From e328d1bb0fe0f08b2f993a5a933307b77ad95c29 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 25 Mar 2020 20:55:53 +0100
Subject: move some roles to app/

---
 .../collabora/code/templates/nginx-vhost.conf.j2   | 108 +++++++++++++++++++++
 roles/apps/collabora/code/templates/pod.yml.j2     |  33 +++++++
 2 files changed, 141 insertions(+)
 create mode 100644 roles/apps/collabora/code/templates/nginx-vhost.conf.j2
 create mode 100644 roles/apps/collabora/code/templates/pod.yml.j2

(limited to 'roles/apps/collabora/code/templates')

diff --git a/roles/apps/collabora/code/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2
new file mode 100644
index 00000000..cec811f9
--- /dev/null
+++ b/roles/apps/collabora/code/templates/nginx-vhost.conf.j2
@@ -0,0 +1,108 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ item.value.hostnames | join(' ') }};
+
+    include snippets/acmetool.conf;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ item.value.hostnames | join(' ') }};
+
+    include snippets/acmetool.conf;
+    include snippets/tls.conf;
+    ssl_certificate     /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain;
+    ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey;
+    include snippets/hsts.conf;
+
+
+    client_max_body_size 128M;
+
+    # static files
+    location ^~ /loleaflet {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+
+    # WOPI discovery URL
+    location ^~ /hosting/discovery {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+
+    # Capabilities
+    location ^~ /hosting/capabilities {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+
+    # main websocket
+    location ~ ^/lool/(.*)/ws$ {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_read_timeout 36000s;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+
+    # download, presentation and image upload
+    location ~ ^/lool {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+
+    # Admin Console websocket
+    location ^~ /lool/adminws {
+        include snippets/proxy-nobuff.conf;
+        include snippets/proxy-forward-headers.conf;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_read_timeout 36000s;
+
+        proxy_set_header Host $http_host;
+        proxy_pass http://127.0.0.1:{{ item.value.port }};
+
+        proxy_redirect http://$host/ https://$host/;
+        proxy_redirect http://$host:9980/ https://$host/;
+    }
+}
diff --git a/roles/apps/collabora/code/templates/pod.yml.j2 b/roles/apps/collabora/code/templates/pod.yml.j2
new file mode 100644
index 00000000..ee4651a1
--- /dev/null
+++ b/roles/apps/collabora/code/templates/pod.yml.j2
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "collabora-code-{{ item.key }}"
+spec:
+  containers:
+  - name: collabora-code
+    image: "collabora/code:{{ item.value.version }}"
+    resources:
+      limits:
+        memory: "4Gi"
+    env:
+    - name: "DONT_GEN_SSL_CERT"
+      value: "1"
+    - name: "username"
+      value: "{{ item.value.admin_user }}"
+    - name: "password"
+      value: "{{ item.value.admin_password }}"
+    - name: "extra_params"
+      value: "--o:ssl.enable=false --o:ssl.termination=true"
+    volumeMounts:
+    - name: config
+      mountPath: /etc/loolwsd/loolwsd.xml
+      subPath: loolwsd.xml
+      readOnly: true
+    ports:
+    - containerPort: 9980
+      hostPort: {{ item.value.port }}
+  volumes:
+  - name: config
+    hostPath:
+      path: "{{ collabora_code_base_path }}/{{ item.key }}/config/"
+      type: Directory
-- 
cgit v1.2.3