summaryrefslogtreecommitdiff
path: root/roles/apps/onlyoffice/instance/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/onlyoffice/instance/tasks/main.yml')
-rw-r--r--roles/apps/onlyoffice/instance/tasks/main.yml88
1 files changed, 88 insertions, 0 deletions
diff --git a/roles/apps/onlyoffice/instance/tasks/main.yml b/roles/apps/onlyoffice/instance/tasks/main.yml
new file mode 100644
index 00000000..2ca6026d
--- /dev/null
+++ b/roles/apps/onlyoffice/instance/tasks/main.yml
@@ -0,0 +1,88 @@
+---
+- name: prepare storage volume
+ vars:
+ storage_volume: "{{ onlyoffice_instances[onlyoffice_instance].storage }}"
+ include_role:
+ name: "storage/{{ onlyoffice_instances[onlyoffice_instance].storage.type }}/volume"
+
+- set_fact:
+ onlyoffice_instance_basepath: "{{ storage_volume_mountpoint }}"
+
+- name: create onlyoffice database subdirectory
+ file:
+ path: "{{ onlyoffice_instance_basepath }}/postgres"
+ state: directory
+
+- name: create onlyoffice tls subdirectory
+ file:
+ path: "{{ onlyoffice_instance_basepath }}/tls"
+ state: directory
+ mode: 0700
+
+- name: generate/install TLS certificates for publishment
+ vars:
+ x509_certificate_name: "onlyoffice-{{ onlyoffice_instance }}_publish"
+ x509_certificate_hostnames: []
+ x509_certificate_config:
+ ca: "{{ onlyoffice_instances[onlyoffice_instance].publish.zone.certificate_ca_config }}"
+ cert:
+ common_name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ extended_key_usage:
+ - serverAuth
+ extended_key_usage_critical: yes
+ create_subject_key_identifier: yes
+ not_after: +100w
+ x509_certificate_renewal:
+ install:
+ - dest: "{{ onlyoffice_instance_basepath }}/tls/onlyoffice.crt"
+ src:
+ - cert
+ mode: "0400"
+ - dest: "{{ onlyoffice_instance_basepath }}/tls/onlyoffice.key"
+ src:
+ - key
+ mode: "0400"
+ include_role:
+ name: "x509/{{ onlyoffice_instances[onlyoffice_instance].publish.zone.certificate_provider }}/cert"
+
+- name: install pod manifest
+ vars:
+ kubernetes_standalone_pod:
+ name: "onlyoffice-{{ onlyoffice_instance }}"
+ spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+ mode: "0600"
+ include_role:
+ name: kubernetes/standalone/pod
+
+- name: configure nginx vhost for publishment
+ vars:
+ nginx_vhost__yaml: |
+ name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ template: generic
+ {% if 'tls' in onlyoffice_instances[onlyoffice_instance].publish %}
+ tls:
+ {{ onlyoffice_instances[onlyoffice_instance].publish.tls | to_nice_yaml(indent=2) | indent(2) }}
+ {% endif %}
+ hostnames:
+ {% for hostname in onlyoffice_instances[onlyoffice_instance].publish.hostnames %}
+ - {{ hostname }}
+ {% endfor %}
+ locations:
+ '/':
+ {% if onlyoffice_instances[onlyoffice_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass: "https://127.0.0.1:{{ onlyoffice_instances[onlyoffice_instance].port }}"
+ {% else %}
+ proxy_pass: "https://{{ ansible_default_ipv4.address }}:{{ onlyoffice_instances[onlyoffice_instance].port }}"
+ {% endif %}
+ proxy_ssl:
+ trusted_certificate: "/etc/ssl/apps-publish-{{ onlyoffice_instances[onlyoffice_instance].publish.zone.name }}/apps-publish-{{ onlyoffice_instances[onlyoffice_instance].publish.zone.name }}-ca-crt.pem"
+ verify: "on"
+ name: "onlyoffice-{{ onlyoffice_instance }}.{{ inventory_hostname }}"
+ protocols: "TLSv1.2 TLSv1.3"
+ extra_directives: |-
+ client_max_body_size 0;
+ nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}"
+ include_role:
+ name: nginx/vhost
+ apply:
+ delegate_to: "{{ onlyoffice_instances[onlyoffice_instance].publish.zone.publisher }}"
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-28 22:23:34 +0000