configpolicy

dustin

configpolicy

Fork 0

Commit Graph

Author	SHA1	Message	Date
Dustin	924107abbe	nextcloud: Support remote database server The _nextcloud_ role originally handled setting up the PostgreSQL database and assumed that it was running on the same server as Nextcloud itself. I have factored out those tasks into their own role, _nextcloud-db_, which can be applied to a separate host. I have also introduced some new variables (`nextcloud_db_host`, `nextcloud_db_name`, `nextcloud_db_user`, and `nextcloud_db_password`), which can be used to specify how to connect to the database, if it is hosted remotely. Since these variables are used by both the _nextcloud_ and _nextcloud-db_ roles, they are actually defined in a separate role, _nextcloud-base_, upon which both depend.	2024-09-02 20:29:51 -05:00
Dustin	c68f10d771	roles/nextcloud: Use Redis for caching The Nextcloud community [recommends][0] using Redis as a cache provider, to improve response times and file locking reliability.	2021-06-25 11:12:12 -05:00
Dustin	d1cdc8bfc3	roles/cert: Add handler topic notification Changing/renewing a certificate generally requires restarting or reloading some service. Since the cert role is intended to be generic and reusable, it naturally does not know what action to take to effect the change. It works well for the initial deployment of a new application, since the service is reloaded anyway in order for the new configuration to be applied. It fails, however, for continuous enforcement, when a certificate is renewed automatically (i.e. by `lego`) but no other changes are being made. This has caused a number of disruptions when some certificate expires and its replacement is available but has not yet been loaded. To address this issue, I have added a handler "topic" notification to the certs role. When either the certificate or private key file is replaced, the relevant task will "notify" a generic handler "topic." This allows some other role to define a specific handler, which "listens" for these notifications, and takes the appropriate action for its respective service. For this mechanism to work, though, the cert role can only be used as a dependency of another role. That role must define the handler and configure it to listen to the generic "certificate changed" topic. As such, each of the roles that are associated with a certificate deployed by the cert role now declare it as a dependency, and the top-level playbooks only include those roles.	2020-12-26 10:38:17 -06:00

Author

SHA1

Message

Date

Dustin

924107abbe

nextcloud: Support remote database server

The _nextcloud_ role originally handled setting up the PostgreSQL
database and assumed that it was running on the same server as Nextcloud
itself.  I have factored out those tasks into their own role,
_nextcloud-db_, which can be applied to a separate host.

I have also introduced some new variables (`nextcloud_db_host`,
`nextcloud_db_name`, `nextcloud_db_user`, and `nextcloud_db_password`),
which can be used to specify how to connect to the database, if it is
hosted remotely.  Since these variables are used by both the _nextcloud_
and _nextcloud-db_ roles, they are actually defined in a separate role,
_nextcloud-base_, upon which both depend.

2024-09-02 20:29:51 -05:00

Dustin

c68f10d771

roles/nextcloud: Use Redis for caching

The Nextcloud community [recommends][0] using Redis as a cache provider,
to improve response times and file locking reliability.

2021-06-25 11:12:12 -05:00

Dustin

d1cdc8bfc3

roles/cert: Add handler topic notification

Changing/renewing a certificate generally requires restarting or
reloading some service.  Since the *cert* role is intended to be generic
and reusable, it naturally does not know what action to take to effect
the change.  It works well for the initial deployment of a new
application, since the service is reloaded anyway in order for the new
configuration to be applied.  It fails, however, for continuous
enforcement, when a certificate is renewed automatically (i.e. by
`lego`) but no other changes are being made.  This has caused a number
of disruptions when some certificate expires and its replacement is
available but has not yet been loaded.

To address this issue, I have added a handler "topic" notification to
the *certs* role.  When either the certificate or private key file is
replaced, the relevant task will "notify" a generic handler "topic."
This allows some other role to define a specific handler, which
"listens" for these notifications, and takes the appropriate action for
its respective service.

For this mechanism to work, though, the *cert* role can only be used as
a dependency of another role.  That role must define the handler and
configure it to listen to the generic "certificate changed" topic.  As
such, each of the roles that are associated with a certificate deployed
by the *cert* role now declare it as a dependency, and the top-level
playbooks only include those roles.

2020-12-26 10:38:17 -06:00

3 Commits (fad63d59732deb0d0d5dd735290eecbae9b2a82b)