_domain }};
+            '/': {
-
+              "proxy_pass": "https://{}:9010".format(nextcloud_container)
-        # root   /var/www/html;
+            }
-        # index  index.php index.html;
+          }
-        # access_log /dev/stdout;
-        # error_log /dev/stdout info;
-
-        location {{ wordpress_web_root }} {
-          proxy_set_header Host $host;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_pass http://{{ wordpress_container }};
         }
-      }
+        }, recursive=True) }}
-    dest: "{{ nginx_config_mountpoint }}/wordpress.conf"
-  register: ngconf
 
-- name: restart frontend
+- name: inspect nextcloud volume
-  docker_container:
-    name: "{{ nginx_container_name }}"
-    restart: yes
-  when: ngconf is changed
-
-- name: inspect wordpress volume
   docker_volume_info:
-    name: "{{ wordpress_volume }}"
+    name: "{{ nextcloud_volume }}"
   register: volinfo
 
 - name: export variables
   set_fact:
-    wordpress_volume: "{{ lookup('vars','wordpress_volume') }}"
+    nextcloud_volume: "{{ lookup('vars','nextcloud_volume') }}"
-    wordpress_volume_mountpoint: "{{ volinfo.volume.Mountpoint }}"
+    nextcloud_volume_mountpoint: "{{ volinfo.volume.Mountpoint }}"