Added Nextcloud

ansible/main.yml

@@ -15,3 +15,4 @@
     - qbittorrent
     - overseerr
     - ntfy
+    - nextcloud

ansible/roles/nextcloud/tasks/main.yml

@@ -0,0 +1,22 @@
+- name: Create install directory
+  file:
+    path: "{{ install_directory }}/{{ role_name }}"
+    state: directory
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Copy docker-compose file to destination
+  template:
+    src: docker-compose.yml
+    dest: "{{ install_directory }}/{{ role_name }}/docker-compose.yml"
+    owner: "{{ docker_user }}"
+    mode: "{{ docker_compose_file_mask }}"
+    validate: docker-compose -f %s config
+  become: true
+
+- name: Start docker container
+  community.docker.docker_compose:
+    project_src: "{{ install_directory }}/{{ role_name }}"
+    pull: true
+    remove_orphans: yes

ansible/roles/nextcloud/templates/docker-compose.yml

@@ -0,0 +1,55 @@
+version: "{{ docker_compose_version }}"
+
+networks:
+  traefik:
+    external: true
+  db:
+    external: false
+
+services:
+  nextcloud:
+    container_name: nextcloud
+    image: lscr.io/linuxserver/nextcloud:latest
+    restart: unless-stopped
+    networks:
+      - traefik
+      - db
+    environment:
+      PUID: "{{ service_user.uid }}"
+      PGID: "{{ service_user.uid }}"
+      TZ: "{{ timezone }}"
+    volumes:
+      - "{{ data_dir }}/{{ role_name }}/config:/config"
+      - "{{ data_dir }}/{{ role_name }}/data:/data"
+    labels:
+      traefik.enable: true
+      traefik.http.routers.nextcloud.rule: "Host(`{{ role_name }}.{{ personal_domain }}`)"
+      traefik.http.routers.nextcloud.middlewares: lan-whitelist@file
+      traefik.http.services.nextcloud.loadbalancer.server.port: 443
+      traefik.http.services.nextcloud.loadbalancer.server.scheme: https
+
+  mariadb:
+    container_name: mariadb
+    image: lscr.io/linuxserver/mariadb:latest
+    restart: unless-stopped
+    networks:
+      - db
+    environment:
+      - PUID={{ service_user.uid }}
+      - PGID={{ service_user.uid }}
+      - TZ={{ timezone }}
+      - MYSQL_DATABASE={{ role_name }}
+      - MYSQL_USER={{ role_name }}
+      - MYSQL_PASSWORD={{ role_name }}
+      - MYSQL_ROOT_PASSWORD={{ role_name }} 
+    volumes:
+      - "{{ data_dir }}/mariadb/{{ role_name }}:/config"
+      
+
+  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    networks:
+      - db
+    volumes:
+      - "{{ data_dir }}/redis/{{ role_name }}:/data"

ansible/roles/traefik/templates/traefik.yml

@@ -10,6 +10,8 @@ entryPoints:
   web-secure:
     address: :443
     http:
+      middlewares:
+        - secure-headers@file
       tls:
         certResolver: letsencrypt
         domains:
@@ -17,8 +19,6 @@ entryPoints:
           - sans: "*.{{ personal_domain }}"
           - main: "local.{{ personal_domain }}"
           - sans: "*.local.{{ personal_domain }}"
-      middlewares:
-        - secure-headers@file
   
   traefik:
     address: :8080