become: yes

        become_user: admin-nextcloud_example_com

      # Majic Ansible Roles currently only support utf8 encoding.

      - name: Disable opportunistic use of utf8mb4 on fresh installs

        ansible.builtin.lineinfile:

          dest: "/var/www/nextcloud.example.com/nextcloud/lib/private/Setup/MySQL.php"

          line: "{{ '\t\t\t' }}$this->config->setValue('mysql.utf8mb4', true);"

          state: absent

      - name: Allow application user to install and update applications

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/nextcloud/apps"

          mode: g+w

      - name: Allow CLI tool to be run by the user and group

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/nextcloud/occ"

          mode: u+x,g+x

      - name: Create directory for storing data

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/data"

          state: directory

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

      - name: Create directory for storing configuration files

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/nextcloud/config"

          state: directory

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

      - name: Create an empty log file if it does not exist

        ansible.builtin.copy:

          content: ""

          dest: "/var/www/nextcloud.example.com/data/nextcloud.log"

          force: no

      - name: Set-up log file permissions

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/data/nextcloud.log"

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

      - name: Symlink the default path used by the web server for finding application files

        ansible.builtin.file:

          src: "/var/www/nextcloud.example.com/nextcloud"

          dest: "/var/www/nextcloud.example.com/htdocs"

          state: link

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

        notify:

          - Restart PHP-FPM

      # Installation

      # ============

      - name: Get application installation status

        ansible.builtin.command: "/var/www/nextcloud.example.com/nextcloud/occ status"

        become: yes

        become_user: "admin-nextcloud_example_com"

        register: nextcloud_status

        changed_when: False

        failed_when: False

      - name: Check if application is installed

        ansible.builtin.set_fact:

          nextcloud_installed: "{{ 'Nextcloud is not installed' not in nextcloud_status.stderr }}"

      - name: Deploy installation script

        ansible.builtin.copy:

          src: "install_nextcloud.py"

          dest: "/var/www/nextcloud.example.com/install_nextcloud.py"

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

        when: "not nextcloud_installed"

      - name: Install application

        ansible.builtin.command: "/var/www/nextcloud.example.com/install_nextcloud.py"

        become: yes

        become_user: "admin-nextcloud_example_com"

        when: "not nextcloud_installed"

      - name: Remove installation script

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/install_nextcloud.py"

          state: absent

      - name: Fix data file permissions for application user/group

        ansible.builtin.file:

          path: "/var/www/nextcloud.example.com/data"

          mode: g+w

          recurse: yes

          follow: no

      - name: Deploy local configuration overrides

        ansible.builtin.copy:

          src: "local.config.php"

          dest: "/var/www/nextcloud.example.com/nextcloud/config/local.config.php"

          owner: "admin-nextcloud_example_com"

          group: "web-nextcloud_example_com"

5. Set-up files that are deployed by the role.

   :file:`~/mysite/roles/nextcloud/files/local.config.php`

   ::

      <?php

      $CONFIG = array (

        'config_is_read_only' => true,

        'instanceid' => 'suqw2cvca8sp',

        'trusted_domains' =>

          array (

            0 => 'nextcloud.example.com',

          ),

      );

   :file:`~/mysite/roles/nextcloud/files/install_nextcloud.py`

   ::

      #!/usr/bin/env python3

      import pexpect

      # Spawn the process.

         dns_name = "wiki.example.com"

         tls_www_server

         signing_key

         encryption_key

   2. Create the keys and certificates for the application::

        certtool --sec-param normal --generate-privkey --outfile ~/mysite/tls/wiki.example.com_https.key

        certtool --generate-certificate --load-ca-privkey ~/mysite/tls/ca.key --load-ca-certificate ~/mysite/tls/ca.pem --template ~/mysite/tls/wiki.example.com_https.cfg --load-privkey ~/mysite/tls/wiki.example.com_https.key --outfile ~/mysite/tls/wiki.example.com_https.pem

4. At this point we have exhausted what we can do with the built-in roles. Time

   to add some custom tasks.

   :file:`~/mysite/roles/wiki/tasks/main.yml`

   ::

      ---

      - name: Create Django project directory

        ansible.builtin.file:

          dest: "/var/www/wiki.example.com/code"

          state: directory

          owner: admin-wiki_example_com

          group: web-wiki_example_com

      - name: Start Django project for the Wiki website

        ansible.builtin.command: "/var/www/wiki.example.com/virtualenv/bin/exec django-admin startproject wiki_example_com /var/www/wiki.example.com/code"

        args:

          chdir: "/var/www/wiki.example.com"

          creates: "/var/www/wiki.example.com/code/wiki_example_com"

        become: yes

        become_user: admin-wiki_example_com

      - name: Deploy settings for wiki website

        ansible.builtin.copy:

          src: "{{ item }}"

          dest: "/var/www/wiki.example.com/code/wiki_example_com/{{ item }}"

          owner: admin-wiki_example_com

          group: web-wiki_example_com

        with_items:

          - settings.py

          - urls.py

        notify:

          - Restart wiki

      - name: Deploy project database and deploy static files

        community.general.django_manage:

          command: "{{ item }}"

          app_path: "/var/www/wiki.example.com/code/"

          virtualenv: "/var/www/wiki.example.com/virtualenv/"

        become: yes

        become_user: admin-wiki_example_com

        with_items:

          - migrate

          - collectstatic

      - name: Deploy the superuser creation script

        ansible.builtin.copy:

          src: "create_superuser.py"

          dest: "/var/www/wiki.example.com/code/create_superuser.py"

          owner: admin-wiki_example_com

          group: web-wiki_example_com

      - name: Create initial superuser

        ansible.builtin.command: "/var/www/wiki.example.com/virtualenv/bin/exec ./create_superuser.py"

        args:

          chdir: "/var/www/wiki.example.com/code/"

        become: yes

        become_user: admin-wiki_example_com

        register: wiki_superuser

        changed_when: "wiki_superuser.stdout ==  'Created superuser.'"

   :file:`~/mysite/roles/wiki/handlers/main.yml`

   ::

      ---

      - name: Restart wiki

        ansible.builtin.service:

          name: wiki.example.com

          state: restarted

5. There is a couple of files that we are deploying through the above

   tasks. Let's create them as well.

   :file:`~/mysite/roles/wiki/files/settings.py`