From 8cc129661e18aeff08154e0963e9d0d47fc14840 Mon Sep 17 00:00:00 2001 From: hullet Date: Wed, 30 Sep 2020 22:31:22 +0100 Subject: [PATCH 1/2] Changed Nextcloud MySQL Credentials from statis string to variable, for optional increased security. --- group_vars/all.yml | 7 +++++-- tasks/nextcloud.yml | 12 ++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 4df45c5e..609a6662 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -107,7 +107,7 @@ pytivo_enabled: false serposcope_enabled: false # External Access -# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your +# Traefik will allow access to certain applications externally. To enable this you'll either; a domain name that points to your # home static IP address, the cloudflare with the cloudflare_ddns dynamic DNS container enabled, or use a dynamic DNS provider like no-ip. # You'll also need to map ports 80 and 443 from your router to your ansible-nas server, then enable the per-app "available_externally" # settings. @@ -567,7 +567,7 @@ couchpotato_downloads_directory: "{{ downloads_root }}" couchpotato_torrents_directory: "{{ torrents_root }}" couchpotato_user_id: "0" couchpotato_group_id: "0" -couchpotato_port: "5050" +couchpotato_port: "5050" ### ### Sickchill @@ -659,6 +659,9 @@ glances_port_two: "61209" nextcloud_available_externally: "false" nextcloud_data_directory: "{{ docker_home }}/nextcloud" nextcloud_port: "8080" +nextcloud_sql_user: "nextcloud_sql_user" +nextcloud_sql_pass: "nextcloud_sql_pass" +nextcloud_sql_secret: "nextcloud_sql_secret" ### ### nginx diff --git a/tasks/nextcloud.yml b/tasks/nextcloud.yml index d712ded0..fe2614b8 100644 --- a/tasks/nextcloud.yml +++ b/tasks/nextcloud.yml @@ -16,9 +16,9 @@ - "{{ nextcloud_data_directory }}/mysql:/var/lib/mysql:rw" env: MYSQL_DATABASE: "nextcloud" - MYSQL_USER: "nextcloud-user" - MYSQL_PASSWORD: "nextcloud-pass" - MYSQL_ROOT_PASSWORD: "nextcloud-secret" + MYSQL_USER: "{{ nextcloud_sql_user }}" + MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}" + MYSQL_ROOT_PASSWORD: "{{ nextcloud_sql_secret }}" restart_policy: unless-stopped memory: 1g @@ -36,8 +36,8 @@ env: MYSQL_HOST: "mysql" MYSQL_DATABASE: "nextcloud" - MYSQL_USER: "nextcloud-user" - MYSQL_PASSWORD: "nextcloud-pass" + MYSQL_USER: "{{ nextcloud_sql_user }}" + MYSQL_PASSWORD: "{{ nextcloud_sql_pass }}" NEXTCLOUD_TRUSTED_DOMAINS: "nextcloud.{{ ansible_nas_domain }}" restart_policy: unless-stopped memory: 1g @@ -45,4 +45,4 @@ traefik.backend: "nextcloud" traefik.frontend.rule: "Host:nextcloud.{{ ansible_nas_domain }}" traefik.enable: "{{ nextcloud_available_externally }}" - traefik.port: "80" \ No newline at end of file + traefik.port: "80" From af086e2798fd6b6afeb694ce343d1247b2b6818c Mon Sep 17 00:00:00 2001 From: hullet Date: Thu, 1 Oct 2020 08:45:14 +0100 Subject: [PATCH 2/2] Default Nextcloud credentials returned to standard values --- group_vars/all.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 609a6662..f058b222 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -659,9 +659,9 @@ glances_port_two: "61209" nextcloud_available_externally: "false" nextcloud_data_directory: "{{ docker_home }}/nextcloud" nextcloud_port: "8080" -nextcloud_sql_user: "nextcloud_sql_user" -nextcloud_sql_pass: "nextcloud_sql_pass" -nextcloud_sql_secret: "nextcloud_sql_secret" +nextcloud_sql_user: "nextcloud-user" +nextcloud_sql_pass: "nextcloud-pass" +nextcloud_sql_secret: "nextcloud-secret" ### ### nginx