edit init 1

check_stack_nextcloud.yml

@@ -0,0 +1,29 @@
+---
+- name: Upload and run stack health checks
+  hosts: proxmox
+  become: true
+
+  vars:
+    health_script_path: /data/compose/nextcloud/stack-health.sh
+
+  tasks:
+    - name: Upload stack-health.sh
+      ansible.builtin.copy:
+        src: files/stack-health.sh
+        dest: "{{ health_script_path }}"
+        mode: '0755'
+
+    - name: Run stack-health.sh
+      ansible.builtin.shell: "{{ health_script_path }}"
+      register: health
+      args:
+        executable: /bin/bash
+
+    - name: Show health output
+      ansible.builtin.debug:
+        msg: "{{ health.stdout | default('no stdout') }}"
+
+    - name: Fail if checks failed (rc != 0)
+      ansible.builtin.fail:
+        msg: "Health checks failed"
+      when: health.rc != 0

collabora_update.yml

@@ -0,0 +1,30 @@
+---
+- name: Update Collabora (pull + recreate in same compose project)
+  hosts: proxmox
+  become: true
+
+  vars:
+    collabora_compose_path: /data/compose/nextcloud/collabora-only.yml
+    collabora_project_name: nextcloud-collabora   # based on your labels
+
+  tasks:
+    - name: Pull collabora/code:latest image
+      community.docker.docker_image:
+        name: collabora/code
+        tag: latest
+        source: pull
+
+    # Compose file contains only service "collabora", so this acts on that service only
+    - name: Compose pull (ensure freshest image)
+      community.docker.docker_compose_v2:
+        project_name: "{{ collabora_project_name }}"
+        files: ["{{ collabora_compose_path }}"]
+        pull: always
+        state: present
+
+    - name: Recreate collabora with new image
+      community.docker.docker_compose_v2:
+        project_name: "{{ collabora_project_name }}"
+        files: ["{{ collabora_compose_path }}"]
+        recreate: always
+        state: present

nextcloud_backup.yml

@@ -0,0 +1,38 @@
+---
+- name: Nextcloud backup (config, custom_apps, DB)
+  hosts: proxmox
+  become: true
+
+  vars:
+    nc_root: /data/compose/nextcloud
+    backup_dir: "{{ nc_root }}/backup-{{ ansible_date_time.date }}"
+    db_container: nextcloud-db
+
+  tasks:
+    - name: Ensure backup directory exists
+      ansible.builtin.file:
+        path: "{{ backup_dir }}"
+        state: directory
+        mode: '0755'
+
+    # Use archive module to create tar.gz directly on the remote host
+    - name: Archive config directory
+      ansible.builtin.archive:
+        path: "{{ nc_root }}/config"
+        dest: "{{ backup_dir }}/config.tgz"
+        format: gz
+
+    - name: Archive custom_apps directory
+      ansible.builtin.archive:
+        path: "{{ nc_root }}/custom_apps"
+        dest: "{{ backup_dir }}/custom_apps.tgz"
+        format: gz
+
+    # Dump DB directly to a file on the host (avoid shuttling dump through Ansible)
+    - name: Dump MariaDB from container to file
+      ansible.builtin.shell: |
+        set -euo pipefail
+        docker exec {{ db_container }} sh -c 'command -v mariadb-dump >/dev/null && mariadb-dump -u"$$MYSQL_USER" -p"$$MYSQL_PASSWORD" "$$MYSQL_DATABASE" || mysqldump -u"$$MYSQL_USER" -p"$$MYSQL_PASSWORD" "$$MYSQL_DATABASE"' \
+          > "{{ backup_dir }}/db.sql"
+      args:
+        executable: /bin/bash

nextcloud_upgrade.yml

@@ -0,0 +1,112 @@
+---
+- name: Upgrade Nextcloud to 31-apache (pull + recreate + occ)
+  hosts: proxmox
+  become: true
+
+  vars:
+    nc_container: nextcloud
+    nc_image_tag: "31-apache"      # change to 32-apache when you step to next major
+    # Ports/volumes/env exactly as you use:
+    nc_root: /data/compose/nextcloud
+    nc_http_port: "8080:80"
+
+  tasks:
+    - name: Gather nextcloud container info
+      community.docker.docker_container_info:
+        name: "{{ nc_container }}"
+      register: nc_info
+
+    - name: Derive compose project & network from existing container
+      ansible.builtin.set_fact:
+        nc_project: "{{ nc_info.container.Config.Labels['com.docker.compose.project'] | default('nextcloud') }}"
+        nc_networks: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list }}"
+        nc_net_primary: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list | first }}"
+      when: nc_info.exists
+
+    - name: Enable maintenance mode
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ maintenance:mode --on
+
+    - name: Render one-off compose for nextcloud (single-service)
+      ansible.builtin.copy:
+        dest: /tmp/nc.yml
+        mode: '0644'
+        content: |
+          name: {{ nc_project }}
+          services:
+            nextcloud:
+              image: nextcloud:{{ nc_image_tag }}
+              container_name: {{ nc_container }}
+              restart: unless-stopped
+              networks: [cloud]
+              ports: ["{{ nc_http_port }}"]
+              volumes:
+                - {{ nc_root }}/config:/var/www/html/config
+                - {{ nc_root }}/data:/var/www/html/data
+                - {{ nc_root }}/custom_apps:/var/www/html/custom_apps
+              environment:
+                TZ: Europe/Prague
+                MYSQL_DATABASE: nextcloud
+                MYSQL_USER: nextcloud
+                MYSQL_PASSWORD: dbpassword
+                MYSQL_HOST: nextclouddb
+                REDIS_HOST: redis
+                NEXTCLOUD_ADMIN_USER: root
+                NEXTCLOUD_ADMIN_PASSWORD: '1234SilneHeslo.-.'
+          networks:
+            cloud:
+              external: true
+              name: {{ nc_net_primary }}
+
+    - name: Pull the new Nextcloud image
+      community.docker.docker_compose_v2:
+        project_name: "{{ nc_project }}"
+        files: ["/tmp/nc.yml"]
+        pull: always
+        state: present
+
+    - name: Recreate Nextcloud with the new image
+      community.docker.docker_compose_v2:
+        project_name: "{{ nc_project }}"
+        files: ["/tmp/nc.yml"]
+        recreate: always
+        state: present
+
+    - name: Run occ upgrade
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ upgrade
+
+    - name: Recommended DB maintenance (safe to run)
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ db:add-missing-indices
+      ignore_errors: true
+
+    - name: Convert filecache bigint (safe)
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ db:convert-filecache-bigint --no-interaction
+      ignore_errors: true
+
+    - name: Disable maintenance mode
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ maintenance:mode --off
+
+    - name: Show status
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ status
+      register: nc_status
+
+    - name: Print status
+      ansible.builtin.debug:
+        msg: "{{ nc_status.stdout | default('no output') }}"

redis_update.yml

@@ -0,0 +1,75 @@
+---
+- name: Update Redis (pull + recreate, same stack)
+  hosts: proxmox
+  become: true
+
+  vars:
+    nc_container: nextcloud
+    redis_container: redis
+    redis_image: "redis:7-alpine"
+    nc_root: /data/compose/nextcloud
+
+  tasks:
+    - name: Gather nextcloud container info (to learn project + network)
+      community.docker.docker_container_info:
+        name: "{{ nc_container }}"
+      register: nc_info
+
+    - name: Derive compose project & network
+      ansible.builtin.set_fact:
+        nc_project: "{{ nc_info.container.Config.Labels['com.docker.compose.project'] | default('nextcloud') }}"
+        nc_net_primary: "{{ (nc_info.container.NetworkSettings.Networks | default({})).keys() | list | first }}"
+      when: nc_info.exists
+
+    - name: Enable maintenance mode (optional safety)
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ maintenance:mode --on
+      ignore_errors: true
+
+    - name: Render one-off compose for Redis
+      ansible.builtin.copy:
+        dest: /tmp/redis.yml
+        mode: '0644'
+        content: |
+          name: {{ nc_project }}
+          services:
+            redis:
+              image: {{ redis_image }}
+              container_name: {{ redis_container }}
+              restart: unless-stopped
+              networks: [cloud]
+              volumes:
+                - {{ nc_root }}/redis:/data
+          networks:
+            cloud:
+              external: true
+              name: {{ nc_net_primary }}
+
+    - name: Pull redis image
+      community.docker.docker_compose_v2:
+        project_name: "{{ nc_project }}"
+        files: ["/tmp/redis.yml"]
+        pull: always
+        state: present
+
+    - name: Recreate redis
+      community.docker.docker_compose_v2:
+        project_name: "{{ nc_project }}"
+        files: ["/tmp/redis.yml"]
+        recreate: always
+        state: present
+
+    - name: Disable maintenance mode (if we turned it on)
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php occ maintenance:mode --off
+      ignore_errors: true
+
+    - name: Fire one cron tick (cleanup pending jobs)
+      community.docker.docker_container_exec:
+        container: "{{ nc_container }}"
+        user: "www-data"
+        command: php -f /var/www/html/cron.php

requirements.yml

@@ -0,0 +1,4 @@
+---
+collections:
+  - name: community.docker
+  - name: ansible.posix