Merge branch 'master' into allow-large-uploads

2025-03-09 15:40:17 +00:00 · 2023-12-21 11:19:02 -05:00 · 2023-12-21 11:19:02 -05:00 · dcfd65fee4
commit dcfd65fee4
parent 9c0e24ac5c d46d5d12d7
388 changed files with 11174 additions and 4170 deletions
--- a/roles/nextcloud/README.md
+++ b/roles/nextcloud/README.md
@ -1,6 +1,6 @@
 # Nextcloud README

-Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](http://internet-in-a-box.org).
+Students and teachers can store their documents, calendars, contacts and photos locally within [Nextcloud](https://nextcloud.com), which is much like having a (local) version of Dropbox or Google Drive on your very own [Internet-in-a-Box](https://internet-in-a-box.org).

 This Ansible playbook was derived from an earlier ownCloud playbook thanks to [Josh Dennis](https://github.com/floydianslips) in 2016/2017.

@ -14,7 +14,7 @@ The Nextcloud suite is divided into three main categories:

 ## Install It

-(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it.3F) prior to installing Internet-in-a-Box:
+(1) Set these 2 variable in [/etc/iiab/local_vars.yml](http://FAQ.IIAB.IO#What_is_local_vars.yml_and_how_do_I_customize_it%3F) prior to installing Internet-in-a-Box:

    nextcloud_install: True
    nextcloud_enabled: True
@ -25,7 +25,7 @@ The Nextcloud suite is divided into three main categories:

 To further refine Nextcloud access controls based on IPv4 addresses, you can edit `/etc/apache2/sites-available/nextcloud.conf` _after_ it's created by this template: [/opt/iiab/iiab/roles/nextcloud/templates/nextcloud.conf.j2](https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud.conf.j2)</strike>

-(3) Strongly consider also setting `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, to allocate important RAM/resources to PHP.  Of course, enabling this might cause excess use of RAM/disk or other resources if not calibrated to your hardware and network!  So _after_ install is complete, verify and evaluate these 6 settings in /etc/php/[ACTUAL PHP VERSION]/fpm/php.ini:
+(3) Be aware of `nginx_high_php_limits: True` in your /etc/iiab/local_vars.yml, which allocates important RAM/resources to PHP, and is effectively auto-enabled for Nextcloud ([PR #3624](https://github.com/iiab/iiab/pull/3624)).  Verify that your Internet-in-a-Box server has enough RAM and disk!  And _after_ Nextcloud is installed, verify and evaluate these 6 settings in `/etc/php/[ACTUAL PHP VERSION]/fpm/php.ini` to be sure:

 - upload_max_filesize
 - post_max_size
@ -34,26 +34,34 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi
 - max_input_time
 - max_input_vars (Moodle 3.11+ requires 5000+ with PHP 8+)

-Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L53-L133](../www_options/tasks/main.yml#L53-L133)
+FYI IIAB will also update `/etc/php/[ACTUAL PHP VERSION]/cli/php.in` (as Moodle requires).

-(4) If you're running Nextcloud 22+ in production, carefully check that Nextcloud's latest formal prereqs (required AND recommended) are included per your community's needs.  In places like these:
+Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/php-settings.yml#L55-L110](../www_options/tasks/php-settings.yml#L55-L110)

- https://docs.nextcloud.com/server/22/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
+(4) Verify system requirements and recommendations for the [latest version Nextcloud](https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule):
+
+- https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html
+- https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
+- https://docs.nextcloud.com/server/27/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
 - https://github.com/iiab/iiab/blob/master/roles/nextcloud/tasks/install.yml

 ## Using It

-Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://172.18.96.1/nextcloud (or similar) using:
+Log in to Nextcloud at http://box/nextcloud, http://box.lan/nextcloud, http://10.10.10.10/nextcloud (or similar) using:

    Username: Admin
    Password: changeme

+## Known Issues
+
+Do not install the [Nextcloud News](https://apps.nextcloud.com/apps/news) app (an RSS/Atom Feed reader) if your OS is 32-bits: [#3069](https://github.com/iiab/iiab/issues/3069)
+
 ## Future Directions

 Going forward, should Internet-in-a-Box consider integrating optimizations (or more!) from these below?

- https://ownyourbits.com/nextcloudpi/
- https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+- ~https://ownyourbits.com/nextcloudpi/~
+- ~https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/~
 - https://github.com/nextcloud/nextcloudpi

-Please [contact us](http://internet-in-a-box.org/pages/contributing.html) if you can help!
+Please [contact us](https://internet-in-a-box.org/contributing.html) if you can help!
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -14,7 +14,7 @@
 # 2020-01-07: If installing IIAB often, download.nextcloud.com may throttle
 # you to ~100 kbit/sec, delaying your IIAB install by an hour or more (#2112).
 # The following line can avoid that: (but might install an older Nextcloud!)
-# nextcloud_dl_url: http://d.iiab.io/packages/latest.tar.bz2
+# nextcloud_dl_url: https://d.iiab.io/packages/latest.tar.bz2
 nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest.tar.bz2

 nextcloud_url: /nextcloud
--- a/roles/nextcloud/tasks/install.yml
+++ b/roles/nextcloud/tasks/install.yml
@ -1,9 +1,29 @@
+- name: "Set 'mysql_install: True' and 'mysql_enabled: True'"
+  set_fact:
+    mysql_install: True
+    mysql_enabled: True
+
+- name: MYSQL - run 'mysql' role (attempt to install & enable MySQL / MariaDB)
+  include_role:
+    name: mysql
+
+- name: FAIL (STOP THE INSTALL) IF 'mysql_installed is undefined'
+  fail:
+    msg: "Nextcloud install cannot proceed, as MySQL / MariaDB is not installed."
+  when: mysql_installed is undefined
+
+
+- name: Record (initial) disk space used
+  shell: df -B1 --output=used / | tail -1
+  register: df1
+
+
 # CHECK FOR PHP VERSION AUTOMATICALLY, TO DETERMINE WHICH NEXTCLOUD TO INSTALL.
 # INSPIRED BY: github.com/iiab/iiab/blob/master/roles/nodejs/tasks/main.yml

 # - name: Try to run 'php -v' to get PHP version
 #   # e.g. converts multi-line "PHP 7.0.33-0ubuntu0.16.04.5 (cli) ( NTS ) ..." to "7.0.33"
-#   shell: php -v | head -1 | sed 's/^[^0-9.]*//' | sed 's/[^0-9.].*//'
+#   shell: php -v | head -1 | sed 's/^[^0-9.]*//; s/[^0-9.].*//'
 #   register: php_version_installed
 #   #ignore_errors: yes    # NOT NEC: if php is not installed, php_version_installed.stdout will get set to ""

@ -41,9 +61,15 @@


 # February 2020: See @m-anish's PR #2119 and follow-up PR #2258.
-# 2021-07-06: If you're running Nextcloud 22+ in production, carefully check the latest required AND recommended prereqs:
+# December 2023: Check latest required AND recommended prereqs below!
+# e.g. Nextcloud 26 works with PHP 8.2; Nextcloud 27 deprecates PHP 8.0; Nextcloud 28 works with PHP 8.3
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/system_requirements.html
 # https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-# https://docs.nextcloud.com/server/21/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
+# https://docs.nextcloud.com/server/latest/admin_manual/installation/php_configuration.html
+# https://docs.nextcloud.com/server/28/admin_manual/installation/
+# 2023-12-15: Lifesaver manual upgrade instructions below!  As Nextcloud OFTEN
+# gets badly stuck if its web-based upgrade process is attempted :/
+# https://docs.nextcloud.com/server/latest/admin_manual/maintenance/manual_upgrade.html
 - name: Install ffmpeg + libxml2 + 11 PHP packages (run 'php -m' or 'php -i' to verify)
  package:
    name:
@ -61,11 +87,11 @@
      - php{{ php_version }}-gmp           # OPTIONAL (for SFTP storage)
      - php-imagick                        # OPTIONAL (for preview generation).  BUT drags in Apache's libapache2-mod-phpX.Y etc, as confirmed by 'apt depends php-imagick' -- while php{{ php_version }}-imagick installs (despite not being shown within 'apt list "php*imagick"') it's no better -- and 'apt depends phpX.Y-imagick' mysteriously does NOT show its deps.  Likewise installed in wordpress/tasks/install.yml
      - php{{ php_version }}-intl          # OPTIONAL (increases language translation performance and fixes sorting of non-ASCII characters): Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, wordpress/tasks/install.yml
-      #- php{{ php_version }}-json         # See stanza just below
+      #- php{{ php_version }}-json         # Included with PHP >= 8.0 -- see stanza just below
      #- php{{ php_version }}-libxml       # NOT INSTALLABLE: ENABLED BY DEFAULT (https://www.php.net/manual/en/libxml.installation.php)
      - php{{ php_version }}-mbstring      # Likewise installed in mediawiki/tasks/install.yml, moodle/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
      - php{{ php_version }}-mysql         # Likewise installed in mysql/tasks/install.yml, pbx/tasks/freepbx_dependencies.yml, wordpress/tasks/install.yml
-      #- php{{ php_version }}-openssl      # NOT INSTALLABLE: ENABLED BY DEFAULT?
+      #- php{{ php_version }}-openssl      # Included with PHP >= 8.0 -- NOT INSTALLABLE
      #- php{{ php_version }}-pdo_mysql    # NOT INSTALLABLE: php{{ php_version }}-mysql handles this on all OS's?
      #- php{{ php_version }}-redis        # @m-anish future work?
      #- php{{ php_version }}-session      # NOT INSTALLABLE: ENABLED BY DEFAULT?
@ -85,13 +111,24 @@
 #    state: present
 #  when: php_version is version('8.0', '<')

+- name: "Run roles/www_options/tasks/php-settings.yml with 'nginx_high_php_limits: True' by default"
+  include_tasks: roles/www_options/tasks/php-settings.yml
+  when: php_settings_done is undefined
+

 - name: Create dir {{ nextcloud_root_dir }} (by default 755 dirs & 644 files)
  file:
    state: directory
    path: "{{ nextcloud_root_dir }}"    # /library/www/nextcloud

- name: Unarchive {{ nextcloud_dl_url }} (~133 MB) to {{ nextcloud_root_dir }} (~476 MB initially, 498+ MB later, {{ apache_user }}:{{ apache_user }})
+# Nextcloud 25 EOL was 2023-10-01: https://endoflife.date/nextcloud
+# https://github.com/nextcloud/server/wiki/Maintenance-and-Release-Schedule#eol-versions
+#- name: "2023-03-24: NEXTCLOUD 26 REQUIRES PHP 8 -- SO THIS TEMPORARY PATCH INSTALLS THE OLDER NEXTCLOUD 25 ON OS's WITH PHP 7.x -- WHOSE END-OF-LIFE WAS NOVEMBER 2022"
+#  set_fact:
+#    nextcloud_dl_url: https://download.nextcloud.com/server/releases/latest-25.tar.bz2
+#  when: php_version is version('8.0', '<')
+
+- name: Unarchive {{ nextcloud_dl_url }} (~176 MB) to {{ nextcloud_root_dir }} (~616 MB initially, sometimes ~655 MB later, {{ apache_user }}:{{ apache_user }})
  unarchive:
    remote_src: yes    # Overwrite even if "already exists on the target"
    src: "{{ nextcloud_dl_url }}"
@ -107,6 +144,17 @@

 # RECORD Nextcloud AS INSTALLED

+- name: Record (final) disk space used
+  shell: df -B1 --output=used / | tail -1
+  register: df2
+
+- name: Add 'nextcloud_disk_usage = {{ df2.stdout|int - df1.stdout|int }}' to {{ iiab_ini_file }}
+  ini_file:
+    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+    section: nextcloud
+    option: nextcloud_disk_usage
+    value: "{{ df2.stdout|int - df1.stdout|int }}"
+
 - name: "Set 'nextcloud_installed: True'"
  set_fact:
    nextcloud_installed: True
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -19,38 +19,44 @@
    quiet: yes


- name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
-  include_tasks: install.yml
-  when: nextcloud_installed is undefined
+- block:

+  - name: Install Nextcloud if 'nextcloud_installed' not defined, e.g. in {{ iiab_state_file }}    # /etc/iiab/iiab_state.yml
+    include_tasks: install.yml
+    when: nextcloud_installed is undefined

- name: Enable/Disable/Restart NGINX
-  include_tasks: nginx.yml
-  when: nginx_enabled
+  - name: Enable/Disable/Restart NGINX
+    include_tasks: nginx.yml

+  - name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
+    ini_file:
+      path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
+      section: nextcloud
+      option: "{{ item.option }}"
+      value: "{{ item.value | string }}"
+    with_items:
+      - option: name
+        value: Nextcloud
+      - option: description
+        value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
+      - option: nextcloud_install
+        value: "{{ nextcloud_install }}"
+      - option: nextcloud_enabled
+        value: "{{ nextcloud_enabled }}"
+      - option: nextcloud_dl_url
+        value: "{{ nextcloud_dl_url }}"
+      - option: nextcloud_url
+        value: "{{ nextcloud_url }}"
+      - option: nextcloud_base_dir
+        value: "{{ nextcloud_base_dir }}"
+      - option: nextcloud_root_dir
+        value: "{{ nextcloud_root_dir }}"
+      - option: nextcloud_data_dir
+        value: "{{ nextcloud_data_dir }}"

- name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
-  ini_file:
-    path: "{{ iiab_ini_file }}"    # /etc/iiab/iiab.ini
-    section: Nextcloud
-    option: "{{ item.option }}"
-    value: "{{ item.value | string }}"
-  with_items:
-    - option: name
-      value: Nextcloud
-    - option: description
-      value: '"Nextcloud is a local server-based facility for sharing files, photos, contacts, calendars, etc."'
-    - option: nextcloud_install
-      value: "{{ nextcloud_install }}"
-    - option: nextcloud_enabled
-      value: "{{ nextcloud_enabled }}"
-    - option: nextcloud_dl_url
-      value: "{{ nextcloud_dl_url }}"
-    - option: nextcloud_url
-      value: "{{ nextcloud_url }}"
-    - option: nextcloud_base_dir
-      value: "{{ nextcloud_base_dir }}"
-    - option: nextcloud_root_dir
-      value: "{{ nextcloud_root_dir }}"
-    - option: nextcloud_data_dir
-      value: "{{ nextcloud_data_dir }}"
+  rescue:
+
+  - name: 'SEE ERROR ABOVE (skip_role_on_error: {{ skip_role_on_error }})'
+    fail:
+      msg: ""
+    when: not skip_role_on_error
--- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2
+++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2
@ -85,7 +85,7 @@ location ^~ {{ nextcloud_url }} {
        deny all;
    }

-    location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
+    location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
@ -102,7 +102,7 @@ location ^~ {{ nextcloud_url }} {
        fastcgi_request_buffering off;
    }

-    location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
+    location ~ ^\/nextcloud\/(?:updater|ocs-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }