Remove ignored files

.gitignore

@@ -1,4 +1,4 @@
-sandbox/
+./sandbox/
 ./dev/README.txt
 ./report/old/
 ./report/compile_2.sh

report/compile_2.sh

@@ -1,26 +0,0 @@
-#!/bin/sh
-
-SOURCE_FILE_NAME="Projet_brevet_03.md"
-DEST_FILE_NAME="Projet_brevet_03.pdf"
-DEST_FILE_NAME_PROTECTED="Projet_brevet_03_protected.pdf"
-#INDEX_FILE="INDEX"
-TEMPLATE="eisvogel_mod.latex"
-DATE=$(date "+%d %B %Y")
-DATA_DIR="."
-
-SOURCE_FORMAT="markdown+pipe_tables+backtick_code_blocks+auto_identifiers+yaml_metadata_block+implicit_figures+table_captions+footnotes+smart+escaped_line_breaks+header_attributes"
-
-SOURCE_FORMAT2="markdown\
-  +pipe_tables\
-  +backtick_code_blocks\
-  +auto_identifiers\
-  +yaml_metadata_block\
-  +implicit_figures\
-  +table_captions\
-  +footnotes\
-  +smart\
-  +escaped_line_breaks\
-  +header_attributes"
-
-#pandoc "$SOURCE_FILE_NAME" -o "$DEST_FILE_NAME" --from markdown --template "$TEMPLATE" --listings -M date="$DATE"
-pandoc "$SOURCE_FILE_NAME" -s -o "$DEST_FILE_NAME" -f "$SOURCE_FORMAT" --data-dir="$DATA_DIR" --template "$TEMPLATE" --toc --listings --columns=50 --number-sections --dpi=300 --pdf-engine xelatex -M date="$DATE"

sandbox/I_tried

@@ -1,21 +0,0 @@
-I tried:
-- Starting from David's IFS and NEMO restarts --> succeeded
-
-```bash
-/home/acad/ucl-elic/pbarriat/modeles/ecearth/ecearth_3.3.0/runtime/classic/ECR0.sh
-
-/SCRATCH/acad/ecearth/pbarriat/run/ECR0/
-```
-
-https://github.com/consbio/ncdjango
-https://github.com/juliomalegria/django-chunked-upload-demo
-https://github.com/jkeifer/drf-chunked-upload
-https://goodcode.io/articles/django-rest-framework-file-upload/
-https://www.techiediaries.com/django-rest-image-file-upload-tutorial/
-https://medium.com/js-dojo/how-to-build-a-file-manager-storage-web-app-with-django-rest-framework-and-vue-js-e89a83318e9c
-https://github.com/ninuxorg/nodeshot/tree/master/nodeshot/conf
-https://github.com/m3hrdadfi/drf-chunked-upload-example
-
-icc -c -I/usr/include/python2.7 -D_Float32=float -D_Float64=double -D_Float32x=_Float64 -D_Float64x='long double' -D__PURE_INTEL_C99_HEADERS__ c2f1_mpmath_cp_ca.c
-
-vendredi 29/06 : djnago rest

sandbox/Links

@@ -1,4 +0,0 @@
-LAB: OWNCLOUD SERVER USING CEPH-RBD FOR PRIMARY BACKING STORAGE AND CEPH-S3 FOR ADDITIONAL EXTERNAL STORAGE + NEXTCLOUD WITH FULL CEPH-S3 PRIMARY STORAGE BACKEND
-https://github.com/tigerlinux/tigerlinux-extra-recipes/tree/master/recipes/misc/ceph-owncloud-lab
-
-

sandbox/Mail_1.txt

@@ -1,7 +0,0 @@
-Dear colleagues,
-
-Climate data (climate simulations, palaeo reconstructions, reanalyses or observational references) make the heart of our scientic work, our teaching activities and dissemination of our research to wider audiences including the media and social networks. Maintaining a well-organized climate data base at TECLIM is therefore essential to facilitate our everyday work and in particular that of early-stage scientists (Master and PhD students) who are not necessarily aware of data availability nor where and how to obtain them. An up-to-date climate data base is also an asset in case a seemingly extreme climate event occurs and a journalist wants to know more about it. It would be painful to explain that you can't precisely answer how unusual the event was, just because you don't have the data at hand.
-
-In light of these needs, and the current lack of a coordinated data management strategy in our pole, Pierre-Yves and myself would like to call a meeting to discuss several issues and how to move forward towards a more integrated and consistent data management at TECLIM. Your participation to that meeting is highly encouraged if you plan to be a user of these data in the future, because this meeting will the place where conventions, meta-data specification, standards and best practices will be discussed.
-
-Please, fill in the following doodle before this Thursday night (the 12th of January). In the mean time, Pierre-Yves and myself will prepare an agenda of items to be discussed.

sandbox/Mail_2.txt

@@ -1 +0,0 @@
-Je mets quelques infos sur les serveurs THREDDS en pièce jointe. En gros, si je suis bien, ça te permet de travailler sur des fichiers sans les avoir localement, et ça c'est vachement pratique. Si tu as besoin de plus amples infos n'hésite pas à contacter Pierre-Antoine (pierre-antoine.bretonniere@bsc.es) qui gère ça là-bas. Hugues, Antoine et moi allons à Barcelone les 8-9 juin pour un meeting, si tu penses que c'est nécessaire tu peux voir si c'est pas possible d'y aller en même temps que nous pour rencontrer les gens qui bossent sur cette thématique (ça te fera gagner du temps!). 

sandbox/Projet_brevet_02.txt

@@ -1,65 +0,0 @@
-Conception du projet
-plan de travail, ressources,
-
-Choix techniques
-
-Outils de mise en oeuvre
-
-L'objectif est la création d'une interface de gestion de données sous forme d'une application web service. 
-
-Framework
-
-Un framework est un cadre qui permet de structurer le travail de développement grâce à un ensemble d'outils, une structure et des modèles prêts-à-l'emploi.
-Étant donné l'étendue des développements à effectuer pour concevoir une application web moderne, un framework est indispensable.
-
-Django est un framework Backend Open Source développé en Python. Il a été spécialement créé pour réaliser des sites Web puissants et de haut niveau. Il embarque tous les composants utiles, que ce soit la gestion de vues, l'authentification, le mapping objet-relationnel, une documentation détaillée, etc.
-Python est un avantage car c'est le langage le plus utilisé par les chercheurs en ELIC. En outre, les services IT de l'UCL utilisent également ce framework pour les nouveaux développements web.
-Une alternative solide serait Ruby on Rails (RoR). Il est le framework libre le plus populaire ces 5 dernières années. Ce framework a été conçu pour développer des applications Web plus rapidement. Il permet aux développeurs de créer des fonctionnalités avec moins de code que d'autres frameworks. 
-Mais si RoR nécessite peu de configuration, il exige aussi plus de conventions. En outre, Le niveau d'expertise pour se lancer est une barrière à l'entrée pour les débutants. Enfin Ruby nécessite des ressources serveur plus importantes que Django et des frameworks PHP, et sa technologie comme son utilisation sont en déclin.
-
-Python/Django sera utilisé pour la conception du projet.
-C'est un framework Full-Stack - il est très facile de combiner Django et Angular par exemple - et tout clé en main : modèles, côté serveur, panneau d'administration pour configurer un site sans coder, etc.
-Il utilise le patron de conception modèle-vue-contrôleur (MVC), c'est à dire que la structure du framework sépare les données (models) qui sont séparées des traitements (controller) qui sont eux-mêmes séparés de la vue (view/template).
-C'est également un outil idéal pour un projet collaboratif.
-Enfin, Django étant très populaire auprès des développeurs web, de nombreux projets sont apparus autour du framework. Par exemple dans notre cas, Ncdjango est un ensemble d'outils de gestion de données et de géotraitement écrits en Python qui fonctionnent sur des données NetCDF.
-
-Environnement
-
-Cette application sera conteneurisée. La conteneurisation logicielle permet une gestion simplifiée des dépendances: une application et toutes ses dépendances sont placées dans une seule unité. Le système hôte ne doit pas se soucier de ces dépendances.
-L'application conteneurisée est donc indépendante de l'architecture ou des ressources de l'hôte. Elle est donc plus flexible et plus facilement distribuable.
-Si cette conteneurisation apporte son lot d'avantages en développement et pour les tests de validation, son utilisation reste plus discutable dans le contexte d'une mise en production. Nous en rediscuterons plus en avant dans ce projet.
-
-Docker est la solution de conteneurisation la plus utilisée aujourd’hui. C'est un logiciel libre qui utilise une interface de programmation « Libcontainer » pour démarrer, gérer et arrêter des conteneurs. Il est basée sur le fonctionnement de LXC et y ajoute des capitée de niveau supérieur. Les conteneurs Docker peuvent servir d’images à d'autres conteneurs et le partage de conteneurs en public est possible via un service en ligne appelé Docker Hub. Il contient des images de conteneurs, ce qui permet aux utilisateurs de faire des échanges. Cela rend l’installation d’un conteneur extrêmement facile.
-
-Outils de développement
-
-PyCharm est un environnement de développement intégré utilisé pour développer en Python ainsi qu'avec Django. Il propose la possibilité de débuger en direct dans un conteneur Docker.
-
-Vagrant est un logiciel libre et open-source pour la création et la configuration des environnements de développement virtuel. Il peut être considéré comme un wrapper autour de logiciels de virtualisation comme VirtualBox.
-
-Méthodologie
-
-L'application sera donc standardisée MVC, c'est-à-dire selon une architecture classique à 3 couches.
-
-La couche de vue sera développées très simplement sur base de templates existants à l'UCL.
-
-Les couches traitement et modèle présenteront les cas de figure suivants:
-- données locales: traitement "on the fly" sur DB(s) locales 130.104
-- données distantes
-  - à posteriori (DB & protocoles connus)
-  - à priori (infos de structures à soumettre)
-- données distantes
-  - indexées: traitement "on the fly" (batch process possible sur DB distante)
-  - non-indexées: traitement différé (DB distante accessible en interactif uniquement)
-
-Scénarios pour les données à posteriori et non-indexées:
-- téléchargement tiers + demande d'intégration aux DB locales
-- téléchargement à travers l'appli + intégration automatique aux DB locales
-
-Comme nous souhaitons mettre à disposition des données pour quelles soient utilisées sur d’autres plateformes et qu'elles puissent intéragir avec d’autres données, une architecture REST ("REpresentational State Transfer") semble appropriée ici.
-L'architecture REST est plus axée sur un modèle orienté ressources (les données, dans notre cas) que sur un modèle orienté fonctions. Elle imite la façon dont le web lui-même fonctionne dans les échanges entre un client et un serveur.
-REST constitue donc une méthode d'intégration efficace puisque le service à développer ici concerne surtout la récupération de données. Aussi, plutôt que de définir toute une API (interfaces de programmation d'application) personnalisée mieux vaut utiliser un standard de manipulation des données CRUD (Create, Read, Update, Delete : créer, lire, mettre à jour, supprimer), qui "correspond" aux opérations HTTP (HyperText Transfert Protocol) GET, PUT, POST et DELETE. Ce fonctionnement ne repose pas sur la seule utilisation de ces opérateurs, mais sur une combinaison avec des URI.
-
-Le "Django REST framework" va nous permettre de créer plus facilement une API REST sur notre application Django.
-
-Un interfacage avec Amazon S3 serait un atout supplémentaire.

sandbox/Projet_brevet_03.txt

@@ -1,40 +0,0 @@
-https://github.com/Unidata/siphon
-Siphon - A collection of Python utilities for retrieving atmospheric and oceanic data from remote sources, focusing on being able to retrieve data from Unidata data technologies, such as the THREDDS data server.
-
-http://www.pyngl.ucar.edu/Nio.shtml
-PyNIO is a Python package that allows read and/or write access to a variety of data formats using an interface modeled on netCDF. PyNIO is composed of a C library called libnio along with a Python module based on and with an interface similar to the Scientific.IO.NetCDF module written by Konrad Hinsen. The C library contains the same data I/O code used in NCL, a scripting language developed for analysis and visualization of geo-scientific data.
-
-https://sourcesup.cru.fr/projects/scientific-py/
-ScientificPython is a collection of Python modules for scientific computing. It contains support for geometry, mathematical functions, statistics, physical units, IO, visualization, and parallelization.
-
-https://bitbucket.org/robertodealmeida/pupynere/
-This module implements the Scientific.IO.NetCDF API to read and create NetCDF files. The same API is also used in the PyNIO and pynetcdf modules, allowing these modules to be used interchangebly when working with NetCDF files. The major advantage of scipy.io.netcdf over other modules is that it doesn't require the code to be linked to the NetCDF libraries as the other modules do.
-Pupynere (PUre PYthon NEtcdf REader) Roberto De Almeida has developed pupynere, a PUre PYthon NEtcdf REader that allows read-access to netCDF files using the same syntax as the Scientific.IO.NetCDF Python module. Even though it's written in Python, the module is up to 40% faster than Scientific.IO.NetCDF and pynetcdf. 
-
-https://github.com/easybuilders/easybuild
-EasyBuild is a software build and installation framework that allows you to manage (scientific) software on High Performance Computing (HPC) systems in an efficient way.
-
-metadata
-
-
-17 mai: gestion easydata (structuration, analyse) 4h
-      : eclipse 1h
-
-20 mai: gestion easydata (structuration, analyse) 4h
-      : : eclipse python 2h
-
-23 mai: eclipse python django 4h
-
-27 mai: eclipse python django 4h
-
-29 mai: eclipse python django LDAP 2h
-
-03 juin: eclipse python django rest LDAP 4h
-
-13 juin: eclipse python django rest 4h
-
-14 juin: eclipse python django rest upload 6h
-
-17 juin: eclipse python django rest upload 2h
-
-29 juin: eclipse python django rest upload 2h

sandbox/ToDo_ELIC.txt

@@ -1,23 +0,0 @@
-ncview OK
-
-Keep original files in their native format
-
-Important: what do we do with data that was given by a colleague but is unofficial? Add a tag telling what privacy is? Restrict permissions? Important to archive such data.
-
-Not clear what we do with
-
-naming: stick to CMIP conventions for model output.
-
-The
-
-put variable at lower level, then institution.
-
-don't worry about non-gridded data right now, just store them.
-
-scripts don't force
-
-scripts : 1) to dowload: 2) to process: 3) others are welcome.
-separate scripts into official/dirty. Documentation is important.
-
-
-We start by a prototype 

sandbox/UBUNTU_DJANGO_Full.txt

@@ -1,122 +0,0 @@
-UBUNTU DJANGO-website
-https://developer.mozilla.org/en-US/docs/Learn/Server-side/Django
-
-```bash
-sudo apt install mariadb-client mariadb-server libmariadbclient-dev
-sudo pip3 install mysqlclient
-
-sudo mysql_secure_installation
-sudo mysql -u root
-```
-
-```mysql
-USE mysql;
-CREATE USER 'pbarriat'@'localhost' IDENTIFIED BY '';
-GRANT ALL PRIVILEGES ON *.* TO 'pbarriat'@'localhost';
-UPDATE user SET plugin='auth_socket' WHERE User='pbarriat';
-UPDATE user SET plugin='unix_socket' WHERE User='pbarriat';
-FLUSH PRIVILEGES;
-exit;
-```
-
-```bash
-sudo service mysql restart
-mysql -u pbarriat
-```
-
-```mysql
-USE mysql;
-create database testdb;
-FLUSH PRIVILEGES;
-exit;
-```
-
-```bash
-pip3 install django
-pip3 install djangorestframework
-```
-
-ECLIPSE
-Create Django Project With PyDev Django Wizard
-- django-admin startproject easydata
-- python3 manage.py startapp catalog
-
-Files:
-M easydata/easydata/settings.py
-M easydata/easydata/urls.py
-A easydata/catalog/urls.py
-
-ECLIPSE
-python3 manage.py makemigrations
-python3 manage.py migrate
-
-
-
-sudo apt install libldap2-dev libsasl2-dev
-sudo pip3 install django-auth-ldap
-
-
-Next, add 'rest_framework' to the INSTALLED_APPS array
-
-cd ${ECLIPSEWorkspace}/MyApp
-python3 manage.py migrate
-python3 manage.py createsuperuser
-
-python3 manage.py startapp testapp
-Next, add 'testapp' to the INSTALLED_APPS array
-Now refresh the Django project folder in eclipse
-
-settings.py
-TEMPLATES = [
-    {
-        'DIRS': ['/home/pbarriat/Eclipse/workspace_parallel/MyApp/'],
-
-urls.py
-from django.contrib import admin
-from django.urls import path,include
-from django.conf.urls import url
-
-urlpatterns = [
-    path('admin/', admin.site.urls),
-    url('^testapp/', include(('testapp.urls','testapp'), namespace='testapp')),
-]
-
-testapp/urls.py
-from django.contrib import admin
-from django.urls import path
-from django.conf.urls import url
-from . import views
-import testapp
-
-urlpatterns = [
-    path('admin/', admin.site.urls),
-    path('testapp', views.testapp, name='testapp'),
-]
-
-firstApp/views.py
-def firstApp(request):
-    # The html file path relative to TEMPLATE DIRS directory defined in DjangoProjectExample / settings.py file..
-    firstApp_file_path = 'firstApp/pages/index.html'
-    # The context object will send back to client, it is a dictionary object contains a Message.
-    context = {'Message' : 'Welcome to Django world.'}
-    return render(request, firstApp_file_path, context)
-
-
-Create directory 'pages' in firstApp folder
-Create index.html file in pages directory
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="UTF-8">
-<title>Python Django firstApp</title>
-</head>
-<body>
-{{Message}}
-</body>
-</html>
-
-ECLIPSE Runs as PyDev:Django
-http://localhost:8000/firstApp/hello
-
-python3 manage.py makemigrations
-python3 manage.py migrate

sandbox/UBUNTU_DJANGO_MYSQL.txt

@@ -1,108 +0,0 @@
-UBUNTU DJANGO-MYSQL
-
-sudo pip3 install django
-sudo pip3 install djangorestframework
-sudo apt install mariadb-client
-sudo apt install mariadb-server
-sudo apt install libmariadbclient-dev
-sudo pip3 install mysqlclient
-sudo apt install libldap2-dev libsasl2-dev
-sudo pip3 install django-auth-ldap
-
-sudo mysql_secure_installation
-(all default)
-
-sudo mysql -u root
-USE mysql;
-CREATE USER 'pbarriat'@'localhost' IDENTIFIED BY '';
-GRANT ALL PRIVILEGES ON *.* TO 'pbarriat'@'localhost';
-UPDATE user SET plugin='auth_socket' WHERE User='pbarriat';
-UPDATE user SET plugin='unix_socket' WHERE User='pbarriat';
-FLUSH PRIVILEGES;
-exit;
-
-sudo service mysql restart
-mysql -u pbarriat
-
-USE mysql;
-create database testdb;
-exit;
-
-ECLIPSE
-Create Django Project With PyDev Django Wizard
-
-settings.py
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.mysql', 
-        'NAME': 'testdb',
-        'USER': 'pbarriat',
-        'PASSWORD': '',
-        'HOST': 'localhost',   
-        'PORT': '3306',
-    }
-}
-Next, add 'rest_framework' to the INSTALLED_APPS array
-
-cd ${ECLIPSEWorkspace}/MyApp
-python3 manage.py migrate
-python3 manage.py createsuperuser
-
-python3 manage.py startapp testapp
-Next, add 'testapp' to the INSTALLED_APPS array
-Now refresh the Django project folder in eclipse
-
-settings.py
-TEMPLATES = [
-    {
-        'DIRS': ['/home/pbarriat/Eclipse/workspace_parallel/MyApp/'],
-
-urls.py
-from django.contrib import admin
-from django.urls import path,include
-from django.conf.urls import url
-
-urlpatterns = [
-    path('admin/', admin.site.urls),
-    url('^testapp/', include(('testapp.urls','testapp'), namespace='testapp')),
-]
-
-testapp/urls.py
-from django.contrib import admin
-from django.urls import path
-from django.conf.urls import url
-from . import views
-import testapp
-
-urlpatterns = [
-    path('admin/', admin.site.urls),
-    path('testapp', views.testapp, name='testapp'),
-]
-
-firstApp/views.py
-def firstApp(request):
-    # The html file path relative to TEMPLATE DIRS directory defined in DjangoProjectExample / settings.py file..
-    firstApp_file_path = 'firstApp/pages/index.html'
-    # The context object will send back to client, it is a dictionary object contains a Message.
-    context = {'Message' : 'Welcome to Django world.'}
-    return render(request, firstApp_file_path, context)
-
-
-Create directory 'pages' in firstApp folder
-Create index.html file in pages directory
-<!DOCTYPE html>
-<html>
-<head>
-<meta charset="UTF-8">
-<title>Python Django firstApp</title>
-</head>
-<body>
-{{Message}}
-</body>
-</html>
-
-ECLIPSE Runs as PyDev:Django
-http://localhost:8000/firstApp/hello
-
-python3 manage.py makemigrations
-python3 manage.py migrate

sandbox/UBUNTU_ECLIPSE-PYTHON.txt

@@ -1,50 +0,0 @@
-UBUNTU ECLIPSE-PYTHON
-
-sudo apt update
-sudo apt upgrade
-
-java -version
-sudo apt install default-jre
-javac -version
-sudo apt install default-jdk
-
-sudo add-apt-repository ppa:webupd8team/java
-sudo apt update
-sudo apt install oracle-java8-installer
-
-sudo update-alternatives --config java
-sudo update-alternatives --config java
-
-sudo vi /etc/environment
-echo "JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64/bin/"
-source /etc/environment
-echo $JAVA_HOME
-sudo update-alternatives --config java
-
-https://www.eclipse.org/downloads/
-cd ~/Downloads/
-tar xvfz eclipse-inst-linux64.tar.gz
-cd eclipse-installer
-./eclipse-inst
-
-vi ~/.local/share/applications/eclipse.desktop
-
-[Desktop Entry]
-Name=Eclipse CPP Photon
-Type=Application
-Exec=/home/pbarriat/eclipse/parallel-2019-03/eclipse/eclipse
-Terminal=false
-Icon=/home/pbarriat/eclipse/parallel-2019-03/eclipse/icon.xpm
-Comment=Integrated Development Environment
-NoDisplay=false
-Categories=Development;IDE;
-Name[en]=Eclipse
-
-Installing PyDev in Eclipse Marketplace
-
-Install the Data Tools Platform via the Eclipse update manager. 
-Install "Data Tools Platform Enablement Extender SDK"
-Install "Data Tools Platform Enablement for MySQL"
-Install "Eclipse Web Developer Tools"
-
-sudo apt install python3-pip

sandbox/ansible/grafana.yml

@@ -1,14 +0,0 @@
----
-- name: apply grafana role
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: grafana }

sandbox/ansible/haproxy.yml

@@ -1,18 +0,0 @@
----
-- name: apply haproxy role
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #    ssl_name: "nextcloud.test"
-  #    network_allowed: "192.168.56.0/24"
-  #    haproxy_backend_servers:
-  #      { name: 'web', ip: '192.168.56.14:8000' }
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: haproxy }

sandbox/ansible/mariadb.yml

@@ -1,15 +0,0 @@
----
-- name: apply mariadb configuration
-  hosts: all
-  #vars:
-  #  ansible_python_interpreter: /usr/bin/python3
-  #  ansible_user: vagrant
-  #  ansible_password: vagrant
-  #  app_bind_address: 192.168.56.14
-  #pre_tasks:
-  #  - name: define ansible_python_interpreter group // linux distribution
-  #    set_fact:
-  #      ansible_python_interpreter: /usr/bin/python2
-  #    when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: mariadb }

sandbox/ansible/nextcloud.yml

@@ -1,19 +0,0 @@
----
-- name: apply nextcloud role
-  collections:
-    - community.general
-    - ansible.posix
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #    db_host: 192.168.56.13
-  #    debug_speed: false
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: nextcloud }

sandbox/ansible/node_exporter.yml

@@ -1,14 +0,0 @@
----
-- name: apply node_exporter role
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: node_exporter }

sandbox/ansible/prometheus.yml

@@ -1,14 +0,0 @@
----
-- name: apply prometheus role
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: prometheus }

sandbox/ansible/redis.yml

@@ -1,14 +0,0 @@
----
-- name: apply redis role
-  hosts: all
-  #  vars:
-  #    ansible_python_interpreter: /usr/bin/python3
-  #    ansible_user: vagrant
-  #    ansible_password: vagrant
-  #  pre_tasks:
-  #    - name: define ansible_python_interpreter group // linux distribution
-  #      set_fact:
-  #        ansible_python_interpreter: /usr/bin/python2
-  #      when: ansible_distribution == 'CentOS' and ansible_distribution_major_version == '7'
-  roles:
-    - { role: redis }

sandbox/ansible/roles/grafana/defaults/main.yml

@@ -1,5 +0,0 @@
----
-grafana_version: "6.2.2-1"
-grafana_tarball: "grafana-{{ grafana_version }}.x86_64"
-grafana_url: "https://s3-us-west-2.amazonaws.com/grafana-releases/release"
-grafana_skip_install: false

sandbox/ansible/roles/grafana/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: "Restart the Grafana service."
-  service:
-    name: grafana-server
-    state: restarted
-  listen: event_restart_grafana

sandbox/ansible/roles/grafana/tasks/main.yml

@@ -1,21 +0,0 @@
----
-
-- include_tasks: "setup/{{ ansible_os_family }}.yml"
-
-- name: "Grafana configuration file copy"
-  template:
-    src: "grafana.conf.j2"
-    dest: /etc/grafana/grafana.ini
-  notify: event_restart_grafana
-
-- name: "Grafana server started"
-  service:
-    name: grafana-server
-    enabled: true
-    state: started
-
-- name: "Check if Grafana is accessible."
-  uri:
-    url: http://127.0.0.1:3000
-    method: GET
-    status_code: 200

sandbox/ansible/roles/grafana/tasks/setup/CentOS.yml

@@ -1,35 +0,0 @@
----
-
-- name: Install grafana
-  yum:
-    name: "{{ grafana_url }}/{{ grafana_tarball }}.rpm"
-    state: latest
-
-#- name: Download grafana archive
-#  get_url:
-#    url:  "{{ grafana_url }}/{{ grafana_tarball }}.tar.gz"
-#    dest: /tmp/{{ grafana_tarball }}.tar.gz
-#    #checksum: "sha256:{{ grafana_url }}/{{ grafana_tarball }}.tar.gz.sha256"
-#  register: _download_archive
-#  until: _download_archive is succeeded
-#  retries: 5
-#  delay: 2
-#  when: not grafana_skip_install
-#
-#- name: unpack grafana binaries
-#  unarchive:
-#    src: "/tmp/{{ grafana_tarball }}.tar.gz"
-#    dest: "/tmp"
-#    creates: "/tmp/grafana-{{ grafana_version }}/bin/grafana-cli"
-#    remote_src: true
-#  when: not grafana_skip_install
-#
-#- name: Copy grafana files to bin
-#  copy:
-#    src: "/tmp/grafana-{{ grafana_version }}/"
-#    dest: "/etc/grafana"
-#    owner: root
-#    group: root
-#    remote_src: yes
-#    mode: 0750
-#  when: not grafana_skip_install

sandbox/ansible/roles/grafana/tasks/setup/RedHat.yml

@@ -1,3 +0,0 @@
----
-
-- include_tasks: "{{ ansible_facts['distribution'] }}.yml"

sandbox/ansible/roles/grafana/templates/grafana.conf.j2

@@ -1,462 +0,0 @@
-##################### Grafana Configuration Example #####################
-#
-# Everything has defaults so you only need to uncomment things you want to
-# change
-
-# possible values : production, development
-;app_mode = production
-
-# instance name, defaults to HOSTNAME environment variable value or hostname if HOSTNAME var is empty
-;instance_name = ${HOSTNAME}
-
-#################################### Paths ####################################
-[paths]
-# Path to where grafana can store temp files, sessions, and the sqlite3 db (if that is used)
-;data = /var/lib/grafana
-
-# Temporary files in `data` directory older than given duration will be removed
-;temp_data_lifetime = 24h
-
-# Directory where grafana can store logs
-;logs = /var/log/grafana
-
-# Directory where grafana will automatically scan and look for plugins
-;plugins = /var/lib/grafana/plugins
-
-# folder that contains provisioning config files that grafana will apply on startup and while running.
-;provisioning = conf/provisioning
-
-#################################### Server ####################################
-[server]
-# Protocol (http, https, socket)
-;protocol = http
-
-# The ip address to bind to, empty will bind to all interfaces
-;http_addr =
-
-# The http port  to use
-;http_port = 3000
-
-# The public facing domain name used to access grafana from a browser
-;domain = localhost
-
-# Redirect to correct domain if host header does not match domain
-# Prevents DNS rebinding attacks
-;enforce_domain = false
-
-# The full public facing url you use in browser, used for redirects and emails
-# If you use reverse proxy and sub path specify full url (with sub path)
-;root_url = http://localhost:3000
-
-# Log web requests
-;router_logging = false
-
-# the path relative working path
-;static_root_path = public
-
-# enable gzip
-;enable_gzip = false
-
-# https certs & key file
-;cert_file =
-;cert_key =
-
-# Unix socket path
-;socket =
-
-#################################### Database ####################################
-[database]
-# You can configure the database connection by specifying type, host, name, user and password
-# as separate properties or as on string using the url properties.
-
-# Either "mysql", "postgres" or "sqlite3", it's your choice
-;type = sqlite3
-;host = 127.0.0.1:3306
-;name = grafana
-;user = root
-# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-;password =
-
-# Use either URL or the previous fields to configure the database
-# Example: mysql://user:secret@host:port/database
-;url =
-
-# For "postgres" only, either "disable", "require" or "verify-full"
-;ssl_mode = disable
-
-# For "sqlite3" only, path relative to data_path setting
-;path = grafana.db
-
-# Max idle conn setting default is 2
-;max_idle_conn = 2
-
-# Max conn setting default is 0 (mean not set)
-;max_open_conn =
-
-# Connection Max Lifetime default is 14400 (means 14400 seconds or 4 hours)
-;conn_max_lifetime = 14400
-
-# Set to true to log the sql calls and execution times.
-log_queries =
-
-#################################### Session ####################################
-[session]
-# Either "memory", "file", "redis", "mysql", "postgres", default is "file"
-;provider = file
-
-# Provider config options
-# memory: not have any config yet
-# file: session dir path, is relative to grafana data_path
-# redis: config like redis server e.g. `addr=127.0.0.1:6379,pool_size=100,db=grafana`
-# mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1:3306)/database_name`
-# postgres: user=a password=b host=localhost port=5432 dbname=c sslmode=disable
-;provider_config = sessions
-
-# Session cookie name
-;cookie_name = grafana_sess
-
-# If you use session in https only, default is false
-;cookie_secure = false
-
-# Session life time, default is 86400
-;session_life_time = 86400
-
-#################################### Data proxy ###########################
-[dataproxy]
-
-# This enables data proxy logging, default is false
-;logging = false
-
-#################################### Analytics ####################################
-[analytics]
-# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
-# No ip addresses are being tracked, only simple counters to track
-# running instances, dashboard and error counts. It is very helpful to us.
-# Change this option to false to disable reporting.
-;reporting_enabled = true
-
-# Set to false to disable all checks to https://grafana.net
-# for new vesions (grafana itself and plugins), check is used
-# in some UI views to notify that grafana or plugin update exists
-# This option does not cause any auto updates, nor send any information
-# only a GET request to http://grafana.com to get latest versions
-;check_for_updates = true
-
-# Google Analytics universal tracking code, only enabled if you specify an id here
-;google_analytics_ua_id =
-
-#################################### Security ####################################
-[security]
-# default admin user, created on startup
-;admin_user = admin
-
-# default admin password, can be changed before first start of grafana,  or in profile settings
-;admin_password = admin
-
-# used for signing
-;secret_key = SW2YcwTIb9zpOOhoPsMm
-
-# Auto-login remember days
-;login_remember_days = 7
-;cookie_username = grafana_user
-;cookie_remember_name = grafana_remember
-
-# disable gravatar profile images
-;disable_gravatar = false
-
-# data source proxy whitelist (ip_or_domain:port separated by spaces)
-;data_source_proxy_whitelist =
-
-# disable protection against brute force login attempts
-;disable_brute_force_login_protection = false
-
-#################################### Snapshots ###########################
-[snapshots]
-# snapshot sharing options
-;external_enabled = true
-;external_snapshot_url = https://snapshots-origin.raintank.io
-;external_snapshot_name = Publish to snapshot.raintank.io
-
-# remove expired snapshot
-;snapshot_remove_expired = true
-
-#################################### Dashboards History ##################
-[dashboards]
-# Number dashboard versions to keep (per dashboard). Default: 20, Minimum: 1
-;versions_to_keep = 20
-
-#################################### Users ###############################
-[users]
-# disable user signup / registration
-;allow_sign_up = true
-
-# Allow non admin users to create organizations
-;allow_org_create = true
-
-# Set to true to automatically assign new users to the default organization (id 1)
-;auto_assign_org = true
-
-# Default role new users will be automatically assigned (if disabled above is set to true)
-;auto_assign_org_role = Viewer
-
-# Background text for the user field on the login page
-;login_hint = email or username
-
-# Default UI theme ("dark" or "light")
-;default_theme = dark
-
-# External user management, these options affect the organization users view
-;external_manage_link_url =
-;external_manage_link_name =
-;external_manage_info =
-
-# Viewers can edit/inspect dashboard settings in the browser. But not save the dashboard.
-;viewers_can_edit = false
-
-[auth]
-# Set to true to disable (hide) the login form, useful if you use OAuth, defaults to false
-;disable_login_form = false
-
-# Set to true to disable the signout link in the side menu. useful if you use auth.proxy, defaults to false
-;disable_signout_menu = false
-
-# URL to redirect the user to after sign out
-;signout_redirect_url =
-
-#################################### Anonymous Auth ##########################
-[auth.anonymous]
-# enable anonymous access
-;enabled = false
-
-# specify organization name that should be used for unauthenticated users
-;org_name = Main Org.
-
-# specify role for unauthenticated users
-;org_role = Viewer
-
-#################################### Github Auth ##########################
-[auth.github]
-;enabled = false
-;allow_sign_up = true
-;client_id = some_id
-;client_secret = some_secret
-;scopes = user:email,read:org
-;auth_url = https://github.com/login/oauth/authorize
-;token_url = https://github.com/login/oauth/access_token
-;api_url = https://api.github.com/user
-;team_ids =
-;allowed_organizations =
-
-#################################### Google Auth ##########################
-[auth.google]
-;enabled = false
-;allow_sign_up = true
-;client_id = some_client_id
-;client_secret = some_client_secret
-;scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-;auth_url = https://accounts.google.com/o/oauth2/auth
-;token_url = https://accounts.google.com/o/oauth2/token
-;api_url = https://www.googleapis.com/oauth2/v1/userinfo
-;allowed_domains =
-
-#################################### Generic OAuth ##########################
-[auth.generic_oauth]
-;enabled = false
-;name = OAuth
-;allow_sign_up = true
-;client_id = some_id
-;client_secret = some_secret
-;scopes = user:email,read:org
-;auth_url = https://foo.bar/login/oauth/authorize
-;token_url = https://foo.bar/login/oauth/access_token
-;api_url = https://foo.bar/user
-;team_ids =
-;allowed_organizations =
-;tls_skip_verify_insecure = false
-;tls_client_cert =
-;tls_client_key =
-;tls_client_ca =
-
-#################################### Grafana.com Auth ####################
-[auth.grafana_com]
-;enabled = false
-;allow_sign_up = true
-;client_id = some_id
-;client_secret = some_secret
-;scopes = user:email
-;allowed_organizations =
-
-#################################### Auth Proxy ##########################
-[auth.proxy]
-;enabled = false
-;header_name = X-WEBAUTH-USER
-;header_property = username
-;auto_sign_up = true
-;ldap_sync_ttl = 60
-;whitelist = 192.168.1.1, 192.168.2.1
-
-#################################### Basic Auth ##########################
-[auth.basic]
-;enabled = true
-
-#################################### Auth LDAP ##########################
-[auth.ldap]
-;enabled = false
-;config_file = /etc/grafana/ldap.toml
-;allow_sign_up = true
-
-#################################### SMTP / Emailing ##########################
-[smtp]
-;enabled = false
-;host = localhost:25
-;user =
-# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
-;password =
-;cert_file =
-;key_file =
-;skip_verify = false
-;from_address = admin@grafana.localhost
-;from_name = Grafana
-# EHLO identity in SMTP dialog (defaults to instance_name)
-;ehlo_identity = dashboard.example.com
-
-[emails]
-;welcome_email_on_sign_up = false
-
-#################################### Logging ##########################
-[log]
-# Either "console", "file", "syslog". Default is console and  file
-# Use space to separate multiple modes, e.g. "console file"
-;mode = console file
-
-# Either "debug", "info", "warn", "error", "critical", default is "info"
-;level = info
-
-# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
-;filters =
-
-# For "console" mode only
-[log.console]
-;level =
-
-# log line format, valid options are text, console and json
-;format = console
-
-# For "file" mode only
-[log.file]
-;level =
-
-# log line format, valid options are text, console and json
-;format = text
-
-# This enables automated log rotate(switch of following options), default is true
-;log_rotate = true
-
-# Max line number of single file, default is 1000000
-;max_lines = 1000000
-
-# Max size shift of single file, default is 28 means 1 << 28, 256MB
-;max_size_shift = 28
-
-# Segment log daily, default is true
-;daily_rotate = true
-
-# Expired days of log file(delete after max days), default is 7
-;max_days = 7
-
-[log.syslog]
-;level =
-
-# log line format, valid options are text, console and json
-;format = text
-
-# Syslog network type and address. This can be udp, tcp, or unix. If left blank, the default unix endpoints will be used.
-;network =
-;address =
-
-# Syslog facility. user, daemon and local0 through local7 are valid.
-;facility =
-
-# Syslog tag. By default, the process' argv[0] is used.
-;tag =
-
-#################################### Alerting ############################
-[alerting]
-# Disable alerting engine & UI features
-;enabled = true
-# Makes it possible to turn off alert rule execution but alerting UI is visible
-;execute_alerts = true
-
-#################################### Explore #############################
-[explore]
-# Enable the Explore section
-;enabled = false
-
-#################################### Internal Grafana Metrics ##########################
-# Metrics available at HTTP API Url /metrics
-[metrics]
-# Disable / Enable internal metrics
-;enabled           = true
-
-# Publish interval
-;interval_seconds  = 10
-
-# Send internal metrics to Graphite
-[metrics.graphite]
-# Enable by setting the address setting (ex localhost:2003)
-;address =
-;prefix = prod.grafana.%(instance_name)s.
-
-#################################### Distributed tracing ############
-[tracing.jaeger]
-# Enable by setting the address sending traces to jaeger (ex localhost:6831)
-;address = localhost:6831
-# Tag that will always be included in when creating new spans. ex (tag1:value1,tag2:value2)
-;always_included_tag = tag1:value1
-# Type specifies the type of the sampler: const, probabilistic, rateLimiting, or remote
-;sampler_type = const
-# jaeger samplerconfig param
-# for "const" sampler, 0 or 1 for always false/true respectively
-# for "probabilistic" sampler, a probability between 0 and 1
-# for "rateLimiting" sampler, the number of spans per second
-# for "remote" sampler, param is the same as for "probabilistic"
-# and indicates the initial sampling rate before the actual one
-# is received from the mothership
-;sampler_param = 1
-
-#################################### Grafana.com integration  ##########################
-# Url used to to import dashboards directly from Grafana.com
-[grafana_com]
-;url = https://grafana.com
-
-#################################### External image storage ##########################
-[external_image_storage]
-# Used for uploading images to public servers so they can be included in slack/email messages.
-# you can choose between (s3, webdav, gcs, azure_blob, local)
-;provider =
-
-[external_image_storage.s3]
-;bucket =
-;region =
-;path =
-;access_key =
-;secret_key =
-
-[external_image_storage.webdav]
-;url =
-;public_url =
-;username =
-;password =
-
-[external_image_storage.gcs]
-;key_file =
-;bucket =
-;path =
-
-[external_image_storage.azure_blob]
-;account_name =
-;account_key =
-;container_name =
-
-[external_image_storage.local]
-# does not require any configuration

sandbox/ansible/roles/haproxy/defaults/main.yml

@@ -1,18 +0,0 @@
----
-# Frontend settings.
-frontend_mode: 'http'
-ssl_name: 'nextcloud.test'
-ssl_crt_path: '/etc/ssl/private'
-ssl_self: true
-
-# Backend settings.
-backend_mode: 'http'
-backend_balance_method: 'roundrobin' # leastconn | roundrobin
-
-# Specific nextcloud settings.
-nc_settings: true
-network_allowed: '192.168.56.0/24'
-
-# List of backend servers.
-haproxy_backend_servers:
-  - { name: 'web', ip: '192.168.56.14:8000' }

sandbox/ansible/roles/haproxy/handlers/main.yml

@@ -1,3 +0,0 @@
----
-- name: restart haproxy
-  service: name=haproxy state=restarted

sandbox/ansible/roles/haproxy/tasks/main.yml

@@ -1,67 +0,0 @@
----
-- name: Get HAProxy version.
-  command: haproxy -v
-  register: haproxy_version_result
-  changed_when: false
-  check_mode: false
-
-- name: Set HAProxy version.
-  set_fact:
-    haproxy_version: '{{ haproxy_version_result.stdout_lines[0] | regex_replace("^HA-Proxy version ([0-9]\.[0-9]).*$", "\1") }}'
-
-- name: Ensure HAProxy is started and enabled on boot.
-  service: name=haproxy state=started enabled=yes
-
-- name: Create private key (RSA, 4096 bits)
-  community.crypto.openssl_privatekey:
-    path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
-  when: ssl_self
-
-- name: Create certificate signing request (CSR) for self-signed certificate
-  community.crypto.openssl_csr_pipe:
-    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
-    country_name: BE
-    locality_name: Louvain-la-Neuve
-    common_name: "{{ ssl_name }}"
-    organization_name: UCLouvain
-    organizational_unit_name: ELIC
-  register: csr
-  when: ssl_self
-
-- name: Generate a Self Signed OpenSSL certificate
-  community.crypto.x509_certificate:
-    path: "{{ ssl_crt_path }}/{{ ssl_name }}.crt"
-    csr_content: "{{ csr.csr }}"
-    privatekey_path: "{{ ssl_crt_path }}/{{ ssl_name }}.key"
-    provider: selfsigned
-  when: ssl_self
-
-- name: Merge KEY and CRT to generate PEM
-  shell: "cat {{ ssl_crt_path }}/{{ ssl_name }}.key {{ ssl_crt_path }}/{{ ssl_name }}.crt >> {{ ssl_crt_path }}/{{ ssl_name }}.pem"
-  when: ssl_self
-
-- name: Generate DH Parameters with a different size (2048 bits)
-  community.crypto.openssl_dhparam:
-    path: /etc/haproxy/dhparams.pem
-    size: 2048
-
-- name: Add ssl dhparam file
-  lineinfile:
-    path: /etc/haproxy/haproxy.cfg
-    insertafter: "^.*ssl-default-bind-options.*"
-    line: "\tssl-dh-param-file /etc/haproxy/dhparams.pem"
-    firstmatch: yes
-    state: present 
-
-- name: Copy HAProxy configuration in place
-  set_fact:
-    cfg_content: "{{ lookup('template', '{{ role_path }}/templates/haproxy.cfg.j2') }}"
-
-- name: Merge HAProxy config file
-  blockinfile:
-    dest: "/etc/haproxy/haproxy.cfg"
-    content: '{{ cfg_content }}'
-    state: present
-
-- name: HAProxy restart
-  service: name=haproxy state=restarted

sandbox/ansible/roles/haproxy/templates/haproxy.cfg.j2

@@ -1,41 +0,0 @@
-
-frontend http_frontend
-  mode {{ frontend_mode }}
-	bind *:80
-	bind *:443 ssl crt  {{ ssl_crt_path }}/{{ ssl_name }}.pem alpn h2,http/1.1
-
-{% if nc_settings is sameas true %}
-	maxconn 20000
-	acl url_discovery_dav path /.well-known/caldav /.well-known/carddav
-	acl url_discovery_inf path /.well-known/webfinger /.well-known/nodeinfo
-	http-request redirect location /remote.php/dav/ code 301 if url_discovery_dav
-	http-request redirect location /index.php%[capture.req.uri] code 301 if url_discovery_inf
-	http-response set-header Strict-Transport-Security max-age=63072000
-{% endif %}
-	option forwardfor
-	option http-server-close
-
-{% if network_allowed != '' %}
-	#Only allow some services to be available internally
-	acl network_allowed src {{ network_allowed }}
-
-{% endif %}
-	redirect scheme https code 301 if !{ ssl_fc }
-	default_backend http_servers
-
-backend http_servers
-	mode {{ backend_mode }}
-	balance {{ backend_balance_method }}
-{% if nc_settings is sameas true %}
-	option httpchk HEAD /
-	cookie SERVERID insert indirect nocache
-	http-check expect rstatus [2-3][0-9][0-9]
-	http-response set-header X-Frame-Options SAMEORIGIN
-	http-response set-header X-XSS-Protection 1;mode=block
-	http-response set-header X-Content-Type-Options nosniff
-	default-server check maxconn 5000
-{% endif %}
-
-{% if haproxy_backend_servers != '' %}
-	server {{ haproxy_backend_servers.name }} {{ haproxy_backend_servers.ip }}
-{% endif %}

sandbox/ansible/roles/mariadb/defaults/main.yml

@@ -1,42 +0,0 @@
----
-# defaults file for mariadb
-mariadb_version: "10.4"
-
-mysql_user_name: admin
-mysql_user_password: pedro
-
-mysql_root_username: root
-mysql_root_password: pedro
-
-# Set this to `true` to forcibly update the root password.
-#mysql_root_password_update: false
-#mysql_user_password_update: false
-
-# Allow remote root login
-disable_remote_root_login: true
-
-# Specify address to listen
-mariadb_bind_address: '0.0.0.0'
-mariadb_port: 3306
-
-# Add mariabd databases
-# default create nothing
-mariadb_database: 
-  - name: nextcloudb
-    collation: utf8_general_ci
-    encoding: utf8
-    state: present
-    target: omit
-
-# Add mariabd users
-# default create nothing
-mariadb_user: 
-  - name: web
-    password: secret
-    #host: 10.90.90.14 (replaced with global vars when calling role)
-    priv: 'nextcloudb.*:ALL,GRANT'
-    encrypted: false
-
-# Specify slow query log
-mariadb_slow_query_log_enabled: false
-mariadb_slow_query_time: "2"

sandbox/ansible/roles/mariadb/handlers/main.yml

@@ -1,6 +0,0 @@
----
-# handlers file for ansible-role-mariadb
-- name: Restart mariadb
-  service:
-    name: "{{ mariadb_service }}"
-    state: restarted

sandbox/ansible/roles/mariadb/tasks/config/secure-installation.yml

@@ -1,67 +0,0 @@
----
-#- name: Ensure default user is present.
-#  mysql_user:
-#    name: "{{ mysql_user_name }}"
-#    host: 'localhost'
-#    password: "{{ mysql_user_password }}"
-#    priv: '*.*:ALL,GRANT'
-#    state: present
-#  when: mysql_user_name != mysql_root_username
-#
-## Has to be after the password assignment, for idempotency.
-#- name: Copy user-my.cnf file with password credentials.
-#  template:
-#    src: "user-my.cnf.j2"
-#    dest: "/root/.my.cnf"
-#    owner: "{{ mysql_user_name }}"
-#    mode: 0600
-#  when: mysql_user_name != mysql_root_username
-
-- name: Disallow root login remotely
-  command: 'mysql -NBe "{{ item }}"'
-  with_items:
-    - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
-  changed_when: false
-
-- name: Get list of hosts for the root user.
-  command: mysql -NBe
-    "SELECT Host
-    FROM mysql.user
-    WHERE User = '{{ mysql_root_username }}'
-    ORDER BY (Host='localhost') ASC"
-  register: mysql_root_hosts
-  changed_when: false
-  check_mode: false
-
-# Set root password for MySQL
-- name: Update MySQL root password for localhost root account
-  shell: >
-    mysql -NBe
-    'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}"); FLUSH PRIVILEGES;'
-  with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
-
-# Has to be after the root password assignment, for idempotency.
-- name: Copy .my.cnf file with root password credentials.
-  template:
-    src: "root-my.cnf.j2"
-    dest: "/root/.my.cnf"
-    owner: root
-    group: root
-    mode: 0600
-
-- name: Get list of hosts for the anonymous user.
-  command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = ''"
-  register: mysql_anonymous_hosts
-  changed_when: false
-  check_mode: false
-
-- name: Remove anonymous MySQL users.
-  mysql_user:
-    name: ""
-    host: "{{ item }}"
-    state: absent
-  with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}"
-  no_log: true
-
-- name: Remove MySQL test database.
-  mysql_db: "name='test' state=absent"

sandbox/ansible/roles/mariadb/tasks/config/secure.yml

@@ -1,31 +0,0 @@
----
-- name: Update MySQL root password for localhost root account (5.7.x).
-  shell: >
-    mysql -u root -NBe
-    "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('{{ mysql_root_password }}'); FLUSH PRIVILEGES;"
-  register: result
-  ignore_errors: true
-
-- name: Disallow root login remotely
-  command: 'mysql -NBe "{{ item }}" -p"{{ mysql_root_password }}"'
-  with_items:
-    - DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
-  changed_when: false
-  when: (disable_remote_root_login|bool) and (result is succeeded)
-
-- name: Remove anonymous MySQL users
-  mysql_user:
-    name: ''
-    host_all: yes
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    state: absent
-    login_unix_socket: "{{ mariadb_socket }}"
-
-- name: Remove MySQL test database
-  mysql_db:
-    name: test
-    login_user: root
-    login_password: "{{ mysql_root_password }}"
-    state: absent
-    login_unix_socket: "{{ mariadb_socket }}"

sandbox/ansible/roles/mariadb/tasks/config/template.yml

@@ -1,16 +0,0 @@
----
-- name: Get MySQL version.
-  command: 'mysql --version'
-  register: mysql_cli_version
-  changed_when: false
-  check_mode: false
-
-- name: setup Mariadb config file
-  template:
-    src: server.j2
-    dest: "{{ mariadb_config_file }}"
-    owner: "{{ mariadb_config_file_owner }}"
-    group: "{{ mariadb_config_file_group }}"
-    mode: 0644
-  notify: 
-  - Restart mariadb

sandbox/ansible/roles/mariadb/tasks/database/databases.yml

@@ -1,11 +0,0 @@
----
-
-- name: Ensure Mariadb database are present
-  mysql_db:
-    name: "{{ item.name }}"
-    collation: "{{ item.collation | default('utf8_general_ci') }}"
-    encoding: "{{ item.encoding | default('utf8') }}"
-    state: "{{ item.state | default('present') }}"
-    target: "{{ item.target | default(omit) }}"
-    login_unix_socket: "{{ mariadb_socket }}"
-  with_items: "{{ mariadb_database }}"

sandbox/ansible/roles/mariadb/tasks/database/users.yml

@@ -1,15 +0,0 @@
----
-
-- name: Ensure Mariadb users are present.
-  mysql_user:
-    name: "{{ item.name }}"
-    #host: "{{ item.host | default('localhost') }}"
-    host: "{{ app_bind_address | default('localhost') }}"
-    password: "{{ item.password }}"
-    priv: "{{ item.priv | default('*.*:USAGE') }}"
-    state: "{{ item.state | default('present') }}"
-    append_privs: "{{ item.append_privs | default('no') }}"
-    encrypted: "{{ item.encrypted | default('no') }}"
-    login_unix_socket: "{{ mariadb_socket }}"
-  with_items: "{{ mariadb_user }}"
-  no_log: true

sandbox/ansible/roles/mariadb/tasks/main.yml

@@ -1,20 +0,0 @@
----
-# tasks file for ansible-role-mariadb
-
-- name: Include OS specific variables.
-  include_vars: "{{ ansible_os_family }}.yml"
-
-- name: Install Mariadb
-  include_tasks: "setup/{{ ansible_os_family }}.yml"
-
-- name: Ensure Mariadb configfile is present
-  include_tasks: "config/template.yml"
-
-- name: Ensure Mariadb is secure
-  include_tasks: "config/secure-installation.yml"
-
-- name: Ensure Mariadb databases are present
-  include_tasks: "database/databases.yml"
-
-- name: Ensure Mariadb users are present
-  include_tasks: "database/users.yml"

sandbox/ansible/roles/mariadb/tasks/setup/RedHat.yml

@@ -1,17 +0,0 @@
----
-# Install mariadb
-- name: Add MariaDB Repository for {{ ansible_distribution }}
-  template:
-    src: mariadb-server.repo.j2
-    dest: /etc/yum.repos.d/mariadb-server.repo
-
-- name: Install all the {{ ansible_distribution }} mariadb packages
-  dnf:
-    name: "{{ mariadb_packages }}"
-    state: present
-
-- name: Mariadb service
-  service:
-    name: "{{ mariadb_service }}"
-    state: started
-    enabled: yes

sandbox/ansible/roles/mariadb/tasks/setup/Suse.yml

@@ -1,13 +0,0 @@
----
-# Install mariadb
-
-- name: Install all the Suse mariadb packages
-  zypper:
-    name: "{{ mariadb_packages }}"
-    state: present
-
-- name: Mariadb service
-  service:
-    name: "{{ mariadb_service }}"
-    state: started
-    enabled: yes

sandbox/ansible/roles/mariadb/templates/galera.j2

@@ -1,33 +0,0 @@
-#
-# These groups are read by MariaDB server.
-# Use it for options that only the server (but not clients) should see
-
-# this is read by the standalone daemon and embedded servers
-[server]
-
-[mysqld]
-bind-address = {{ mariadb_bind_address }}
-port = {{ mariadb_port }}
-
-{% if mariadb_slow_query_log_enabled == true %}
-slow_query_log = 1
-long_query_time = {{ mariadb_slow_query_time }}
-{% endif %}
-
-default-storage-engine = innodb
-
-# Galera-related settings
-[galera]
-wsrep_provider = {{ galera_wsrep_provider }}
-wsrep_cluster_address = "gcomm://{% for host in groups['galera_cluster'] %}{{ hostvars[host]['ansible_default_ipv4']['address'] }},{% endfor %}"
-wsrep_node_name = {{ ansible_hostname }}
-wsrep_cluster_name = {{ galera_cluster_name }}
-wsrep_node_address = {{ ansible_default_ipv4.address }}
-binlog_format = row
-default_storage_engine = InnoDB
-innodb_autoinc_lock_mode = 2
-wsrep_on = ON
-
-[embedded]
-
-[mariadb]

sandbox/ansible/roles/mariadb/templates/mariadb-server.repo.j2

@@ -1,9 +0,0 @@
-
-[mariadb]
-name = MariaDB
-baseurl = "http://yum.mariadb.org/{{ mariadb_version}}/{{ ansible_distribution|lower|regex_replace('redhat', 'rhel')|regex_replace('oraclelinux', 'centos') }}{{ ansible_distribution_major_version }}-amd64"
-gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
-gpgcheck=1
-{% if ansible_distribution_file_variety == "RedHat" and ansible_distribution_major_version == "8" %}
-module_hotfixes=1
-{% endif %}

sandbox/ansible/roles/mariadb/templates/root-my.cnf.j2

@@ -1,5 +0,0 @@
-{{ ansible_managed | comment }}
-
-[client]
-user="{{ mysql_root_username }}"
-password="{{ mysql_root_password }}"

sandbox/ansible/roles/mariadb/templates/server.j2

@@ -1,22 +0,0 @@
-#
-# These groups are read by MariaDB server.
-# Use it for options that only the server (but not clients) should see
-#
-# See the examples of server my.cnf files in /usr/share/mysql/
-#
-
-# this is read by the standalone daemon and embedded servers
-[server]
-
-[mysqld]
-bind-address = {{ mariadb_bind_address }}
-port = {{ mariadb_port }}
-
-{% if mariadb_slow_query_log_enabled == true %}
-slow_query_log = 1
-long_query_time = {{ mariadb_slow_query_time }}
-{% endif %}
-
-[embedded]
-
-[mariadb]

sandbox/ansible/roles/mariadb/templates/user-my.cnf.j2

@@ -1,5 +0,0 @@
-{{ ansible_managed | comment }}
-
-[client]
-user="{{ mysql_user_name }}"
-password="{{ mysql_user_password }}"

sandbox/ansible/roles/mariadb/vars/RedHat.yml

@@ -1,12 +0,0 @@
-mariadb_packages:
-  - mariadb
-  - mariadb-server
-  - mariadb-libs
-  - MySQL-python
-  - perl-DBD-MySQL
-
-mariadb_service: mariadb
-mariadb_config_file: /etc/my.cnf.d/server.cnf
-mariadb_socket: /var/lib/mysql/mysql.sock
-mariadb_config_file_owner: root
-mariadb_config_file_group: root

sandbox/ansible/roles/mariadb/vars/Suse.yml

@@ -1,9 +0,0 @@
-mariadb_packages:
-  - mariadb
-  - python3-PyMySQL
-
-mariadb_service: mariadb
-mariadb_config_file: /etc/my.cnf.d/server.cnf
-mariadb_socket: /run/mysql/mysql.sock
-mariadb_config_file_owner: root
-mariadb_config_file_group: root

sandbox/ansible/roles/nextcloud/defaults/main.yml

@@ -1,83 +0,0 @@
----
-# defaults file for nextcloud
-NEXTCLOUD_VERSION: 24.0.5 # overload from the role
-NEXTCLOUD_TARBALL: "nextcloud-{{ NEXTCLOUD_VERSION }}.tar.bz2"
-NEXTCLOUD_URL: "https://download.nextcloud.com/server/releases/{{ NEXTCLOUD_TARBALL }}"
-NEXTCLOUD_GPG: "https://nextcloud.com/nextcloud.asc"
-GPG_FINGERPRINT: "28806A878AE423A28372792ED75899B9A724937A"
-
-# [PHP CONFIG AND EXTENSIONS]
-php_version: 8.1
-PHP_POST_LIMIT: 50G
-PHP_UPLOAD_LIMIT: 25G
-PHP_MAX_FILE: 200
-PHP_MAX_TIME: 3600
-PHP_MEMORY_LIMIT: 512M
-
-APC_SHM_SIZE: 128M
-OPCACHE_MEM_SIZE: 128M
-
-add_php_fpm: true
-nc_pm: "ondemand"
-nc_pm_max_children: 80
-nc_pm_start_servers: 2
-nc_pm_min_spare_servers: 1
-nc_pm_max_spare_servers: 3
-
-# [REDIS CONFIG]
-use_redis_server: false    # overload from the role
-redis_host: "127.0.0.1"    # overload from the role
-
-# [NEXTCLOUD CONFIG]
-nextcloud_trusted_domain: "nextcloud.test"
-nextcloud_ipv6: false
-debug_speed: false       # overload from the role
-
-nextcloud_instance_name: "{{ nextcloud_trusted_domain }}"
-
-nextcloud_install_websrv: true
-nextcloud_websrv: "apache2"  # "apache2" | "nginx"
-nextcloud_disable_websrv_default_site: false
-nextcloud_websrv_template: "templates/{{ nextcloud_websrv }}_nc.j2"
-nc_data_dir: "/srv/data"
-nc_admin_name: "pedro"
-nc_admin_pwd: "pedro"
-
-nc_loglevel: 2
-nc_log_rotate_size: 10485760
-nc_background_cron: true
-nc_cron_period: 10 # every <nc_cron_period> min
-
-## Custom nextcloud settings
-## https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html
-nextcloud_config_settings:
-  - { name: 'default_phone_region', value: 'BE' }  # set a country code using ISO 3166-1
-  - { name: 'open_basedir', value: '/dev/urandom' }
-  - { name: 'mysql.utf8mb4', value: 'true' }
-  - { name: 'updater.release.channel', value: 'production' }  # production | stable | daily | beta
-  - { name: 'mail_smtpmode', value: 'smtp' }
-  - { name: 'mail_domain', value: 'uclouvain.be' }
-  - { name: 'mail_smtphost', value: 'smtp.sgsi.ucl.ac.be' }
-  - { name: 'mail_smtpauthtype', value: 'LOGIN' }
-  - { name: 'overwrite.cli.url', value: 'https://{{ nextcloud_trusted_domain }}' }
-  - { name: 'overwritehost', value: 'nextcloud.test' }
-  - { name: 'overwriteprotocol', value: 'https' }
-
-#php /var/www/html/occ config:system:set share_folder --value="/Shared"
-
-# [DATABASE]
-db_host: "127.0.0.1" # overload from the role
-nc_db_name: "nextcloudb"
-nc_db_user: "web"
-nc_db_password: "secret"
-
-# [APPS]
-nextcloud_apps:
-  - twofactor_totp
-  - deck
-  - tasks
-  - calendar
-  - contacts
-  - apporder
-
-nc_collabora: false

sandbox/ansible/roles/nextcloud/files/apcu.config.php

@@ -1,4 +0,0 @@
-<?php
-$CONFIG = array (
-  'memcache.local' => '\OC\Memcache\APCu',
-);

sandbox/ansible/roles/nextcloud/files/apps.config.php

@@ -1,15 +0,0 @@
-<?php
-$CONFIG = array (
-  'apps_paths' => array (
-      0 => array (
-              'path'     => OC::$SERVERROOT.'/apps',
-              'url'      => '/apps',
-              'writable' => false,
-      ),
-      1 => array (
-              'path'     => OC::$SERVERROOT.'/custom_apps',
-              'url'      => '/custom_apps',
-              'writable' => true,
-      ),
-  ),
-);

sandbox/ansible/roles/nextcloud/files/mysql_nextcloud.cnf

@@ -1,12 +0,0 @@
-################################################################################
-# This file was generated by Ansible
-# Do NOT modify this file by hand!
-################################################################################
-
-# Nextcloud mysql.cnf
-
-[mysqld]
-binlog_format = MIXED
-innodb_large_prefix=on
-innodb_file_format=barracuda
-innodb_file_per_table=true

sandbox/ansible/roles/nextcloud/files/nextcloud_custom_mimetypemapping.json

@@ -1,182 +0,0 @@
-{
-        "_comment" : "This file was generated by Ansible, Do NOT modify this file by hand!",
-
-        "3gp": ["video/3gpp"],
-        "7z": ["application/x-7z-compressed"],
-        "accdb": ["application/msaccess"],
-        "ai": ["application/illustrator"],
-        "apk": ["application/vnd.android.package-archive"],
-        "arw": ["image/x-dcraw"],
-        "avi": ["video/x-msvideo"],
-        "bash": ["text/x-shellscript"],
-        "blend": ["application/x-blender"],
-        "bin": ["application/x-bin"],
-        "bmp": ["image/bmp"],
-        "bpg": ["image/bpg"],
-        "bz2": ["application/x-bzip2"],
-        "cb7": ["application/x-cbr"],
-        "cba": ["application/x-cbr"],
-        "cbr": ["application/x-cbr"],
-        "cbt": ["application/x-cbr"],
-        "cbtc": ["application/x-cbr"],
-        "cbz": ["application/x-cbr"],
-        "cc": ["text/x-c"],
-        "cdr": ["application/coreldraw"],
-        "class": ["application/java"],
-        "cnf": ["text/plain"],
-        "conf": ["text/plain"],
-        "cpp": ["text/x-c++src"],
-        "cr2": ["image/x-dcraw"],
-        "css": ["text/css"],
-        "csv": ["text/csv"],
-        "cvbdl": ["application/x-cbr"],
-        "c": ["text/x-c"],
-        "c++": ["text/x-c++src"],
-        "dcr": ["image/x-dcraw"],
-        "deb": ["application/x-deb"],
-        "dng": ["image/x-dcraw"],
-        "doc": ["application/msword"],
-        "docm": ["application/vnd.ms-word.document.macroEnabled.12"],
-        "docx": ["application/vnd.openxmlformats-officedocument.wordprocessingml.document"],
-        "dot": ["application/msword"],
-        "dotx": ["application/vnd.openxmlformats-officedocument.wordprocessingml.template"],
-        "dv": ["video/dv"],
-        "eot": ["application/vnd.ms-fontobject"],
-        "epub": ["application/epub+zip"],
-        "eps": ["application/postscript"],
-        "erf": ["image/x-dcraw"],
-        "exe": ["application/x-ms-dos-executable"],
-        "fb2": ["application/x-fictionbook+xml", "text/plain"],
-        "flac": ["audio/flac"],
-        "flv": ["video/x-flv"],
-        "gif": ["image/gif"],
-        "gz": ["application/x-gzip"],
-        "gzip": ["application/x-gzip"],
-        "h": ["text/x-h"],
-        "hh": ["text/x-h"],
-        "hpp": ["text/x-h"],
-        "html": ["text/html", "text/plain"],
-        "htm": ["text/html", "text/plain"],
-        "ical": ["text/calendar"],
-        "ics": ["text/calendar"],
-        "iiq": ["image/x-dcraw"],
-        "impress": ["text/impress"],
-        "java": ["text/x-java-source"],
-        "jpeg": ["image/jpeg"],
-        "jpg": ["image/jpeg"],
-        "jps": ["image/jpeg"],
-        "js": ["application/javascript", "text/plain"],
-        "json": ["application/json", "text/plain"],
-        "k25": ["image/x-dcraw"],
-        "kdc": ["image/x-dcraw"],
-        "key": ["application/x-iwork-keynote-sffkey"],
-        "keynote": ["application/x-iwork-keynote-sffkey"],
-        "kra": ["application/x-krita"],
-        "lwp": ["application/vnd.lotus-wordpro"],
-        "m2t": ["video/mp2t"],
-        "m4a": ["audio/mp4"],
-        "m4b": ["audio/m4b"],
-        "m4v": ["video/mp4"],
-        "markdown": ["text/markdown"],
-        "mdown": ["text/markdown"],
-        "md": ["text/markdown"],
-        "mdb": ["application/msaccess"],
-        "mdwn": ["text/markdown"],
-        "mkd": ["text/markdown"],
-        "mef": ["image/x-dcraw"],
-        "mkv": ["video/x-matroska"],
-        "mobi": ["application/x-mobipocket-ebook"],
-        "mov": ["video/quicktime"],
-        "mp3": ["audio/mpeg"],
-        "mp4": ["video/mp4"],
-        "mpeg": ["video/mpeg"],
-        "mpg": ["video/mpeg"],
-        "mpo": ["image/jpeg"],
-        "msi": ["application/x-msi"],
-        "mts": ["video/MP2T"],
-        "mt2s": ["video/MP2T"],
-        "nef": ["image/x-dcraw"],
-        "numbers": ["application/x-iwork-numbers-sffnumbers"],
-        "odf": ["application/vnd.oasis.opendocument.formula"],
-        "odg": ["application/vnd.oasis.opendocument.graphics"],
-        "odp": ["application/vnd.oasis.opendocument.presentation"],
-        "ods": ["application/vnd.oasis.opendocument.spreadsheet"],
-        "odt": ["application/vnd.oasis.opendocument.text"],
-        "oga": ["audio/ogg"],
-        "ogg": ["audio/ogg"],
-        "ogv": ["video/ogg"],
-        "one": ["application/msonenote"],
-        "opus": ["audio/ogg"],
-        "orf": ["image/x-dcraw"],
-        "otf": ["application/font-sfnt"],
-        "pad": ["application/x-ownpad"],
-        "calc": ["application/x-ownpad"],
-        "pages": ["application/x-iwork-pages-sffpages"],
-        "pdf": ["application/pdf"],
-        "pfb": ["application/x-font"],
-        "pef": ["image/x-dcraw"],
-        "php": ["application/x-php"],
-        "pl": ["application/x-perl"],
-        "png": ["image/png"],
-        "pot": ["application/vnd.ms-powerpoint"],
-        "potm": ["application/vnd.ms-powerpoint.template.macroEnabled.12"],
-        "potx": ["application/vnd.openxmlformats-officedocument.presentationml.template"],
-        "ppa": ["application/vnd.ms-powerpoint"],
-        "ppam": ["application/vnd.ms-powerpoint.addin.macroEnabled.12"],
-        "pps": ["application/vnd.ms-powerpoint"],
-        "ppsm": ["application/vnd.ms-powerpoint.slideshow.macroEnabled.12"],
-        "ppsx": ["application/vnd.openxmlformats-officedocument.presentationml.slideshow"],
-        "ppt": ["application/vnd.ms-powerpoint"],
-        "pptm": ["application/vnd.ms-powerpoint.presentation.macroEnabled.12"],
-        "pptx": ["application/vnd.openxmlformats-officedocument.presentationml.presentation"],
-        "ps": ["application/postscript"],
-        "psd": ["application/x-photoshop"],
-        "py": ["text/x-python"],
-        "raf": ["image/x-dcraw"],
-        "rar": ["application/x-rar-compressed"],
-        "reveal": ["text/reveal"],
-        "rss": ["application/rss+xml"],
-        "rtf": ["text/rtf"],
-        "rw2": ["image/x-dcraw"],
-        "sgf": ["application/sgf"],
-        "sh-lib": ["text/x-shellscript"],
-        "sh": ["text/x-shellscript"],
-        "srf": ["image/x-dcraw"],
-        "sr2": ["image/x-dcraw"],
-        "svg": ["image/svg+xml", "text/plain"],
-        "swf": ["application/x-shockwave-flash", "application/octet-stream"],
-        "tar": ["application/x-tar"],
-        "tar.bz2": ["application/x-bzip2"],
-        "tar.gz": ["application/x-compressed"],
-        "tbz2": ["application/x-bzip2"],
-        "tex": ["application/x-tex"],
-        "tgz": ["application/x-compressed"],
-        "tiff": ["image/tiff"],
-        "tif": ["image/tiff"],
-        "ttf": ["application/font-sfnt"],
-        "txt": ["text/plain"],
-        "vcard": ["text/vcard"],
-        "vcf": ["text/vcard"],
-        "vob": ["video/dvd"],
-        "vsd": ["application/vnd.visio"],
-        "wav": ["audio/wav"],
-        "webm": ["video/webm"],
-        "woff": ["application/font-woff"],
-        "wpd": ["application/vnd.wordperfect"],
-        "wmv": ["video/x-ms-wmv"],
-        "xcf": ["application/x-gimp"],
-        "xla": ["application/vnd.ms-excel"],
-        "xlam": ["application/vnd.ms-excel.addin.macroEnabled.12"],
-        "xls": ["application/vnd.ms-excel"],
-        "xlsb": ["application/vnd.ms-excel.sheet.binary.macroEnabled.12"],
-        "xlsm": ["application/vnd.ms-excel.sheet.macroEnabled.12"],
-        "xlsx": ["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"],
-        "xlt": ["application/vnd.ms-excel"],
-        "xltm": ["application/vnd.ms-excel.template.macroEnabled.12"],
-        "xltx": ["application/vnd.openxmlformats-officedocument.spreadsheetml.template"],
-        "xml": ["application/xml", "text/plain"],
-        "xrf": ["image/x-dcraw"],
-        "yaml": ["application/yaml", "text/plain"],
-        "yml": ["application/yaml", "text/plain"],
-        "zip": ["application/zip"]
-}

sandbox/ansible/roles/nextcloud/handlers/main.yml

@@ -1,41 +0,0 @@
----
-# handlers file for nextcloud
-- name: restart mysql
-  ansible.builtin.service:
-    name: "{{ mysql_daemon }}"
-    state: restarted
-
-- name: start http
-  ansible.builtin.service:
-    name: "{{ http_service_name }}"
-    state: started
-
-- name: restart http
-  ansible.builtin.service:
-    name: "{{ http_service_name }}"
-    state: restarted
-
-- name: reload http
-  ansible.builtin.service:
-    name: "{{ http_service_name }}"
-    state: reloaded
-
-- name: start php-fpm
-  ansible.builtin.service:
-    name: php{{ php_ver }}-fpm
-    state: started
-
-- name: reload php-fpm
-  ansible.builtin.service:
-    name: php{{ php_ver }}-fpm
-    state: reloaded
-
-- name: start redis
-  ansible.builtin.service:
-    name: redis-server
-    state: started
-
-- name: restart redis
-  ansible.builtin.service:
-    name: redis-server
-    state: restarted

sandbox/ansible/roles/nextcloud/tasks/main.yml

@@ -1,56 +0,0 @@
----
-# tasks file for nextcloud
-
-- name: Main... Check Nextcloud debug speed
-  set_fact:
-    debug_speed_check: "{{ debug_speed }}"
-
-# include os specific tasks
-- include_tasks: "prep_os/{{ ansible_os_family }}.yml"
-
-# install required packages
-- include_tasks: "prep_php/{{ ansible_os_family }}.yml"
-
-- name: Main... Check if a mysql/mariadb database is available
-  shell: mysql --host={{ db_host }} --user={{ nc_db_user }} --password={{ nc_db_password }} -e 'SHOW DATABASES;' | grep -cx {{ nc_db_name }}
-  register: dbstatus
-  failed_when: "dbstatus.stdout|int != 1"
-  no_log: true
-
-- name: Main... Check Nextcloud installed
-  stat:
-    path: "{{ http_webroot }}/nextcloud/index.php"
-  register: nc_nextcloud_installed
-
-- name: Main... Download and Install Nextcloud
-  include_tasks: "nc_download.yml"
-  when: (nc_nextcloud_installed.stat.isreg is undefined) or (not nc_nextcloud_installed.stat.isreg)
-
-- name: Main... Check Nextcloud is installed
-  shell: grep installed {{ http_webroot }}/nextcloud/config/config.php | grep true | wc -l
-  register: nc_installation_configured
-
-- name: Main... Install nextcloud
-  include_tasks: nc_install.yml
-  when: nc_installation_configured.stdout|int == 0
-
-- name: Main... Check Selinux
-  include_tasks: "selinux.yml"
-  when:
-    - (ansible_os_family == "RedHat")
-    - (ansible_selinux.status == "enabled")
-
-- name: Main... Setup nextcloud
-  include_tasks: nc_setup.yml
-
-- name: Main... Restart {{ http_service_name }} service
-  service:
-    name: "{{ http_service_name }}"
-    state: restarted
-
-- name: Main... First run Cron
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} -f cron.php"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"

sandbox/ansible/roles/nextcloud/tasks/nc_download.yml

@@ -1,65 +0,0 @@
----
-- name: Download... Download Nextcloud archive
-  get_url:
-    url:  "{{ NEXTCLOUD_URL }}"
-    dest: /tmp/{{ NEXTCLOUD_TARBALL }}
-    checksum: "sha256:{{ NEXTCLOUD_URL }}.sha256"
-
-- name: Download... Download generic GPG key
-  get_url:
-    url: "{{ NEXTCLOUD_GPG }}"
-    dest: /tmp/nextcloud.asc
-
-- name: Download... Download Nextcloud release GPG key
-  get_url:
-    url: "{{ NEXTCLOUD_URL }}.asc"
-    dest: /tmp/{{ NEXTCLOUD_TARBALL }}.asc
-
-- name: Download... Import Nextcloud GPG key
-  shell: gpg --import /tmp/nextcloud.asc
-
-- name: Download... See Nextcloud GPG stored
-  set_fact:
-   correct_gpg: "{{ GPG_FINGERPRINT }}"
-
-- name: Download... Verify Nextcloud GPG
-  shell: gpg --verify /tmp/{{ NEXTCLOUD_TARBALL }}.asc /tmp/{{ NEXTCLOUD_TARBALL }} 2>&1 | tail -n 1 | cut -d ':' -f2 | tr -d ' '
-  register: nc_fingerprint
-  failed_when: (nc_fingerprint.stdout|string not in correct_gpg)
-
-- name: Download... Extract Nextcloud
-  unarchive:
-    src: /tmp/{{ NEXTCLOUD_TARBALL }}
-    dest: "{{ http_webroot }}"
-    remote_src: true
-    creates: "{{ http_webroot }}/nextcloud/occ"
-
-- name: Download... Ensure Nextcloud files are 0640
-  shell: find {{ http_webroot }}/nextcloud -type f -exec chmod -c 0640 {} \;
-  register: nc_installation_chmod_result
-  changed_when: "nc_installation_chmod_result.stdout != \"\""
-
-- name: Download... Setting stronger directory ownership
-  file:
-    path: "{{ http_webroot }}/nextcloud/"
-    recurse: true
-    owner: "{{ nextcloud_websrv_user }}"
-    group: "{{ nextcloud_websrv_group }}"
-    state: directory
-
-- name: Download... Ensure Nextcloud .htaccess and .user.ini are 0644 
-  file:
-    path: "{{ item }}"
-    mode: u=rw,g=r,o=r
-  with_items:
-    - "{{ http_webroot }}/nextcloud/.htaccess"
-    - "{{ http_webroot }}/nextcloud/.user.ini"
-
-- name: Download... Remove Nextcloud tmp files
-  ansible.builtin.file:
-    path: "{{ item }}"
-    state: absent
-  with_items:
-    - "/tmp/{{ NEXTCLOUD_TARBALL }}.asc"
-    - "/tmp/{{ NEXTCLOUD_TARBALL }}"
-    - "/tmp/nextcloud.asc"

sandbox/ansible/roles/nextcloud/tasks/nc_install.yml

@@ -1,35 +0,0 @@
----
-#########
-# Run command line installation.
-# the web server must be running by now in order to launch the installation
-
-- name: Install... Removing possibly old or incomplete config.php
-  file:
-    path: "{{ http_webroot }}/nextcloud/config/config.php"
-    state: absent
-
-- name: Install... Create data directory
-  file:
-    path: "{{ item }}"
-    state: directory
-    owner: "{{ nextcloud_websrv_user }}"
-    group: "{{ nextcloud_websrv_group }}"
-    mode: 0770
-  with_items:
-    - "{{ nc_data_dir }}"
-    - "{{ http_webroot }}/nextcloud/custom_apps"
-      
-- name: Install... First setup Nextcloud
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ maintenance:install --database=mysql --database-host={{ db_host }} --database-name={{ nc_db_name }} --database-user={{ nc_db_user }} --database-pass={{ nc_db_password }} --admin-user={{ nc_admin_name }} --admin-pass={{ nc_admin_pwd }} --data-dir={{ nc_data_dir }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-    creates: "{{ http_webroot }}/nextcloud/config/config.php"
-  register: setup_nc
-
-- name: Install... Removing possibly sample config
-  file:
-    path: "{{ http_webroot }}/nextcloud/config/config.sample.php"
-    state: absent
-

sandbox/ansible/roles/nextcloud/tasks/nc_setup.yml

@@ -1,184 +0,0 @@
----
-
-- name: Setup... Set APCU config for Nextcloud
-  copy:
-    dest: "{{ http_webroot }}/nextcloud/config/apcu.config.php"
-    src: files/apcu.config.php
-    owner: "{{ nextcloud_websrv_user }}"
-    group: "{{ nextcloud_websrv_group }}"
-    mode: 0640
-
-- name: Setup... Set custom_apps config for Nextcloud
-  copy:
-    dest: "{{ http_webroot }}/nextcloud/config/apps.config.php"
-    src: files/apps.config.php
-    owner: "{{ nextcloud_websrv_user }}"
-    group: "{{ nextcloud_websrv_group }}"
-    mode: 0640
-
-- name: Setup... Set Trusted Domains
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ config:system:set trusted_domains 0 --value={{ nextcloud_trusted_domain }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-
-- name: Setup... Check disabled apps list
-  shell: "{{ php_bin }} occ app:list --no-warnings | grep -A30 'Disabled' | grep -v 'Disabled' | cut -d'-' -f2 | cut -d':' -f1 | grep -v 'encryption'"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  register: nc_apps_list
-  failed_when: nc_apps_list.rc >= 2
-
-- name: Setup... Enable all disabled apps
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ app:enable {{ item }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  with_items: "{{ nc_apps_list.stdout_lines }}"
-  when: nc_apps_list.rc == 0
-
-- name: Setup... Applying default settings
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ {{ item }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  loop:
-    - "config:system:set loglevel --value='{{ nc_loglevel }}'"
-    - "config:system:set log_type --value=file"
-    - "config:system:set logfile --value='{{ nc_data_dir }}/nextcloud.log'"
-    - "config:system:set log_rotate_size --value='{{ nc_log_rotate_size }}'"
-    - "config:app:set admin_audit logfile --value='{{ nc_data_dir }}/audit.log'"
-    - "config:system:set log.condition apps 0 --value='admin_audit'"
-  loop_control:
-    pause: 2
-
-- name: Setup... Applying preview settings
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ {{ item }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  loop:
-    - "config:system:set preview_max_x --value='2048'"
-    - "config:system:set preview_max_y --value='2048'"
-    - "config:app:set preview jpeg_quality --value='60'"
-    - "config:system:set jpeg_quality --value='60'"
-    - "config:system:delete enabledPreviewProviders"
-    - "config:system:set enabledPreviewProviders 1 --value='OC\\Preview\\Image'"
-    - "config:system:set enabledPreviewProviders 2 --value='OC\\Preview\\MarkDown'"
-    - "config:system:set enabledPreviewProviders 3 --value='OC\\Preview\\MP3'"
-    - "config:system:set enabledPreviewProviders 4 --value='OC\\Preview\\TXT'"
-    - "config:system:set enabledPreviewProviders 5 --value='OC\\Preview\\OpenDocument'"
-    - "config:system:set enabledPreviewProviders 6 --value='OC\\Preview\\Movie'"
-    - "config:system:set enable_previews --value=true --type=boolean"
-  loop_control:
-    pause: 2
-
-- name: Setup... Applying other settings
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ {{ item }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  loop:
-    - "config:system:set upgrade.disable-web --type=bool --value=true"
-    - "config:system:set trashbin_retention_obligation --value='auto, 30'"
-    - "config:system:set versions_retention_obligation --value='auto, 30'"
-    - "config:system:set activity_expire_days --value='30'"
-    - "config:system:set simpleSignUpLink.shown --type=bool --value=false"
-    #- "config:system:set share_folder --value='/Shared'"
-  loop_control:
-    pause: 2
-
-- name: Setup... Set Nextcloud system settings in config.php
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ config:system:set {{ item.name }} --value={{ item.value }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  with_items:
-    - "{{ nextcloud_config_settings }}"
-
-- name: Setup... Set Redis Server
-  template:
-    dest: "{{ http_webroot }}/nextcloud/config/redis.config.php" 
-    src: redis.config.php.j2
-    owner: "{{ nextcloud_websrv_user }}"
-    group: "{{ nextcloud_websrv_group }}"
-    mode: 0640
-  when: (use_redis_server | bool)
-
-- name: Setup... Install Nextcloud Apps
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ app:install {{ item }}"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  with_items: "{{ nextcloud_apps }}"
-  register: nc_apps_installed
-  failed_when: nc_apps_installed.rc >= 2
-
-- name: Setup... Configure Cron
-  cron:
-    name: "Nextcloud Cronjob"
-    minute: "*/{{ nc_cron_period }}"
-    user: "{{ nextcloud_websrv_user }}"
-    job: "{{ php_bin }} -f {{ http_webroot }}/nextcloud/cron.php"
-    cron_file: "nextcloud"
-  when: (nc_background_cron | bool)
-
-- name: Setup... Set Cron method to Crontab
-  become_user: "{{ nextcloud_websrv_user }}"
-  become: true
-  shell: "{{ php_bin }} occ background:cron"
-  args:
-    chdir: "{{ http_webroot }}/nextcloud"
-  when: (nc_background_cron | bool)
-
-      ###- name: Setup... "[NC] Set Custom Mimetype"
-      ###  ansible.builtin.copy:
-      ###    dest: "{{ nextcloud_webroot }}/config/mimetypemapping.json"
-      ###    src: files/nextcloud_custom_mimetypemapping.json
-      ###    mode: 0640
-      ###
-
-- name: Setup... Collabora settings ownership
-  file:
-    path: "{{ item }}"
-    recurse: true
-    owner: cool
-    group: cool
-  with_items:
-    - /opt/cool/systemplate/etc/hosts
-    - /opt/cool/systemplate/etc/resolv.conf
-    - /etc/coolwsd
-  when: nc_collabora
-
-- name: Setup... Ensure Nextcloud directories are 0750
-  shell: find {{ http_webroot }}/nextcloud -type d -exec chmod -c 0750 {} \;
-  register: nc_installation_chmod_result
-  changed_when: "nc_installation_chmod_result.stdout != \"\""
-
-- name: Setup... Ensure Nextcloud files are 0640
-  shell: find {{ http_webroot }}/nextcloud -type f -exec chmod -c 0640 {} \;
-  register: nc_installation_chmod_result
-  changed_when: "nc_installation_chmod_result.stdout != \"\""
-
-      ###- name: Setup... "[NC] Setting stronger directory ownership"
-      ###  ansible.builtin.file:
-      ###    path: "{{ nextcloud_webroot }}/{{ item }}/"
-      ###    recurse: true
-      ###    owner: "{{ nextcloud_websrv_user }}"
-      ###    group: "{{ nextcloud_websrv_group }}"
-      ###    state: directory
-      ###  with_items:
-      ###    - apps
-      ###    - custom_apps
-      ###    - config
-      ###    - themes
-      ###    - updater

sandbox/ansible/roles/nextcloud/tasks/prep_os/CentOS.yml

@@ -1,102 +0,0 @@
----
-# CentOS related tasks
-
-#- name: Prep OS... Create tmp directory
-#  file:
-#    path: "{{ item }}"
-#    state: directory
-#    owner: "{{ ansible_user }}"
-#    mode: 0770
-#  with_items:
-#    - "/tmp/ansible_{{ ansible_user }}"
-#
-#- name: Prep OS... Set remote tmp
-#  set_fact:
-#    ansible_remote_tmp: "/tmp/ansible_{{ ansible_user }}"
-
-- name: Prep OS... add rpmfusion-free-release centos{{ ansible_distribution_major_version|int }} repo
-  dnf:
-    name: https://download1.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version|int }}.noarch.rpm
-    disable_gpg_check: yes
-    validate_certs: no
-    state: latest
-  when: not debug_speed_check
-
-- name: Prep OS... import key from Collabora centos{{ ansible_distribution_major_version|int }} repo
-  ansible.builtin.rpm_key:
-    state: present
-    key: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos{{ ansible_distribution_major_version|int }}/repodata/repomd.xml.key
-  when: nc_collabora
-
-- name: Prep OS... add Collabora repos centos{{ ansible_distribution_major_version|int }} repo
-  ansible.builtin.yum_repository:
-    name: collabora
-    description: Collabora Online CODE repo
-    baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos{{ ansible_distribution_major_version|int }}
-  when: nc_collabora
-
-- name: Prep OS... install Collabora packages
-  dnf:
-    name:
-      - coolwsd
-      - CODE-brand
-      - inotify-tools 
-      - psmisc 
-      - perl
-    state: latest
-  when: nc_collabora
-
-- name: Prep OS... update os
-  dnf:
-    name: '*'
-    update_cache: true
-    state: latest
-  when: not debug_speed_check
-
-- name: Prep OS... install needed packages
-  dnf:
-    name:
-      - libreoffice
-      - ffmpeg
-      - mariadb
-    state: latest
-    enablerepo: epel
-  when: not debug_speed_check
-
-- name: Prep OS... Ensure Apache is installed on {{ ansible_facts['distribution'] }}
-  dnf:
-    name: httpd
-    state: present
-  when: nextcloud_websrv in ["apache", "apache2"]
-
-- name: Prep OS... Set http env on {{ ansible_facts['distribution'] }}
-  set_fact:
-    http_service_name: httpd
-    http_webroot: /var/www/html
-    nextcloud_websrv_user: apache
-    nextcloud_websrv_group: apache
-  when: nextcloud_websrv in ["apache", "apache2"]
-
-- name: Prep OS... Generate Nextcloud configuration for apache
-  template:
-    dest: /etc/httpd/conf.d/nextcloud.conf
-    src: nextcloud_apache2.j2
-    mode: 0640
-  when: nextcloud_websrv in ["apache", "apache2"]
-
-- name: Prep OS... Allow http to listen on tcp port 8000
-  seport:
-    ports: 8000
-    proto: tcp
-    setype: http_port_t
-    state: present
-
-    #- name: Prep OS... semanage port
-    #  command: semanage port -m -t http_port_t -p tcp {{ item }}
-    #  loop:
-    #    - "8000"
-
-- name: Prep OS... Start {{ http_service_name }} service
-  service:
-    name: "{{ http_service_name }}"
-    state: started

sandbox/ansible/roles/nextcloud/tasks/prep_os/RedHat.yml

@@ -1,3 +0,0 @@
----
-
-- include_tasks: "{{ ansible_facts['distribution'] }}.yml"

sandbox/ansible/roles/nextcloud/tasks/prep_os/Suse.yml

@@ -1,57 +0,0 @@
----
-# Suse related tasks
-
-- name: add rpmfusion-free-release {{ ansible_distribution_major_version|int }} repo
-  dnf:
-    name: https://download1.rpmfusion.org/free/el/rpmfusion-free-release-{{ ansible_distribution_major_version|int }}.noarch.rpm
-    disable_gpg_check: yes
-    validate_certs: no
-    state: latest
-  when: not {{ debug_speed_check }}
-
-- name: update os
-  dnf:
-    name: '*'
-    update_cache: true
-    state: latest
-  when: not {{ debug_speed_check }}
-
-- name: install needed packages
-  dnf:
-    name:
-      - epel-release
-      - yum-utils
-      - curl
-      - bash-completion
-      - mlocate
-      - bzip2
-      - wget
-      - libreoffice
-      - ffmpeg
-      - mariadb
-    state: latest
-    enablerepo: epel
-  when: not {{ debug_speed_check }}
-
-- name: Ensure Apache is installed on {{ ansible_facts['distribution'] }}
-  dnf:
-    name: httpd
-    state: present
-  when: nextcloud_websrv in ["apache", "apache2"]
-  notify: start http
-
-- name: Set http env on {{ ansible_facts['distribution'] }}
-  set_fact:
-    http_service_name: httpd
-    http_webroot: /var/www/html
-    nextcloud_websrv_user: apache
-    nextcloud_websrv_group: apache
-  when: nextcloud_websrv in ["apache", "apache2"]
-
-- name: Generate Nextcloud configuration for apache
-  template:
-    dest: /etc/httpd/conf.d/nextcloud.conf
-    src: nextcloud_apache2.j2
-    mode: 0640
-  when: nextcloud_websrv in ["apache", "apache2"]
-  notify: restart http

sandbox/ansible/roles/nextcloud/tasks/prep_php/CentOS.yml

@@ -1,117 +0,0 @@
----
-- name: Prep php... add php Remi repo
-  dnf:
-    name: https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version|int }}.rpm
-    state: latest
-    disable_gpg_check: yes
-    validate_certs: no
-  when: not debug_speed_check
-
-- name: Prep php... disable all the php repositories
-  shell: yum-config-manager --disable 'remi-php*'
-  when: not debug_speed_check
-
-- name: Prep php... enable the repo php{{ php_version | replace(".","") }}
-  shell: yum-config-manager --enable remi-php{{ php_version | replace(".","") }}
-  when: not debug_speed_check
-
-- name: Prep php... update os
-  dnf:
-    name: '*'
-    update_cache: true
-    state: latest
-  when: not debug_speed_check
-
-- name: Prep php... install needed packages
-  dnf:
-    name:
-      - php{{ php_version | replace(".","") }}-php 
-      - php{{ php_version | replace(".","") }}-php-pecl-apcu 
-      - php{{ php_version | replace(".","") }}-php-bcmath 
-      - php{{ php_version | replace(".","") }}-php-dom 
-      - php{{ php_version | replace(".","") }}-php-gmp 
-      - php{{ php_version | replace(".","") }}-php-pecl-imagick 
-      - php{{ php_version | replace(".","") }}-php-ldap 
-      - php{{ php_version | replace(".","") }}-php-openssl 
-      - php{{ php_version | replace(".","") }}-php-gd 
-      - php{{ php_version | replace(".","") }}-php-json 
-      - php{{ php_version | replace(".","") }}-php-mysql 
-      - php{{ php_version | replace(".","") }}-php-curl 
-      - php{{ php_version | replace(".","") }}-php-mbstring 
-      - php{{ php_version | replace(".","") }}-php-intl 
-      - php{{ php_version | replace(".","") }}-php-exif 
-      - php{{ php_version | replace(".","") }}-php-zip 
-      - php{{ php_version | replace(".","") }}-php-zlib 
-      - php{{ php_version | replace(".","") }}-php-fileinfo 
-      - php{{ php_version | replace(".","") }}-php-pcntl 
-      - php{{ php_version | replace(".","") }}-php-posix 
-      - php{{ php_version | replace(".","") }}-php-xmlreader 
-      - php{{ php_version | replace(".","") }}-php-xmlwriter 
-      - php{{ php_version | replace(".","") }}-php-ctype 
-      - php{{ php_version | replace(".","") }}-php-bz2 
-      - php{{ php_version | replace(".","") }}-php-ftp
-      - php{{ php_version | replace(".","") }}-php-smbclient 
-      - php{{ php_version | replace(".","") }}-php-memcached 
-      - php{{ php_version | replace(".","") }}-php-redis 
-      - php{{ php_version | replace(".","") }}-php-phar 
-      - php{{ php_version | replace(".","") }}-php-opcache
-    state: latest
-  when: not debug_speed_check
-
-- name: Prep php... Set php env for {{ ansible_facts['distribution'] }}
-  set_fact: 
-    php_bin: "php{{ php_version | replace('.','') }}"
-    php_dir: "/etc/opt/remi/php{{ php_version | replace('.','') }}/php.d"
-    #php_pkg_apcu: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_apcu | d(php_config_ref.defaults.php_pkg_apcu) }}"
-    #php_pkg_spe: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_spe | d(php_config_ref.defaults.php_pkg_spe) }}"
-    #php_socket: "{{ php_config_ref[php_ver|replace('.','_')].php_socket | d(php_config_ref.defaults.php_socket) }}"
-
-- name: Prep php... Read Nextcloud configuration for PHP
-  set_fact:
-    php_content: "{{ lookup('template', '{{ role_path }}/templates/php_nc_ini.j2') }}"
-
-- name: Prep php... Integration Nextcloud configuration for PHP
-  blockinfile:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.ini
-    content: '{{ php_content }}'
-    state: present
-
-- name: Prep php... Read APCU configuration for PHP 
-  set_fact:
-    php_content: "{{ lookup('template', '{{ role_path }}/templates/apcu_nc_ini.j2') }}"
-
-- name: Prep php... Integration APCU configuration for PHP 
-  blockinfile:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.d/40-apcu.ini
-    content: '{{ php_content }}'
-    state: present
-
-- name: Prep php... Read OPCACHE configuration for PHP 
-  set_fact:
-    php_content: "{{ lookup('template', '{{ role_path }}/templates/opcache_nc_ini.j2') }}"
-
-- name: Prep php... Integration OPCACHE configuration for PHP 
-  blockinfile:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.d/10-opcache.ini
-    content: '{{ php_content }}'
-    state: present
-
-- name: Prep php... Install PHP-FPM
-  dnf:
-    name:
-      - php{{ php_version | replace(".","") }}-php-fpm
-    state: latest
-  when: add_php_fpm
-
-- name: Prep php... Configure PHP-FPM
-  lineinfile:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php-fpm.d/www.conf
-    regexp: "^{{ item.property | regex_escape() }}.*"
-    line: "{{ item.value }}"
-  with_items:
-    - { property: 'pm = dynamic', value: 'pm = {{ nc_pm }}' }
-    - { property: 'pm.max_children =', value: 'pm.max_children = {{ nc_pm_max_children }}' }
-    - { property: 'pm.start_servers =', value: 'pm.start_servers = {{ nc_pm_start_servers }}' }
-    - { property: 'pm.min_spare_servers =', value: 'pm.min_spare_servers = {{ nc_pm_min_spare_servers }}' }
-    - { property: 'pm.max_spare_servers =', value: 'pm.max_spare_servers = {{ nc_pm_max_spare_servers }}' }
-  when: add_php_fpm

sandbox/ansible/roles/nextcloud/tasks/prep_php/RedHat.yml

@@ -1,5 +0,0 @@
----
-
-# install required packages
-- include_tasks: "{{ ansible_facts['distribution'] }}.yml"
-

sandbox/ansible/roles/nextcloud/tasks/prep_php/Suse.yml

@@ -1,76 +0,0 @@
----
-- name: add php{{ php_version | replace(".","") }} repo
-  dnf:
-    name: https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version|int }}.rpm
-    state: latest
-
-- name: update os
-  dnf:
-    name: '*'
-    update_cache: true
-    state: latest
-
-- name: install needed packages
-  dnf:
-    name:
-      - php{{ php_version | replace(".","") }}-php 
-      - php{{ php_version | replace(".","") }}-php-pecl-apcu 
-      - php{{ php_version | replace(".","") }}-php-bcmath 
-      - php{{ php_version | replace(".","") }}-php-dom 
-      - php{{ php_version | replace(".","") }}-php-gmp 
-      - php{{ php_version | replace(".","") }}-php-pecl-imagick 
-      - php{{ php_version | replace(".","") }}-php-ldap 
-      - php{{ php_version | replace(".","") }}-php-openssl 
-      - php{{ php_version | replace(".","") }}-php-gd 
-      - php{{ php_version | replace(".","") }}-php-json 
-      - php{{ php_version | replace(".","") }}-php-mysql 
-      - php{{ php_version | replace(".","") }}-php-curl 
-      - php{{ php_version | replace(".","") }}-php-mbstring 
-      - php{{ php_version | replace(".","") }}-php-intl 
-      - php{{ php_version | replace(".","") }}-php-exif 
-      - php{{ php_version | replace(".","") }}-php-zip 
-      - php{{ php_version | replace(".","") }}-php-zlib 
-      - php{{ php_version | replace(".","") }}-php-fileinfo 
-      - php{{ php_version | replace(".","") }}-php-pcntl 
-      - php{{ php_version | replace(".","") }}-php-posix 
-      - php{{ php_version | replace(".","") }}-php-xmlreader 
-      - php{{ php_version | replace(".","") }}-php-xmlwriter 
-      - php{{ php_version | replace(".","") }}-php-ctype 
-      - php{{ php_version | replace(".","") }}-php-bz2 
-      - php{{ php_version | replace(".","") }}-php-ftp
-      - php{{ php_version | replace(".","") }}-php-smbclient 
-      - php{{ php_version | replace(".","") }}-php-memcached 
-      - php{{ php_version | replace(".","") }}-php-redis 
-      - php{{ php_version | replace(".","") }}-php-phar 
-      - php{{ php_version | replace(".","") }}-php-opcache
-    state: latest
-
-- name: Set php env for {{ ansible_facts['distribution'] }}
-  set_fact: 
-    php_bin: "php{{ php_version | replace('.','') }}"
-    php_dir: "/etc/opt/remi/php{{ php_version | replace('.','') }}/php.d/nextcloud.ini"
-    #php_pkg_apcu: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_apcu | d(php_config_ref.defaults.php_pkg_apcu) }}"
-    #php_pkg_spe: "{{ php_config_ref[php_ver|replace('.','_')].php_pkg_spe | d(php_config_ref.defaults.php_pkg_spe) }}"
-    #php_socket: "{{ php_config_ref[php_ver|replace('.','_')].php_socket | d(php_config_ref.defaults.php_socket) }}"
-
-- name: Add Nextcloud configuration for PHP
-  template:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.d/nextcloud.ini
-    src: php_nc_ini.j2
-    mode: '0640'
-  notify: restart http
-
-- name: Generate Nextcloud configuration for APCU
-  lineinfile:
-    path: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.d/40-apcu.ini
-    regexp: '^apc.shm_size(.*)'
-    line:   'apc.shm_size = {{ APC_SHM_SIZE }}'
-    backup: true
-  notify: restart http
-
-- name: Generate Nextcloud configuration for OPCACHE
-  ansible.builtin.template:
-    dest: /etc/opt/remi/php{{ php_version | replace(".","") }}/php.d/10-opcache.ini
-    src: opcache_nc_ini.j2
-    mode: 0640
-  notify: restart http

sandbox/ansible/roles/nextcloud/tasks/selinux.yml

@@ -1,51 +0,0 @@
----
-
-- name: Selinux... selinux targets
-  sefcontext:
-    target: "{{ item }}"
-    setype: httpd_sys_rw_content_t
-    state: present
-  register: filecontext
-  with_items:
-    - '{{ nc_data_dir }}(/.*)?'
-    - '{{ http_webroot }}/nextcloud/config(/.*)?'
-    - '{{ http_webroot }}/nextcloud/apps(/.*)?'
-    - '{{ http_webroot }}/nextcloud/custom_apps(/.*)?'
-    - '{{ http_webroot }}/nextcloud/assets(/.*)?'
-    - '{{ http_webroot }}/nextcloud/.htaccess'
-    - '{{ http_webroot }}/nextcloud/.user.ini'
-    - '{{ http_webroot }}/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'
-
-- name: Selinux... enable seboolean settings
-  seboolean:
-    name: "{{ item }}"
-    state: yes
-    persistent: yes
-  with_items:
-    - httpd_can_sendmail
-    - httpd_unified
-    - httpd_graceful_shutdown
-    - httpd_can_network_relay
-    - httpd_can_network_connect
-    - httpd_can_network_connect_db
-    - daemons_enable_cluster_mode
-    #- httpd_execmem
-
-      ###- name: Selinux... enable seboolean settings
-      ###  command: semodule -i {{ role_path }}/files/{{ item }}
-      ###  loop:
-      ###    - httpd-to-php-fpm.pp
-      ###    - httpd-to-redis-socket.pp
-      ###    - httpd-to-upload-tmp.pp
-
-- name: Selinux... Run restore context to reload selinux
-  shell: restorecon -R -v {{ item.target }}
-  when: filecontext.results[item.index] is changed
-  with_items:
-    - { index: 0, target: '{{ nc_data_dir }}/' }
-    - { index: 1, target: '{{ http_webroot }}/nextcloud/' }
-
-- name: Selinux... Restart {{ http_service_name }} service
-  service:
-    name: "{{ http_service_name }}" 
-    state: restarted

sandbox/ansible/roles/nextcloud/tasks/to_remove/CentOS.yml

@@ -1,19 +0,0 @@
----
-- name: Ensure Apache is installed on {{ ansible_facts['distribution'] }}
-  dnf:
-    name: httpd
-    state: present
-  when: nextcloud_websrv in ["apache", "apache2"]
-  notify: start http
-
-- name: Set nextcloud webroot on {{ ansible_facts['distribution'] }}
-  set_fact:
-    nextcloud_webroot: /var/www/html/nextcloud/
-
-- name: Generate Nextcloud configuration for apache
-  template:
-    dest: /etc/httpd/conf.d/nextcloud.conf
-    src: nextcloud_apache2.j2
-    mode: 0640
-  when: nextcloud_websrv in ["apache", "apache2"]
-  notify: restart http

sandbox/ansible/roles/nextcloud/tasks/to_remove/db_mysql.yml

@@ -1,116 +0,0 @@
----
-- name: "[mySQL] - Service is installed."
-  ansible.builtin.package:
-    name: "{{ 'default-' if ((ansible_distribution|lower) == 'debian' and nextcloud_db_backend == 'mysql') else '' }}{{ nextcloud_db_backend }}-server"
-    state: present
-  register: nc_mysql_db_install
-
-- name: "[mySQL] - Check if MySQL packages were installed."
-  ansible.builtin.set_fact:
-    mysql_install_packages: "{{ nc_mysql_db_install is defined and nc_mysql_db_install.changed }}"
-
-- name: "[mySQL] - Get MySQL version."
-  ansible.builtin.command: 'mysql --version'
-  register: mysql_cli_version
-  changed_when: false
-  check_mode: false
-
-- name: "[mySQL] - Packages are installed."
-  ansible.builtin.package:
-    name: "{{ nc_mysql_deps }}"
-    state: present
-  vars:
-    nc_mysql_deps:
-      - "php{{ php_ver }}-mysql"
-      - "python3-pymysql"
-
-- name: "[mySQL] - Ensure MySQL is started and enabled on boot."
-  ansible.builtin.service:
-    name: "{{ mysql_daemon }}"
-    state: started
-    enabled: "{{ nextcloud_db_enabled_on_startup }}"
-  register: mysql_service_configuration
-
-- name: "[mySQL] - Get list of hosts for the root user."
-  ansible.builtin.command: mysql -NBe
-    "SELECT Host
-    FROM mysql.user
-    WHERE User = 'root'
-    ORDER BY (Host='localhost') ASC"
-  register: mysql_root_hosts
-  changed_when: false
-  check_mode: false
-  when: mysql_install_packages | bool or nextcloud_mysql_root_pwd_update
-
-# Note: We do not use mysql_user for this operation, as it doesn't always update
-# the root password correctly. See: https://goo.gl/MSOejW
-- name: "[mySQL] - Update MySQL root password for localhost root account (5.7.x)."
-  ansible.builtin.shell: >
-    mysql -u root -NBe
-    'ALTER USER "root"@"{{ item }}"
-    IDENTIFIED WITH mysql_native_password BY "{{ nextcloud_mysql_root_pwd }}"; FLUSH PRIVILEGES;'
-  with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
-  when: >
-    ((mysql_install_packages | bool) or nextcloud_mysql_root_pwd_update)
-    and ('5.7.' in mysql_cli_version.stdout or '8.0.' in mysql_cli_version.stdout)
-
-- name: "[mySQL] - Update MySQL root password for localhost root account (< 5.7.x)."
-  ansible.builtin.shell: >
-    mysql -NBe
-    'SET PASSWORD FOR "root"@"{{ item }}" = PASSWORD("{{ nextcloud_mysql_root_pwd }}"); FLUSH PRIVILEGES;'
-  with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
-  when: >
-    ((mysql_install_packages | bool) or nextcloud_mysql_root_pwd_update)
-    and ('5.7.' not in mysql_cli_version.stdout and '8.0.' not in mysql_cli_version.stdout)
-
-- name: "[mySQL] - Copy .my.cnf file with root password credentials."
-  ansible.builtin.template:
-    src: "root-my.cnf.j2"
-    dest: "/root/.my.cnf"
-    owner: root
-    group: root
-    mode: 0600
-  when: mysql_install_packages | bool or nextcloud_mysql_root_pwd_update
-
-- name: "[mySQL] - Get list of hosts for the anonymous user."
-  ansible.builtin.command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
-  register: mysql_anonymous_hosts
-  changed_when: false
-  check_mode: false
-
-- name: "[mySQL] - Remove anonymous MySQL users."
-  mysql_user:
-    name: ""
-    host: "{{ item }}"
-    state: absent
-  with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}"
-
-- name: "[mySQL] - Remove MySQL test database."
-  mysql_db:
-    name: 'test'
-    state: absent
-
-- name: "[mySQL] - Set mysql config option for Nextcloud"
-  ansible.builtin.copy:
-    dest: /etc/mysql/conf.d/nextcloud.cnf
-    src: files/mysql_nextcloud.cnf
-    mode: 0600
-  notify: restart mysql
-
-- name: "[mySQL] - Add Database {{ nextcloud_db_name }}."
-  mysql_db:
-    name: "{{ nextcloud_db_name }}"
-    login_user: root
-    login_password: "{{ nextcloud_mysql_root_pwd }}"
-    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
-    state: present
-
-- name: "[mySQL] - Configure the database user."
-  mysql_user:
-    name: "{{ nextcloud_db_admin }}"
-    password: "{{ nextcloud_db_pwd }}"
-    priv: "{{ nextcloud_db_name }}.*:ALL"
-    login_user: root
-    login_password: "{{ nextcloud_mysql_root_pwd }}"
-    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
-    state: present

sandbox/ansible/roles/nextcloud/tasks/to_remove/db_postgresql.yml

@@ -1,28 +0,0 @@
----
-- name: "[PostgreSQL] - PostgreSQL packages are installed"
-  ansible.builtin.package:
-    name: "{{ pg_deps }}"
-    state: "present"
-  vars:
-    pg_deps:
-      - "postgresql"
-      - "php{{ php_ver }}-pgsql"
-      - "python3-psycopg2"
-
-- name: "[PostgreSQL] - nextcloud role is created."
-  postgresql_user:
-    name: "{{ nextcloud_db_admin }}"
-    password: "{{ nextcloud_db_pwd }}"
-    encrypted: true
-    state: present
-    role_attr_flags: CREATEDB
-  become_user: postgres
-  become: true
-
-- name: "[PostgreSQL] - nextcloud database is created."
-  postgresql_db:
-    name: "{{ nextcloud_db_name }}"
-    state: present
-    owner: "{{ nextcloud_db_admin }}"
-  become_user: postgres
-  become: true

sandbox/ansible/roles/nextcloud/tasks/to_remove/http_apache.yml

@@ -1,69 +0,0 @@
----
-- name: "[APACHE] -  enable APC for php CLI"
-  ansible.builtin.lineinfile:
-    dest: "{{ php_dir }}/cli/php.ini"
-    line: "apc.enable_cli = 1"
-    insertbefore: "^; End:$"
-    state: present
-    # validate: "/usr/sbin/{{ php_bin }} -t #%s"
-
-- name: "[APACHE] -  enable PHP OPcache for php.ini"
-  ansible.builtin.lineinfile:
-    dest: "{{ php_dir }}/apache2/php.ini"
-    state: present
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-    backrefs: true
-  with_items:
-    - {regexp: 'opcache.enable=0', line: 'opcache.enable=1'}
-    - {regexp: 'opcache.enable_cli', line: 'opcache.enable_cli=1'}
-    - {regexp: 'opcache.interned_strings_buffer', line: 'opcache.interned_strings_buffer=8'}
-    - {regexp: 'opcache.max_accelerated_files', line: 'opcache.max_accelerated_files=10000'}
-    - {regexp: 'opcache.memory_consumption', line: 'opcache.memory_consumption=128'}
-    - {regexp: 'opcache.save_comments', line: 'opcache.save_comments=1'}
-    - {regexp: 'opcache.revalidate_freq', line: 'opcache.revalidate_freq=1'}
-    - {regexp: 'memory_limit', line: 'memory_limit={{ php_memory_limit }}'}
-    # validate: "/usr/sbin/{{ php_bin }} -t #%s"
-  notify: reload http
-
-- name: "[APACHE] -  Required Apache2 modules are enabled"
-  apache2_module:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - rewrite
-    - headers
-    - env
-    - dir
-    - mime
-  notify: restart http
-
-- name: "[APACHE] -  Ssl Apache2 module is enabled"
-  apache2_module:
-    state: present
-    name: "{{ item }}"
-  with_items:
-    - ssl
-  when: (nextcloud_install_tls | bool)
-  notify: restart http
-
-- name: "[APACHE] -  generate Nextcloud configuration for apache"
-  ansible.builtin.template:
-    dest: /etc/apache2/sites-available/nc_{{ nextcloud_instance_name }}.conf
-    src: "{{ nextcloud_websrv_template }}"
-    mode: 0640
-  notify: reload http
-
-- name: "[APACHE] -  Enable Nextcloud site in apache conf"
-  ansible.builtin.file:
-    path: /etc/apache2/sites-enabled/nc_{{ nextcloud_instance_name }}.conf
-    src: /etc/apache2/sites-available/nc_{{ nextcloud_instance_name }}.conf
-    state: link
-  notify: reload http
-
-- name: "[APACHE] -  Disable apache default site"
-  ansible.builtin.file:
-    path: /etc/apache2/sites-enabled/000-default.conf
-    state: absent
-  when: nextcloud_disable_websrv_default_site | bool
-  notify: reload http