From 806fa25b060afe483400673df9ebe550b0478e42 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 17 Feb 2024 12:45:33 +0100 Subject: [PATCH 1/7] Initial config of collabora --- .../ns-master.int.infra.auro.re/knotd.yml | 1 + host_vars/proxy.adm.auro.re.yml | 3 + playbooks/openssh.yml | 2 +- roles/collabora/handlers/main.yml | 5 + roles/collabora/tasks/main.yml | 44 +++ roles/collabora/templates/coolwsd.xml.j2 | 331 ++++++++++++++++++ 6 files changed, 385 insertions(+), 1 deletion(-) create mode 100644 roles/collabora/handlers/main.yml create mode 100644 roles/collabora/tasks/main.yml create mode 100644 roles/collabora/templates/coolwsd.xml.j2 diff --git a/host_vars/ns-master.int.infra.auro.re/knotd.yml b/host_vars/ns-master.int.infra.auro.re/knotd.yml index a2faa4d..774d99f 100644 --- a/host_vars/ns-master.int.infra.auro.re/knotd.yml +++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml @@ -286,6 +286,7 @@ knotd__zones: - re2o - nextcloud - vote + - office target: proxy - name: intranet target: re2o diff --git a/host_vars/proxy.adm.auro.re.yml b/host_vars/proxy.adm.auro.re.yml index 1c28257..fb9fe77 100644 --- a/host_vars/proxy.adm.auro.re.yml +++ b/host_vars/proxy.adm.auro.re.yml @@ -70,3 +70,6 @@ loc_reverseproxy: - from: grafana.auro.re to: "10.128.0.98:3000" + + - from: office.auro.re + to: "10.128.0.220" diff --git a/playbooks/openssh.yml b/playbooks/openssh.yml index f1bcd62..2c52ee9 100755 --- a/playbooks/openssh.yml +++ b/playbooks/openssh.yml @@ -3,8 +3,8 @@ - hosts: - pve_network - vm_test - - vm_network - vm_services + - vm_network roles: - openssh_server ... diff --git a/roles/collabora/handlers/main.yml b/roles/collabora/handlers/main.yml new file mode 100644 index 0000000..fa8d638 --- /dev/null +++ b/roles/collabora/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Restart Collabora + service: + name: coolwsd + state: restarted diff --git a/roles/collabora/tasks/main.yml b/roles/collabora/tasks/main.yml new file mode 100644 index 0000000..ae8389d --- /dev/null +++ b/roles/collabora/tasks/main.yml @@ -0,0 +1,44 @@ +--- +- name: Install gpg (to import Collabora key) + apt: + name: gpg + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Import Collabora GPG signing key + apt_key: + url: https://www.collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg + state: present + register: apt_key_result + retries: 3 + until: apt_key_result is succeeded + +- name: Add Collabora repository + apt_repository: + repo: deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb stable main + state: present + update_cache: true + +- name: Install Collabora + apt: + name: coolwsd code-brand collaboraoffice* + state: present + register: apt_result + retries: 3 + until: apt_result is succeeded + +- name: Configure Collabora + template: + src: coolwsd.toml.j2 + dest: /etc/coolwsd/coolwsd.xml + mode: 0640 + notify: Restart grafana + +- name: Enable and start Collabora + systemd: + name: coolwsd + enabled: true + state: started + daemon_reload: true diff --git a/roles/collabora/templates/coolwsd.xml.j2 b/roles/collabora/templates/coolwsd.xml.j2 new file mode 100644 index 0000000..3751e5c --- /dev/null +++ b/roles/collabora/templates/coolwsd.xml.j2 @@ -0,0 +1,331 @@ + + + + + + + + + + true + + + de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru + + + + + + + + + + + + + false + + + + + + + + + office.auro.re + + + true + + 90.0 + 1 + + + 4 + 5 + false + 96 + 3600 + 30 + 300 + false + 0 + 8000 + 0 + 0 + 100 + 5 + 100 + 500 + 5000 + + 10000 + 60 + 300 + 3072 + 85 + 120 + + + + + true + 300 + 900 + + + + + + true + + warning + trace + notice + fatal + false + + -INFO-WARN + + + /var/log/coolwsd.log + never + timestamp + true + 10 days + 10 + true + false + + + false + 82589933 + + false + false + + + + + /var/log/coolwsd.trace.json + + + false + + + + + + + + false + + + + + + all + any + + + + 192\.168\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3} + 127\.0\.0\.1 + ::ffff:127\.0\.0\.1 + ::1 + 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} + 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} + 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} + 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} + + + 192\.168\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:192\.168\.[0-9]{1,3}\.[0-9]{1,3} + 127\.0\.0\.1 + ::ffff:127\.0\.0\.1 + ::1 + 172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.1[6789]\.[0-9]{1,3}\.[0-9]{1,3} + 172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.2[0-9]\.[0-9]{1,3}\.[0-9]{1,3} + 172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:172\.3[01]\.[0-9]{1,3}\.[0-9]{1,3} + 10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} + ::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} + localhost + + + + + + + + + + + + true + + false + /etc/coolwsd/cert.pem + /etc/coolwsd/key.pem + /etc/coolwsd/ca-chain.cert.pem + + + 1000 + + + + + + + false + 31536000 + + + + + true + true + 1800 + false + 1 + false + false + + + + + + + + + + + + + + default + true + + + + + + 0 + + 900 + + + + + + + + + + + true + + + + + + + + + + true + false + + + + true + true + true + true + + + + + + + + + + + + + + + + + + + false + + + + + + + false + + + + log + + + + + + + + + + + + true + + + https://help.collaboraoffice.com/help.html? + + + true + + + + + + + + From f70e5157695a783e2126669ea670e87295df0a44 Mon Sep 17 00:00:00 2001 From: Jeltz Date: Tue, 20 Feb 2024 20:44:57 +0100 Subject: [PATCH 2/7] collabora: minor fixes --- host_vars/collabora.pub.infra.auro.re.yml | 2 ++ roles/collabora/handlers/main.yml | 1 + roles/collabora/tasks/main.yml | 33 +++++++++++++---------- roles/collabora/templates/coolwsd.xml.j2 | 16 +++++------ 4 files changed, 28 insertions(+), 24 deletions(-) diff --git a/host_vars/collabora.pub.infra.auro.re.yml b/host_vars/collabora.pub.infra.auro.re.yml index 739e3a8..5758b24 100644 --- a/host_vars/collabora.pub.infra.auro.re.yml +++ b/host_vars/collabora.pub.infra.auro.re.yml @@ -8,4 +8,6 @@ ifupdown2__interfaces: - 2a09:6840:128::220/64 - 10.128.0.220/16 gateways: "{{ ifupdown2__gateways.adm }}" + +collabora__server_name: office.auro.re ... diff --git a/roles/collabora/handlers/main.yml b/roles/collabora/handlers/main.yml index fa8d638..03e1011 100644 --- a/roles/collabora/handlers/main.yml +++ b/roles/collabora/handlers/main.yml @@ -3,3 +3,4 @@ service: name: coolwsd state: restarted +... diff --git a/roles/collabora/tasks/main.yml b/roles/collabora/tasks/main.yml index ae8389d..4d4fd67 100644 --- a/roles/collabora/tasks/main.yml +++ b/roles/collabora/tasks/main.yml @@ -1,29 +1,33 @@ --- - name: Install gpg (to import Collabora key) apt: - name: gpg + name: + - gpg + - python3-debian state: present register: apt_result retries: 3 until: apt_result is succeeded - name: Import Collabora GPG signing key - apt_key: + get_url: url: https://www.collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg - state: present - register: apt_key_result - retries: 3 - until: apt_key_result is succeeded + dest: /usr/share/keyrings/collaboraonline-release-keyring.gpg - name: Add Collabora repository - apt_repository: - repo: deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb stable main - state: present - update_cache: true + deb822_repository: + name: collabora + types: deb + uris: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb + suites: ./ + signed_by: /usr/share/keyrings/collaboraonline-release-keyring.gpg - name: Install Collabora apt: - name: coolwsd code-brand collaboraoffice* + name: + - coolwsd + - code-brand + - collaboraoffice* state: present register: apt_result retries: 3 @@ -31,10 +35,10 @@ - name: Configure Collabora template: - src: coolwsd.toml.j2 + src: coolwsd.xml.j2 dest: /etc/coolwsd/coolwsd.xml - mode: 0640 - notify: Restart grafana + mode: u=rw,g=r,o= + notify: Restart Collabora - name: Enable and start Collabora systemd: @@ -42,3 +46,4 @@ enabled: true state: started daemon_reload: true +... diff --git a/roles/collabora/templates/coolwsd.xml.j2 b/roles/collabora/templates/coolwsd.xml.j2 index 3751e5c..c8388ea 100644 --- a/roles/collabora/templates/coolwsd.xml.j2 +++ b/roles/collabora/templates/coolwsd.xml.j2 @@ -1,4 +1,5 @@ - + +{{ ansible_managed | comment(style="xml") }} - true + false - false + true /etc/coolwsd/cert.pem /etc/coolwsd/key.pem /etc/coolwsd/ca-chain.cert.pem @@ -247,7 +248,6 @@ scheme://hostname:port scheme://aliasname1:port scheme://aliasname2:port - --> @@ -264,7 +264,7 @@ - true + false false @@ -309,10 +309,6 @@ - - - - true From b141a1d955ffb1b11530ff189da7b5e48e41a4d0 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 24 Feb 2024 13:16:19 +0100 Subject: [PATCH 3/7] grafana: minor fixes --- roles/grafana/tasks/main.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index e0666cc..6d748d3 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -8,18 +8,17 @@ until: apt_result is succeeded - name: Import Grafana GPG signing key - apt_key: - url: https://packages.grafana.com/gpg.key - state: present - register: apt_key_result - retries: 3 - until: apt_key_result is succeeded + get_url: + url: https://apt.grafana.com/gpg.key + dest: /usr/share/keyrings/grafana-release-keyring.gpg - name: Add Grafana repository - apt_repository: - repo: deb https://packages.grafana.com/oss/deb stable main - state: present - update_cache: true + deb822_repository: + name: collabora + types: deb + uris: https://apt.grafana.com + suites: stable + signed_by: /usr/share/keyrings/grafana-release-keyring.gpg - name: Install Grafana apt: From 67b29517e2f7a2c157666efaedfa72904178b5c9 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 24 Feb 2024 14:06:17 +0100 Subject: [PATCH 4/7] grafana: i am dumb --- roles/grafana/tasks/main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 6d748d3..17dfe64 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -14,10 +14,11 @@ - name: Add Grafana repository deb822_repository: - name: collabora + name: grafana types: deb uris: https://apt.grafana.com suites: stable + components: main signed_by: /usr/share/keyrings/grafana-release-keyring.gpg - name: Install Grafana From e5e6dd8056c2c9aa4bf9cab245dcf6c0342f6078 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 24 Feb 2024 14:28:08 +0100 Subject: [PATCH 5/7] grafana: minor fixes again --- playbooks/grafana.yml | 3 ++- roles/grafana/tasks/main.yml | 2 +- roles/grafana/templates/ldap.toml.j2 | 9 ++++++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/playbooks/grafana.yml b/playbooks/grafana.yml index edc2f0a..edacbf5 100755 --- a/playbooks/grafana.yml +++ b/playbooks/grafana.yml @@ -17,8 +17,9 @@ bind_password: "{{ vault_ldap_grafana_password }}" search_base_dns: "cn=Utilisateurs,dc=auro,dc=re" group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re" - editors_group_dn: + admins_group_dn: - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re + editors_group_dn: - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re update_motd: grafana: Grafana est déployé (/etc/grafana). diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 17dfe64..014d00e 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -19,7 +19,7 @@ uris: https://apt.grafana.com suites: stable components: main - signed_by: /usr/share/keyrings/grafana-release-keyring.gpg + signed_by: /etc/apt/keyrings/grafana-release-keyring.asc - name: Install Grafana apt: diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2 index 7e637f0..d9026ff 100644 --- a/roles/grafana/templates/ldap.toml.j2 +++ b/roles/grafana/templates/ldap.toml.j2 @@ -46,8 +46,15 @@ username = "cn" member_of = "dn" email = "mail" +# Admins +{% for group_dn in grafana.ldap.admins_group_dn | default([]) %} +[[servers.group_mappings]] +group_dn = "{{ group_dn }}" +org_role = "Admin" +{% endfor %} + # Editors -{% for group_dn in grafana.ldap.editors_group_dn %} +{% for group_dn in grafana.ldap.editors_group_dn | default([]) %} [[servers.group_mappings]] group_dn = "{{ group_dn }}" org_role = "Editor" From e660d8688aaacfba883bf0f21f90ce013903bc08 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 24 Feb 2024 14:32:51 +0100 Subject: [PATCH 6/7] grafana: minor fixes again again !!!! --- roles/grafana/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index 014d00e..ce33a9a 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -10,7 +10,7 @@ - name: Import Grafana GPG signing key get_url: url: https://apt.grafana.com/gpg.key - dest: /usr/share/keyrings/grafana-release-keyring.gpg + dest: /etc/apt/keyrings/grafana-release-keyring.asc - name: Add Grafana repository deb822_repository: From 7fe391c16fd5040be7afaee37325df6ffa011d25 Mon Sep 17 00:00:00 2001 From: elkmaennchen Date: Sat, 24 Feb 2024 18:55:10 +0100 Subject: [PATCH 7/7] grafana: minor fixes again again again !!!! --- roles/grafana/tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/grafana/tasks/main.yml b/roles/grafana/tasks/main.yml index ce33a9a..b76a5de 100644 --- a/roles/grafana/tasks/main.yml +++ b/roles/grafana/tasks/main.yml @@ -6,6 +6,14 @@ register: apt_result retries: 3 until: apt_result is succeeded + +- name: Prepare import Grafana GPG signing key + file: + path: /etc/apt/keyrings/ + state: directory + owner: root + group: root + mode: u=rwx,g=rx,o=rx - name: Import Grafana GPG signing key get_url: