diff --git a/group_vars/all/08_ports.yml b/group_vars/all/08_ports.yml index 1c8396ea..c5fc88be 100644 --- a/group_vars/all/08_ports.yml +++ b/group_vars/all/08_ports.yml @@ -57,6 +57,7 @@ ports: presentation: 8039 espocrm: 8040 syncope: 8041 + collabora: 8042 bigbluebutton: 48087 # This port is predefined by bbb. @todo Try to change this to a 8XXX port # Ports which are exposed to the World Wide Web public: diff --git a/group_vars/all/09_networks.yml b/group_vars/all/09_networks.yml index 3c768bc9..39335f0e 100644 --- a/group_vars/all/09_networks.yml +++ b/group_vars/all/09_networks.yml @@ -84,6 +84,8 @@ defaults_networks: subnet: 192.168.103.64/28 syncope: subnet: 192.168.103.80/28 + collabora: + subnet: 192.168.103.96/28 # /24 Networks / 254 Usable Clients bigbluebutton: diff --git a/roles/docker-collabora/README.md b/roles/docker-collabora/README.md new file mode 100644 index 00000000..93c9c521 --- /dev/null +++ b/roles/docker-collabora/README.md @@ -0,0 +1,30 @@ +# Docker Collabora (DRAFT) + +## Description + +This Ansible role deploys Collabora Online (CODE) in Docker to enable real-time, in-browser document editing for Nextcloud. It automates the setup of the Collabora CODE container, Nginx reverse proxy configuration, network isolation via Docker networks, and environment variable management. + +## Overview + +* **Dockerized Collabora CODE:** Uses the official `collabora/code` image. +* **Nginx Reverse Proxy:** Configures a public-facing proxy with TLS termination and WebSocket support for `/cool/` paths. +* **Docker Network Management:** Creates an isolated `/28` subnet for Collabora and connects containers securely. +* **Environment Configuration:** Generates a `.env` file with domain, credentials, and extra parameters for Collabora's WOPI server. + +## Features + +* Automatic creation of a dedicated Docker network for Collabora. +* Proxy configuration template for Nginx with long timeouts and WebSocket upgrades. +* Customizable domain names and ports via Ansible variables. +* Support for SSL termination at the proxy level. +* Integration hooks to restart Nginx and recreate Docker Compose stacks on changes. + +## Documentation + +See the role’s `README.md`, task files, and Jinja2 templates in the `roles/docker-collabora` directory for usage examples and variable definitions. + +## Further Resources + +* [Collabora & Talk Super integration demo](https://www.youtube.com/watch?v=7cRmvTyt1ik) +* [Collabora configuration examples archive](https://cloud.thesysadminhub.com/s/FNKyP43y35HGDTJ?dir=/&openfile=true) +* [Official Collabora CODE website](https://www.collaboraoffice.com/code/) diff --git a/roles/docker-collabora/meta/main.yml b/roles/docker-collabora/meta/main.yml new file mode 100644 index 00000000..dc1673e5 --- /dev/null +++ b/roles/docker-collabora/meta/main.yml @@ -0,0 +1,28 @@ +--- +galaxy_info: + author: "Kevin Veen-Birkenbach" + description: "Deploy Collabora Online CODE in Docker with automated proxy, networking, and environment configuration." + license: "CyMaIS NonCommercial License (CNCL)" + license_url: "https://s.veen.world/cncl" + company: | + Kevin Veen-Birkenbach + Consulting & Coaching Solutions + https://www.veen.world + min_ansible_version: "2.9" + platforms: + - name: Linux + versions: + - all + galaxy_tags: + - collabora + - docker + - nginx + - office + - wopi + - code + repository: "https://s.veen.world/cymais" + issue_tracker_url: "https://s.veen.world/cymaisissues" + documentation: "https://s.veen.world/cymais/docker-collabora" + logo: + class: "fa-solid fa-file-code" + run_after: [] diff --git a/roles/docker-collabora/tasks/main.yml b/roles/docker-collabora/tasks/main.yml new file mode 100644 index 00000000..e9cd688c --- /dev/null +++ b/roles/docker-collabora/tasks/main.yml @@ -0,0 +1,20 @@ +- name: create nextcloud nginx proxy configuration file + template: + src: "nginx.conf.j2" + dest: "{{nginx.directories.http.servers}}{{domains | get_domain(application_id)}}.conf" + notify: restart nginx + +- name: "Include docker-compose role" + include_role: + name: docker-compose + +- name: Create Docker network for Collabora + docker_network: + name: central_mariadb + state: present + ipam_config: + - subnet: "{{ networks.local.collabora.subnet }}" + when: run_once_docker_mariadb is not defined + +- include_tasks: "{{ playbook_dir }}/roles/docker-compose/tasks/create-files.yml" + diff --git a/roles/docker-collabora/templates/docker-compose.yml.j2 b/roles/docker-collabora/templates/docker-compose.yml.j2 new file mode 100644 index 00000000..d4d903d8 --- /dev/null +++ b/roles/docker-collabora/templates/docker-compose.yml.j2 @@ -0,0 +1,15 @@ +services: + +{% include 'templates/docker/services/redis.yml.j2' %} + + collabora: + image: collabora/code + container_name: collabora + ports: + - "127.0.0.1:{{ports.localhost.http[application_id]}}:80" + +{% include 'roles/docker-compose/templates/services/base.yml.j2' %} +{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} +{% include 'templates/docker/container/networks.yml.j2' %} + +{% include 'templates/docker/compose/networks.yml.j2' %} diff --git a/roles/docker-collabora/templates/env.j2 b/roles/docker-collabora/templates/env.j2 new file mode 100644 index 00000000..3f0634a3 --- /dev/null +++ b/roles/docker-collabora/templates/env.j2 @@ -0,0 +1,4 @@ +domain=nxsrv +username=admin +password=${COLLABRA_PASSWORD} +extra_params=--o:ssl.enable=false --o:ssl.termination=true \ No newline at end of file diff --git a/roles/docker-collabora/templates/nginx.conf.j2 b/roles/docker-collabora/templates/nginx.conf.j2 new file mode 100644 index 00000000..dae6f9d1 --- /dev/null +++ b/roles/docker-collabora/templates/nginx.conf.j2 @@ -0,0 +1,15 @@ +server { + server_name {{domain}}; + + {% include 'roles/letsencrypt/templates/ssl_header.j2' %} + + {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%} + + {% include 'roles/nginx-docker-reverse-proxy/templates/headers/content_security_policy.conf.j2' %} + + {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %} + + {% set location = '^~ /cool/' %} + + {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %} +} \ No newline at end of file diff --git a/roles/docker-collabora/vars/configuration.yml b/roles/docker-collabora/vars/configuration.yml new file mode 100644 index 00000000..b2b52744 --- /dev/null +++ b/roles/docker-collabora/vars/configuration.yml @@ -0,0 +1,3 @@ +domains: + canonical: + - "collabora.{{ primary_domain }}" \ No newline at end of file diff --git a/roles/docker-collabora/vars/main.yml b/roles/docker-collabora/vars/main.yml new file mode 100644 index 00000000..a90b42eb --- /dev/null +++ b/roles/docker-collabora/vars/main.yml @@ -0,0 +1,2 @@ +--- +application_id: collabora \ No newline at end of file diff --git a/roles/docker-nextcloud/Todo.md b/roles/docker-nextcloud/Todo.md new file mode 100644 index 00000000..e40a987a --- /dev/null +++ b/roles/docker-nextcloud/Todo.md @@ -0,0 +1,2 @@ +# Todo +- Implement Collabora and Talk Supper . [See](https://www.youtube.com/watch?v=7cRmvTyt1ik) \ No newline at end of file diff --git a/roles/docker-nextcloud/meta/main.yml b/roles/docker-nextcloud/meta/main.yml index 0d72519e..d4002cb7 100644 --- a/roles/docker-nextcloud/meta/main.yml +++ b/roles/docker-nextcloud/meta/main.yml @@ -28,3 +28,7 @@ galaxy_info: documentation: "https://s.veen.world/cymais/docker-nextcloud" logo: class: "fa-solid fa-cloud" + run_after: + - docker-collabora + - docker-keycloak + - docker-mastodon diff --git a/roles/docker-nextcloud/templates/docker-compose.yml.j2 b/roles/docker-nextcloud/templates/docker-compose.yml.j2 index 08906da1..100183f9 100644 --- a/roles/docker-nextcloud/templates/docker-compose.yml.j2 +++ b/roles/docker-nextcloud/templates/docker-compose.yml.j2 @@ -20,6 +20,28 @@ services: {% include 'templates/docker/container/networks.yml.j2' %} ipv4_address: 192.168.102.69 + # @Todo activate + #nc-talk: + # image: nextcloud/aio-talk:latest + # container_name: talk_hpb + # hostname: hpb_yt + # restart: unless-stopped + # init: true + # ports: + # - 3478:3478/tcp #TURN TCP + # - 3478:3478/udp #TURN UDP + # - 8181:8081/tcp #Signaling + # environment: + # - NC_DOMAIN=cloud.yourdomain.tld + # - TALK_HOST=signaling.yourdomain.tld + # - TURN_SECRET=${TURN_SECRET} + # - SIGNALING_SECRET=${SIGNALING_SECRET} + # - TZ=Europe/Berlin + # - TALK_PORT=3478 + # - INTERNAL_SECRET=${INTERNAL_SECRET} + # networks: + # - nxnetwork_yt + web: image: nginx:alpine container_name: {{applications.nextcloud.container.proxy}} diff --git a/roles/docker-nextcloud/templates/nginx/host.conf.j2 b/roles/docker-nextcloud/templates/nginx/host.conf.j2 index 78a297db..6f8d0282 100644 --- a/roles/docker-nextcloud/templates/nginx/host.conf.j2 +++ b/roles/docker-nextcloud/templates/nginx/host.conf.j2 @@ -1,4 +1,4 @@ -# This is the nginx configuration file for the proxy server +{# This is the nginx configuration file for the proxy server #} server { diff --git a/roles/docker-nextcloud/vars/configuration.yml b/roles/docker-nextcloud/vars/configuration.yml index 3831897e..06cc6d29 100644 --- a/roles/docker-nextcloud/vars/configuration.yml +++ b/roles/docker-nextcloud/vars/configuration.yml @@ -36,6 +36,7 @@ legacy_login_mask: container: application: "nextcloud-application" # Nextcloud application container name proxy: "nextcloud-web" # Nextcloud Proxy Container Name + collabora: "nextcloud-collabora" performance: php: memory_limit: "{{ ((ansible_memtotal_mb | int) / 30)|int }}M" # Dynamic set memory limit