add nextcloud stack using NFS and remote postgres db

ansible/roles/database/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart postgres
+  systemd:
+    name: postgresql
+    state: restarted

ansible/roles/database/tasks/main.yml

@@ -0,0 +1,36 @@
+- name: Create database user
+  postgresql_user:
+    name: swarm
+    password: "{{ database_password }}"
+  become: true
+  become_user: postgres
+
+- name: Create database
+  postgresql_db:
+    name: "{{ database_name }}"
+    owner: swarm
+  become: true
+  become_user: postgres
+
+- name: Grant access to database
+  postgresql_privs:
+    type: database
+    database: "{{ database_name }}"
+    role: swarm
+    grant_option: no
+    privs: all
+  become: true
+  become_user: postgres
+  notify: restart postgres
+
+- name: Allow remote access to database
+  postgresql_pg_hba:
+    dest: /etc/postgresql/15/main/pg_hba.conf
+    contype: host
+    databases: "{{ database_name }}"
+    users: swarm
+    address: all
+    create: true
+  become: true
+  become_user: postgres
+  notify: restart postgres

ansible/roles/nextcloud/docker-stack.yml.j2

@@ -0,0 +1,40 @@
+# vi: ft=yaml
+version: '3.8'
+
+networks:
+  traefik:
+    external: true
+
+volumes:
+  data:
+    driver_opts:
+      type: "nfs"
+      o: "addr=192.168.30.10,nolock,soft,rw"
+      device: ":/mnt/data/nextcloud/data"
+
+services:
+  app:
+    image: nextcloud:26
+    volumes:
+      - type: volume
+        source: data
+        target: /var/www/html
+        volume:
+          nocopy: true
+    environment:
+      - POSTGRES_USER=swarm
+      - POSTGRES_DB=nextcloud
+      - POSTGRES_PASSWORD={{ database_passwords.nextcloud }}
+      - POSTGRES_HOST=192.168.30.10
+    networks:
+      - traefik
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.routers.nextcloud.entrypoints=websecure
+        - traefik.http.routers.nextcloud.rule=Host(`cloud.pim.kunis.nl`)
+        - traefik.http.routers.nextcloud.tls=true
+        - traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
+        - traefik.http.routers.nextcloud.service=nextcloud
+        - traefik.http.services.nextcloud.loadbalancer.server.port=80
+        - traefik.docker.network=traefik

ansible/roles/nextcloud/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Deploy Docker stack
+  docker_stack:
+    name: nextcloud
+    compose:
+      - "{{ lookup('template', '{{ role_path }}/docker-stack.yml.j2') | from_yaml }}"

ansible/roles/traefik/docker-stack.yml.j2

@@ -39,12 +39,6 @@ services:
         - traefik.http.routers.esrom.tls=true
         - traefik.http.routers.esrom.tls.certresolver=letsencrypt
 
-        - traefik.http.routers.nextcloud.entrypoints=websecure
-        - traefik.http.routers.nextcloud.service=nextcloud@file
-        - traefik.http.routers.nextcloud.rule=Host(`cloud.pim.kunis.nl`)
-        - traefik.http.routers.nextcloud.tls=true
-        - traefik.http.routers.nextcloud.tls.certresolver=letsencrypt
-
         - traefik.http.routers.uptime.entrypoints=localsecure
         - traefik.http.routers.uptime.rule=Host(`uptime.pim.kunis.nl`)
         - traefik.http.routers.uptime.service=uptime@file

ansible/roles/traefik/services.yml

@@ -4,10 +4,6 @@ http:
       loadBalancer:
         servers:
           - url: http://esrom.dmz:80/
-    nextcloud:
-      loadBalancer:
-        servers:
-          - url: http://nextcloud.dmz:80/
     uptime:
       loadBalancer:
         servers: