[update system repos]
system.update:

[install apache]
install: apache2

[explain certbot]
explain: We'll be using Let's Encrypt to get a free SSL certificate. The certbot command is used for this.

[install certbot]
install: certbot

[explain maint]
explain: There are various ways to allow certbot to verify you are authorized to create an SSL cert for a domain. The easiest (in our opinion) is to use the webroot option. To support this, we set up a generic document root where certbot can create the auto-discovery file. See the configuration for the virtual host for how this is used. For now, we just need to create the directory.

[make sure a maintenance root exists]
mkdir: /var/www/maint/www
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes

[disable the default site]
apache.disable_site: 000-default

[install postgres]
install: postgresql

[install php and related resources]
install: $item
items: php, libapache2-mod-php, php-pgsql

[install php modules]
install: $item
items: php-curl, php-dom, php-gd, php-imagick, php-json, php-mbstring, php-pdo-pgsql, php-zip

[create the document root for the domain]
dir: /var/www/{{ domain_tld }}/www
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes

;[prevent browsing of document root]
;file: /var/www/{{ domain_tld }}/www/index.html
;group: {{ apache_group }}
;owner: {{ apache_user }}

[create the initial apache config file]
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf

[enable the site]
apache.enable_site: {{ domain_name }}

[enable mod rewrite]
apache.enable_module: rewrite

[enable SSL engine]
apache.enable_module: ssl

[enable php modules]
php.module: $item
items: ctype, curl, dom, json, gd, imagick, pdo_pgsql, posix, simplexml, xmlreader, xmlwriter, zip

;PHP module libxml (Linux package libxml2 must be >=2.7.0)
;php -i | grep -i libxml

; https://askubuntu.com/questions/323005/php-openssl-extension-has-a-package
; php -i | grep -i openssl
;PHP module openssl

;php -i | grep -i openssl
;PHP module session

;php -i | grep -i zlib
;PHP module zlib

[reload apache]
apache.reload:

[get an SSL cert]
ssl: {{ domain_name }}
email: {{ webmaster_email }}

[create the SSL version of the apache config file]
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf
ssl_enabled: yes

[restart apache]
apache.restart:

[create the install path for nextcloud]
dir: /var/www/{{ domain_tld }}/www{{ install_path }}
group: {{ apache_group }}
owner: {{ apache_user }}
recursive: yes

[get the nextcloud installer]
run: "wget https://download.nextcloud.com/server/installer/setup-nextcloud.php"
cd: /var/www/{{ domain_tld }}/www{{ install_path }}

; createuser -U postgres -DRS {{ install_path }}_nextcloud
; createdb -U postgres -O diff6_nextcloud diff6_nextcloud
; psql -U postgres -c "ALTER USER diff6_nextcloud WITH ENCRYPTED PASSWORD '*****'"
; psql -U postgres -c "ALTER USER cloud_diff6_com WITH ENCRYPTED PASSWORD 'SMZdUXVOMr'"

; https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html
; Recommended packages:
;
;PHP module fileinfo (highly recommended, enhances file analysis performance)
;
;PHP module bz2 (recommended, required for extraction of apps)
;
;PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters)
;
;Required for specific apps:
;
;PHP module ldap (for LDAP integration)
;
;PHP module smbclient (SMB/CIFS integration, see SMB/CIFS)
;
;PHP module ftp (for FTP storage / external user authentication)
;
;PHP module imap (for external user authentication)
;
;PHP module bcmath (for passwordless login)
;
;PHP module gmp (for passwordless login)
;
;Recommended for specific apps (optional):
;
;PHP module gmp (for SFTP storage)
;
;PHP module exif (for image rotation in pictures app)
;
;For enhanced server performance (optional) select one of the following memcaches:
;
;PHP module apcu (>= 4.0.6)
;
;PHP module memcached
;
;PHP module redis (>= 2.2.6, required for Transactional File Locking)
;
;See Memory caching to learn how to select and configure a memcache.
;
;For preview generation (optional):
;
;PHP module imagick
;
;avconv or ffmpeg
;
;OpenOffice or LibreOffice
;
;For command line processing (optional):
;
;PHP module pcntl (enables command interruption by pressing ctrl-c)
;
;For command line updater (optional):
;
;PHP module phar (upgrades Nextcloud by running sudo -u www-data php /var/www/nextcloud/updater/updater.phar)