From 9dace15b019050c2c6d32d54bcceb4b43bd36411 Mon Sep 17 00:00:00 2001 From: Vladislav Ponomarev Date: Fri, 19 Apr 2024 22:50:15 +0700 Subject: [PATCH] Add Owncloud Infinite Scale --- README.md | 52 ++++++++++++------------ Vagrantfile | 1 + group_vars/all.yml | 3 ++ inventories/sample/group_vars/sample.yml | 3 ++ provisioning.yml | 5 +++ roles/ocis/defaults/main.yml | 16 ++++++++ roles/ocis/tasks/main.yml | 45 ++++++++++++++++++++ 7 files changed, 100 insertions(+), 25 deletions(-) create mode 100644 roles/ocis/defaults/main.yml create mode 100644 roles/ocis/tasks/main.yml diff --git a/README.md b/README.md index e25578f..e2e2c69 100644 --- a/README.md +++ b/README.md @@ -98,27 +98,28 @@ Host mayurifag-prod ## Applications List -| Name | Default endpoint | App. Port | -| ------------------- | --------------------------------------------- | ------------- | -| Blocky | - | - | -| Doku | | 9090 | -| Dozzle | | 8080 | -| Filerun | | 80 [+3306 db] | -| Glances | | 61208/61209 | -| Go-socks5-proxy | (+auth) | 1080 | -| Homer | | 8080 | -| Hemmelig | | 3000 | -| mayurifag.github.io | | 8005 | -| Navidrome | | 80 | -| Netdata | | 19999 | -| Nextcloud | | 80 | -| Portainer | | 9000 | -| Shadowsocks-rust | (uses TLS) | 1080 | -| Traefik Dashboard | | 8080 (?) | -| Wallabag | | 80 | -| Watchtower | - | - | -| Wireguard-Easy | | 58172 | -| Whattocommit | | 8080 | +| Name | Default endpoint | App. Port | +| ----------------------- | --------------------------------------------- | ------------- | +| Blocky | - | - | +| Doku | | 9090 | +| Dozzle | | 8080 | +| Filerun | | 80 [+3306 db] | +| Glances | | 61208/61209 | +| Go-socks5-proxy | (+auth) | 1080 | +| Homer | | 8080 | +| Hemmelig | | 3000 | +| mayurifag.github.io | | 8005 | +| Navidrome | | 80 | +| Netdata | | 19999 | +| Nextcloud | | 80 | +| Owncloud Infinite Scale | | 9200 | +| Portainer | | 9000 | +| Shadowsocks-rust | (uses TLS) | 1080 | +| Traefik Dashboard | | 8080 (?) | +| Wallabag | | 80 | +| Watchtower | - | - | +| Wireguard-Easy | | 58172 | +| Whattocommit | | 8080 | ## TODO @@ -131,7 +132,7 @@ need to deploy my services once again. ### High priority - [ ] Log rotation for docker containers -- [ ] https://github.com/alexta69/metube +- [ ] ~~https://github.com/alexta69/metube~~ - [ ] ~~Add cleaning up apt-get to get extra 1GB~~ - [ ] ~~Think how to rotate logs easily for docker (takes all the space in a year or more)~~ - [ ] Ssh configuration: change port and make the sshd configuration cheatsheet with Readme @@ -140,13 +141,13 @@ need to deploy my services once again. - [ ] Uptime Kuma - [x] Blocky DNS - [ ] Add systemd services -- [ ] Migrate to dashboard which is easy maintainable: flame (with labels) / homerr +- [ ] Migrate to dashboard which is easy maintainable: flame (with labels) - [ ] Add Authentik / Remove baseauth - [ ] Add Cloudflare companion tiredofit/traefik-cloudflare-companion:latest docker - [ ] Add Vikunja - [ ] Move this section to issues and kanban - [ ] Add zswap -- [ ] +- [ ] ~~~~ - [x] Migrate from mysql to postgres for nextcloud. Look other perfomance boosters. cron at docker for nextcloud. bump versions - [x] - [x] @@ -155,11 +156,12 @@ need to deploy my services once again. ### Medium priority +- [ ] https://github.com/epoupon/lms - [ ] Add automatic backup solution (duplicati?). Do I need anything more than /data/docker_data? - [ ] Add ufw with rules + make docker respect the rules - [ ] Add pastebin -- [ ] Make traefik to write logs to file + logrotate them +- [ ] ~~Make traefik to write logs to file + logrotate them~~ - [ ] Suggest if I need more fail2ban jail rules - [ ] - [ ] Add motd.txt to server diff --git a/Vagrantfile b/Vagrantfile index 3bb1605..a1ef3ba 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -36,6 +36,7 @@ Vagrant.configure(2) do |config| mus.mayurifag.local netdata.mayurifag.local nextcloud.mayurifag.local + ocis.mayurifag.local portainer.mayurifag.local traefik.mayurifag.local wallabag.mayurifag.local diff --git a/group_vars/all.yml b/group_vars/all.yml index e227561..6d2beac 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -82,6 +82,9 @@ whattocommit_subdomain: "commit" nextcloud_enabled: true nextcloud_subdomain: "nextcloud" +ocis_enabled: true +ocis_subdomain: "ocis" + filerun_enabled: true filerun_subdomain: "filerun" diff --git a/inventories/sample/group_vars/sample.yml b/inventories/sample/group_vars/sample.yml index 76c8192..5368244 100644 --- a/inventories/sample/group_vars/sample.yml +++ b/inventories/sample/group_vars/sample.yml @@ -78,6 +78,9 @@ whattocommit_subdomain: "commit" nextcloud_enabled: true nextcloud_subdomain: "nextcloud" +ocis_enabled: true +ocis_subdomain: "ocis" + filerun_enabled: true filerun_subdomain: "filerun" diff --git a/provisioning.yml b/provisioning.yml index 3889925..37c825b 100644 --- a/provisioning.yml +++ b/provisioning.yml @@ -88,6 +88,11 @@ - nextcloud when: (nextcloud_enabled | default(False)) + - role: ocis + tags: + - ocis + when: (ocis_enabled | default(False)) + - role: glances tags: - glances diff --git a/roles/ocis/defaults/main.yml b/roles/ocis/defaults/main.yml new file mode 100644 index 0000000..149fea8 --- /dev/null +++ b/roles/ocis/defaults/main.yml @@ -0,0 +1,16 @@ +--- +ocis_enabled: true +ocis_available_externally: "true" + +# directories +ocis_data_directory: "{{ docker_home }}/ocis" + +ocis_container: "owncloud/ocis" +ocis_version: "5.0.2" + +ocis_subdomain: "ocis" + +# username / passwords +ocis_sql_user: "ocis-user" +ocis_sql_password: "ocis-pass" +ocis_redis_password: "ocis-redis" diff --git a/roles/ocis/tasks/main.yml b/roles/ocis/tasks/main.yml new file mode 100644 index 0000000..b0ccb01 --- /dev/null +++ b/roles/ocis/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- name: Delete OCIS directory + file: + path: "{{ ocis_data_directory }}" + state: absent + +- name: Create OCIS directories + file: + path: "{{ item }}" + state: directory + owner: 1000 + group: 1000 + with_items: + - "{{ ocis_data_directory }}/userfiles" + - "{{ ocis_data_directory }}/config" + +- name: OCIS Docker Container + docker_container: + name: ocis + image: "{{ ocis_container }}:{{ ocis_version }}" + pull: true + recreate: yes + volumes: + - "{{ ocis_data_directory }}/config:/etc/ocis" + - "{{ ocis_data_directory }}/userfiles:/var/lib/ocis" + entrypoint: + - /bin/sh + command: ["-c", "ocis init || true; ocis server"] + env: + TZ: "{{ server_timezone }}" + OCIS_URL: "https://{{ ocis_subdomain }}.{{ server_hostname }}" + OCIS_LOG_LEVEL: "info" + OCIS_LOG_COLOR: "false" + PROXY_TLS: "false" + OCIS_INSECURE: "false" + PROXY_ENABLE_BASIC_AUTH: "false" + IDM_ADMIN_PASSWORD: "{{ admin_userpassword }}" + IDM_CREATE_DEMO_USERS: "false" + restart_policy: unless-stopped + labels: + traefik.enable: "{{ ocis_available_externally }}" + traefik.http.routers.ocis.rule: "Host(`{{ ocis_subdomain }}.{{ server_hostname }}`)" + traefik.http.services.ocis.loadbalancer.server.port: "9200" + traefik.http.routers.ocis.middlewares: "my-headers@file" + # traefik.http.routers.ocis.service: ocis