Merge remote-tracking branch 'aalaesar/master' into multi-os

1d3e1d97 · Daniel Paufler · 786f5e3c · 0a70faff · 1d3e1d97 · 1d3e1d97
Commit 1d3e1d97 authored Jul 14, 2019 by Daniel Paufler
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,11 +2,24 @@
 language: python
 python: "2.7"
 os: linux
-dist: trusty
-env:
-  - ansible_version="2.4.0.0"
-  - ansible_version="2.4.1.0"
-  - ansible_version="2.4.2.0"
+dist: xenial
+services:
+  - mysql
+  - redis
+matrix:
+  include:
+    # latest ansible + code coverage
+    - env: ansible_version="" NC_DB=mysql NC_WEB=apache2
+    - env: ansible_version="" NC_DB=mysql NC_WEB=nginx
+    - env: ansible_version="" NC_DB=pgsql NC_WEB=apache2
+    - env: ansible_version="" NC_DB=pgsql NC_WEB=nginx
+    # backward compatibility:
+    # ansible 2.7.x
+    - env: ansible_version="<2.8" NC_DB=mysql NC_WEB=apache2
+    # ansible 2.6.x
+    - env: ansible_version="<2.7" NC_DB=mysql NC_WEB=apache2
+    # ansible 2.5.x
+    - env: ansible_version="<2.6" NC_DB=mysql NC_WEB=apache2

 sudo: required

@@ -16,8 +29,9 @@ before_install:
  - sudo apt-get install python-setuptools
  - sudo easy_install pip
  # Install ansible
-  - sudo pip install -I "ansible==$ansible_version"
-  
+  - sudo pip install -I "ansible${ansible_version}"
+  - sudo apt-get install python-netaddr
+

 install:
  # Check ansible version

--- a/README.md
+++ b/README.md
@@ -6,22 +6,28 @@
 This role installs and configures an Nextcloud instance for a debian/Ubuntu server.

 The role's main actions are:
- [x] Packages dependencies installation.
- [x] Database configuration (if located on the same host).
- [x] Strengthened files permissions and ownership following Nextcloud recommendations.
- [x] Web server configuration.
- [x] Redis Server installation.
- [x] Strengthened TLS configuration following _Mozilla SSL Configuration Generator_, intermediate profile by default, modern profile available.
- [x] Post installation of Nextcloud applications
+-   [x] Packages dependencies installation.
+-   [x] Database configuration (if located on the same host).
+-   [x] Strengthened files permissions and ownership following Nextcloud recommendations.
+-   [x] Web server configuration.
+-   [x] Redis Server installation.
+-   [x] Strengthened TLS configuration following _Mozilla SSL Configuration Generator_, intermediate profile by default, modern profile available.
+-   [x] Post installation of Nextcloud applications

 ## Requirements
 ### Ansible version
 Ansible 2.4
+### Python libraries
+To use `ipwrap` filter in Ansible, you need to install the netaddr Python library on a computer on which you use Ansible (it is not required on remote hosts). It can usually be installed with either your system package manager or using pip:
+```bash
+$ pip install netaddr
+```
 ### Setup module:
 The role uses facts gathered by Ansible on the remote host. If you disable the Setup module in your playbook, the role will not work properly.
 ### Root access
 This role requires root access, so either configure it in your inventory files, run it in a playbook with a global `become: yes` or invoke the role in your playbook like:
 > playbook.yml:
+
 ```YAML
 - hosts: dnsserver
  become: yes
@@ -35,7 +41,7 @@ Role's variables (and their default values):

 ### Choose the version

-_*WARNING: Since nextcloud 11 requires php v5.6 or later, command line installation will fail on old OS without php v5.6+ support.*_
+**_WARNING: Since Nexcloud 11 requires php v5.6 or later, command line installation will fail on old OS without php v5.6+ support._**

 _Known issue while installing Nextcloud 11 on an Ubuntu 14.04 system:_ [#27](https://github.com/aalaesar/install_nextcloud/issues/27)

@@ -52,7 +58,7 @@ This table summarize the possible cases.
 |**prereleases**|_null_|_null_|_null_|"11.0.1"|_null_ \|"RC(n)\|beta(n)"|
 |**daily**|yes/no|_null_ \|master\|stable9\|...|master\|9\|10\|...|_null_|_null_ \|"YYYY-MM-DD"|

-__major&latest__ = major value when latest is true
+**major&latest** = major value when latest is true
 _null_ = "not used"
 #### version variables:
 ```YAML
@@ -102,41 +108,41 @@ Specify directly a full URL to the archive. The role will skip the url generatio
 nextcloud_full_url: https://h2g2.com/42/nextcloud.zip
 nextcloud_version_major: 42
 ```
- Choose the latest release (default):
+-   Choose the latest release (default):
 ```YAML
 nextcloud_version_channel: "releases"
 nextcloud_get_latest: true
 ```
- Choose the latest v10 release:
+-   Choose the latest v10 release:
 ```YAML
 nextcloud_version_channel: "releases"
 nextcloud_get_latest: true
 nextcloud_version_major: 10
 ```
- Choose a specific release:
+-   Choose a specific release:
 ```YAML
 nextcloud_version_channel: "releases"
 nextcloud_get_latest: false
 nextcloud_full_version: "10.0.3"
 ```
- Get the nextcloud 11.0.1 prerelease 1:
+-   Get the nextcloud 11.0.1 prerelease 1:
 ```YAML
 nextcloud_version_channel: "prereleases"
 nextcloud_version_full: "11.0.1"
 nextcloud_version_special: "RC1"
 ```
- Get the latest daily:
+-   Get the latest daily:
 ```YAML
 nextcloud_version_channel: "daily"
 nextcloud_get_latest: true
 ```
- Get the latest daily for stable 10:
+-   Get the latest daily for stable 10:
 ```YAML
 nextcloud_version_channel: "daily"
 nextcloud_get_latest: true
 nextcloud_version_major: "stable10"
 ```
- Get the daily for master at january 1rst 2017:
+-   Get the daily for master at january 1rst 2017:
 ```YAML
 nextcloud_version_channel: "daily"
 nextcloud_get_latest: false
@@ -231,11 +237,11 @@ nextcloud_config_settings:
 Setting custom Nextcloud setting in config.php ( [Config.php Parameters Documentations](https://docs.nextcloud.com/server/12/admin_manual/configuration_server/config_sample_php_parameters.html) )

 Default custom settings:
- **Base URL**: https://\<first element in the list of trusted domains>
- **Memcache local**: APCu
- **Mysql Character Set**: utf8mb4
- **PHP read access to /dev/urandom**: Enabled
- **Updater Relese Channel:** Production
+-   **Base URL**: 'https:// {{nextcloud_instance_name}}'
+-   **Memcache local**: APCu
+-   **Mysql Character Set**: utf8mb4
+-   **PHP read access to /dev/urandom**: Enabled
+-   **Updater Relese Channel:** Production
 ### Database configuration
 ```YAML
 nextcloud_install_db: true
@@ -251,9 +257,9 @@ nextcloud_db_backend: "mysql"
 Database type used by nextcloud.

 Supported values are:
- mysql
- mariadb
- pgsql _(PostgreSQL)_
+-   mysql
+-   mariadb
+-   pgsql _(PostgreSQL)_

 ```YAML
 nextcloud_db_name: "nextcloud"
@@ -290,13 +296,13 @@ nextcloud_hsts: false
 ```
 Set HTTP Strict-Transport-Security header (e.g. "max-age=15768000; includeSubDomains; preload").

-*(Before enabling HSTS, please read into this topic first)*
+_(Before enabling HSTS, please read into this topic first)_
 ```YAML
 nextcloud_tls_cert_method: "self-signed"
 ```
 Defines various method for retrieving a TLS certificate.
- **self-signed**: generate a _one year_ self-signed certificate for the trusted domain on the remote host and store it in _/etc/ssl_.
- **signed**: copy provided signed certificate for the trusted domain to the remote host or in /etc/ssl by default.
+-   **self-signed**: generate a _one year_ self-signed certificate for the trusted domain on the remote host and store it in _/etc/ssl_.
+-   **signed**: copy provided signed certificate for the trusted domain to the remote host or in /etc/ssl by default.
  Uses:
 ```YAML
  # Mandatory:
@@ -311,7 +317,7 @@ Defines various method for retrieving a TLS certificate.
  nextcloud_tls_cert_key: "/etc/ssl/{{ nextcloud_trusted_domain }}.key"
  # ^remote absolute path to the certificate.
 ```
- **installed**: if the certificate for the trusted domain is already on the remote host, specify its location.
+-   **installed**: if the certificate for the trusted domain is already on the remote host, specify its location.
  Uses:
 ```YAML
  nextcloud_tls_cert: /path/to/cert
@@ -324,7 +330,7 @@ Defines various method for retrieving a TLS certificate.

 ### System configuration

-install and use a custom version for PHP instead of the default one: 
+install and use a custom version for PHP instead of the default one:
 ```YAML
 php_version: '7.1'
 php_custom: yes
@@ -339,6 +345,7 @@ php_pkg_spe:
  - "php{{ php_version }}-zip"
  - "php{{ php_version }}-mbstring"
  - "php-redis"
+php_socket: "/run/php/{{ php_version }}-fpm.sock"
 ```

 ```YAML
@@ -360,18 +367,18 @@ If not defined by the user, and mysql/mariadb is installed during the run, a ran

 ### Generated password
 The role uses Ansible's password Lookup:
- If a password is generated by the role, ansible stores it **locally** in **nextcloud_instances/{{ nextcloud_trusted_domain }}/** (relative to the working directory)
- if the file already exist, it reuse its content
- see http://docs.ansible.com/ansible/playbooks_lookups.html#the-password-lookup for more info
+-   If a password is generated by the role, ansible stores it **locally** in **nextcloud_instances/{{ nextcloud_trusted_domain }}/** (relative to the working directory)
+-   if the file already exist, it reuse its content
+-   see [the ansible password lookup documentation](https://docs.ansible.com/ansible/latest/plugins/lookup/password.html) for more info

 ### Post installation:
 #### Applications installation

-Since __v1.3.0__, it is possible to download, install and enable nextcloud applications during a post-install process.
+Since **v1.3.0**, it is possible to download, install and enable nextcloud applications during a post-install process.

 The application (app) to install have to be declared in the `nextcloud_apps` dictionary in a "key:value" pair.
- The app name is the key
- The download link, is the value.
+-   The app name is the key
+-   The download link, is the value.

 ```YAML
 nextcloud_apps:
@@ -390,14 +397,14 @@ nextcloud_apps:
 ```

 **Notes:**
- Because the role is using nextcloud's occ, it is not possible to install an app from the official nextcloud app store.
- If you know that the app is already installed, you can give an empty string to skip the download.
- The app name need the be equal to the folder name located in the __apps folder__ of the nextcloud instance, which is extracted from the downloaded archive.
-The name may not be canon some times. (like *appName-x.y.z** instead of **appName**)
- The role will __not__ update an already enabled application.
- The configuration is applied only when the app in enabled the first time:
-Changing a parameter, then running the role again while the app is already enabled will __not__ update its configuration.
- this post_install process is tagged and can be called directly using the `--tags install_apps` option.
+-   Because the role is using nextcloud's occ, it is not possible to install an app from the official nextcloud app store.
+-   If you know that the app is already installed, you can give an empty string to skip the download.
+-   The app name need the be equal to the folder name located in the **apps folder** of the nextcloud instance, which is extracted from the downloaded archive.
+The name may not be canon some times. (like **appName-x.y.z** instead of **appName**)
+-   The role will **not** update an already enabled application.
+-   The configuration is applied only when the app in enabled the first time:
+Changing a parameter, then running the role again while the app is already enabled will **not** update its configuration.
+-   this post_install process is tagged and can be called directly using the `--tags install_apps` option.

 ## Dependencies

@@ -414,9 +421,9 @@ In some case, you may want to deploy quickly many instances of Nextcloud on mult
   - role: aalaesar.install_nextcloud
 ```

- This will install a Nextcloud 10.0.1 instance in /opt/nextcloud using apache2 and mysql.
- it will be available at **https://{{ ansible default ipv4 }}**  using a self signed certificate.
- Generated passwords are stored in **nextcloud_instances/{{ nextcloud_trusted_domain }}/** from your working directory.
+-   This will install a Nextcloud 10.0.1 instance in /opt/nextcloud using apache2 and mysql.
+-   it will be available at **https:// {{ ansible default ipv4 }}**  using a self signed certificate.
+-   Generated passwords are stored in **nextcloud_instances/{{ nextcloud_trusted_domain }}/** from your working directory.

 ### Case 1.1: specifying the version channel, branch, etc.
 You can choose the version channel to download a specific version of nextcloud. Here's a variation of the previous case, this time installing the latest nightly in master.
@@ -432,7 +439,7 @@ You can choose the version channel to download a specific version of nextcloud.
 ### Case 2: Using letsencrypt with this role.
 This role is not designed to manage letsencrypt certificates. However you can still use your certificates with nextcloud.

-You must create first your certificates using a letsencrypt ACME client or an Ansible role like [ this one] (https://github.com/jaywink/ansible-letsencrypt)
+You must create first your certificates using a letsencrypt ACME client or an Ansible role like [this one] (https://github.com/jaywink/ansible-letsencrypt)

 then call _install_nextcloud_ by setting `nextcloud_tls_cert_method: "installed"`

@@ -459,12 +466,12 @@ Here 2 examples for apache and nginx (because they have slightly different confi
      nextcloud_tls_cert_key: "/etc/letsencrypt/live/example2.com/privkey.pem"
 ```
 ### Case 3: integration to an existing system.
- An Ansible master want to install a new Nextcloud instance on an existing Ubuntu 14.04 server with nginx & mariadb installed.
- As is server do not meet the php requirements for Nextcloud 11, he chooses to use the lastest Nextcloud 10 release.
- He wants it to be accessible from internet at _cloud.example.tld_ and from his intranet at _dbox.intra.net_.
- He already have a valid certificate for the intranet domain in /etc/nginx/certs/ installed
- he wants the following apps to be installed & enabled : files_external, calendar, agenda, richdocuments (Collabora)
- The richdocuments app has to be configured to point out to the Collabora domain.
+-   An Ansible master want to install a new Nextcloud instance on an existing Ubuntu 14.04 server with nginx & mariadb installed.
+-   As is server do not meet the php requirements for Nextcloud 11, he chooses to use the lastest Nextcloud 10 release.
+-   He wants it to be accessible from internet at _cloud.example.tld_ and from his intranet at _dbox.intra.net_.
+-   He already have a valid certificate for the intranet domain in /etc/nginx/certs/ installed
+-   he wants the following apps to be installed & enabled : files_external, calendar, agenda, richdocuments (Collabora)
+-   The richdocuments app has to be configured to point out to the Collabora domain.

 He can run the role with the following variables to install Nextcloud accordingly to its existing requirements .

@@ -487,7 +494,7 @@ He can run the role with the following variables to install Nextcloud accordingl
     nextcloud_tls_cert_key: "/etc/nginx/certs/nextcloud.key"
     nextcloud_mysql_root_pwd: "42h2g2"
     nextcloud_apps:
-       files_external: "" #enable files_external which is already installed in nextcloud  
+       files_external: "" #enable files_external which is already installed in nextcloud
       calendar: "https://github.com/nextcloud/calendar/releases/download/v1.5.0/calendar.tar.gz"
       contacts: "https://github.com/nextcloud/contacts/releases/download/v1.5.3/contacts.tar.gz"
       richdocuments-1.1.25: # the app name is equal to the extracted folder name from the archive
@@ -496,6 +503,6 @@ He can run the role with the following variables to install Nextcloud accordingl
            wopi_url: 'https://office.example.tld'
 ```

-License
-------
+## License
+
 BSD
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -66,12 +66,14 @@ nextcloud_db_admin: "ncadmin"
 # nextcloud_db_pwd: "secret"

 # [TLS] parameters used in the apache2 & nginx templates
+##  max file's size allowed to be uploaded on the server
+nextcloud_max_upload_size: 512m # in Byte or human readable size notation (g|m|k)
 nextcloud_install_tls: true
 nextcloud_tls_enforce: true
 nextcloud_mozilla_modern_ssl_profile: false # when false, intermediate profile is used
 nextcloud_tls_cert_method: "self-signed" # "self-signed" | "signed" | "installed"
 nextcloud_tls_dhparam: "/etc/ssl/dhparam.pem"
-nextcloud_hsts: false
+nextcloud_hsts: false # recommended >= 15552000
 # nextcloud_tls_cert: /path/to/cert
 # nextcloud_tls_cert_key: /path/to/cert/key
 # nextcloud_tls_cert_chain: /path/to/cert/chain

--- a/files/nextcloud_choosing_version.png
+++ b/files/nextcloud_choosing_version.png
--- a/files/nextcloud_file_name.xml
+++ b/files/nextcloud_file_name.xml
+<mxfile userAgent="Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Firefox/60.0" version="9.3.0" editor="www.draw.io" type="device"><diagram name="Page-1" id="c7488fd3-1785-93aa-aadb-54a6760d102a">7V1bj6s4Ev41kWYfOgpgbo+nu8/ZfZgeraZXuztPR07iJMwQYME5nZ5fvzbYxNhOIMSQiyZSt0JhjCl/n8tVLpyJ87Ld/z2H2eYtXaJ4Ys+W+4nzOrHtwArIfyr4rASu41eCdR4tK5F1ELxHfyImnDHpLlqiolEQp2mMo6wpXKRJgha4IYN5nn40i63SuHnXDK6RInhfwFiV/ida4g2TWrPZ4cQ/ULTesFsHLjsxh4s/1nm6S9j9JrazKj/V6S3kdbHyxQYu0w9B5HydOC95muLq23b/gmKqWq626rpvR87W7c5Rgrtc4HvVFT9gvEO8yWXD8CdXRvk4iF4wmzjPH5sIo/cMLujZD9L7RLbB25gcWeTrKorjlzROc3KcpAkp9LyExaa8nJ5nt0M5RvujbbZqTRCAoXSLcP5JirALgMeUx8BlO+z4Q+gqruCN0Eu2z4SQwWNd131QEfnCtHREY8H9acyfXVVj4f1pLLA7aMwZTGPg/jTmdNEYGEpjlg5jXozpg0Y/yNc1Lh+zEu1kwZwLfkUxggWipmUDiW2JeQnSgLl8FZEpNRGZ5oalSOg97387OsI/r9IEPxWl+ftCCoTZ/nCO17HdUbsXV21KI9LDvNH58DfndWQ5kkVFBhMuS9AeL+J0t/xOMFREafJdVZ9YXhBrapYf4xLkU0xHxLB/iaN1QmQ4zfR8OIJ3DSs6U8DyO1LAM8AA2zHDgJ8hRgW+PuznZL6HSsTcAtjp5RfXq2fMGuHvsaz0I2SpmvHIHJInd1oO6aYqRjiks7s9OPQGfydqoa1UWcQGyHHJ1ItFnUnB3Td+V6uNAj2fQrUy20rRf9HGDa5JG/cc2ij2pMb/t11ZbTeG6MzSUKypBe7zm64JIgpr4XSrKxoluqKZtla82Gia8HpKCY9G8FUJiXviN2RHC0JmlA9GeNmlH5fwuqhRDzv5nqFFBGnNxW61ivYt9B7BUK5yhMqAYV6z99EoVXCl3xOrhiGRHOXRkkgX5TFBImuEQGKB8/QPxIUT2/EWAZqv6jM8uO2Y0WcdymH6BJaqT9/V6DM0MSjZV9BnYM8dzxtLn7qY2mD6tPwr6DP0fAeOps86YDMKPkNFfWi5Ru/sMM3xJl2nCYy/HqTPTQULykT7CP9X+P4bLTJ16VFCGlafogeHc78jjD/Zchvc4ZSIDvf9OaVDbXlZU/v2Ke0X6S5fIK7fSoZhvkasmM2GOfqsJ/soRzHE0Y/mCtxFClcBXJCWYbUb4jjKCtSOYEhtJ30uMlehnVJaYN6BtECG8oi0E+W0jihZs34zAt2gCV1Xha7OUjkGkOs4QyCXoZVh1xKROxsfuYGKXK46c8gtL/2S5/BTKJClUYILoeZ/UoEQVXZA0wj4rtR5VY2Hrqyb1q13wfC9O7vB3rVvsneBa7h33UF697jVuZHeta5mdTTTeueb0gk4j2CyjjsYnTzFpIUp9YWerKDskDSP/iSWB8bm7ItjN3HoMByK9kWbIWDCvjz+zIjbkgZG/WthlLdGwGheLXwX/SdH4lzINYFIOc1Hg0hPg0hgAJFAdXWGReT4oyYfIUVEgquNmrw1AiKzHD3dPiodMCIqZ6oeHm2ctDXj5NU8SN4aAZWvMIo/bxeOwBkPjq6ac5WkQyBU9SW6orBUd1XMavMwVcSKASuayBss0GKhi1rNAxe4JydiDYxroiRu17kA6/en2dRzQrYMc56HorggviMZWi+chuKnWWHVbFbHAS3nOj5AWrG2g1ACn+D4HK7m1aerVYHwRIbrec6Rqy5cj4VgE5ZfRvd4CNZ4XK5zNoKJ8Qz7IPhSqAGW9T4m1IDqFqaZJhRp2J4PNseUkIWspYt8HbLqiH4nZAHdrNQzbf97ocgPLGnm5xxHUR+EqFPgXovqNEllup1mLZkiZ66nV6KfLGtKkPO37mvjfSdKBuZGsl0bdaquZhJ+/eW1vzpaVx6aDAVmNBjK62UjLjqAsYNCQw6P7B0wzfA4Kz+dh0dPMzyCmxgeQyCzrTE8tpf3zAa+QUuOUns+jWXpEmp+fSED7L45uPZPQtLfY44wbLnLRQ6oMGc07ZAGfE5dL7E7ow26rhrW7G1Be1jPHoliP1mz+7ClniV5a5pMlKG61fPuxxJczSXj7pdoGTzjlqEzEw29jLSFBU2iNT2NPXsI0HKzV1tuiMPA9UbjsG+pjz4shw+HFwQNw1EprIkLmp/cdaawLv1vXHe0l0G9YwfV9sLxjKou2iDrIll+oZtpTOp8zRMTyWPMsxQitxJq6aJgCXSEqtNtj2q/1wK7oG9d9ieXXRpnd6XudqV+rAYDJbKu5gxJFblyEoahEL2ybYQ7O9kupXwzU00pL7+0dnb5lvYoSwzN8he7mJ5ulvNoHOq6+DoSh6Q3NoAcaurKIYKNKXFWfQuw/81qAZiKJ4dZApP5wh+mK79AC/5dKWf47PIt7VHWVRyz/HLVIOqnLhfkVnORz3YGLyFt6/qc3ZHIwvqc5ft9WHvx+twpHA21FKyGC//CWies6bIZumbOC1jjxn9krJ2cEwyENc8fAlfdnWHrHgJaPHh1G96wp5oiwdPtEOefZfvKCT3yku/uslrc59/I5+nt7en1telpt+yd0Nf9FXFhKAVdXjoYMz7lBuNQ8vLENTWuNdpQz4f1W1x9DJrYMe7qaTy7W8LHeBiwb2lYdjRByjt42QbI73V7I75sc5/vJ8kqA5pknqFUBgZ5h04k/5XfftVm3d3GwK5k3YWnYxJKWsm55Q2noXB3o2OMcBHDoogWTcSovXoKK30zM6WObo0MVhb2WoFAV8JF72A6kFZFuwbT+2BBXXPR5QCTERFLQywiPgCclwVojzPSkNJuuSGYZtcpeRudbbRcluNSDOcofq63KdclqQmTi6CGh2ZzYLb7OmvYpB5rReAER1DCappNAeD7Q3MGGsHHk2XrajXqxwf243D7ejw2FND3ZuHpigzyWF33eXwe24/LY1fH4x77VyrZSpfuW9k1x6Ko+m6otMW+MaKj04gLcpY0O4oNFRMK1JjfO4oJUejGPqRq8vcL311vImxb+kInShu2h3yOp2YGBjLrZ5sGWsI4EaMV1owS1aZ5RbUJ0b9K9+AJSGGDcKK+RUCPv8EtfcXVef03ypcwgadGjjN+tMNpBmgsoAb36s690IEjh4dfUKnGg8Ov1Dhf/w8=</diagram></mxfile>
\ No newline at end of file
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -2,195 +2,25 @@ galaxy_info:
  author: Aalaesar
  description: Add a new Nextcloud instance in your infrastructure. The role manages dependencies and initial configuration.

-  # If the issue tracker for your role is not on github, uncomment the
-  # next line and provide a value
-  # issue_tracker_url: http://example.com/issue/tracker
-
-  # Some suggested licenses:
-  # - BSD (default)
-  # - MIT
-  # - GPLv2
-  # - GPLv3
-  # - Apache
-  # - CC-BY
  license: BSD

-  min_ansible_version: 2.1.4.0
-
-  # Optionally specify the branch Galaxy will use when accessing the GitHub
-  # repo for this role. During role install, if no tags are available,
-  # Galaxy will use this branch. During import Galaxy will access files on
-  # this branch. If travis integration is configured, only notification for this
-  # branch will be accepted. Otherwise, in all cases, the repo's default branch
-  # (usually master) will be used.
-  #github_branch:
+  min_ansible_version: 2.5

-  #
-  # Below are all platforms currently available. Just uncomment
-  # the ones that apply to your role. If you don't see your
-  # platform on this list, let us know and we'll get it added!
-  #
  platforms:
-  #- name: EL
-  #  versions:
-  #  - all
-  #  - 5
-  #  - 6
-  #  - 7
-  #- name: GenericUNIX
-  #  versions:
-  #  - all
-  #  - any
-  #- name: OpenBSD
-  #  versions:
-  #  - all
-  #  - 5.6
-  #  - 5.7
-  #  - 5.8
-  #  - 5.9
-  #  - 6.0
-  #- name: Fedora
-  #  versions:
-  #  - all
-  #  - 16
-  #  - 17
-  #  - 18
-  #  - 19
-  #  - 20
-  #  - 21
-  #  - 22
-  #  - 23
-  #- name: opensuse
-  #  versions:
-  #  - all
-  #  - 12.1
-  #  - 12.2
-  #  - 12.3
-  #  - 13.1
-  #  - 13.2
-  #- name: MacOSX
-  #  versions:
-  #  - all
-  #  - 10.10
-  #  - 10.11
-  #  - 10.12
-  #  - 10.7
-  #  - 10.8
-  #  - 10.9
-  #- name: IOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Solaris
-  #  versions:
-  #  - all
-  #  - 10
-  #  - 11.0
-  #  - 11.1
-  #  - 11.2
-  #  - 11.3
-  #- name: SmartOS
-  #  versions:
-  #  - all
-  #  - any
-  #- name: eos
-  #  versions:
-  #  - all
-  #  - Any
-  #- name: Windows
-  #  versions:
-  #  - all
-  #  - 2012R2
-  #- name: Amazon
-  #  versions:
-  #  - all
-  #  - 2013.03
-  #  - 2013.09
-  #- name: GenericBSD
-  #  versions:
-  #  - all
-  #  - any
-  #- name: Junos
-  #  versions:
-  #  - all
-  #  - any
-  #- name: FreeBSD
-  #  versions:
-  #  - all
-  #  - 10.0
-  #  - 10.1
-  #  - 10.2
-  #  - 10.3
-  #  - 8.0
-  #  - 8.1
-  #  - 8.2
-  #  - 8.3
-  #  - 8.4
-  #  - 9.0
-  #  - 9.1
-  #  - 9.1
-  #  - 9.2
-  #  - 9.3
  - name: Ubuntu
    versions:
-  #  - all
-  #  - lucid
-  #  - maverick
-  #  - natty
-  #  - oneiric
-  #  - precise
-  #  - quantal
-  #  - raring
-  #  - saucy
    - trusty
-  #  - utopic
-  #  - vivid
-  #  - wily
    - xenial
-  #- name: SLES
-  #  versions:
-  #  - all
-  #  - 10SP3
-  #  - 10SP4
-  #  - 11
-  #  - 11SP1
-  #  - 11SP2
-  #  - 11SP3
-  #  - 11SP4
-  #  - 12
-  #  - 12SP1
-  #- name: GenericLinux
-  #  versions:
-  #  - all
-  #  - any
-  #- name: NXOS
-  #  versions:
-  #  - all
-  #  - any
+    - bionic
  - name: Debian
    versions:
-  #  - all
-  #  - etch
-    - jessie
-  #  - lenny
-  #  - sid
-  #  - squeeze
    - stretch
-  #  - wheezy

  galaxy_tags:
   - nextcloud
+   - filesharing
   - installation
+   - private
   - cloud
-    # List tags for your role here, one per line. A tag is
-    # a keyword that describes and categorizes the role.
-    # Users find roles by searching for tags. Be sure to
-    # remove the '[]' above if you add tags to this list.
-    #
-    # NOTE: A tag is limited to a single word comprised of
-    # alphanumeric characters. Maximum 20 tags per role.

 dependencies: []
-  # List your role dependencies here, one per line.
-  # Be sure to remove the '[]' above if you add dependencies
-  # to this list.
--- a/tasks/db_mysql.yml
+++ b/tasks/db_mysql.yml
@@ -5,16 +5,17 @@
    state: present
  register: nc_mysql_db_install

- name: "[mySQL] - Packages are installed.i"
+- name: "[mySQL] - Packages are installed."
  package:
-    name: "{{ item }}"
+    name: "{{ nc_mysql_deps }}"
    state: present
-  loop:
-    - "php{{ php_ver }}-mysql"
-    - python-mysqldb
+  vars:
+    nc_mysql_deps:
+      - "php{{ php_ver }}-mysql"
+      - "python{{ '3' if ansible_python.version.major == 3 else '' }}-pymysql"

 - name: "[mySQL] - generate {{ nextcloud_db_backend }} root Password:"
-  set_fact: 
+  set_fact:
    nextcloud_mysql_root_pwd: "{{ lookup( 'password', 'nextcloud_instances/'+ nextcloud_instance_name +'/mysql_root.pwd' ) }}"
  when: nextcloud_mysql_root_pwd is not defined

@@ -22,16 +23,14 @@
 - name: "[mySQL] - Update {{ nextcloud_db_backend }} root password"
  mysql_user:
    name: root
-    host: "{{ item }}"
+
    password: "{{ nextcloud_mysql_root_pwd }}"
-    config_file: "/etc/mysql/debian.cnf"
+    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
    check_implicit_admin: yes
    priv: "*.*:ALL,GRANT"
-  with_items:
-    - 127.0.0.1
-    - ::1
-    - localhost
-  ignore_errors: yes
+    # Assuming the root user has only localhost access
+    host_all: yes
+

 - name: "[mySQL] - Delete the anonymous user."
  mysql_user:
@@ -39,6 +38,7 @@
    state: "absent"
    login_user: root
    login_password: "{{ nextcloud_mysql_root_pwd }}"
+    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
  ignore_errors: yes

 - name: "[mySQL] - Removes the MySQL test database"
@@ -47,34 +47,17 @@
    state: absent
    login_user: root
    login_password: "{{ nextcloud_mysql_root_pwd }}"
+    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
  ignore_errors: yes
-  when: nc_mysql_db_install.changed
-
-#- name: "[mySQL] - Check credentials"
-#  stat: "path=/root/.my.cnf"
-#  register: nc_mysql_mycred
-#
-#- block:
-#  - name: "[mySQL] - Make the file .my.cnf"
-#    file: path=/root/.my.cnf state=touch mode="0640"
-#
-#  - name: "[mySQL] - Add content to .my.cnf"
-#    blockinfile:
-#      dest: /root/.my.cnf
-#      block: |
-#        [client]
-#        user=root
-#        password="{{ nextcloud_mysql_root_pwd }}"
-#  when: nc_mysql_mycred.stat.exists is defined and not nc_mysql_mycred.stat.exists

- name: "[mySQL] - Set mysql confing option for nextcloud"
+- name: "[mySQL] - Set mysql config option for nextcloud"
  copy:
    dest: /etc/mysql/conf.d/nextcloud.cnf
    src: files/mysql_nextcloud.cnf
  notify: restart mysql

 - name: "[mySQL] - Generate database user Password."
-  set_fact: 
+  set_fact:
    nextcloud_db_pwd: "{{ lookup( 'password', 'nextcloud_instances/'+ nextcloud_instance_name +'/db_admin.pwd' ) }}"
  when: nextcloud_db_pwd is not defined

@@ -83,6 +66,7 @@
    name: "{{ nextcloud_db_name }}"
    login_user: root
    login_password: "{{ nextcloud_mysql_root_pwd }}"
+    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
    state: present

 - name: "[mySQL] - Configure the database user."
@@ -92,4 +76,5 @@
    priv: "{{ nextcloud_db_name }}.*:ALL"
    login_user: root
    login_password: "{{ nextcloud_mysql_root_pwd }}"
+    config_file: "{{ mysql_credential_file[(ansible_os_family|lower)] | default(omit) }}"
    state: present
--- a/tasks/db_postgresql.yml
+++ b/tasks/db_postgresql.yml
 ---