Use Nextcloud instead of Owncloud.

README.md

@@ -25,8 +25,7 @@ What do you get if you point Sovereign at a server? All kinds of good stuff!
 -   Email client [automatic configuration](https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration).
 -   Jabber/[XMPP](http://xmpp.org/) instant messaging via [Prosody](http://prosody.im/).
 -   An RSS Reader via [Selfoss](http://selfoss.aditu.de/).
--   [CalDAV](https://en.wikipedia.org/wiki/CalDAV) and [CardDAV](https://en.wikipedia.org/wiki/CardDAV) to keep your calendars and contacts in sync, via [ownCloud](http://owncloud.org/).
--   Your own private storage cloud via [ownCloud](http://owncloud.org/).
+-   [CalDAV](https://en.wikipedia.org/wiki/CalDAV) and [CardDAV](https://en.wikipedia.org/wiki/CardDAV) to keep your calendars and contacts in sync, via [NextCloud](http://nextcloud.com/).
 -   Your own VPN server via [OpenVPN](http://openvpn.net/index.php/open-source.html).
 -   An IRC bouncer via [ZNC](http://wiki.znc.in/ZNC).
 -   [Monit](http://mmonit.com/monit/) to keep everything running smoothly (and alert you when it’s not).
@@ -117,7 +116,7 @@ Create `A` or `CNAME` records which point to your server's IP address:
 * `autoconfig.example.com` (for email client automatic configuration)
 * `fathom.example.com` (for web stats)
 * `news.example.com` (for Selfoss)
-* `cloud.example.com` (for ownCloud)
+* `cloud.example.com` (for NextCloud)
 
 ### 6. Run the Ansible Playbooks
 
@@ -163,13 +162,6 @@ Similarly, to access the server monitoring page, use another SSH tunnel:
 
 Again proceeding to http://localhost:2812 in your web browser.
 
-Finally, sign into ownCloud with a new administrator account to set it
-up. You should select PostgreSQL as the configuration backend. Use
-`owncloud` as the database user and the database name. For the
-database password ansible has created a set of random passwords for
-each service and stores them in your local folder `secret`, use the
-one in the file `owncloud_db_password`.
-
 How To Use Your New Personal Cloud
 ----------------------------------
 

roles/nextcloud/defaults/main.yml

@@ -0,0 +1,22 @@
+secret_root: '{{ inventory_dir | realpath }}'
+secret_name: 'secret'
+secret: '{{ secret_root + "/" + secret_name }}'
+
+nextcloud_subdomain: "cloud"
+nextcloud_domain: "{{ nextcloud_subdomain }}.{{ domain }}"
+
+# When you increase the version, run this manually after installing / upgrading:
+#  cd /var/www/nextcloud
+#  sudo -u www-data php occ upgrade
+nextcloud_version: "15.0.5"
+
+nextcloud_admin_username: "{{ main_user_name }}"
+nextcloud_admin_password: "{{ lookup('password', secret + '/' + 'nextcloud_admin_password length=32') }}"
+
+nextcloud_db_username: nextclouduser
+nextcloud_db_password: "{{ lookup('password', secret + '/' + 'nextcloud_db_password length=32') }}"
+nextcloud_db_database: nextcloud
+
+# must match values in roles/common
+db_admin_username: 'postgres'
+db_admin_password: "{{ lookup('password', secret + '/' + 'db_admin_password length=32') }}"

roles/nextcloud/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: restart apache
+  service: name=apache2 state=restarted

roles/nextcloud/tasks/main.yml

@@ -0,0 +1 @@
+- include: nextcloud.yml tags=nextcloud

roles/nextcloud/tasks/nextcloud.yml

@@ -0,0 +1,118 @@
+---
+# Installs the nextcloud personal cloud software.
+
+- name: Install NextCloud dependencies
+  apt:
+    name: "{{ packages }}"
+    state: present
+  vars:
+    packages:
+    - php
+    - php-pgsql
+    - php-fpm
+    - php-apcu
+    - php-imap
+    - php-imagick
+    - php-redis
+    - php-mcrypt
+    - php-xml
+    - php-zip
+    - php-mbstring
+    - php-gd
+    - php-json
+    - php-curl
+    - php-intl
+    - curl
+    - unzip  
+  tags:
+    - dependencies
+
+- name: Create NextCloud temp directory
+  file: path=/root/nextcloud state=directory
+
+- name: Download NextCloud {{ nextcloud_version }}
+  get_url:
+    url=https://download.nextcloud.com/server/releases/nextcloud-{{ nextcloud_version }}.zip
+    dest=/root/nextcloud/nextcloud-{{ nextcloud_version }}.zip
+
+- name: Create NextCloud unpack directory
+  file: path=/root/nextcloud/nextcloud-{{ nextcloud_version }} state=directory
+
+- name: Extract NextCloud archive
+  unarchive:
+    copy: no
+    src: /root/nextcloud/nextcloud-{{ nextcloud_version }}.zip
+    dest: /root/nextcloud/nextcloud-{{ nextcloud_version }}/
+    creates: /root/nextcloud-{{ nextcloud_version }}/index.php
+
+- name: Back-Up old NextCloud config
+  shell: cp -r /var/www/nextcloud/config/config.php /root/nextcloud/config.php.bak || true
+
+- name: Delete old NextCloud document root
+  file: path=/var/www/nextcloud state=absent
+
+- name: Copy NextCloud source to document root
+  shell: cp -r /root/nextcloud/nextcloud-{{ nextcloud_version }}/nextcloud /var/www/nextcloud
+
+- name: Delete empty NextCloud config
+  file: path=/var/www/nextcloud/config/config.php state=absent
+
+- name: Restore old NextCloud config
+  shell: cp -r /root/nextcloud/config.php.bak /var/www/nextcloud/config/config.php || true
+
+- name: Delete old NextCloud source
+  file: path=/root/nextcloud state=absent
+
+- name: Create database user for NextCloud
+  postgresql_user:
+    login_host=localhost
+    login_user={{ db_admin_username }}
+    login_password="{{ db_admin_password }}"
+    name={{ nextcloud_db_username }}
+    password="{{ nextcloud_db_password }}"
+    role_attr_flags=CREATEDB
+    state=present
+
+- name: Create NextCloud data directory
+  file: path=/data/nextcloud-data state=directory owner=www-data group=www-data
+
+- name: Set NextCloud ownership
+  action: file owner=www-data group=www-data path=/var/www/nextcloud recurse=yes state=directory
+
+- name: Run NextCloud installer
+  become: true
+  become_user: www-data
+  command: php occ maintenance:install --no-interaction --data-dir "/data/nextcloud-data" --database "pgsql" --database-name "{{ nextcloud_db_database }}" --database-user "{{ nextcloud_db_username }}" --database-pass "{{ nextcloud_db_password }}" --admin-user "{{ nextcloud_admin_username }}" --admin-pass "{{ nextcloud_admin_password }}"
+  args:
+    chdir: /var/www/nextcloud
+    creates: /var/www/nextcloud/config/config.php
+
+- name: Add our domains to the NextCloud trusted domains
+  lineinfile:
+    path: /var/www/nextcloud/config/config.php
+    insertafter: 'instanceid'
+    line: "  'trusted_domains' => array ('localhost', {{ virtual_domains | json_query('[*].name') | map('regex_replace', '(.*)', \"'cloud.\\1'\") | join(', ') }}),"
+
+- name: Create the Apache sites config files
+  template:
+    src=etc_apache2_sites-available_nextcloud.j2
+    dest=/etc/apache2/sites-available/nextcloud_{{ item.name }}.conf
+    owner=root
+    group=root
+  with_items: "{{ virtual_domains }}"
+
+- name: Remove old sites-enabled symlinks (new ones will be created by a2ensite)
+  file: path=/etc/apache2/sites-enabled/nextcloud_{{ item }}.conf state=absent
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"
+
+- name: Enable Apache sites (creates new sites-enabled symlinks)
+  command: a2ensite nextcloud_{{ item }}.conf creates=/etc/apache2/sites-enabled/nextcloud_{{ item }}.conf
+  notify: restart apache
+  with_items: "{{ virtual_domains | json_query('[*].name') }}"
+
+- name: Install NextCloud cronjob
+  cron:
+    name="nextcloud"
+    user="www-data"
+    minute="*/5"
+    job="php -f /var/www/nextcloud/cron.php > /dev/null"

roles/nextcloud/templates/etc_apache2_sites-available_nextcloud.j2

@@ -0,0 +1,39 @@
+<VirtualHost *:80>
+    ServerName {{ nextcloud_subdomain }}.{{ item.name }}
+
+    Redirect permanent / https://{{ nextcloud_subdomain }}.{{ item.name }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ nextcloud_subdomain }}.{{ item.name }}
+
+    SSLEngine               On
+    DocumentRoot            /var/www/nextcloud
+    Options                 -Indexes
+    ErrorLog                /var/log/apache2/nextcloud.info-error_log
+    CustomLog               /var/log/apache2/nextcloud.info-access_log common
+
+    php_value session_cache_limiter "public"
+
+    <Directory "/var/www/nextcloud">
+        Options +FollowSymLinks
+        AllowOverride All
+
+        <IfModule mod_dav.c>
+          Dav off
+        </IfModule>
+
+        SetEnv HOME /var/www/nextcloud
+        SetEnv HTTP_HOME /var/www/nextcloud
+    </Directory>
+
+    <Directory "/var/www/nextcloud/data/">
+      # just in case if .htaccess gets disabled
+      Require all denied
+    </Directory>
+
+    ## Please enable this manually, if needed. See also
+    ## https://doc.owncloud.org/server/8.2/admin_manual/issues/index.html#apple-ios
+    Redirect 301 /.well-known/carddav /remote.php/carddav
+    Redirect 301 /.well-known/caldav  /remote.php/caldav
+</VirtualHost>

roles/owncloud/defaults/main.yml

@@ -1,8 +0,0 @@
-secret_root: '{{ inventory_dir | realpath }}'
-secret_name: 'secret'
-secret: '{{ secret_root + "/" + secret_name }}'
-
-owncloud_domain: "cloud.{{ domain }}"
-owncloud_db_username: owncloud
-owncloud_db_password: "{{ lookup('password', secret + '/' + 'owncloud_db_password length=32') }}"
-owncloud_db_database: owncloud

roles/owncloud/tasks/main.yml

@@ -1,3 +0,0 @@
----
-
-- include: owncloud.yml tags=owncloud

roles/owncloud/tasks/owncloud.yml

@@ -1,51 +0,0 @@
----
-# Installs the ownCloud personal cloud software.
-
-- name: Install ownCloud dependencies
-  apt: pkg={{ item }} state=present
-  with_items:
-    - postgresql
-    - python-psycopg2
-  tags:
-    - dependencies
-
-- name: Set password for PostgreSQL admin user
-  become: true
-  become_user: postgres
-  postgresql_user: name={{ db_admin_username }} password={{ db_admin_password }} encrypted=yes
-
-- name: Create database user for ownCloud
-  postgresql_user: login_host=localhost login_user={{ db_admin_username }} login_password="{{ db_admin_password }}" name={{ owncloud_db_username }} password="{{ owncloud_db_password }}" role_attr_flags=CREATEDB state=present
-
-- name: Ensure repository key for ownCloud is in place
-  apt_key: url=https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key state=present
-  tags:
-    - dependencies
-
-- name: Add ownCloud repository
-  apt_repository: repo='deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /'
-  tags:
-    - dependencies
-
-- name: Install ownCloud
-  apt: pkg=owncloud-files update_cache=yes
-  tags:
-    - dependencies
-
-- name: Ensure ownCloud directory is in place
-  file: state=directory path=/var/www/owncloud
-
-- name: Move ownCloud data to user-data filesystem
-  command: mv /var/www/owncloud/data /data/owncloud-data creates=/data/owncloud-data
-- file: src=/data/owncloud-data dest=/var/www/owncloud/data owner=www-data group=www-data state=link
-
-- name: Configure Apache for ownCloud
-  template: src=etc_apache2_sites-available_owncloud.j2 dest=/etc/apache2/sites-available/owncloud.conf group=root
-  notify: restart apache
-
-- name: Enable ownCloud site
-  command: a2ensite owncloud.conf creates=/etc/apache2/sites-enabled/owncloud.conf
-  notify: restart apache
-
-- name: Install ownCloud cronjob
-  cron: name="ownCloud" user="www-data" minute="*/5" job="php -f /var/www/owncloud/cron.php > /dev/null"

roles/owncloud/templates/etc_apache2_sites-available_owncloud.j2

@@ -1,40 +0,0 @@
-<VirtualHost *:80>
-    ServerName {{ owncloud_domain }}
-
-    Redirect permanent / https://{{ owncloud_domain }}/
-</VirtualHost>
-
-<VirtualHost *:443>
-    ServerName {{ owncloud_domain }}
-    SSLEngine On
-
-    DocumentRoot            /var/www/owncloud
-    Options                 -Indexes
-
-    ErrorLog                /var/log/apache2/owncloud.info-error_log
-    CustomLog               /var/log/apache2/owncloud.info-access_log common
-
-    php_value session_cache_limiter "public"
-
-    <Directory "/var/www/owncloud">
-        Options +FollowSymLinks
-        AllowOverride All
-
-        <IfModule mod_dav.c>
-          Dav off
-        </IfModule>
-
-        SetEnv HOME /var/www/owncloud
-        SetEnv HTTP_HOME /var/www/owncloud
-    </Directory>
-
-    <Directory "/var/www/owncloud/data/">
-      # just in case if .htaccess gets disabled
-      Require all denied
-    </Directory>
-
-    ## Please enable this manually, if needed. See also
-    ## https://doc.owncloud.org/server/8.2/admin_manual/issues/index.html#apple-ios
-    # Redirect 301 /.well-known/carddav /owncloud/remote.php/carddav
-    # Redirect 301 /.well-known/caldav  /owncloud/remote.php/caldav
-</VirtualHost>

site.yml

@@ -11,9 +11,9 @@
     - mailserver
     - webmail
     - blog
+    - nextcloud
     - ircbouncer
     - xmpp
-    - owncloud
     - vpn
     - news
     - monitoring  # Monitoring role should be last. See roles/monitoring/README.md