added initial role for collabora

5 files changed, 110 insertions, 17 deletions

diff --git a/dan/host_vars/sk-cloudia.yml b/dan/host_vars/sk-cloudia.yml
index ad74b95f..d9b72151 100644
--- a/dan/host_vars/sk-cloudia.yml
+++ b/dan/host_vars/sk-cloudia.yml
@@ -1,18 +1,22 @@
 $ANSIBLE_VAULT;1.2;AES256;dan
-33366333343230333238326362323033386138396538356463333632653032616233646261396363
-3639373065636132363236376331636662313164316264350a643662353830326162353438363137
-30393863613763383934653061353337633831626664336132313137616638346235313239656661
-3732643534646338380a336231336134323936363135393862336462643664356231656565373337
-34336165323839653166333231363862356263623539323437336439633937663363356164613035
-63356139386335353666653664626236306439663062363033396532363364386338383538356364
-35353561366666356661653235623233303037623731313166393832633938396536303534363036
-30373866393738316461383762353263386666396333306137303434366265336534666630326537
-64323264633432316234386665643436643262626264373165363534313838666433363937323961
-66613839663866633231613538366534383836653431353131356436306632666564643663383730
-62333831313639353966343961373032303766356637626335363465343062396565363662353435
-65306362306464363437303238643831643937313031303130656330303032636666353266633431
-39396634316362326333646530326637396336623130376261373831323131373338623966396461
-61646530666638373434666432333563666363626133646539356165383536313532333832346133
-31386438633262666239643139633366303765353235613530646435343665636630303061313039
-32396364313333373932623236356263343837646534633333313335393565643537663333623438
-3235
+37313363303264376561616130363461646166343130356131303239643864626430613465346136
+6532383233353835613165373464316238663336356661630a633134393666393330636633633862
+37623831656431363236613866346333323834383535666666366636613032326131336136343935
+3363306135363637640a353736303464393862333466386535323561323738656635333832653066
+30303633666532303634636265386566623666656135376362303563343064323164303438363335
+31666231313663663231383736306166623665336364633036306161656666383438313734323937
+31393062633162313239613864643537303964353762623235343364326237373530663638633239
+36363433393730643632383163633166393161376538323665336165616262643839663965366435
+65306538666138373734353466393437353239393462616433626566396665373366353762333833
+36313461366635346630623862333339363835653535353863616236626539313762616634353964
+35303033326662656462666337313165393564306237653334316666323337363964636639326163
+63616333346464303133616436653933366263356133633039333164643066326532653231386632
+33613663336562666239376435363862646430356234616363393937313965393230623666356166
+39643265336239306261393435663538316339396661343739313339333533626538653639643337
+35396633663462663938396663386536633162666439303032346634646364366131616561383438
+33356562656530666536393031616562383538343663633464663834613132353463313633353264
+38326533353633323564383033653563643966663534633365626337633265613732653563326230
+34383135353732373765313433303239646563353634643336353333313865643764383834623135
+61333362633265613136386563353132366463643931383530306535313930663465346264323363
+36623433303033643434626265326138346232623334636634633133356666353864366334383733
+3335
diff --git a/inventory/host_vars/sk-cloudia/collabora.yml b/inventory/host_vars/sk-cloudia/collabora.yml
new file mode 100644
index 00000000..15a1223f
--- /dev/null
+++ b/inventory/host_vars/sk-cloudia/collabora.yml
@@ -0,0 +1,11 @@
+---
+collabora_code_instances:
+  o.skillz.biz:
+    version: 4.0.6.1
+    port: 8200
+    hostnames:
+#    - o.skillz.biz
+    - office.elev8.at
+    admin_user: admin
+#    admin_password: "{{ vault_collabora_code_admin_passwords['o.skillz.biz'] }}"
+    admin_password: S3cret
diff --git a/roles/collabora/code/defaults/main.yml b/roles/collabora/code/defaults/main.yml
new file mode 100644
index 00000000..b5082941
--- /dev/null
+++ b/roles/collabora/code/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+collabora_code_app_uid: "940"
+collabora_code_app_gid: "940"
+
+# collabora_code_instances:
+#   example:
+#     version: 4.0.6.1
+#     port: 8200
+#     hostnames:
+#     - office.example.com
+#     admin_user: admin
+#     admin_password: S3cret
diff --git a/roles/collabora/code/tasks/main.yml b/roles/collabora/code/tasks/main.yml
new file mode 100644
index 00000000..8bc19bfd
--- /dev/null
+++ b/roles/collabora/code/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: add group for collabora-code app
+  group:
+    name: code-app
+    gid: "{{ collabora_code_app_gid }}"
+
+- name: add user for collabora-code app
+  user:
+    name: code-app
+    uid: "{{ collabora_code_app_uid }}"
+    group: nc-app
+    password: "!"
+
+
+- name: generate pod manifests
+  loop: "{{ collabora_code_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  template:
+    src: "pod.yml.j2"
+    dest: "/etc/kubernetes/manifests/collabora-code-{{ item.key }}.yml"
+    mode: 0600
+
+
+- name: configure nginx vhost
+  loop: "{{ collabora_code_instances | dict2items }}"
+  include_role:
+    name: nginx/vhost
+  vars:
+    nginx_vhost:
+      name: "collabora-code-{{ item.key }}"
+      template: generic-proxy-no-buffering-with-acme
+      acme: true
+      hostnames: "{{ item.value.hostnames }}"
+      proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
+      proxy_redirect:
+        redirect: "http://$host:9980/"
+        replacement: "https://$host/"
diff --git a/roles/collabora/code/templates/pod.yml.j2 b/roles/collabora/code/templates/pod.yml.j2
new file mode 100644
index 00000000..05158ebf
--- /dev/null
+++ b/roles/collabora/code/templates/pod.yml.j2
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "collabora-code-{{ item.key }}"
+spec:
+  securityContext:
+    allowPrivilegeEscalation: false
+  containers:
+  - name: collabora-code
+    image: "collabora/code:{{ item.value.version }}"
+    # securityContext:
+    #   runAsUser: {{ collabora_code_app_uid }}
+    #   runAsGroup: {{ collabora_code_app_gid }}
+    resources:
+      limits:
+        memory: "4Gi"
+    env:
+    - name: "DONT_GEN_SSL_CERT"
+      value: "1"
+    - name: "username"
+      value: "{{ item.value.admin_user }}"
+    - name: "password"
+      value: "{{ item.value.admin_password }}"
+    - name: "extra_params"
+      value: "--o:ssl.enable=false --o:ssl.termination=true"
+    ports:
+    - containerPort: 9980
+      hostPort: {{ item.value.port }}