From aba692db7f6c1a29e457201c3a843761d41d5126 Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Thu, 22 Feb 2024 15:54:28 +0100 Subject: [PATCH 1/7] add collabora instance --- roles/collabora_code/README.md | 34 ++++++++++ roles/collabora_code/defaults/main.yml | 5 ++ roles/collabora_code/handlers/main.yml | 7 ++ roles/collabora_code/meta/main.yml | 52 +++++++++++++++ roles/collabora_code/tasks/install.yml | 66 +++++++++++++++++++ roles/collabora_code/tasks/main.yml | 21 ++++++ roles/collabora_code/tasks/uninstall.yml | 40 +++++++++++ roles/collabora_code/tasks/update.yml | 0 roles/collabora_code/tasks/upgrade.yml | 7 ++ .../templates/docker-compose.yml | 15 +++++ roles/collabora_code/templates/nginx.j2 | 57 ++++++++++++++++ roles/collabora_code/vars/main.yml | 3 + 12 files changed, 307 insertions(+) create mode 100644 roles/collabora_code/README.md create mode 100644 roles/collabora_code/defaults/main.yml create mode 100644 roles/collabora_code/handlers/main.yml create mode 100644 roles/collabora_code/meta/main.yml create mode 100644 roles/collabora_code/tasks/install.yml create mode 100644 roles/collabora_code/tasks/main.yml create mode 100644 roles/collabora_code/tasks/uninstall.yml create mode 100644 roles/collabora_code/tasks/update.yml create mode 100644 roles/collabora_code/tasks/upgrade.yml create mode 100644 roles/collabora_code/templates/docker-compose.yml create mode 100644 roles/collabora_code/templates/nginx.j2 create mode 100644 roles/collabora_code/vars/main.yml diff --git a/roles/collabora_code/README.md b/roles/collabora_code/README.md new file mode 100644 index 00000000..2f910573 --- /dev/null +++ b/roles/collabora_code/README.md @@ -0,0 +1,34 @@ +# site_statitque + +Installation d'une instance de collabora code via docker. Ce role ne devrait être utilisé qu'à travers un role nextcloud + +## Files created + +- `/etc/letsencrypt/live/{{ app_domain }}/` : certificats lets encrypt +- `/home/collabora/{{ app_instance_id }}` : fichiers de log nginx et docker-compose +- `/etc/nginx/sites-available/{{ app_instance_id }}.conf : fichier de conf nginx +- `/etc/nginx/sites-enabled/{{ app_instance_id }}.conf : lien symbolique fichier de conf nginx + +## Files modified + +## Role dependency + +- _letsencrypt_certificate + +## Variables + +### Default + + - code_url: "{{ app_instance_id }}.code.paquerette.eu + +### host_vars + + - app_domain + - app_instance_id + +## Custom instructions + + +## Limitations and improvements + + diff --git a/roles/collabora_code/defaults/main.yml b/roles/collabora_code/defaults/main.yml new file mode 100644 index 00000000..282235a5 --- /dev/null +++ b/roles/collabora_code/defaults/main.yml @@ -0,0 +1,5 @@ +--- +# defaults file for site_static +app_instance_root: "/home/collabora/{{ app_instance_id }}" +code_url: "{{ app_instance_id }}.code.paquerette.eu +host_code: "vps11" diff --git a/roles/collabora_code/handlers/main.yml b/roles/collabora_code/handlers/main.yml new file mode 100644 index 00000000..5d62aff8 --- /dev/null +++ b/roles/collabora_code/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for site_static +# handlers file for rustform + +- name: reload nginx + service: name=nginx state=reloaded + diff --git a/roles/collabora_code/meta/main.yml b/roles/collabora_code/meta/main.yml new file mode 100644 index 00000000..c572acc9 --- /dev/null +++ b/roles/collabora_code/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/collabora_code/tasks/install.yml b/roles/collabora_code/tasks/install.yml new file mode 100644 index 00000000..b5c5f55d --- /dev/null +++ b/roles/collabora_code/tasks/install.yml @@ -0,0 +1,66 @@ +--- + +- name: create directory + file: + path: "{{ app_instance_root }}" + state: directory + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: Create LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: create log dir + file: + state: directory + path: "{{ app_instance_root }}" + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: nginx configuration + template: + src: nginx.j2 + dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" + notify: reload nginx collabora + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: "enable site for {{ app_domain }}" + file: + state: link + path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf" + src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" + notify: reload nginx + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: "copy docker-compose {{ app_instance_id }}" + copy: + src: "docker-compose.yml" + dest: "{{ app_instance_root }}/docker-compose.yml" + tags: + - collabora_installation + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: env file for collabora + template: + src: "env.j2" + dest: "{{ app_instance_root }}/.env" + tags: + - collabora_installation + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: "start collabora - docker compose" + docker_compose: + project_src: "{{ app_instance_root }}" + state: present + tags: + - collabora_installation + delegate_to: "{{ host_collabora }}" + delegate_facts: true + diff --git a/roles/collabora_code/tasks/main.yml b/roles/collabora_code/tasks/main.yml new file mode 100644 index 00000000..91b38ffc --- /dev/null +++ b/roles/collabora_code/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# tasks file for site_static +- import_tasks: install.yml + when: app_run in ['install', 'reinstall'] + +- import_tasks: upgrade.yml + when: app_run == 'upgrade' + +- import_tasks: uninstall.yml + when: app_run == 'uninstall' + +- name: update instance in prod list + import_role: + name: instance_prod + vars: + app_version: "{{ code_version }}" + role: "collabora_code" + app_domain: "{{ code_domaine }}" + inventory_hostname: "{{ host_collabora }}" + delegate_to: "{{ host_collabora }}" + delegate_facts: true diff --git a/roles/collabora_code/tasks/uninstall.yml b/roles/collabora_code/tasks/uninstall.yml new file mode 100644 index 00000000..6bd1cbd2 --- /dev/null +++ b/roles/collabora_code/tasks/uninstall.yml @@ -0,0 +1,40 @@ +--- + +- name: "Stop keycloak - docker compose" + docker_compose: + project_src: "{{ app_instance_root }}" + state: absent + remove_volumes: true + tags: + - keycloak_installation + +- name: remove directory + file: + path: "{{ app_instance_root }}" + state: absent + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: removing LetsEncrypt certificate + import_role: + name: _letsencrypt_certificate + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: nginx configuration + template: + state: absent + src: nginx.j2 + dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" + notify: reload nginx collabora + delegate_to: "{{ host_collabora }}" + delegate_facts: true + +- name: "disable site for {{ app_domain }}" + file: + state: absent + path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf" + notify: reload nginx + delegate_to: "{{ host_collabora }}" + delegate_facts: true + diff --git a/roles/collabora_code/tasks/update.yml b/roles/collabora_code/tasks/update.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/collabora_code/tasks/upgrade.yml b/roles/collabora_code/tasks/upgrade.yml new file mode 100644 index 00000000..a9c254dc --- /dev/null +++ b/roles/collabora_code/tasks/upgrade.yml @@ -0,0 +1,7 @@ +- name: "start keycloak - docker compose" + docker_compose: + project_src: "{{ app_instance_root }}" + state: present + tags: + - keycloak_installation + diff --git a/roles/collabora_code/templates/docker-compose.yml b/roles/collabora_code/templates/docker-compose.yml new file mode 100644 index 00000000..601e10cf --- /dev/null +++ b/roles/collabora_code/templates/docker-compose.yml @@ -0,0 +1,15 @@ +collabora: + image: collabora/code:{{ code_version }} + container_name: collabora + environment: + - "TZ=Europe/Paris" + - aliasgroup1={{ app_domain }} + - DONT_GEN_SSL_CERT=1 + - serveur_name={{ code_domain }} + - "extra_params=--o:ssl.enable=false --o:ssl.termination=true" + ports: + - "{{ code_port }}:9980 + cap_add: + - MKNOD + restart: + unless-stopped diff --git a/roles/collabora_code/templates/nginx.j2 b/roles/collabora_code/templates/nginx.j2 new file mode 100644 index 00000000..3cb09cfb --- /dev/null +++ b/roles/collabora_code/templates/nginx.j2 @@ -0,0 +1,57 @@ +server { + listen 80; + listen [::]:80; + server_name {{ app_domain | mandatory }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ app_domain | mandatory }}; + + ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Strict-Transport-Security "max-age=15768000"; + add_header X-Frame-Options "ALLOW-FROM https://{{ app_domain }}" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-referrer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + + + access_log {{ app_instance_root }}/access.log; + error_log {{ app_instance_root }}/error.log; + + location = /favicon.ico { # Optional + log_not_found off; + access_log off; + } + + location = /robots.txt { # Optional + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(png|jpg|jpeg|gif|ico)$ { # Optional + expires max; + log_not_found off; + } + + location / { + proxy_set_header HOST $host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_pass http://localhost:{{ port }}; + } +} diff --git a/roles/collabora_code/vars/main.yml b/roles/collabora_code/vars/main.yml new file mode 100644 index 00000000..6cbc43a3 --- /dev/null +++ b/roles/collabora_code/vars/main.yml @@ -0,0 +1,3 @@ +--- +# vars file for site_static +app_instance_root : "/home/collabora/{{ app_instance_id }} -- GitLab From 0a2de84c6479b4d2391ff9b2ea5318f50aa98a1e Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Thu, 22 Feb 2024 16:03:54 +0100 Subject: [PATCH 2/7] improve role --- roles/collabora_code/README.md | 7 +++++-- roles/collabora_code/tasks/install.yml | 16 ++++++++-------- roles/collabora_code/templates/nginx.j2 | 2 +- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/roles/collabora_code/README.md b/roles/collabora_code/README.md index 2f910573..36a6a0ce 100644 --- a/roles/collabora_code/README.md +++ b/roles/collabora_code/README.md @@ -20,15 +20,18 @@ Installation d'une instance de collabora code via docker. Ce role ne devrait êt ### Default - code_url: "{{ app_instance_id }}.code.paquerette.eu + - app_instance_root: "/home/collabora/{{ app_instance_id }}" + - host_code: "vps11" ### host_vars - app_domain - app_instance_id - + - code_version + ## Custom instructions ## Limitations and improvements - +Pour l'instant le role n'installe pas automatiquement l'extension dans nextcloud ni ne configure l'extension. diff --git a/roles/collabora_code/tasks/install.yml b/roles/collabora_code/tasks/install.yml index b5c5f55d..bb0d8b26 100644 --- a/roles/collabora_code/tasks/install.yml +++ b/roles/collabora_code/tasks/install.yml @@ -4,20 +4,20 @@ file: path: "{{ app_instance_root }}" state: directory - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: Create LetsEncrypt certificate import_role: name: _letsencrypt_certificate - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: create log dir file: state: directory path: "{{ app_instance_root }}" - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: nginx configuration @@ -25,7 +25,7 @@ src: nginx.j2 dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" notify: reload nginx collabora - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: "enable site for {{ app_domain }}" @@ -34,7 +34,7 @@ path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf" src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" notify: reload nginx - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: "copy docker-compose {{ app_instance_id }}" @@ -43,7 +43,7 @@ dest: "{{ app_instance_root }}/docker-compose.yml" tags: - collabora_installation - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: env file for collabora @@ -52,7 +52,7 @@ dest: "{{ app_instance_root }}/.env" tags: - collabora_installation - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: "start collabora - docker compose" @@ -61,6 +61,6 @@ state: present tags: - collabora_installation - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true diff --git a/roles/collabora_code/templates/nginx.j2 b/roles/collabora_code/templates/nginx.j2 index 3cb09cfb..aecabb2f 100644 --- a/roles/collabora_code/templates/nginx.j2 +++ b/roles/collabora_code/templates/nginx.j2 @@ -52,6 +52,6 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; - proxy_pass http://localhost:{{ port }}; + proxy_pass http://localhost:{{ code_port }}; } } -- GitLab From b8cebe006b37c715abc3bfb7b3f87752e463ba1d Mon Sep 17 00:00:00 2001 From: oiseauroch Date: Thu, 22 Feb 2024 16:15:18 +0100 Subject: [PATCH 3/7] add collabora to nextcloud --- roles/nextcloud_instance/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/roles/nextcloud_instance/tasks/main.yml b/roles/nextcloud_instance/tasks/main.yml index 51f49211..bbdb4607 100644 --- a/roles/nextcloud_instance/tasks/main.yml +++ b/roles/nextcloud_instance/tasks/main.yml @@ -21,3 +21,9 @@ - import_role: name: instance_prod + +- import_role: + name: collabora_code + when: collabora_code == 'yes' + tags: + - collabora -- GitLab From f76bcc39c281b9955a60d9b72532c3968b0e0e28 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Thu, 22 Feb 2024 16:15:58 +0100 Subject: [PATCH 4/7] add tag to instance prod --- roles/nextcloud_instance/tasks/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nextcloud_instance/tasks/main.yml b/roles/nextcloud_instance/tasks/main.yml index 51f49211..ce0ab881 100644 --- a/roles/nextcloud_instance/tasks/main.yml +++ b/roles/nextcloud_instance/tasks/main.yml @@ -21,3 +21,5 @@ - import_role: name: instance_prod + tags: + - instance_prod -- GitLab From 12455c8e44e51a9898d6504a3ee7e1162ea988bf Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Thu, 22 Feb 2024 17:26:32 +0100 Subject: [PATCH 5/7] fix errors --- roles/collabora_code/README.md | 2 +- roles/collabora_code/defaults/main.yml | 4 ++-- roles/collabora_code/handlers/main.yml | 4 +--- roles/collabora_code/tasks/install.yml | 18 +++++++--------- roles/collabora_code/tasks/main.yml | 8 ++++--- roles/collabora_code/tasks/uninstall.yml | 21 +++++++++++-------- .../templates/docker-compose.j2 | 16 ++++++++++++++ roles/collabora_code/templates/nginx.j2 | 8 +++---- roles/collabora_code/vars/main.yml | 4 ++-- 9 files changed, 50 insertions(+), 35 deletions(-) create mode 100644 roles/collabora_code/templates/docker-compose.j2 diff --git a/roles/collabora_code/README.md b/roles/collabora_code/README.md index 36a6a0ce..0e1754c0 100644 --- a/roles/collabora_code/README.md +++ b/roles/collabora_code/README.md @@ -19,7 +19,7 @@ Installation d'une instance de collabora code via docker. Ce role ne devrait êt ### Default - - code_url: "{{ app_instance_id }}.code.paquerette.eu + - code_domain: "{{ app_instance_id | replace('_','-') }}.code.paquerette.eu" - app_instance_root: "/home/collabora/{{ app_instance_id }}" - host_code: "vps11" diff --git a/roles/collabora_code/defaults/main.yml b/roles/collabora_code/defaults/main.yml index 282235a5..645cb3a0 100644 --- a/roles/collabora_code/defaults/main.yml +++ b/roles/collabora_code/defaults/main.yml @@ -1,5 +1,5 @@ --- # defaults file for site_static app_instance_root: "/home/collabora/{{ app_instance_id }}" -code_url: "{{ app_instance_id }}.code.paquerette.eu -host_code: "vps11" +code_domain: "{{ app_instance_id | replace('_','-') }}.code.paquerette.eu" +host_code: "vps15" diff --git a/roles/collabora_code/handlers/main.yml b/roles/collabora_code/handlers/main.yml index 5d62aff8..09738691 100644 --- a/roles/collabora_code/handlers/main.yml +++ b/roles/collabora_code/handlers/main.yml @@ -1,7 +1,5 @@ --- -# handlers file for site_static -# handlers file for rustform -- name: reload nginx +- name: reload nginx collabora service: name=nginx state=reloaded diff --git a/roles/collabora_code/tasks/install.yml b/roles/collabora_code/tasks/install.yml index bb0d8b26..b509d99b 100644 --- a/roles/collabora_code/tasks/install.yml +++ b/roles/collabora_code/tasks/install.yml @@ -6,10 +6,14 @@ state: directory delegate_to: "{{ host_code }}" delegate_facts: true + tags: + - collabora - name: Create LetsEncrypt certificate import_role: name: _letsencrypt_certificate + vars: + app_domain: "{{ code_domain }}" delegate_to: "{{ host_code }}" delegate_facts: true @@ -33,27 +37,19 @@ state: link path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf" src: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" - notify: reload nginx + notify: reload nginx collabora delegate_to: "{{ host_code }}" delegate_facts: true - name: "copy docker-compose {{ app_instance_id }}" - copy: - src: "docker-compose.yml" + template: + src: "docker-compose.j2" dest: "{{ app_instance_root }}/docker-compose.yml" tags: - collabora_installation delegate_to: "{{ host_code }}" delegate_facts: true -- name: env file for collabora - template: - src: "env.j2" - dest: "{{ app_instance_root }}/.env" - tags: - - collabora_installation - delegate_to: "{{ host_code }}" - delegate_facts: true - name: "start collabora - docker compose" docker_compose: diff --git a/roles/collabora_code/tasks/main.yml b/roles/collabora_code/tasks/main.yml index 91b38ffc..cca6795e 100644 --- a/roles/collabora_code/tasks/main.yml +++ b/roles/collabora_code/tasks/main.yml @@ -2,6 +2,8 @@ # tasks file for site_static - import_tasks: install.yml when: app_run in ['install', 'reinstall'] + tags: + - collabora - import_tasks: upgrade.yml when: app_run == 'upgrade' @@ -15,7 +17,7 @@ vars: app_version: "{{ code_version }}" role: "collabora_code" - app_domain: "{{ code_domaine }}" - inventory_hostname: "{{ host_collabora }}" - delegate_to: "{{ host_collabora }}" + app_domain: "{{ code_domain }}" + inventory_hostname: "{{ host_code }}" + delegate_to: "{{ host_code }}" delegate_facts: true diff --git a/roles/collabora_code/tasks/uninstall.yml b/roles/collabora_code/tasks/uninstall.yml index 6bd1cbd2..41723fad 100644 --- a/roles/collabora_code/tasks/uninstall.yml +++ b/roles/collabora_code/tasks/uninstall.yml @@ -1,33 +1,36 @@ --- -- name: "Stop keycloak - docker compose" +- name: "Stop collabora - docker compose" docker_compose: project_src: "{{ app_instance_root }}" state: absent remove_volumes: true + delegate_to: "{{ host_code }}" + delegate_facts: true tags: - - keycloak_installation + - code_installation - name: remove directory file: path: "{{ app_instance_root }}" state: absent - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: removing LetsEncrypt certificate import_role: name: _letsencrypt_certificate - delegate_to: "{{ host_collabora }}" + vars: + app_domain: "{{ code_domain }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: nginx configuration - template: + file: state: absent - src: nginx.j2 - dest: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" + path: "/etc/nginx/sites-available/{{ app_instance_id }}.conf" notify: reload nginx collabora - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true - name: "disable site for {{ app_domain }}" @@ -35,6 +38,6 @@ state: absent path: "/etc/nginx/sites-enabled/{{ app_instance_id }}.conf" notify: reload nginx - delegate_to: "{{ host_collabora }}" + delegate_to: "{{ host_code }}" delegate_facts: true diff --git a/roles/collabora_code/templates/docker-compose.j2 b/roles/collabora_code/templates/docker-compose.j2 new file mode 100644 index 00000000..2a03ed36 --- /dev/null +++ b/roles/collabora_code/templates/docker-compose.j2 @@ -0,0 +1,16 @@ +services: + collabora: + image: collabora/code:{{ code_version }} + container_name: collabora + environment: + - "TZ=Europe/Paris" + - aliasgroup1={{ app_domain }} + - DONT_GEN_SSL_CERT=1 + - serveur_name={{ code_domain }} + - "extra_params=--o:ssl.enable=false --o:ssl.termination=true" + ports: + - "{{ code_port }}:9980" + cap_add: + - MKNOD + restart: + unless-stopped diff --git a/roles/collabora_code/templates/nginx.j2 b/roles/collabora_code/templates/nginx.j2 index aecabb2f..6d71d04e 100644 --- a/roles/collabora_code/templates/nginx.j2 +++ b/roles/collabora_code/templates/nginx.j2 @@ -1,7 +1,7 @@ server { listen 80; listen [::]:80; - server_name {{ app_domain | mandatory }}; + server_name {{ code_domain | mandatory }}; # enforce https return 301 https://$server_name$request_uri; } @@ -10,10 +10,10 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ app_domain | mandatory }}; + server_name {{ code_domain | mandatory }}; - ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + ssl_certificate /etc/letsencrypt/live/{{ code_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ code_domain }}/privkey.pem; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block" always; diff --git a/roles/collabora_code/vars/main.yml b/roles/collabora_code/vars/main.yml index 6cbc43a3..941b2755 100644 --- a/roles/collabora_code/vars/main.yml +++ b/roles/collabora_code/vars/main.yml @@ -1,3 +1,3 @@ --- -# vars file for site_static -app_instance_root : "/home/collabora/{{ app_instance_id }} +# vars file for collabora +app_instance_root: "/home/collabora/{{ app_instance_id }}" -- GitLab From 297cdcad5d44645f781fcce3d7bb4fa5cb2b9ee4 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Thu, 22 Feb 2024 17:46:29 +0100 Subject: [PATCH 6/7] use nginx template provided by collabora --- roles/collabora_code/templates/nginx.j2 | 63 +++++++++++++++++++++---- roles/nextcloud_instance/tasks/main.yml | 4 +- 2 files changed, 57 insertions(+), 10 deletions(-) diff --git a/roles/collabora_code/templates/nginx.j2 b/roles/collabora_code/templates/nginx.j2 index 6d71d04e..dfbd5720 100644 --- a/roles/collabora_code/templates/nginx.j2 +++ b/roles/collabora_code/templates/nginx.j2 @@ -46,12 +46,59 @@ server { log_not_found off; } - location / { - proxy_set_header HOST $host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_pass http://localhost:{{ code_port }}; - } + # static files + location ^~ /browser { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Host $http_host; + } + + + + # WOPI discovery URL + + location ^~ /hosting/discovery { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Host $http_host; + } + + + + # Capabilities + + location ^~ /hosting/capabilities { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Host $http_host; + } + + + + # main websocket + location ~ ^/cool/(.*)/ws$ { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + + + # download, presentation and image upload + location ~ ^/(c|l)ool { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Host $http_host; + } + + + + # Admin Console websocket + + location ^~ /cool/adminws { + proxy_pass http://127.0.0.1:{{ code_port }}; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + + } } diff --git a/roles/nextcloud_instance/tasks/main.yml b/roles/nextcloud_instance/tasks/main.yml index bd8d6229..5faa9009 100644 --- a/roles/nextcloud_instance/tasks/main.yml +++ b/roles/nextcloud_instance/tasks/main.yml @@ -26,6 +26,6 @@ - import_role: name: collabora_code - when: collabora_code == 'yes' + when: collabora_code == True tags: - - collabora + - collabora -- GitLab From 626ecbfdb2547250012b1508b499acd403e01131 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 26 Feb 2024 14:59:13 +0000 Subject: [PATCH 7/7] [fix] Typo + name tag --- roles/collabora_code/tasks/upgrade.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/collabora_code/tasks/upgrade.yml b/roles/collabora_code/tasks/upgrade.yml index a9c254dc..289de56a 100644 --- a/roles/collabora_code/tasks/upgrade.yml +++ b/roles/collabora_code/tasks/upgrade.yml @@ -1,7 +1,7 @@ -- name: "start keycloak - docker compose" +- name: "start collabora_code - docker compose" docker_compose: project_src: "{{ app_instance_root }}" state: present tags: - - keycloak_installation + - collabora_code_installation -- GitLab