init

ansible/ansible.cfg

@@ -0,0 +1,9 @@
+[defaults]
+roles_path=roles:~/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
+inventory=inventory
+#vault_password_file=util/secret-service-client.sh
+interpreter_python=/usr/bin/python3
+remote_user = root
+
+[diff]
+always = True

ansible/inventory/host_vars/nextcloud.yml

@@ -0,0 +1,2 @@
+apt_install_packages:
+  - snapd

ansible/inventory/hosts.yml

@@ -0,0 +1,4 @@
+all:
+  hosts:
+    nextcloud:
+      ansible_host: nextcloud.dmz

ansible/nextcloud.yml

@@ -0,0 +1,52 @@
+---
+- name: Wait for Cloud-init to finish
+  hosts: all
+  gather_facts: no
+  roles:
+    - cloudinit_wait
+
+- hosts: all
+  pre_tasks:
+    - name: Delete externally managed environment file
+      shell:
+        cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+      register: rm
+      changed_when: "rm.rc == 0"
+      failed_when: "false"
+
+  roles:
+    - setup_apt
+
+  tasks:
+    - name: Install core snap
+      snap:
+        name: core
+
+    - name: Install nextcloud snap 
+      snap:
+        name: nextcloud
+
+    - name: Allow access to removable media
+      command:
+        cmd: snap connect nextcloud:removable-media
+
+    - name: Sleep
+      pause:
+        seconds: 15
+
+    - name: Stop nextcloud
+      command:
+        cmd: snap stop nextcloud
+
+    - name: Change data directory
+      lineinfile:
+        path: /var/snap/nextcloud/current/nextcloud/config/config.php
+        line: "  'datadirectory' => '/mnt/data/nextcloud/data',"
+        regexp: "  'datadirectory' => "
+        backrefs: yes
+
+    - name: Start nextcloud
+      command:
+        cmd: snap start nextcloud
+
+          # Default data dir /var/snap/nextcloud/common/nextcloud/data

ansible/requirements.yml

@@ -0,0 +1,6 @@
+- name: setup_apt
+  src: https://github.com/sunscrapers/ansible-role-apt.git
+  scm: git
+- name: cloudinit_wait
+  src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
+  scm: git

terraform/.gitignore

@@ -0,0 +1,38 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+.terraform.lock.hcl
+*.tfbackend
+
+.vault_password

terraform/main.tf

@@ -0,0 +1,26 @@
+terraform {
+  backend "pg" {
+    schema_name = "nextcloud"
+    conn_str    = "postgres://terraform@10.42.0.1/terraform_state"
+  }
+
+  required_providers {
+    libvirt = {
+      source = "dmacvicar/libvirt"
+    }
+  }
+}
+
+provider "libvirt" {
+  uri = "qemu+ssh://root@jefke.hyp/system"
+}
+
+module "nextcloud" {
+  source          = "git::https://git.pim.kunis.nl/home/tf-modules.git//debian"
+  name            = "nextcloud"
+  domain_name     = "tf-nextcloud"
+  hypervisor_host = "jefke.hyp"
+  mac             = "CA:FE:C0:FF:EE:09"
+  memory          = 1024 * 3
+  data_share      = "/var/snap/nextcloud"
+}