skato-ansible/roles/bootstrap/handlers/nextcloud.yml

# SPDX-License-Identifier: MIT-0
---
# handlers file for bootstrap
- name: Configure Nextcloud snap
  become: true
  listen: nextcloud
  block:
    - name: Enable monitoring of network hardware
      ansible.builtin.command:
        cmd: "snap connect nextcloud:network-observe"
    - name: Begin manual installation
      ansible.builtin.command:
        argv:
          - /snap/bin/nextcloud.manual-install
          - "{{ config.nextcloud.users.admin.username }}"
          - "{{ config.nextcloud.users.admin.password }}"
    # @TODO see if setting below is necessary given use of reverse proxy
    - name: Set trusted domains
      block:
        - name: Set FQDN as trusted domain
          ansible.builtin.command:
            cmd: "/snap/bin//snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value='cloud.{{ hostvars[inventory_hostname].fqdn }}'"
    # @TODO configure perhaps for trusted (reverse) proxy instead of above
    - name: Set trusted reverse proxy addresses
      block:
        - name: Set trusted reverse proxy IPv4 address based on hostname
          # @TODO create config.trusted_revproxy_ips data structure in bootstrap role's vars dir--may include loopback addresses
          when: config.trusted_revproxy_ips.ipv4 is None or len(config.trusted_revproxy_ips.ipv4) < 1
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - trusted_proxies 0
              - "--value=$(hostname -I | awk -F ' ' '{ print $1 }')"
        - name: Set trusted reverse proxy IPv4 address
          when: config.trusted_revproxy_ips.ipv4 is not None and len(config.trusted_revproxy_ips.ipv4) > 0
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - "trusted_proxies {{ idx }}"
              - "--value={{ item }}"
          loop: "{{ config.trusted_revproxy_ips.ipv4 }}"
          loop_control:
            index_var: idx
        - name: Set trusted reverse proxy IPv6 address based on hostname
          when: config.trusted_revproxy_ips.ipv6 is None or len(config.trusted_revproxy_ips.ipv6) < 1
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - trusted_proxies 1
              - --value=$(hostname -I | awk -F ' ' '{ print $2 }')
        - name: Set trusted reverse proxy IPv6 address
          when: config.trusted_revproxy_ips.ipv6 is not None and len(config.trusted_revproxy_ips.ipv6) > 0
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - "trusted_proxies {{ idx }}"
              - "--value={{ item }}"
          loop: "{{ config.trusted_revproxy_ips.ipv6 }}"
          loop_control:
            index_var: idx
    # @TODO create task based on shell command `sudo /snap/bin/nextcloud.occ config:system:set default_phone_region --value="US"`
    - name: Set default phone region
      ansible.builtin.command:
        argv:
          - /snap/bin/nextcloud.occ
          - "config:system:set"
          - default_phone_region
          - "--value={{ config.nextcloud.phone_region }}"
    # @TODO create task based on shell command:
    #   `sudo /snap/bin/nextcloud.occ config:system:set overwrite.cli.url --value="https://cloud.{{ fqdn }}"` for Caddy task
    - name: Set overwrite CLI URL
      ansible.builtin.command:
        argv:
          - /snap/bin/nextcloud.occ
          - "config:system:set"
          - overwrite.cli.url
          - "--value=cloud.{{ hostvars[inventory_hostname].fqdn }}"
    # @TODO create task based on shell command `sudo /snap/bin/nextcloud.occ config:system:set overwriteprotocol --value="https"` for Caddy task
    - name: Overwrite protocol
      ansible.builtin.command:
        argv:
          - /snap/bin/nextcloud.occ
          - "config:system:set"
          - overwriteprotocol
          - --value="https"
    # @TODO create system-level bash alias for `/snap/bin/nextcloud.occ` command
    - name: Get Nextcloud snap binaries
      ansible.builtin.find:
        paths:
          - /snap/bin
        patterns:
          - nextcloud\..*
        recurse: false
        use_regex: true
      register: nextcloud_snap_binaries
    - name: Create symbolic links for Nextcloud snap binaries
      ansible.builtin.file:
        dest: "/usr/sbin/{{ item.path | basename }}"
        src: "{{ item.path }}"
        state: link
      loop: "{{ nextcloud_snap_binaries.files }}"