switch to improved portmapping for all other k8s standalone apps

9 files changed, 52 insertions, 17 deletions

diff --git a/dan/host_vars/sk-testvm.yml b/dan/host_vars/sk-testvm.yml
index 608e93b8..033f490c 100644
--- a/dan/host_vars/sk-testvm.yml
+++ b/dan/host_vars/sk-testvm.yml
@@ -1,16 +1,20 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-31376133386363353630663163613765373664666435646230336362316336303263616464666461
-3162383338383162356130643164666665356637343436380a383466636666653665323330306663
-39393863616336663061383961353465303765623636346131643231363665313233306439396431
-3464326432636431360a323566393463613737633564343432363036616566333236393266376438
-66346436396139313036666266323162623236393734663566396363633738626132396166333563
-66343261333430613635316334373333623837613364373563343666646639336236636531363766
-30356239613830616436306638653933633631633265643939613162313234303537316162313063
-64663362333737616337303034386262666265396435303936613831336433313936633765313462
-33616261323162316433353136666363303935623836396461396264356366336232323737643633
-62376630323633336435376230373834653466613333616263633436306466666138636365343134
-65633536363736623131663233366163656233373534653633333337373131663864363731323763
-39353264656264306539346165373638396538336230663032353361393865636238373063373636
-36613261396165363136386532323139376237383366363065663435313138663835616235643238
-63373636303730643665656630343331393661663263333438333063396234306332323437313266
-336465353132356530393733643835623230
+35666266336366353336306161626463373466323434316163653235623464626134316237333961
+3139623939363464366539646365323136393939316333630a373365623838663038306438636537
+63663830653332316132353033326638663332363636623131666266313065323430346634333339
+6339336365343265660a353637373133323634646463396137353130663731623265663064653337
+66363135376339363862316134373631643765383935333030323938653337396435356361353638
+35346665376262306565393339646238353230363439333762306633316331643963653466313961
+32613063306437633333386265663562616563616664613962633564373563326539363866313763
+30613232353663643066613732316564666361646163366437323765633935656238336632323733
+65386135656435313466653666623233303661343530613932373961643634346562393532663462
+31353262323133363537303035383639353334323935613831376637613964663635306637643037
+62303134633064616531353039383336363563376365326234323835643233306139363032663536
+63373534323731366365393632623432326561303863616261306233616436383266646361356636
+64383831363863363738633065386435343935633137613964316237666566313430623061636439
+31646661333161623465316564323835653062343730343331353339363664663331303735346162
+63646531646430303630356132376232656639313163376631373135313237633334646135653239
+37386437633432376564383964636266623230363834633239356565376530633838333533346335
+66383966313862353130663334383535376464613638366330303962656336613765656362393335
+37643066353734303733346234633736653663376639656633306635363061623163376139616564
+646461383234653235356164626537326664
diff --git a/dan/sk-testvm.yml b/dan/sk-testvm.yml
index e15880c1..a8447074 100644
--- a/dan/sk-testvm.yml
+++ b/dan/sk-testvm.yml
@@ -12,3 +12,4 @@
   - role: acmetool/base
   - role: nginx/base
   - role: apps/jitsi/meet
+  - role: apps/nextcloud
diff --git a/inventory/host_vars/sk-testvm.yml b/inventory/host_vars/sk-testvm.yml
index 0b15d7ce..e1a94c60 100644
--- a/inventory/host_vars/sk-testvm.yml
+++ b/inventory/host_vars/sk-testvm.yml
@@ -57,6 +57,7 @@ kubernetes_standalone_pod_cidr: 192.168.255.0/24
 kubernetes_standalone_cni_variant: with-portmap
 
 
+nginx_server_names_hash_bucket_size: 64
 acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}"
 
 
@@ -67,3 +68,17 @@ jitsi_meet_hostnames:
   - meet-dev.elev8.at
 
 jitsi_meet_secrets: "{{ vault_jitsi_meet_secrets }}"
+
+
+nextcloud_base_path: /srv/nextcloud
+nextcloud_instances:
+  wolke-dev.elev8.at:
+    # new: true
+    version: 18.0.4
+    port: 8100
+    hostnames:
+    - wolke-dev.elev8.at
+    database:
+      type: mariadb
+      version: 10.4.13
+      password: "{{ vault_nextcloud_database_passwords['wolke-dev.elev8.at'] }}"
diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2
index ee4651a1..8ed092ac 100644
--- a/roles/apps/collabora/code/templates/pod.yml.j2
+++ b/roles/apps/collabora/code/templates/pod.yml.j2
@@ -26,6 +26,7 @@ spec:
     ports:
     - containerPort: 9980
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   volumes:
   - name: config
     hostPath:
diff --git a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2 b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
index a4acdd21..9391290f 100644
--- a/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
+++ b/roles/apps/etherpad-lite/templates/pod-with-mariadb.yml.j2
@@ -22,6 +22,7 @@ spec:
     ports:
     - containerPort: 9001
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   - name: database
     image: "mariadb:{{ item.value.database.version }}"
     securityContext:
diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml
index 7d52be32..68e9dc78 100644
--- a/roles/apps/nextcloud/tasks/main.yml
+++ b/roles/apps/nextcloud/tasks/main.yml
@@ -12,7 +12,7 @@
   - name: create zfs volumes for instances
     loop: "{{ nextcloud_instances | dict2items }}"
     loop_control:
-      label: "{{ item.key }} ({{ item.value.quota }})"
+      label: "{{ item.key }} ({{ item.value.quota | default('-') }})"
     zfs:
       name: "{{ nextcloud_zfs.pool }}/{{ nextcloud_zfs.name }}/{{ item.key }}"
       state: present
@@ -174,7 +174,8 @@
     prompt: |
       ************* {{ item.key }} is a new instance
       **
-      **  Please run the following commands to finalize the installation
+      **  Go to https://{{ item.value.hostnames[0] }} and finalize the
+      **  installation. After that run the following commands:
       **
       **  $ nextcloud-occ {{ item.key }} db:add-missing-indices
       **  $ nextcloud-occ {{ item.key }} db:convert-filecache-bigint
diff --git a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2 b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
index dfef3810..72f8cb7a 100644
--- a/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
+++ b/roles/apps/nextcloud/templates/pod-with-mariadb.yml.j2
@@ -41,6 +41,7 @@ spec:
     ports:
     - containerPort: 8080
       hostPort: {{ item.value.port }}
+      hostIP: 127.0.0.1
   - name: database
     image: "mariadb:{{ item.value.database.version }}"
     args:
diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml
index 9dd53cdf..79c79b49 100644
--- a/roles/nginx/base/defaults/main.yml
+++ b/roles/nginx/base/defaults/main.yml
@@ -14,3 +14,5 @@ nginx_snippets:
 nginx_dhparam_size: 2048
 
 nginx_stream_module: no
+
+# nginx_server_names_hash_bucket_size: 64
diff --git a/roles/nginx/base/tasks/main.yml b/roles/nginx/base/tasks/main.yml
index b0e7df5b..572b1513 100644
--- a/roles/nginx/base/tasks/main.yml
+++ b/roles/nginx/base/tasks/main.yml
@@ -33,3 +33,12 @@
 - name: install and setup stream module
   when: nginx_stream_module
   import_tasks: stream.yml
+
+- name: configure server_names_hash_bucket_size
+  when: nginx_server_names_hash_bucket_size is defined
+  lineinfile:
+    regexp: "^(\\s*)#?\\s*server_names_hash_bucket_size\\s"
+    line: "\\1server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }};"
+    dest: /etc/nginx/nginx.conf
+    backrefs: yes
+  notify: restart nginx