skato-ansible/roles/bootstrap/handlers/nextcloud.yml

# SPDX-License-Identifier: MIT-0
---
# handlers file for bootstrap
- name: Configure Nextcloud snap
  become: true
  listen: nextcloud
  block:
    - name: Enable monitoring of network hardware
      ansible.builtin.command:
        cmd: "snap connect nextcloud:network-observe"
    - name: Begin manual installation
      ansible.builtin.command:
        argv:
          - /snap/bin/nextcloud.manual-install
          - "{{ config.nextcloud.users.admin.username }}"
          - "{{ config.nextcloud.users.admin.password }}"
    # @TODO see if setting below is necessary given use of reverse proxy
    - name: Set trusted domains
      block:
        - name: Set localhost as trusted domain
          ansible.builtin.command:
            cmd: "/snap/bin//snap/bin/nextcloud.occ config:system:set trusted_domains 0 --value='localhost'"
        # @TODO see if setting below is necessary given use of reverse proxy
        - name: Set FQDN as trusted domain
          ansible.builtin.command:
            cmd: "/snap/bin//snap/bin/nextcloud.occ config:system:set trusted_domains 1 --value='cloud.{{ hostvars[inventory_hostname].fqdn }}'"
    # @TODO configure perhaps for trusted (reverse) proxy instead of above
    - name: Set trusted reverse proxy addresses
      block:
        - name: Set trusted reverse proxy IPv4 address based on hostname
          when: config.trusted_revproxy_ips.ipv4 is None or len(config.trusted_revproxy_ips.ipv4) < 1
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - trusted_proxies 0
              - "--value=$(hostname -I | awk -F ' ' '{ print $1 }')"
        - name: Set trusted reverse proxy IPv4 address
          when: config.trusted_revproxy_ips.ipv4 is not None and len(config.trusted_revproxy_ips.ipv4) > 0
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - "trusted_proxies {{ idx }}"
              - "--value={{ item }}"
          loop: "{{ config.trusted_revproxy_ips.ipv4 }}"
          loop_control:
            index_var: idx
        - name: Set trusted reverse proxy IPv6 address based on hostname
          when: config.trusted_revproxy_ips.ipv6 is None or len(config.trusted_revproxy_ips.ipv6) < 1
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - trusted_proxies 1
              - --value=$(hostname -I | awk -F ' ' '{ print $2 }')
        - name: Set trusted reverse proxy IPv6 address
          when: config.trusted_revproxy_ips.ipv6 is not None and len(config.trusted_revproxy_ips.ipv6) > 0
          ansible.builtin.command:
            argv:
              - /snap/bin/nextcloud.occ
              - "config:system:set"
              - "trusted_proxies {{ idx }}"
              - "--value={{ item }}"
          loop: "{{ config.trusted_revproxy_ips.ipv6 }}"
          loop_control:
            index_var: idx
    # @TODO create system-level bash alias for `/snap/bin/nextcloud.occ` command