100% Handsfree & Ready to login.
Install Ansible on your dev machine
Clone this repo and change into the directory nextcloud_setup.
git clone https://github.com/enewbury/cloud
cd cloud
Note that root must have also sudo right otherwise the script will complain. Some hoster use distros where root is not in the sudoers file. In this case you have to add root ALL=(ALL) NOPASSWD:ALL
to /etc/sudoers.
Now you can configure the whole thing by duplicating inventory.template.cfg
to inventory.cfg
and making changes, starting with the remote ssh address for the server.
First of all you must define the server fqdn. If you want to get a Let's Encrypt certificate this must be a valid DNS record pointing to your server. Port 80+443 must be open to the internet.
If you have a private server or if you use an AWS domain name like ec2-52-3-229-194.compute-1.amazonaws.com
, you'll end up with a self-signed certificate. This is fine but annoying, because you have to accept this certificate manually in your browser. If you don't have a fqdn use the server IP address.
Important: You will only be able to access Nextcloud through this address.
# The domain name for your cloud instance. You'll get a Let's Encrypt certificate for this domain.
cloud_server_fqdn = cloud.example.tld
Let's Encrypt wants your email address. Enter it here:
# Your email address (for Let's Encrypt).
ssl_cert_email = [email protected]
Define where you want to find all your application config and data files in the server.
# Choose a directory for all of the data for this cloud server.
cloud_base_dir = /opt/cloud
Define your Nextcloud admin user.
# Choose a username and password for your Nextcloud admin user.
nextcloud_admin = 'admin'
nextcloud_passwd = '' # If empty the playbook will generate a random password.
If you want to setup the Nextcloud mail system put your mail server config here.
# Setup the Nextcloud mail server.
nextcloud_configure_mail = false
nextcloud_mail_from =
nextcloud_mail_smtpmode = smtp
nextcloud_mail_smtpauthtype = LOGIN
nextcloud_mail_domain =
nextcloud_mail_smtpname =
nextcloud_mail_smtpsecure = tls
nextcloud_mail_smtpauth = 1
nextcloud_mail_smtphost =
nextcloud_mail_smtpport = 587
nextcloud_mail_smtpname =
nextcloud_mail_smtppwd =
Setup the restic backup tool.
# The restic backup tool will be installed when 'restic_repo' is not empty.
restic_repo = '' # e.g. '/var/nc-backup' .
# Configure the crontab settings for restic.
backup_day = *
backup_hour = 4
backup_minute = 0
If using rclone with backblaze, include these variables
b2_account =
b2_key =
If you want to use fulltext search.
# Set to true to fulltext search.
fulltextsearch_enabled = false
If you want to, you can get access to your database with Adminer. Adminer is a web frontend for your database (like phpMyAdmin).
# Set to true to enable access to your database with Adminer at https://cloud_server_fqdn/adminer. The password will be stored in {{ cloud_base_dir }}/secrets.
adminer_enabled = false # The password will be stored in {{ cloud_base_dir }}/secrets.
You can install Portainer, a webgui for Docker.
# Set to true to install Portainer webgui for Docker at https://cloud_server_fqdn/portainer/.
portainer_enabled = false
portainer_passwd = '' # If empty the playbook will generate a random password.
Run the Ansible playbook.
./cloud.yml
Your Nextcloud access credentials will be displayed at the end of the run.
ok: [localhost] => {
"msg": [
"Your Nextcloud at https://nextcloud.example.com is ready.",
"Login with user: admin and password: <password> ",
"Other secrets you'll find in your current directory under ./secrets "
]
}
....
ok: [localhost] => {
"msg": [
"Manage your container at https://portainer.example.com/ .",
"Login with user: admin and password: <password> "
]
}
....
ok: [localhost] => {
"msg": [
"restic backup is configured. Keep your credentials in a safe place.",
"RESTIC_REPOSITORY='/var/nc-backup'",
"RESTIC_PASSWORD='<password>'"
]
}
If you are in a hurry you can set the inventory variables on the cli. But remember if you run the playbook again without the -e options all default values will apply and your systems is likely to be broken.
./cloud.yml -e "cloud_server_fqdn=nextcloud.example.tld"
If you want to do more fine tuning you may have a look at:
group_vars\all.yml
for settings of directories, docker image tags and the rclone setup for restic backups.roles\docker_container\file
for php settingsroles\docker_container\file
for webserver, php, turnserver and traefik settings
and
roles\nextcloud_config\defaults\main.yml
for nextcloud settings
Also if you are working on a remote computer through ssh be sure to check the firewall settings in roles/prep_ufw/defaults/main.yml
Only ports 22,80,443 will be opened by default, plus ports for a turnserver. Please test locally before deploying on your remote (ssh) server, you will get locked out if you use a custom port.
If you want to get rid of the containers run the following command.
scripts/remove_all_container.sh
or
scripts/remove_all_docker_stuff.sh
to remove all docker artifacts. That includes the database volume!
Your data files won't be deleted. You have to do this manually by executing the following.
rm -rf {{ cloud_base_dir }}
rm /usr/local/bin/dynamic_dns_check.py
rm /usr/local/bin/nextcloud_optimize.sh