diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-03-25 20:55:53 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-03-25 20:55:53 +0100 |
commit | e328d1bb0fe0f08b2f993a5a933307b77ad95c29 (patch) | |
tree | c612f8062fade03d2cc30649c62ea765df57541e /roles/apps/collabora/code | |
parent | sk-cloudia: new nextcloud instnace next.skillz.biz (diff) |
move some roles to app/
Diffstat (limited to 'roles/apps/collabora/code')
-rw-r--r-- | roles/apps/collabora/code/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/apps/collabora/code/tasks/main.yml | 28 | ||||
-rw-r--r-- | roles/apps/collabora/code/templates/nginx-vhost.conf.j2 | 108 | ||||
-rw-r--r-- | roles/apps/collabora/code/templates/pod.yml.j2 | 33 |
4 files changed, 180 insertions, 0 deletions
diff --git a/roles/apps/collabora/code/defaults/main.yml b/roles/apps/collabora/code/defaults/main.yml new file mode 100644 index 00000000..f17054ed --- /dev/null +++ b/roles/apps/collabora/code/defaults/main.yml @@ -0,0 +1,11 @@ +--- +collabora_code_base_path: /srv/collabora/code + +# collabora_code_instances: +# example: +# version: 4.0.6.1 +# port: 8200 +# hostnames: +# - office.example.com +# admin_user: admin +# admin_password: S3cret diff --git a/roles/apps/collabora/code/tasks/main.yml b/roles/apps/collabora/code/tasks/main.yml new file mode 100644 index 00000000..ce88fe0d --- /dev/null +++ b/roles/apps/collabora/code/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: create collabora-code config subdirectory + loop: "{{ collabora_code_instances | list }}" + file: + path: "{{ collabora_code_base_path }}/{{ item }}/config" + state: directory + +## TODO: render config.xml + +- name: generate pod manifests + loop: "{{ collabora_code_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + template: + src: "pod.yml.j2" + dest: "/etc/kubernetes/manifests/collabora-code-{{ item.key }}.yml" + mode: 0600 + +- name: configure nginx vhost + loop: "{{ collabora_code_instances | dict2items }}" + include_role: + name: nginx/vhost + vars: + nginx_vhost: + name: "collabora-code-{{ item.key }}" + content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" + acme: true + hostnames: "{{ item.value.hostnames }}" diff --git a/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..cec811f9 --- /dev/null +++ b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 @@ -0,0 +1,108 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/tls.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + + client_max_body_size 128M; + + # static files + location ^~ /loleaflet { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Capabilities + location ^~ /hosting/capabilities { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # download, presentation and image upload + location ~ ^/lool { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Admin Console websocket + location ^~ /lool/adminws { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } +} diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2 new file mode 100644 index 00000000..ee4651a1 --- /dev/null +++ b/roles/apps/collabora/code/templates/pod.yml.j2 @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "collabora-code-{{ item.key }}" +spec: + containers: + - name: collabora-code + image: "collabora/code:{{ item.value.version }}" + resources: + limits: + memory: "4Gi" + env: + - name: "DONT_GEN_SSL_CERT" + value: "1" + - name: "username" + value: "{{ item.value.admin_user }}" + - name: "password" + value: "{{ item.value.admin_password }}" + - name: "extra_params" + value: "--o:ssl.enable=false --o:ssl.termination=true" + volumeMounts: + - name: config + mountPath: /etc/loolwsd/loolwsd.xml + subPath: loolwsd.xml + readOnly: true + ports: + - containerPort: 9980 + hostPort: {{ item.value.port }} + volumes: + - name: config + hostPath: + path: "{{ collabora_code_base_path }}/{{ item.key }}/config/" + type: Directory |