From c0f3c5c9071263c7e4554c218471fa466a1dfebd Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 14 Oct 2019 22:56:40 +0200
Subject: added initial role for collabora

---
 roles/collabora/code/defaults/main.yml    | 12 ++++++++++
 roles/collabora/code/tasks/main.yml       | 38 +++++++++++++++++++++++++++++++
 roles/collabora/code/templates/pod.yml.j2 | 28 +++++++++++++++++++++++
 3 files changed, 78 insertions(+)
 create mode 100644 roles/collabora/code/defaults/main.yml
 create mode 100644 roles/collabora/code/tasks/main.yml
 create mode 100644 roles/collabora/code/templates/pod.yml.j2

(limited to 'roles/collabora')

diff --git a/roles/collabora/code/defaults/main.yml b/roles/collabora/code/defaults/main.yml
new file mode 100644
index 00000000..b5082941
--- /dev/null
+++ b/roles/collabora/code/defaults/main.yml
@@ -0,0 +1,12 @@
+---
+collabora_code_app_uid: "940"
+collabora_code_app_gid: "940"
+
+# collabora_code_instances:
+#   example:
+#     version: 4.0.6.1
+#     port: 8200
+#     hostnames:
+#     - office.example.com
+#     admin_user: admin
+#     admin_password: S3cret
diff --git a/roles/collabora/code/tasks/main.yml b/roles/collabora/code/tasks/main.yml
new file mode 100644
index 00000000..8bc19bfd
--- /dev/null
+++ b/roles/collabora/code/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: add group for collabora-code app
+  group:
+    name: code-app
+    gid: "{{ collabora_code_app_gid }}"
+
+- name: add user for collabora-code app
+  user:
+    name: code-app
+    uid: "{{ collabora_code_app_uid }}"
+    group: nc-app
+    password: "!"
+
+
+- name: generate pod manifests
+  loop: "{{ collabora_code_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  template:
+    src: "pod.yml.j2"
+    dest: "/etc/kubernetes/manifests/collabora-code-{{ item.key }}.yml"
+    mode: 0600
+
+
+- name: configure nginx vhost
+  loop: "{{ collabora_code_instances | dict2items }}"
+  include_role:
+    name: nginx/vhost
+  vars:
+    nginx_vhost:
+      name: "collabora-code-{{ item.key }}"
+      template: generic-proxy-no-buffering-with-acme
+      acme: true
+      hostnames: "{{ item.value.hostnames }}"
+      proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
+      proxy_redirect:
+        redirect: "http://$host:9980/"
+        replacement: "https://$host/"
diff --git a/roles/collabora/code/templates/pod.yml.j2 b/roles/collabora/code/templates/pod.yml.j2
new file mode 100644
index 00000000..05158ebf
--- /dev/null
+++ b/roles/collabora/code/templates/pod.yml.j2
@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "collabora-code-{{ item.key }}"
+spec:
+  securityContext:
+    allowPrivilegeEscalation: false
+  containers:
+  - name: collabora-code
+    image: "collabora/code:{{ item.value.version }}"
+    # securityContext:
+    #   runAsUser: {{ collabora_code_app_uid }}
+    #   runAsGroup: {{ collabora_code_app_gid }}
+    resources:
+      limits:
+        memory: "4Gi"
+    env:
+    - name: "DONT_GEN_SSL_CERT"
+      value: "1"
+    - name: "username"
+      value: "{{ item.value.admin_user }}"
+    - name: "password"
+      value: "{{ item.value.admin_password }}"
+    - name: "extra_params"
+      value: "--o:ssl.enable=false --o:ssl.termination=true"
+    ports:
+    - containerPort: 9980
+      hostPort: {{ item.value.port }}
-- 
cgit v1.2.3