Initial commit after Claude implementation

roles/nextcloud/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+nextcloud_data_dir: "{{ sovereign_base_dir }}/nextcloud"

roles/nextcloud/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart nextcloud
+  community.docker.docker_compose_v2:
+    project_src: "{{ nextcloud_data_dir }}"
+    state: present
+    recreate: always

roles/nextcloud/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Create Nextcloud directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ nextcloud_data_dir }}"
+    - "{{ nextcloud_data_dir }}/data"
+
+- name: Deploy Nextcloud docker-compose
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ nextcloud_data_dir }}/docker-compose.yml"
+    mode: '0644'
+  notify: restart nextcloud
+
+- name: Start Nextcloud
+  community.docker.docker_compose_v2:
+    project_src: "{{ nextcloud_data_dir }}"
+    state: present

roles/nextcloud/templates/docker-compose.yml.j2

@@ -0,0 +1,97 @@
+services:
+  nextcloud-db:
+    image: mariadb:10.11
+    container_name: nextcloud-db
+    restart: unless-stopped
+    command: --transaction-isolation=READ-COMMITTED --log-bin=binlog --binlog-format=ROW
+    environment:
+      MYSQL_ROOT_PASSWORD: "{{ nextcloud_db_root_password }}"
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: "{{ nextcloud_db_password }}"
+    volumes:
+      - {{ nextcloud_data_dir }}/db:/var/lib/mysql
+    networks:
+      - internal
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "nextcloud-db"
+
+  nextcloud-redis:
+    image: redis:alpine
+    container_name: nextcloud-redis
+    restart: unless-stopped
+    networks:
+      - internal
+
+  nextcloud:
+    image: nextcloud:{{ nextcloud_version }}
+    container_name: nextcloud
+    restart: unless-stopped
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    environment:
+      MYSQL_HOST: nextcloud-db
+      MYSQL_DATABASE: nextcloud
+      MYSQL_USER: nextcloud
+      MYSQL_PASSWORD: "{{ nextcloud_db_password }}"
+      REDIS_HOST: nextcloud-redis
+      NEXTCLOUD_ADMIN_USER: "{{ nextcloud_admin_user }}"
+      NEXTCLOUD_ADMIN_PASSWORD: "{{ nextcloud_admin_password }}"
+      NEXTCLOUD_TRUSTED_DOMAINS: "{{ nextcloud_domain }}"
+      OVERWRITEPROTOCOL: https
+      OVERWRITECLIURL: "https://{{ nextcloud_domain }}"
+      SMTP_HOST: "{{ smtp_host }}"
+      SMTP_PORT: "{{ smtp_port }}"
+      SMTP_NAME: "{{ smtp_user }}"
+      SMTP_PASSWORD: "{{ smtp_password }}"
+      MAIL_FROM_ADDRESS: "noreply"
+      MAIL_DOMAIN: "{{ base_domain }}"
+      OBJECTSTORE_S3_HOST: minio
+      OBJECTSTORE_S3_PORT: 9000
+      OBJECTSTORE_S3_SSL: "false"
+      OBJECTSTORE_S3_BUCKET: "{{ minio_nextcloud_bucket }}"
+      OBJECTSTORE_S3_KEY: "{{ minio_nextcloud_access_key }}"
+      OBJECTSTORE_S3_SECRET: "{{ minio_nextcloud_secret_key }}"
+      OBJECTSTORE_S3_USEPATH_STYLE: "true"
+    volumes:
+      - {{ nextcloud_data_dir }}/data:/var/www/html
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nextcloud.rule=Host(`{{ nextcloud_domain }}`)"
+      - "traefik.http.routers.nextcloud.tls=true"
+      - "traefik.http.routers.nextcloud.tls.certresolver=letsencrypt"
+      - "traefik.http.services.nextcloud.loadbalancer.server.port=80"
+      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.permanent=true"
+      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.regex=https://(.*)/.well-known/(?:card|cal)dav"
+      - "traefik.http.middlewares.nextcloud-redirect.redirectregex.replacement=https://$${1}/remote.php/dav"
+      - "traefik.http.routers.nextcloud.middlewares=nextcloud-redirect"
+    networks:
+      - internal
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "nextcloud"
+
+  nextcloud-cron:
+    image: nextcloud:{{ nextcloud_version }}
+    container_name: nextcloud-cron
+    restart: unless-stopped
+    volumes:
+      - {{ nextcloud_data_dir }}/data:/var/www/html
+    entrypoint: /cron.sh
+    depends_on:
+      - nextcloud-db
+      - nextcloud-redis
+    networks:
+      - internal
+
+networks:
+  internal:
+  {{ sovereign_network_name }}:
+    external: true