Default variables

Packages and installation

owncloud__base_packages

List of base packages required by ownCloud.

owncloud__base_packages:
  - '{{ [ ("owncloud-deps-php" + ansible_local.php.version) ]
        if (ansible_local|d() and ansible_local.php|d() and
            ansible_local.php.version|d())
        else [] }}'
  - 'owncloud'

  ## https://doc.owncloud.org/server/9.0/admin_manual/installation/source_installation.html
  ## https://doc.owncloud.org/server/9.0/admin_manual/configuration_files/collaborative_documents_configuration.html
  ## FIXME: Is it necessary to install all LibreOffice packages? https://github.com/owncloud/documents#known-issues
  ## Upstream documentation does not specify it more clearly. Installing ``libreoffice`` just to be sure.
  - '{{ [ "libreoffice" ] if (owncloud__app_documents_libreoffice_enabled|bool) else [] }}'

  ## Useful for debugging. Refer to `owncloud__base_php_packages` for the PHP packages
  - '{{ [ "smbclient" ] if (owncloud__smb_support|bool) else [] }}'
  - '{{ [ "libsmbclient" ] if (owncloud__smb_support|bool and owncloud__release | version_compare("9.0", ">=")) else [] }}'
owncloud__base_php_packages

List of base PHP packages required by ownCloud.

owncloud__base_php_packages:
  - '{{ [ "apcu" ] if (owncloud__apcu_enabled|bool) else [] }}'
  - '{{ [ "mysql" ] if (owncloud__database in [ "mariadb", "mysql" ]) else [] }}'
  - '{{ [ "pgsql" ] if (owncloud__database in [ "postgresql" ]) else [] }}'
  - '{{ [ "redis" ] if (owncloud__redis_enabled | bool) else [] }}'
  - '{{ [ "ldap" ] if (owncloud__ldap_enabled | bool) else [] }}'

  ## Seems to be required at least for PHP7.0 to fix:
  ## PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php/20151012/redis.so'
  ## - /usr/lib/php/20151012/redis.so: undefined symbol: igbinary_serialize in Unknown on line 0
  - '{{ [ "igbinary" ]
        if (not (ansible_distribution == "Ubuntu" and (ansible_distribution_version|version_compare("15.10", "<"))))
        else [] }}'

  - '{{ [ "libsmbclient" ] if (owncloud__smb_support|bool and owncloud__release | version_compare("8.9.9", "<=")) else [] }}'

  ## Included in normal PHP installations but require it here because it is
  ## used internally by the role:
  - 'json'
owncloud__optional_php_packages

List of optional PHP packages for ownCloud.

owncloud__optional_php_packages:
  - 'imagick'
owncloud__packages

List of global packages for ownCloud. This variable is intended to be used in Ansible’s global inventory.

owncloud__packages: []
owncloud__group_packages

List of group packages for ownCloud. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported).

owncloud__group_packages: []
owncloud__host_packages

List of host packages for ownCloud. This variable is intended to be used in the inventory of hosts.

owncloud__host_packages: []
owncloud__dependent_packages

List of APT packages to install for other Ansible roles, for usage as a dependent role.

owncloud__dependent_packages: []
owncloud__deploy_state

What is the desired state which this role should achieve? Possible options:

present
Default. Ensure that ownCloud is installed and configured as requested.
absent
Ensure that owncloud is uninstalled and it's configuration is removed. Not fully supported yet. FIXME: This would remove all packages that are installed by the role! Package lists need to be split.
owncloud__deploy_state: 'present'

ownCloud upgrades

owncloud__auto_database_upgrade_enabled

On each update of ownCloud, a database update must be performed before ownCloud can be used again. The ownCloud package maintainers have not automated this setup so that even security upgrades can not be installed unattended.

Refer to the official ownCloud documentation for details.

When this option is set to True, the role enables a hook script for dpkg so that when dpkg upgrades ownCloud, the database upgrade is automatically performed.

Change to False when you want to do database upgrades manually after upgrading the ownCloud packages.

Note

owncloud__auto_database_upgrade_enabled depends on automatic database upgrades to be enabled.

owncloud__auto_database_upgrade_enabled: True
owncloud__dpkg_hook_script

File path where the package manager hook script is stored.

owncloud__dpkg_hook_script: '{{
  (ansible_local.root.lib
  if (ansible_local|d() and ansible_local.root|d() and
      ansible_local.root.lib|d())
  else "/usr/local/lib") + "/owncloud_dpkg_hook" }}'
owncloud__auto_database_upgrade_migration_test

Whether database schema migration should be simulated before upgrading the production database. Refer to the official ownCloud documentation for details.

owncloud__auto_database_upgrade_migration_test: True
owncloud__auto_database_upgrade_3party_app_disable

Should third party apps by disabled during/after upgrades? The upstream default as of ownCloud 9.0 is True.

owncloud__auto_database_upgrade_3party_app_disable: True
owncloud__auto_database_upgrade_hook_script_packages_trigger

List of packages for which the package manager hook script should attempt to do a database upgrade when owncloud__auto_database_upgrade_enabled is True.

This variable is currently not being used. The check if ownCloud needs an upgrade is performed for each installed/upgraded package but in an very efficient way.

owncloud__auto_database_upgrade_hook_script_packages_trigger:
  - 'owncloud'
owncloud__auto_security_updates_enabled

Whether automatic ownCloud upgrades should be performed by unattended_upgrades.

FIXME: Needs more testing before the role maintainers feel confident to enable this by default. Refer to: https://github.com/debops/ansible-owncloud/issues/28

owncloud__auto_security_updates_enabled: False
owncloud__post_upgrade_hook_role_list

List of script file paths which should be executed after every ownCloud update. For more information refer to owncloud__post_upgrade_hook_list. This variable is used internally, controlled by other variables of this role.

owncloud__post_upgrade_hook_role_list: []
owncloud__post_upgrade_hook_list

List of script file paths which should be executed after every ownCloud update. For more information refer to owncloud__post_upgrade_hook_list. This variable is intended to be used in Ansible’s global inventory.

owncloud__post_upgrade_hook_list: []
owncloud__post_upgrade_hook_group_list

List of script file paths which should be executed after every ownCloud update. For more information refer to owncloud__post_upgrade_hook_list. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported).

owncloud__post_upgrade_hook_group_list: []
owncloud__post_upgrade_hook_host_list

List of script file paths which should be executed after every ownCloud update. For more information refer to owncloud__post_upgrade_hook_list. This variable is intended to be used in the inventory of hosts.

owncloud__post_upgrade_hook_host_list: []

ownCloud source and deployment

owncloud__variant

Which variant of the application should be used?

Supported variants:

  • owncloud (main supported variant and used in production by the role maintainers)

NextCloud is currently not supported.

owncloud__variant: 'owncloud'
owncloud__variant_url_map

URL map for owncloud__variant.

owncloud__variant_url_map:
  owncloud: 'https://owncloud.org/'
  nextcloud: 'https://nextcloud.com/'
owncloud__variant_name_map

Name map for owncloud__variant.

owncloud__variant_name_map:
  owncloud: 'ownCloud'
  nextcloud: 'NextCloud'
owncloud__release

Defaults to the latest stable release supported and tested with this role. This may not always be the latest stable release.

Supported releases:

  • ownCloud 8.1
  • ownCloud 8.2
  • ownCloud 9.0 (main supported version and used in production by the role maintainers)
  • ownCloud 9.1 (setup should work but not yet well tested nor used in production by the role maintainers)

Refer to the ownCloud Maintenance and Release Schedule and the package index for more details.

owncloud__release: '9.0'
owncloud__distribution

Name and version of OS distribution to use for ownCloud packages.

owncloud__distribution: '{{ owncloud__distribution_name + "_" +
                            owncloud__distribution_version }}'
owncloud__distribution_name

Name of the OS distribution to use for ownCloud URLs.

owncloud__distribution_name: '{{ ansible_distribution }}'
owncloud__distribution_version

Version number of the OS distribution for ownCloud URLs.

owncloud__distribution_version: '{{ (ansible_distribution_major_version + ".0")
                                    if ansible_distribution in [ "Debian" ]
                                    else ansible_distribution_version }}'
owncloud__apt_repo_base

Base APT repository URL starting at the authority part.

owncloud__apt_repo_base: 'download.owncloud.org/download/repositories/{{ owncloud__release }}'
owncloud__apt_repo_key_id

OpenPGP public key specified by fingerprint which is used to sign the APT repository.

owncloud__apt_repo_key_id: 'DDA2C105C4B73A6649AD2BBD47AE7F72479BC94B'
owncloud__old_apt_repo_keys

Old or unused OpenPGP public keys specified by fingerprint which where previously used to sign the APT repository. The keys listed here are ensured to be absent to reduce the risk if one of the keys gets compromised.

owncloud__old_apt_repo_keys:
  - 'F9EA4996747310AE79474F44977C43A8BA684223'
  - 'BCECA90325B072AB1245F739AB7C32C35180350A'
owncloud__src_remote_dir

File path used to store application sources on the remote system. This is currently only used to copy the OpenPGP public key to the remote.

owncloud__src_remote_dir: '{{
  (ansible_local.root.src
  if (ansible_local|d() and ansible_local.root|d() and
      ansible_local.root.src|d())
  else "/usr/local/src") + "/owncloud" }}'
owncloud__apt_repo_source

APT sources.list URL of the ownCloud .deb repository.

owncloud__apt_repo_source: '{{ "deb http://" + owncloud__apt_repo_base + "/" +
                               owncloud__distribution + "/ /" }}'
owncloud__user

User that will be used for the ownCloud instance.

owncloud__user: '{{ ansible_local.nginx.user
                    if (ansible_local|d() and ansible_local.nginx|d() and
                        ansible_local.nginx.user|d())
                    else "www-data" }}'
owncloud__group

Group that will be used for the ownCloud instance.

owncloud__group: '{{ owncloud__user }}'
owncloud__home

Directory under which ownCloud will be installed.

owncloud__home: '/var/www/owncloud'
owncloud__data_path

Path where ownCloud data directory and files are stored.

owncloud__data_path: '{{ owncloud__home }}/data'
owncloud__temp_path

Directory which ownCloud will use as temp directory.

In case /tmp has limited space (for example is a ramdisk) or is otherwise restricted then it is a good idea to change the temp directory that ownCloud uses to a path with more space available.

The default (empty string) is to let ownCloud figure out which temp directory it should use which probably results in /tmp/owncloudtemp unless otherwise influenced by environment variables and such.

See also owncloud__php_temp_path.

owncloud__temp_path: ''
owncloud__deploy_path

Where the ownCloud instance will be deployed (web root).

owncloud__deploy_path: '{{ owncloud__home }}'

In memory caching

Refer to the official ownCloud documentation for details.

owncloud__apcu_enabled

Whether APCu should be used for local caching. Refer to the official ownCloud documentation for details.

owncloud__apcu_enabled: True
owncloud__redis_enabled

Use Redis for file locking as recommended for small and large installations. The default is to auto detect if Redis is enabled on the remote server and in that case automatically use it for file locking. Note that ownCloud requires version 2.2.5+ of the redis PHP package. This requirement is not meet for Ubuntu trusty (neither in the release repos nor in backports) thus Redis will not be enabled automatically by the role. Refer to the official ownCloud documentation for details.

owncloud__redis_enabled: '{{ ansible_local|d() and ansible_local.redis|d() and
                             ansible_local.redis.enabled|d() | bool and
                             (not (ansible_distribution == "Ubuntu" and ansible_distribution_release == "trusty")) }}'
owncloud__redis_host

Redis server to use when owncloud__redis_enabled is True.

owncloud__redis_host: '{{ ansible_local.redis.host
                          if (ansible_local|d() and ansible_local.redis|d() and
                              ansible_local.redis.host|d())
                          else "localhost" }}'
owncloud__redis_port

Network port on which the Redis server is listening on.

owncloud__redis_port: '{{ ansible_local.redis.port
                          if (ansible_local|d() and ansible_local.redis|d() and
                              ansible_local.redis.port|d())
                          else "6379" }}'
owncloud__redis_password

Redis server authentication password.

owncloud__redis_password: '{{ ansible_local.redis.password
                              if (ansible_local|d() and ansible_local.redis|d() and
                                  ansible_local.redis.password|d())
                              else omit }}'

Database configuration

owncloud__database

ownCloud recommends MySQL or MariaDB as database. Set to False to use SQLite. Refer to the official ownCloud documentation for details. See the owncloud__database_map for the databases support by this role.

owncloud__database: 'mariadb'
owncloud__database_server

FQDN of the database server. It will be configured by the debops.mariadb or debops.postgresql role.

owncloud__database_server: '{{ ansible_local[owncloud__database].server }}'
owncloud__database_port

Port database is listening on.

owncloud__database_port: '{{ ansible_local[owncloud__database].port }}'
owncloud__database_user

Database user to use for ownCloud.

owncloud__database_user: 'owncloud'
owncloud__database_name

Name of the database to use for ownCloud.

owncloud__database_name: 'owncloud'
owncloud__database_password_path

Path to database password file.

owncloud__database_password_path: '{{ secret + "/" + owncloud__database + "/"
                                      + ansible_local[owncloud__database].delegate_to
                                      + (("/" + ansible_local[owncloud__database].port)
                                         if (owncloud__database == "postgresql")
                                         else "")
                                      + "/credentials/" + owncloud__database_user + "/password" }}'
owncloud__database_password

Database password for ownCloud.

owncloud__database_password: '{{ lookup("password", owncloud__database_password_path + " length=48") }}'
owncloud__database_map
owncloud__database_map:

  # MySQL/MariaDB database.
  mariadb:
    dbtype: 'mysql'
    dbname: '{{ owncloud__database_name|d(owncloud__user) }}'
    dbuser: '{{ owncloud__database_user|d(owncloud__user) }}'
    dbpass: '{{ owncloud__database_password }}'
    dbhost: '{{ owncloud__database_server|d("localhost") }}'
    dbtableprefix: ''

  # PostgreSQL database on localhost, connection through Unix socket, no default password.
  postgresql:
    dbtype: 'pgsql'
    dbname: '{{ owncloud__database_name|d(owncloud__user) }}'
    dbuser: '{{ owncloud__database_user|d(owncloud__user) }}'
    dbpass: ''
    dbhost: '{{ owncloud__database_server|d("/var/run/postgresql") }}'
    dbtableprefix: ''

  sqlite:
    dbtype: 'sqlite'

ownCloud admin login/password

owncloud__admin_username

Default admin username, in the form 'admin-$USER'. Set to False to disable automatic username and password.

owncloud__admin_username: 'admin-{{ lookup("env","USER") }}'
owncloud__admin_password_path

Path to database password file.

owncloud__admin_password_path: '{{ secret + "/credentials/" + ansible_fqdn +
                                  "/owncloud/admin/" + owncloud__admin_username +
                                  "/password" }}'
owncloud__password_length

Length of randomly generated admin password.

owncloud__password_length: 20
owncloud__admin_password

Default admin password. A random password will be generate by default as documented by the debops.secret role.

owncloud__admin_password: '{{ lookup("password", owncloud__admin_password_path
                              + " length=" + (owncloud__password_length|string)) }}'
owncloud__autosetup

Should Ansible automatically finish the ownCloud setup on it's own? Disabled if admin_username is set to False.

owncloud__autosetup: True
owncloud__autosetup_url

URL which will be called to finish autosetup of ownCloud 8.0. For newer ownCloud versions occ will be used which is more reliable because it does not depend on the webserver nor network.

owncloud__autosetup_url: 'http://{{ owncloud__fqdn if owncloud__fqdn is string else owncloud__fqdn[0] }}/index.php'

ownCloud configuration

owncloud__fqdn

The Fully Qualified Domain Name to use for the ownCloud instance.

owncloud__fqdn: 'cloud.{{ owncloud__domain }}'
owncloud__domain

Domain that will be configured for the ownCloud instance.

owncloud__domain: '{{ ansible_local.core.domain
                      if (ansible_local|d() and ansible_local.core|d() and
                          ansible_local.core.domain|d())
                      else (ansible_domain if ansible_domain else ansible_hostname) }}'
owncloud__upload_size

Max upload size set in nginx and PHP, with amount as M or G. Before you change this be sure to understand Uploading big files > 512MB of the official ownCloud documentation.

owncloud__upload_size: '2G'
owncloud__cron_minute

At what time cron should execute background jobs Refer to the official ownCloud documentation for details.

owncloud__cron_minute: '*/15'
owncloud__timeout

Timeouts in seconds for application requests.

Refer to the official ownCloud documentation for details.

owncloud__timeout: 3600
owncloud__app_user_webfinger_support

Should the Webfinger application be supported? Set this to True if you are planning to use this app.

owncloud__app_user_webfinger_support: False

ownCloud config.php configuration

The dicts of this section ends up in owncloud/config/debops.config.php and override the values from owncloud/config/config.php.

TODO: Note that as of ownCloud 9.0, you can not unset a setting which was once set in debops.config.php because ownCloud might copies it to config.php. Possible fix: occ config:system:set

For more information refer to owncloud__config.

owncloud__role_config

See ownCloud config.php configuration. This variable is used internally, controlled by other variables of this role.

owncloud__role_config:

  trusted_domains: '{{ [ owncloud__fqdn ] if owncloud__fqdn is string else owncloud__fqdn }}'

  ## https://github.com/owncloud/core/issues/22257
  ## TODO: Temporary workaround until all package maintainers have caught up.
  ## Edit: Have caught up as of 9.0.2-1.1. Remove this config in a while when
  ## it is expected that all users are running 9.0.2 or later.
  'updatechecker': False

  'memcache.local':
    state: '{{ "present" if (owncloud__apcu_enabled|bool) else "absent" }}'
    value: '\\OC\\Memcache\\APCu'

  'memcache.locking':
    state: '{{ "present" if (owncloud__redis_enabled|bool) else "absent" }}'
    value: '\\OC\\Memcache\\Redis'

  'redis':
    state: '{{ "present" if (owncloud__redis_enabled|bool) else "absent" }}'
    value:
      host: '{{ owncloud__redis_host }}'
      port: '{{ owncloud__redis_port|int }}'
      password: '{{ owncloud__redis_password }}'

  'tempdirectory':
    state: '{{ "present" if (owncloud__temp_path != "") else "absent" }}'
    value: '{{ owncloud__temp_path }}'

See ownCloud config.php configuration. This variable is a set of optional settings for ownCloud recommended by the maintainers of this role. Set:

1
owncloud__role_recommended_config: {}

in your inventory when you want to disable it.

owncloud__role_recommended_config:

  ## The default timezone for logfiles is UTC.
  logtimezone: '{{ ansible_local.timezone if (ansible_local|d() and ansible_local.timezone|d()) else "Etc/UTC" }}'

  ## Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info,
  ##  2 = Warning, 3 = Error, and 4 = Fatal. The default value is Warning.
  loglevel: 2

  ## ISO 8601 datetime: 2004-02-12T15:19:21+00:00
  logdateformat: 'Y-m-d H:i:s.u'
owncloud__config

See ownCloud config.php configuration. This variable is intended to be used in Ansible’s global inventory. More specific variables can overrule less specific variables.

owncloud__config: {}
owncloud__group_config

See ownCloud config.php configuration. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported).

owncloud__group_config: {}
owncloud__host_config

See ownCloud config.php configuration. This variable is intended to be used in the inventory of hosts.

owncloud__host_config: {}

ownCloud applications configuration

Dictionary of ownCloud application settings. Check the output of occ config:list to see how the settings are called. You might need to change a particular setting via the web interface in order for it to appear in the output.

Note that the occ can also change ownCloud system settings but this should be done via ownCloud config.php configuration.

Examples:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
owncloud__apps_config:

  ## Set the default quota for all users which don’t have more explicit
  ## quota settings to 100 MB.
  files:
    default_quota: '100 MB'

  ## Disable Federated Cloud Sharing:
  ## * Allow users on this server to send shares to other servers
  ## * Allow users on this server to receive shares from other servers
  core:
    incoming_server2server_share_enabled: 'no'
    outgoing_server2server_share_enabled: 'no'
  files_sharing:
    incoming_server2server_share_enabled: 'no'
    outgoing_server2server_share_enabled: 'no'

  ## Disable Federation:
  ## * Add server automatically once a federated share was created successfully
  federation:
    autoAddServers: '0'

Refer to the official ownCloud documentation for details.

owncloud__optional_apps_config

See ownCloud applications configuration. Role dictionary of ownCloud application settings. This variable is a set of optional settings for ownCloud recommended by the maintainers of this role.

owncloud__role_apps_config:
  documents:
    enabled: '{{ "yes" if (owncloud__app_documents_enabled | bool) else "no" }}'
    converter: 'local'
owncloud__apps_config

See ownCloud applications configuration. Global dictionary of ownCloud application settings. This variable is intended to be used in Ansible’s global inventory. More specific variables can overrule less specific variables.

owncloud__apps_config: {}
owncloud__group_apps_config

See ownCloud applications configuration. Group dictionary of ownCloud application settings. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported).

owncloud__group_apps_config: {}
owncloud__host_apps_config

See ownCloud applications configuration. Host dictionary of ownCloud application settings. This variable is intended to be used in the inventory of hosts.

owncloud__host_apps_config: {}
owncloud__dependent_apps_config

See ownCloud applications configuration. This variable is intended to be used from other Ansible roles, for usage as a dependent role.

owncloud__dependent_apps_config: {}
owncloud__app_documents_enabled

Whether the ownCloud documents application should be enabled. Not enabled by default because, as of ownCloud 9.0, the application is not shipped by default. Note that this will install LibreOffice plus dependencies on the server.

owncloud__app_documents_enabled: False
owncloud__app_documents_libreoffice_enabled

Should LibreOffice be installed on the server so that the documents app can work with proprietary document formats such as Microsoft Office?

owncloud__app_documents_libreoffice_enabled: False

External storage

Refer to the External storage section for more details.

owncloud__smb_support

Should SMB/CIFS be support by installing the required system packages and enabling the required ownCloud application?

owncloud__smb_support: False

ownCloud raw occ commands

List of occ commands to run. It can be used to enable apps, add users and more which can be useful when deploying ownCloud.

Examples:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
owncloud__occ_cmd_list:

  - command: 'app:enable external'

  ## Create an additional admin account.
  - command: 'user:add --password-from-env --display-name="Administrator" --group="admin" admin'
    ## Does not work with ownCloud 8.0 or below so don’t run it there.
    when: '{{ owncloud__release | version_compare("8.1", ">=") }}'
    env:
      OC_PASS: "{{ lookup('password', secret + '/credentials/' +
                   ansible_fqdn + '/owncloud/admin/' + 'admin' +
                   '/password length=' + owncloud__password_length) }}"

  ## Create an regular user. Note that you probably want to use an existing
  ## user database like LDAP.
  - command: 'user:add --password-from-env --display-name="Normal user" user'
    when: '{{ owncloud__release | version_compare("8.1", ">=") }}'
    env:
      OC_PASS: "{{ lookup('password', secret + '/credentials/' +
                   ansible_fqdn + '/owncloud/users/' + 'user' +
                   '/password length=' + owncloud__password_length) }}"

Refer to the official ownCloud documentation for details.

owncloud__role_occ_cmd_list

Default list of occ commands to run. Command present of role to automate certain tasks. See ownCloud raw occ commands.

owncloud__role_occ_cmd_list:
  ## Disable the updater because it does not work anyway with the way ownCloud
  ## is setup by this role using packages.
  ## Since ownCloud 9 it is called `updatenotification`.
  - command: 'app:disable updater'
    when: '{{ owncloud__release | version_compare("8.2", "<=") }}'

  - command: 'app:enable user_ldap'
    when: '{{ owncloud__ldap_enabled|bool }}'

  - command: 'app:enable files_external'
    when: '{{ owncloud__smb_support|bool }}'
owncloud__occ_cmd_list

See ownCloud raw occ commands. This variable is intended to be used in Ansible’s global inventory.

owncloud__occ_cmd_list: []
owncloud__group_occ_cmd_list

See ownCloud raw occ commands. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported).

owncloud__group_occ_cmd_list: []
owncloud__host_occ_cmd_list

See ownCloud raw occ commands. This variable is intended to be used in the inventory of hosts.

owncloud__host_occ_cmd_list: []
owncloud__dependent_occ_cmd_list

See ownCloud raw occ commands. This variable is intended to be used from other Ansible roles, for usage as a dependent role.

owncloud__dependent_occ_cmd_list: []
owncloud__occ_bin_file_path

Where the occ wrapper script should be installed.

owncloud__occ_bin_file_path: '{{ (ansible_local.root.bin
                                  if (ansible_local|d() and ansible_local.root|d() and
                                      ansible_local.root.bin|d())
                                  else "/usr/local/bin") + "/occ" }}'

ownCloud user files

These lists allow you to manage files for ownCloud users, either by copying files from the Ansible Controller or providing the contents directly in Ansible inventory. You can use all parameters supported by the Ansible copy module.

See owncloud__user_files for more details.

owncloud__user_files

Manage ownCloud user files on all hosts in Ansible’s inventory.

owncloud__user_files: []
owncloud__user_files_group

Manage ownCloud user files on hosts in a specific Ansible inventory group.

owncloud__user_files_group: []
owncloud__user_files_host

Manage ownCloud user files on specific hosts in Ansible’s inventory.

owncloud__user_files_host: []

LDAP authentication

Refer to the official ownCloud documentation and to the External users section for more details.

owncloud__ldap_enabled

Enable LDAP support. ownCloud support multiple LDAP servers but this role configures only default one. If you need something more complex you can use owncloud__occ_cmd_list.

owncloud__ldap_enabled: False
owncloud_ldap_update_settings

Ensure that the settings listed in owncloud__ldap_conf_map are up-to-date on the remote system. Set to False to only configure LDAP settings in ownCloud when ownCloud currently has no LDAP configuration.

owncloud_ldap_update_settings: True
owncloud__ldap_create_user

Should the owncloud__ldap_binddn LDAP user be created if it does not exist?

owncloud__ldap_create_user: True
owncloud__ldap_domain

Domain name used to generate base DN.

owncloud__ldap_domain: '{{ owncloud__domain }}'
owncloud__ldap_basedn

Base DN

owncloud__ldap_basedn: '{{ "dc=" + owncloud__ldap_domain.split(".") | join(",dc=") }}'
owncloud__ldap_binddn

DN to bind as

owncloud__ldap_binddn: '{{ "cn=owncloud," + secret_ldap_services_dn }}'
owncloud__ldap_host
owncloud__ldap_host: 'ldap.{{ owncloud__domain }}'
owncloud__ldap_password_file
owncloud__ldap_password_file: '{{ secret + "/credentials/" + owncloud__ldap_host + "/slapd/" + owncloud__ldap_basedn + "/" + owncloud__ldap_binddn + ".password" }}'
owncloud__ldap_password
owncloud__ldap_password: '{{ lookup("password", owncloud__ldap_password_file) }}'
owncloud__ldap_method
owncloud__ldap_method: 'ssl'
owncloud__ldap_port
owncloud__ldap_port: '{{ 636 if (owncloud__ldap_method in ["ssl", "tls"]) else 389 }}'
owncloud__ldap_user_display_name

The attribute that should be used as display name in ownCloud. Refer to the official ownCloud documentation for details.

owncloud__ldap_user_display_name: 'cn'
owncloud__ldap_user_filter

Use this to control which LDAP users are listed as ownCloud users on your ownCloud server. Refer to the official ownCloud documentation for details.

owncloud__ldap_user_filter: '(|(objectclass=inetOrgPerson))'
owncloud__ldap_user_filter_objectclass

Refer to the official ownCloud documentation for details.

owncloud__ldap_user_filter_objectclass: 'inetOrgPerson'
owncloud__ldap_group_filter

Refer to the official ownCloud documentation for details.

owncloud__ldap_group_filter: '(&(|(objectclass=posixGroup)))'
owncloud__ldap_group_filter_groups

Refer to the official ownCloud documentation for details.

owncloud__ldap_group_filter_groups: ''
owncloud__ldap_group_filter_objectclass

Refer to the official ownCloud documentation for details.

owncloud__ldap_group_filter_objectclass: 'posixGroup'
owncloud__ldap_login_filter

The settings in the Login Filter tab determine which LDAP users can log in to your ownCloud system. Refer to the official ownCloud documentation for details.

owncloud__ldap_login_filter: '(&(|(objectclass=inetOrgPerson))(uid=%uid))'
owncloud__ldap_login_filter_attributes

Refer to the official ownCloud documentation for details.

owncloud__ldap_login_filter_attributes: ''
owncloud__ldap_group_assoc_attribute

Attribute which ownCloud uses to match members of the group.

Possible values:

memberUid
Useful for OpenLDAP with PosixGroups. Attribute contains only UID of the user.
uniqueMember
Attribute contains full DN of the user.
member
FIXME Attribute contains full DN of the user.
owncloud__ldap_group_assoc_attribute: 'memberUid'
owncloud__home_folder_naming_rule

By default, the ownCloud server creates the user directory in your ownCloud data directory and gives it the ownCloud username, .e.g /var/www/owncloud/data/alice. You may want to override this setting and name it after an LDAP attribute value. The attribute can also return an absolute path, e. g. /mnt/storage43/alice. Leave it empty for default behavior. Refer to the official ownCloud documentation for details.

owncloud__home_folder_naming_rule: 'attr:uid'

Advanced settings

owncloud__ldap_cache_ttl

A cache is introduced to avoid unnecessary LDAP traffic, for example caching usernames so they don’t have to be looked up for every page, and speeding up loading of the Users page. Saving the configuration empties the cache. The time is given in seconds.

Note that almost every PHP request requires a new connection to the LDAP server. If you require fresh PHP requests we recommend defining a minimum lifetime of 15s or so, rather than completely eliminating the cache.

Refer to the official ownCloud documentation for details.

owncloud__ldap_cache_ttl: '600'

Expert settings

owncloud__ldap_expert_username_attr

The internal username is the identifier in ownCloud for LDAP users. By default it will be created from the UUID attribute. The UUID attribute ensures that the username is unique, and that characters do not need to be converted. Only these characters are allowed: [a-zA-Z0-9_.@-]. Other characters are replaced with their ASCII equivalents, or are simply omitted.

The LDAP backend ensures that there are no duplicate internal usernames in ownCloud, i.e. that it is checking all other activated user backends (including local ownCloud users). On collisions a random number (between 1000 and 9999) will be attached to the retrieved value. For example, if alice exists, the next username may be alice_1337.

The internal username is the default name for the user home folder in ownCloud. It is also a part of remote URLs, for instance for all DAV services.

You can override all of this with the Internal Username setting. Leave it empty for default behaviour. Changes will affect only newly mapped LDAP users.

You will need to add this variable yourself to owncloud__ldap_conf_map right now.

For a Microsoft Windows environment, putting this:

1
owncloud__ldap_expert_username_attr: 'sAMAccountName'

in your inventory might come in handy to use the user names from AD as user names in ownCloud.

owncloud__ldap_expert_username_attr: ''
owncloud__ldap_conf_map
owncloud__ldap_conf_map:
  ldapHost: '{{ "ldaps://" if (owncloud__ldap_method in ["ssl", "tls"]) else "" }}{{ owncloud__ldap_host }}'
  ldapPort: '{{ owncloud__ldap_port }}'
  ldapAgentName: '{{ owncloud__ldap_binddn }}'
  ldapBase: '{{ owncloud__ldap_basedn }}'
  ldapEmailAttribute: 'mail'
  ldapConfigurationActive: '1'
  ldapUserDisplayName: '{{ owncloud__ldap_user_display_name }}'
  ldapUserFilter: '{{ owncloud__ldap_user_filter }}'
  ldapUserFilterObjectclass: '{{ owncloud__ldap_user_filter_objectclass }}'
  ldapLoginFilter: '{{ owncloud__ldap_login_filter }}'
  ldapLoginFilterAttributes: '{{ owncloud__ldap_login_filter_attributes }}'
  ldapGroupFilter: '{{ owncloud__ldap_group_filter }}'
  ldapGroupFilterGroups: '{{ owncloud__ldap_group_filter_groups }}'
  ldapGroupFilterObjectclass: '{{ owncloud__ldap_group_filter_objectclass }}'
  ldapGroupMemberAssocAttr:  '{{ owncloud__ldap_group_assoc_attribute }}'
  homeFolderNamingRule: '{{ owncloud__home_folder_naming_rule }}'
  ldapCacheTTL: '{{ owncloud__ldap_cache_ttl }}'

ownCloud Mail configuration

Refer to the official ownCloud documentation about config.php and the official ownCloud documentation about email configuration for details.

owncloud__mail_domain
owncloud__mail_domain: '{{ owncloud__fqdn if owncloud__fqdn is string else owncloud__fqdn[0] }}'
owncloud__mail_from_address

From address that overrides the built-in sharing-noreply and lostpassword-noreply from addresses.

owncloud__mail_from_address: 'noreply'
owncloud__mail_smtpmode

Which mode to use for sending mail. Choices are:

  • sendmail
  • smtp
  • qmail
  • php
owncloud__mail_smtpmode: 'sendmail'
owncloud__mail_smtphost

Specify the IP address of your mail server host. This may contain multiple hosts separated by a semi-colon. If you need to specify the port number append it to the IP address separated by a colon, like this: 127.0.0.1:24.

This depends on owncloud__mail_smtpmode.

owncloud__mail_smtphost: 'smtp.{{ owncloud__domain }}'
owncloud__mail_smtpport

Port for sending mail. Can also be specified via owncloud__mail_smtphost. This depends on owncloud__mail_smtpmode.

owncloud__mail_smtpport: '25'
owncloud__mail_conf_map

This configuration ends up in mail.config.php and override the values from config.php. Set to:

1
owncloud__mail_conf_map: {}

if you want to be able to configure/change this via the admin web interface.

owncloud__mail_conf_map:
  mail_domain: '{{ owncloud__mail_domain }}'
  mail_from_address: '{{ owncloud__mail_from_address  }}'
  mail_smtpmode: '{{ owncloud__mail_smtpmode }}'
  mail_smtphost: '{{ owncloud__mail_smtphost }}'
  mail_smtpport: '{{ owncloud__mail_smtpport }}'

Theming ownCloud

Refer to the official ownCloud documentation for details. See also ownCloud Trademark Guidelines.

owncloud__theme_active

Name of the theme to activate. Generation of a custom theme can be influenced by the following options.

In case you already have a theme you want to use, you can alternatively provide the theme under /var/www/owncloud/themes/$your_theme_name (for example using debops.resources) and set this variable to $your_theme_name. Note that the role maintainers recommend to let the role assemble your theme. See the following options.

owncloud__theme_active: 'debops'
owncloud__theme_directory_name

Directory name where the custom theme generated by this role will be stored under. This variable has the same format as the owncloud__theme_active option. If you don’t want this role to generate a theme for you, you can set this to an empty string to disable this feature. The generated theme name defaults to debops to allow enabling it via owncloud__theme_active.

owncloud__theme_directory_name: 'debops'
owncloud__theme_title

Title of your ownCloud. This variable is included in the HTML title tag on all pages.

owncloud__theme_title: 'DebOps Cloud'
owncloud__theme_name

Name of your ownCloud or software. This is shown when sharing a file/dir as link for example.

owncloud__theme_name: 'DebOps Cloud'
owncloud__theme_name_html

Name of your ownCloud. HTML code can be used in this variable to create hyperlinks for example.

owncloud__theme_name_html: '{{ owncloud__theme_name }}'
owncloud__theme_entity_name

Entity string for your ownCloud. For example the name of your company. This string is used in the footer and the copyright.

owncloud__theme_entity_name: 'DebOps'
owncloud__theme_base_url

Base URL to get more information about your ownCloud. By default, owncloud__theme_entity_name links to this URL on the login page. Use an empty string to use the default URL pointing to the ownCloud website.

owncloud__theme_base_url: 'https://github.com/debops/ansible-owncloud'
owncloud__theme_slogan

Slogan of your ownCloud. This is shown by default on the bottom of the login page. It should not contain </br> (newline) because at least ownCloud as of version 9.0 can’t automatically adjust to that. Use an empty string to use the default slogan provided by ownCloud.

See under Apps, Product and Service Names, and Compatibility References for more suggestions.

owncloud__theme_slogan: 'Powered by <a href="{{ owncloud__variant_url_map[owncloud__variant] }}">{{ owncloud__variant_name_map[owncloud__variant] }}</a>'

Short version of the footer. The value can contain arbitrary PHP and HTML code. You will need to take care of quotes yourself.

owncloud__theme_footer_short: |
  'Setup by <a href="' . $this->getBaseUrl() . '" target="_blank\">' . $this->getEntity() . '</a><br/>' .
  '{{ owncloud__theme_slogan }}'

Long version of the footer. See owncloud__theme_footer_short for details. TODO: What exactly is the difference?

owncloud__theme_footer_long: '{{ owncloud__theme_footer_short }}'

Return statement the buildDocLinkToKey function which allows you to alter the URL used when referring to the documentation. The value can contain arbitrary PHP and HTML code. You will need to take care of quotes yourself. The reason for not going with the ownCloud default is that it seems to point to 8.0 even for the 9.0.2 release. Seems to be a bug.

owncloud__theme_doc_link_to_key: '$this->getDocBaseUrl() . ''/server/{{ owncloud__release }}/go.php?to='' . $key'
owncloud__theme_copy_files

Global dictionary of additional files to place in the theme. This variable is intended to be used in Ansible’s global inventory. More specific variables can overrule less specific variables. The key is the target file path in the ownCloud theme directory. The state value allows to make files absent. All other options correspond to the options of the Ansible copy module.

To change the logo on the login page you can use:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
owncloud__theme_copy_files:

  'core/img/logo.svg':
    ## Prefer SVG: https://github.com/owncloud/core/issues/5676#issuecomment-27649493
    src: '/src/path/on/your/ansible/controller/logo.svg'

  'core/css/styles.css':
    content: |
      /* Use logo from theme. */
      #header .logo {
        background-image: url('../img/logo.svg');
        width: 250px;
        height: 121px;
      }

in your inventory.

owncloud__theme_copy_files: {}
owncloud__theme_copy_files_host_group

Host group dictionary of additional files to place in the theme. This variable is intended to be used in a host inventory group of Ansible (only one host group is supported). Refer to owncloud__theme_copy_files for more details.

owncloud__theme_copy_files_host_group: {}
owncloud__theme_copy_files_host

Host dictionary of additional files to place in the theme. This variable is intended to be used in the inventory of hosts. Refer to owncloud__theme_copy_files for more details.

owncloud__theme_copy_files_host: {}
owncloud__theme_conf_map

This configuration ends up in theme.config.php and override the values from config.php. Refer to the official ownCloud documentation for details.

owncloud__theme_conf_map:
  theme: '{{ owncloud__theme_active }}'

Webserver

owncloud__webserver

Variable containing the used webserver which can be used. Refer to Getting started for how to switch webservers.

owncloud__webserver: '{{
    ("nginx" if ((["debops_service_owncloud", "debops_service_owncloud_nginx"] | intersect(group_names) | length) > 0) else "") +
    ("apache" if ((["debops_service_owncloud_apache"] | intersect(group_names) | length) > 0) else "")
  }}'
owncloud__apache_modules

Variable containing the used webserver which can be used. Refer to Getting started for how to switch webservers. TODO: Enable on Debian package scripts to ensure that the PHP module is enabled as the name of the module is not deterministic with php5 and php7.0.

owncloud__apache_modules: []
owncloud__nginx_client_body_temp_path

Defines the directory where Nginx will temporary store files holding client request bodies. Refer to the the Nginx documentation for details.

The default (empty string) is to not change the default of the webserver. TODO: Confirm that this variable does what it says.

owncloud__nginx_client_body_temp_path: ''
owncloud__nginx_access_log_assets

Should the access to assets be logged by nginx?

owncloud__nginx_access_log_assets: True

PHP

owncloud__php_temp_path

Directory which PHP will use as temp directory.

In case /tmp has limited space (for example is a ramdisk) or is otherwise restricted then it is recommended to change the temp directory which PHP uses to a path with more space available. This directory is used to cache uploaded files when using Apache. See also owncloud__temp_path.

Empty string will not change the temp directory of PHP.

owncloud__php_temp_path: ''
owncloud__php_output_buffering

Output buffering set in PHP, with amount set in megabytes. Refer to the official ownCloud documentation for details.

owncloud__php_output_buffering: '0'
owncloud__php_max_children

Max children processes to run in php fpm. FIXME: Check if default of debops.php might be sufficient.

owncloud__php_max_children: '50'

Role-dependent configuration

owncloud__apt_preferences__dependent_list

Configuration for the debops.apt_preferences role.

owncloud__apt_preferences__dependent_list:

  - package: 'php5-apcu'
    backports: [ 'trusty' ]
    reason: 'ownCloud requires at least APCu version 4.0.6.'
    by_role: 'debops.owncloud'
    state: '{{ owncloud__deploy_state }}'
owncloud__apt_preferences__dependent_list_optional

Optional configuration for the debops.apt_preferences role. Only required when APT preference presets from the debops.apt_preferences role are used.

owncloud__apt_preferences__dependent_list_optional:

  - package: 'owncloud owncloud*'
    reason: 'Use download.owncloud.org even when foreign sources are disabled by global APT preferences.'
    pin: 'origin "download.owncloud.org"'
    priority: 995
    by_role: 'debops.owncloud'
    state: '{{ owncloud__deploy_state }}'
owncloud__apache__dependent_snippets

Apache configuration snippets managed by the debops.apache role. Disable the /etc/apache2/conf-enabled/owncloud.conf which configures ownCloud below /owncloud.

owncloud__apache__dependent_snippets:
  'owncloud':
    enabled: False
    type: 'dont-create'
owncloud__apache__dependent_vhosts

Apache virtual host managed by the debops.apache role.

owncloud__apache__dependent_vhosts:

  - type: 'default'
    name: '{{ owncloud__fqdn }}'
    by_role: 'debops.owncloud'
    filename: 'debops.owncloud'
    root: '{{ owncloud__home }}'
    options: '+FollowSymLinks'
    allow_override: 'All'
    root_directives: |
      <IfModule mod_dav.c>
            Dav off
      </IfModule>

      SetEnv HOME {{ owncloud__home }}
      SetEnv HTTP_HOME {{ owncloud__home }}

      {# Does not work.
      ## Tested with while uploading with:
      ## while true; do df -h /tmp|tail -n 1; sleep 0.1; done
      ## Currently configured in PHP Apache scope: owncloud__php__dependent_configuration
      {% if owncloud__php_temp_path != "" %}
      <IfModule mod_php5.c>
        php_value sys_temp_dir '{{ owncloud__php_temp_path }}'
      </IfModule>
      <IfModule mod_php7.c>
        php_value sys_temp_dir '{{ owncloud__php_temp_path }}'
      </IfModule>
      {% endif %}
      # SetEnv TMPDIR '{{ owncloud__php_temp_path }}'
      #}
    raw_content: |
      <Directory "{{ owncloud__home }}/data/">
          # Just in case the .htaccess gets disabled.
          Require all denied
      </Directory>
      {% if owncloud__data_path != (owncloud__home + "/data") %}
      <Directory {{ owncloud__data_path | quote }}>
          # Just in case someone changes the global Apache defaults and messed
          # with the "Alias" directive ;)
          Require all denied
      </Directory>
      {% endif %}
    http_sec_headers_directive_options: 'set'
owncloud__nginx__dependent_servers

nginx server configuration managed by the debops.nginx role.

owncloud__nginx__dependent_servers:

  ## https://github.com/owncloud/documentation/blob/master/admin_manual/installation/nginx_owncloud_9x.rst
  ## https://github.com/owncloud/documentation/blob/master/admin_manual/installation/nginx_examples.rst
  ## https://doc.owncloud.org/server/9.0/admin_manual/issues/general_troubleshooting.html
  - type: 'default'
    enabled: True
    default: False
    by_role: 'debops.owncloud'
    filename: 'debops.owncloud'
    name: '{{ owncloud__fqdn }}'
    root: '{{ owncloud__deploy_path }}'

    ## https://doc.owncloud.org/server/9.0/admin_manual/issues/general_troubleshooting.html#common-problems-error-messages
    ## DebOps default should be fine.
    # keepalive: '3600'

    robots_tag: [ 'none' ]
    permitted_cross_domain_policies: 'none'

    options: |
      add_header X-Download-Options noopen;

      # Set max upload size.
      client_max_body_size {{ owncloud__upload_size }};
      {% if owncloud__nginx_client_body_temp_path %}
      client_body_temp_path '{{ owncloud__nginx_client_body_temp_path }}';
      {% endif %}
      fastcgi_buffers 64 4K;

      {% if owncloud__app_user_webfinger_support | bool %}
      rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
      rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
      {% endif %}

      # Disable gzip to avoid the removal of the ETag header
      gzip off;

      # Uncomment if your server is build with the ngx_pagespeed module
      # This module is currently not supported.
      #pagespeed off;

      error_page            403             /core/templates/403.php;
      error_page            404             /core/templates/404.php;


      # Avoid to send the security headers twice as ownCloud
      # also adds the X-* HTTP headers.
      fastcgi_param modHeadersAvailable true;

    location_list:
      - pattern: '= /robots.txt'
        options: |
          log_not_found off;

      - pattern: '= /.well-known/carddav'
        options: |
          return 301 $scheme://$host/remote.php/dav;

      - pattern: '= /.well-known/caldav'
        options: |
          return 301 $scheme://$host/remote.php/dav;

      - pattern: '= /'
        options: |
          ## Not used in the Nginx configuration example of ownCloud.
          ## Needed because `security.limit_extensions` defaults to `.php` in DebOps.
          rewrite ^ /index.php;

      - pattern: '/'
        options: |
          rewrite ^ /index.php$uri;

      - pattern: '~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/'
        options: |
          deny all;

      - pattern: '~ ^/(?:\.|autotest|occ|issue|indie|db_|console)'
        options: |
          deny all;

      - pattern: '~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/)'
        options: |
          include fastcgi_params;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;
          fastcgi_param HTTPS on;
          fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
          fastcgi_param front_controller_active true;

          fastcgi_pass php_owncloud;

          fastcgi_intercept_errors on;

          {% if (ansible_local.nginx.version if (ansible_local|d() and ansible_local.nginx|d() and ansible_local.nginx.version|d()) else "0.0") | version_compare("1.7.11",'>=') %}
          fastcgi_request_buffering off;
          {% endif %}

          fastcgi_read_timeout {{ owncloud__timeout }};

      - pattern: '~ ^/(?:updater|ocs-provider)(?:$|/)'
        options: |
          try_files $uri/ =404;
          index index.php;

      - pattern: '~* \.(?:css|js)$'
        options: |
          # Adding the cache control header for js and css files
          # It needs to be below the PHP block.

          try_files $uri /index.php$uri$is_args$args;
          add_header Cache-Control "public, max-age=7200";

          add_header X-Content-Type-Options nosniff;
          add_header X-Frame-Options "SAMEORIGIN";
          add_header X-XSS-Protection "1; mode=block";
          add_header X-Robots-Tag none;
          add_header X-Download-Options noopen;
          add_header X-Permitted-Cross-Domain-Policies none;

          {% if not (owncloud__nginx_access_log_assets|bool) %}
          access_log off;
          {% endif %}

      - pattern: '~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$'
        options: |
          try_files $uri /index.php$uri$is_args$args;

          {% if not (owncloud__nginx_access_log_assets|bool) %}
          access_log off;
          {% endif %}

    ## Not used so that the exact order of locations from the upstream nginx example can be used.
    # type: 'php'
    # php_upstream: 'php_owncloud'
    # php_limit_except: False
    # php5_location: '^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/)'
    # php_options: |
    #   fastcgi_read_timeout {{ owncloud__timeout }};
owncloud__nginx__dependent_upstreams

PHP upstream server configuration managed by the debops.nginx role.

owncloud__nginx__dependent_upstreams:

  - name: 'php_owncloud'
    by_role: 'debops.owncloud'
    enabled: True
    state: '{{ owncloud__deploy_state }}'
    type: 'php'
    php_pool: 'owncloud'

  ## Ensure legacy configuration is absent.
  - name: 'php5_owncloud'
    state: 'absent'
    type: 'php5'
    php5: 'owncloud'
owncloud__php__dependent_packages

List of PHP packages to install using the debops.php role.

owncloud__php__dependent_packages:

  - '{{ owncloud__base_php_packages }}'
  - '{{ owncloud__optional_php_packages }}'
  - '{{ ["libapache2-mod-php"] if (owncloud__webserver == "apache") else [] }}'
owncloud__php__dependent_configuration

php.ini configuration managed by the debops.php role.

owncloud__php__dependent_configuration:

  - filename: '10-owncloud'
    by_role: 'debops.owncloud'
    state: '{{ "present"
               if ((owncloud__apcu_enabled|bool) and (owncloud__release | match("8\.1")))
               else "absent" }}'
    options: |
      ; Workaround for: https://github.com/owncloud/core/issues/17329
      apc.enable_cli = 1

  - filename: 'debops.owncloud'
    path: 'apache2/conf.d/'
    by_role: 'debops.owncloud'
    state: '{{ (owncloud__php_temp_path != "" and owncloud__webserver == "apache") | ternary("present", "absent") }}'
    sections:

      - options: |
          ## TODO: Could not be configured on Apache vhost scope.
          sys_temp_dir = {{ owncloud__php_temp_path | quote }}
owncloud__php__dependent_pools

PHP pools managed by the debops.php role. Refer to the official ownCloud documentation for details.

owncloud__php__dependent_pools:
  name: 'owncloud'
  by_role: 'debops.owncloud'
  user: '{{ owncloud__user }}'
  group: '{{ owncloud__group }}'
  pm_max_children: '{{ owncloud__php_max_children }}'

  ## Overwrite DebOps default to ensure that long running syncing jobs don’t
  ## get killed.
  ## https://secure.php.net/manual/en/install.fpm.configuration.php
  request_terminate_timeout: '{{ owncloud__timeout }}'

  ## This is sometimes seen in other peoples ownCloud configuration.
  ## The role maintainers could not yet verify if it is really needed.
  # rlimit_files: '131072'
  # rlimit_core: 'unlimited'

  ## https://github.com/owncloud/core/blob/master/.user.ini
  ## https://github.com/nextcloud/server/blob/master/.user.ini
  php_values:
    ## https://secure.php.net/manual/en/outcontrol.configuration.php#ini.output-buffering
    output_buffering: '{{ owncloud__php_output_buffering }}'

    ## https://secure.php.net/manual/en/info.configuration.php#ini.upload-max-filesize
    upload_max_filesize: '{{ owncloud__upload_size }}'

    ## https://secure.php.net/manual/en/ini.core.php#ini.post-max-size
    post_max_size: '{{ owncloud__upload_size }}'

    ## https://secure.php.net/manual/de/ini.core.php#ini.memory-limit
    ## FIXME: ownCloud and the PHP manual suggest that it should be enabled.
    ## Is that really needed because the process needs to hold the entire file
    ## in memory or does it support "streaming" the file thought itself?
    ## Currently disabled. Enable when required.
    # memory_limit: '{{ owncloud__upload_size }}'

    ## https://secure.php.net/manual/en/info.configuration.php#ini.max-input-time
    max_input_time: '{{ owncloud__timeout }}'

    ## Refer to: https://secure.php.net/manual/en/info.configuration.php#ini.max-execution-time
    max_execution_time: '{{ owncloud__timeout }}'

  environment:
    # HOSTNAME: '$HOSTNAME'
    # TMP: '/tmp'
    # TMPDIR: '/tmp'
    # TEMP: '/tmp'

    ## Fixes warning (ownCloud 8.1): "The test with getenv('PATH') only returns an empty response"
    PATH: '/usr/local/bin:/usr/bin:/bin'
owncloud__unattended_upgrades__dependent_origins

List of origin patterns managed by the debops.unattended_upgrades role.

owncloud__unattended_upgrades__dependent_origins:

  - origin: 'site=download.owncloud.org'
    by_role: 'debops.owncloud'
    state: '{{ "present" if (owncloud__auto_security_updates_enabled | bool) else "absent" }}'