aurore/ansible
aurore/ansible
11
2
Fork 0
Code Issues 1 Pull requests 13 Releases Wiki Activity

collabora: misc

Browse source
This commit is contained in:
jeltz 2024-05-19 16:30:50 +02:00
parent 708781b722
commit 81f95aa14d
Signed by: jeltz
GPG key ID: 800882B66C0C3326
4 changed files with 31 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
host_vars/collabora.ext.infra.auro.re.yml
View file

@ -10,4 +10,13 @@ ifupdown2__interfaces:
gateways: "{{ ifupdown2__gateways.adm }}" gateways: "{{ ifupdown2__gateways.adm }}"
collabora__server_name: office.auro.re collabora__server_name: office.auro.re
collabora__post_allow_addrs:
- 2a09:6840:215::1:1
- 45.66.111.206
collabora__wopi_groups:
- host: https://cloud.auro.re:443
aliases:
- https://nextcloud.auro.re:443
... ...

2
playbooks/collabora.yml
View file

@ -1,7 +1,7 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: - hosts:
- collabora.pub.infra.auro.re - collabora.ext.infra.auro.re
roles: roles:
- collabora - collabora
... ...

4
roles/collabora/defaults/main.yml Normal file
View file

@ -0,0 +1,4 @@
---
collabora__post_allow_addrs: []
collabora__wopi_groups: []
...

54
roles/collabora/templates/coolwsd.xml.j2
View file

@ -147,35 +147,16 @@
https://my.com/browser/a123... to https://my.com/my/sub/path/browser/a123... --> https://my.com/browser/a123... to https://my.com/my/sub/path/browser/a123... -->
<service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root> <service_root type="path" default="" desc="Prefix all the pages, websockets, etc. with this path."></service_root>
<post_allow desc="Allow/deny client IP address for POST(REST)." allow="true"> <post_allow desc="Allow/deny client IP address for POST(REST)." allow="true">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> {% for addr in collabora__post_allow_addrs %}
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host> {% if addr is ansible.utils.ipv6 %}
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host> <host>{{ addr | regex_escape }}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host> {% elif addr is ansible.utils.ipv4 %}
<host desc="The IPv6 loopback (localhost) address.">::1</host> <host>{{ addr | regex_escape }}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host> <host>{{ '::ffff:' + addr | regex_escape }}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host> {% endif %}
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host> {% endfor %}
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
</post_allow> </post_allow>
<lok_allow desc="Allowed hosts as an external data source inside edited files. All allowed post_allow.host and storage.wopi entries are also considered to be allowed as a data source. Used for example in: PostMessage Action_InsertGraphics, =WEBSERVICE() function, external reference in the cell."> <lok_allow desc="Allowed hosts as an external data source inside edited files. All allowed post_allow.host and storage.wopi entries are also considered to be allowed as a data source. Used for example in: PostMessage Action_InsertGraphics, =WEBSERVICE() function, external reference in the cell.">
<host desc="The IPv4 private 192.168 block as plain IPv4 dotted decimal addresses.">192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 loopback (localhost) address.">127\.0\.0\.1</host>
<host desc="Ditto, but as IPv4-mapped IPv6 address">::ffff:127\.0\.0\.1</host>
<host desc="The IPv6 loopback (localhost) address.">::1</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 1.">172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 2.">172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 172.16.0.0/12 subnet part 3.">172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="The IPv4 private 10.0.0.0/8 subnet (Podman).">10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Ditto, but as IPv4-mapped IPv6 addresses">::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}</host>
<host desc="Localhost access by name">localhost</host>
</lok_allow> </lok_allow>
<content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy> <content_security_policy desc="Customize the CSP header by specifying one or more policy-directive, separated by semicolons. See w3.org/TR/CSP2"></content_security_policy>
<frame_ancestors desc="OBSOLETE: Use content_security_policy. Specify who is allowed to embed the Collabora Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors> <frame_ancestors desc="OBSOLETE: Use content_security_policy. Specify who is allowed to embed the Collabora Online iframe (coolwsd and WOPI host are always allowed). Separate multiple hosts by space."></frame_ancestors>
@ -240,16 +221,15 @@
<refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh> <refresh desc="How frequently we should re-acquire a lock with the storage server, in seconds (default 15 mins) or 0 for no refresh" type="int" default="900">900</refresh>
</locking> </locking>
<alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="first"> <alias_groups desc="default mode is 'first' it allows only the first host when groups are not defined. set mode to 'groups' and define group to allow multiple host and its aliases" mode="group">
<!-- If you need to use multiple wopi hosts, please change the mode to "groups" and {% for group in collabora__wopi_groups %}
add the hosts below. If one host is accessible under multiple ip addresses <group>
or names, add them as aliases. --> <host allow="true">{{ group.host }}</host>
<!--<group> {% for alias in group.aliases | default([]) %}
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host> <alias>{{ alias }}</alias>
<alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias> {% endfor %}
<alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias> </group>
</group>--> {% endfor %}
<!-- More "group"s possible here -->
</alias_groups> </alias_groups>
</wopi> </wopi>