collabora #106

Merged
jeltz merged 7 commits from collabora into new-infra 2024-02-24 19:34:35 +01:00
4 changed files with 28 additions and 24 deletions
Showing only changes of commit f70e515769 - Show all commits

View file

@ -8,4 +8,6 @@ ifupdown2__interfaces:
- 2a09:6840:128::220/64 - 2a09:6840:128::220/64
- 10.128.0.220/16 - 10.128.0.220/16
gateways: "{{ ifupdown2__gateways.adm }}" gateways: "{{ ifupdown2__gateways.adm }}"
collabora__server_name: office.auro.re
... ...

View file

@ -3,3 +3,4 @@
service: service:
name: coolwsd name: coolwsd
state: restarted state: restarted
...

View file

@ -1,29 +1,33 @@
--- ---
- name: Install gpg (to import Collabora key) - name: Install gpg (to import Collabora key)
apt: apt:
name: gpg name:
- gpg
- python3-debian
state: present state: present
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Import Collabora GPG signing key - name: Import Collabora GPG signing key
apt_key: get_url:
url: https://www.collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg url: https://www.collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg
state: present dest: /usr/share/keyrings/collaboraonline-release-keyring.gpg
register: apt_key_result
retries: 3
until: apt_key_result is succeeded
- name: Add Collabora repository - name: Add Collabora repository
apt_repository: deb822_repository:
repo: deb https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb stable main name: collabora
state: present types: deb
update_cache: true uris: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
suites: ./
signed_by: /usr/share/keyrings/collaboraonline-release-keyring.gpg
- name: Install Collabora - name: Install Collabora
apt: apt:
name: coolwsd code-brand collaboraoffice* name:
- coolwsd
- code-brand
- collaboraoffice*
state: present state: present
register: apt_result register: apt_result
retries: 3 retries: 3
@ -31,10 +35,10 @@
- name: Configure Collabora - name: Configure Collabora
template: template:
src: coolwsd.toml.j2 src: coolwsd.xml.j2
dest: /etc/coolwsd/coolwsd.xml dest: /etc/coolwsd/coolwsd.xml
mode: 0640 mode: u=rw,g=r,o=
notify: Restart grafana notify: Restart Collabora
- name: Enable and start Collabora - name: Enable and start Collabora
systemd: systemd:
@ -42,3 +46,4 @@
enabled: true enabled: true
state: started state: started
daemon_reload: true daemon_reload: true
...

View file

@ -1,4 +1,5 @@
<!-- -*- nxml-child-indent: 4; tab-width: 4; indent-tabs-mode: nil -*- --> <?xml version="1.0" encoding="utf-8" standalone="yes" ?>
{{ ansible_managed | comment(style="xml") }}
<config> <config>
<!-- For more detailed documentation on typical configuration options please see: <!-- For more detailed documentation on typical configuration options please see:
@ -38,7 +39,7 @@
<child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path> <child_root_path desc="Path to the directory under which the chroot jails for the child processes will be created. Should be on the same file system as systemplate and lotemplate. Must be an empty directory." type="path" relative="true" default="jails"></child_root_path>
<mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree> <mount_jail_tree desc="Controls whether the systemplate and lotemplate contents are mounted or not, which is much faster than the default of linking/copying each file." type="bool" default="true"></mount_jail_tree>
<server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">office.auro.re</server_name> <server_name desc="External hostname:port of the server running coolwsd. If empty, it's derived from the request (please set it if this doesn't work). May be specified when behind a reverse-proxy or when the hostname is not reachable directly." type="string" default="">{{ collabora__server_name }}</server_name>
<file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path> <file_server_root_path desc="Path to the directory that should be considered root for the file server. This should be the directory containing cool." type="path" relative="true" default="browser/../"></file_server_root_path>
<hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls> <hexify_embedded_urls desc="Enable to protect encoded URLs from getting decoded by intermediate hops. Particularly useful on Azure deployments" type="bool" default="false"></hexify_embedded_urls>
<experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features> <experimental_features desc="Enable/Disable experimental features" type="bool" default="true">true</experimental_features>
@ -186,9 +187,9 @@
<ssl desc="SSL settings"> <ssl desc="SSL settings">
<!-- switches from https:// + wss:// to http:// + ws:// --> <!-- switches from https:// + wss:// to http:// + ws:// -->
<enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable> <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable>
<!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production --> <!-- SSL off-load can be done in a proxy, if so disable SSL, and enable termination below in production -->
<termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination> <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">true</termination>
<cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path> <cert_file_path desc="Path to the cert file" relative="false">/etc/coolwsd/cert.pem</cert_file_path>
<key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path> <key_file_path desc="Path to the key file" relative="false">/etc/coolwsd/key.pem</key_file_path>
<ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path> <ca_file_path desc="Path to the ca file" relative="false">/etc/coolwsd/ca-chain.cert.pem</ca_file_path>
@ -247,7 +248,6 @@
<host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host> <host desc="hostname to allow or deny." allow="true">scheme://hostname:port</host>
<alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias> <alias desc="regex pattern of aliasname">scheme://aliasname1:port</alias>
<alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias> <alias desc="regex pattern of aliasname">scheme://aliasname2:port</alias>
</group>--> </group>-->
<!-- More "group"s possible here --> <!-- More "group"s possible here -->
</alias_groups> </alias_groups>
@ -264,7 +264,7 @@
</storage> </storage>
<admin_console desc="Web admin console settings."> <admin_console desc="Web admin console settings.">
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable> <enable desc="Enable the admin console functionality" type="bool" default="true">false</enable>
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam> <enable_pam desc="Enable admin user authentication with PAM" type="bool" default="false">false</enable_pam>
<username desc="The username of the admin console. Ignored if PAM is enabled."></username> <username desc="The username of the admin console. Ignored if PAM is enabled."></username>
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password> <password desc="The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password."></password>
@ -309,10 +309,6 @@
<url desc="URL endpoint to server which servers routeToken in json format" default=""></url> <url desc="URL endpoint to server which servers routeToken in json format" default=""></url>
</indirection_endpoint> </indirection_endpoint>
<zotero desc="Zotero plugin configuration. For more details about Zotero visit https://www.zotero.org/"> <zotero desc="Zotero plugin configuration. For more details about Zotero visit https://www.zotero.org/">
<enable desc="Enable Zotero plugin." type="bool" default="true">true</enable> <enable desc="Enable Zotero plugin." type="bool" default="true">true</enable>
</zotero> </zotero>