proxy_resources/etc/wireguard/wg0.conf

@@ -67,12 +67,6 @@ PublicKey = {{ penpot_service_pubkey }}
 AllowedIPs = 10.0.0.11/32
 PersistentKeepalive = 25
 
-# Owncloud Service
-[Peer]
-PublicKey = {{ owncloud_service_pubkey }}
-AllowedIPs = 10.0.0.12/32
-PersistentKeepalive = 25
-
 # Connection to backend server for nagios
 [Peer]
 PublicKey = {{ nagios_backend_pubkey }}

serversecrets.example

@@ -29,7 +29,6 @@ git_service_privkey: temp
 invidious_service_privkey: temp 
 searxng_service_privkey: temp 
 nextcloud_service_privkey: temp 
-owncloud_service_privkey: temp
 matrix_service_privkey: temp 
 minecraft_service_privkey: temp 
 kimai_service_privkey: temp
@@ -44,7 +43,6 @@ git_service_pubkey: temp
 invidious_service_pubkey: temp
 searxng_service_pubkey: temp
 nextcloud_service_pubkey: temp
-owncloud_service_pubkey: temp
 matrix_service_pubkey: temp
 minecraft_service_pubkey: temp
 kimai_service_pubkey: temp

services/service_owncloud/ansible.cfg

@@ -1,6 +0,0 @@
-[defaults]
-inventory = ../../hosts
-
-[privilege_escalation]
-become_method=doas
-become_ask_pass=True

services/service_owncloud/deploy-service.yml

@@ -1,27 +0,0 @@
-- hosts: localhost
-  become: 'yes'
-  vars:
-    ansible_become_method: doas
-  tasks:
-    - name: Create necessary directories
-      ansible.builtin.file:
-        path: "{{ item }}" 
-        owner: service_owncloud
-        group: service_owncloud
-        state: directory
-      loop:
-        - "{{ services_directory }}/service_nextcloud/ocis-data"
-        - "{{ services_directory }}/service_nextcloud/ocis-config"
-        - "{{ services_directory }}/service_nextcloud/ocis-thumbnails"
-    - name: Copy docker compose config and other nextcloud files
-      ansible.builtin.template:
-        src: "{{ item }}" 
-        dest: "{{ services_directory }}/service_owncloud/{{ item }}"
-        owner: 1000
-        group: 1000
-      loop:
-        - docker-compose.yml 
-
-    - name: Debug Finish message
-      debug:
-        msg: Ansible playbook has finished!

services/service_owncloud/docker-compose.yml

@@ -1,69 +0,0 @@
-services:
-
-  # Gluetun is used to connect container to VPN
-  ocis-gluetun:
-    image: qmcgaw/gluetun
-    cap_add:
-      - NET_ADMIN
-    environment:
-      - VPN_SERVICE_PROVIDER=custom
-      - VPN_TYPE=wireguard
-      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
-      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
-      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
-      - WIREGUARD_PRIVATE_KEY={{ owncloud_service_privkey }}
-      - WIREGUARD_ADDRESSES=10.0.0.12/32
-      - FIREWALL_VPN_INPUT_PORTS=9200
-      - FIREWALL_INPUT_PORTS=9200
-    ports:
-      - "9200:9200"
-    deploy:
-      resources:
-        limits:
-          cpus: '0.10'
-          memory: 512M
-
-  ocis:
-    network_mode: "service:ocis-gluetun"
-    image: owncloud/ocis:latest
-    user: 1000:1000
-    entrypoint:
-      - /bin/sh
-    # run ocis init to initialize a configuration file with random secrets
-    # it will fail on subsequent runs, because the config file already exists
-    # therefore we ignore the error and then start the ocis server
-    command: ["-c", "ocis init || true; ocis server"]
-    environment:
-      OCIS_URL: "https://owncloud.{{ domain_name }}"
-      OCIS_LOG_LEVEL: error # make oCIS less verbose
-      PROXY_TLS: false # do not use SSL between reverse proxy and oCIS
-      OCIS_INSECURE: true
-      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
-      PROXY_ENABLE_BASIC_AUTH: false
-      # admin user password
-      IDM_ADMIN_PASSWORD: "{{ service_owncloud_admin_pass }}" # this overrides the admin password from the configuration file
-      # make settings service available to oCIS Hello
-      SETTINGS_GRPC_ADDR: 0.0.0.0:9191
-      GATEWAY_GRPC_ADDR: 0.0.0.0:9142 # make the REVA gateway accessible to the app drivers
-      # email server (if configured)
-      # NOTIFICATIONS_SMTP_HOST: "xxxxxx"
-      # NOTIFICATIONS_SMTP_PORT: "xxxx"
-      # NOTIFICATIONS_SMTP_SENDER: "xxxxx"
-      # NOTIFICATIONS_SMTP_USERNAME: "xxxxxxxx"
-      # NOTIFICATIONS_SMTP_INSECURE: "xxxxxxx"
-      # PROXY_TLS is set to "false", the download url has no https
-      STORAGE_USERS_DATA_GATEWAY_URL: http://ocis:9200/data
-      # separate directory for thumbnails
-      THUMBNAILS_FILESYSTEMSTORAGE_ROOT: /var/lib/ocis-thumbnails
-    volumes:
-      - ./ocis-config:/etc/ocis
-      - ./ocis-data:/var/lib/ocis
-      - ./ocis-thumbnails:/var/lib/ocis-thumbnails
-    logging:
-      driver: "local"
-    restart: always
-    deploy:
-      resources:
-        limits:
-          cpus: '0.25'
-          memory: 512M

services/service_owncloud/prox-deploy-service.yml

@@ -1,22 +0,0 @@
-- hosts: 
-    - "{{ proxy_server_hostname }}"
-      #    - "{{ proxy_server_hostname }}"-defaultport
-  become: 'yes'
-  vars:
-    ansible_become_method: doas
-  tasks:
-    # Ensure NGinx site reverse proxy configuration is updated
-    - name: Ensure all NGinx site configurations are updated
-      template:
-        src: proxy_resources/etc/nginx/sites-available/owncloud.domain
-        dest: "/etc/nginx/sites-available/owncloud.{{ domain_name }}"
-    - name: Ensure NGinx site reverse proxy configuration is enabled      
-      ansible.builtin.file:
-        src: "/etc/nginx/sites-available/owncloud.{{ domain_name }}"
-        dest: "/etc/nginx/sites-enabled/owncloud.{{ domain_name }}"
-        state: link
-
-    - name: Debug Finish message
-      debug:
-        msg: Ansible playbook has finished!
-

services/service_owncloud/proxy_resources/etc/nginx/sites-available/owncloud.domain

@@ -1,51 +0,0 @@
-# {{ ansible_managed }}
-
-server {
-
-	server_name owncloud.{{ domain_name }} www.owncloud.{{ domain_name }};
-
-	client_max_body_size 0;
-    	underscores_in_headers on;
-
-	location / {
-		proxy_pass http://10.0.0.12:9200;
-		proxy_set_header Host $host;
-        	proxy_set_header X-Real-IP $remote_addr;
-        	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        	proxy_set_header X-Forwarded-Proto $scheme;
-        	add_header Front-End-Https on;
-		add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; 
-
-        	proxy_headers_hash_max_size 512;
-        	proxy_headers_hash_bucket_size 64;
-
-        	proxy_buffering off;
-        	proxy_redirect off;
-        	proxy_max_temp_file_size 0;
-	}
-
-    	listen [::]:443 ssl; # managed by Certbot
-    	listen 443 ssl; # managed by Certbot
-    	ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
-    	ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
-    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-}
-
-server {
-    if ($host = www.owncloud.{{ domain_name }}) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-    if ($host = owncloud.{{ domain_name }}) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-
-
-        listen 80;
-        listen [::]:80;
-
-        server_name owncloud.{{ domain_name }} www.owncloud.{{ domain_name }};
-    return 404; # managed by Certbot
-}

services/service_owncloud/servicesecrets.example

@@ -1,2 +0,0 @@
-# Example service secrets for owncloud docker service, to be encrypted with ansible vault and called servicesecrets.enc
-service_owncloud_admin_pass: ***