Cull nextcloud_allow_public_ips

2025-03-09 15:40:17 +00:00 · 2020-02-16 01:16:23 -05:00 · 2020-02-16 01:16:23 -05:00 · 2d31a56ff6
commit 2d31a56ff6
parent 6081df7168
3 changed files with 17 additions and 12 deletions
--- a/roles/nextcloud/tasks/install.yml
+++ b/roles/nextcloud/tasks/install.yml
@ -68,7 +68,7 @@
  template:
    src: nextcloud.conf.j2
    dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf"    # apache2/sites-available on debuntu
-  when: apache_installed | bool
+  when: apache_install | bool


 # RECORD Nextcloud AS INSTALLED
--- a/roles/nextcloud/templates/nextcloud.conf.j2
+++ b/roles/nextcloud/templates/nextcloud.conf.j2
@ -16,17 +16,17 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
    # 2019-09-04 commenting out towards future removal
    #Require host localhost

-{% if nextcloud_allow_public_ips %}
-    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
+#{% if CONDITION %}    {# where CONDITION was nextcloud_allow_public_ips #}
+#    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
    Require all granted
-    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
+#    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
+#    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
+#{% else %}
+#    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
+#    #Require all granted
+#    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
 #    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
-{% else %}
-    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
-    #Require all granted
-    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
-    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
-{% endif %}
+#{% endif %}
 {# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #}
    # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z:
    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
--- a/roles/www_back_end/tasks/main.yml
+++ b/roles/www_back_end/tasks/main.yml
@ -9,9 +9,14 @@

 - include_tasks: php-stem.yml

+- name: Install php-fpm (FastCGI Process Manager) if nextcloud_install or pbx_install
+  package:
+    name: php-fpm
+  when: nextcloud_install or pbx_install
+
 # COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml

-# For schools that use WordPress/Nextcloud/Moodle intensively.  iiab/iiab#1147
+# For schools that use WordPress/Nextcloud/Moodle intensively.
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
 - name: Enact high limits in /etc/php/{{ php_version }}/fpm/php.ini if using WordPress/Nextcloud/Moodle intensively
  lineinfile: