Fix Nextcloud Talk Recording volumes and fully enable external DB/Redis integration for ONLYOFFICE.

Includes: - Talk recording tmp volume wiring for Nextcloud - ONLYOFFICE external PostgreSQL/Redis env integration - Added explicit volumes for pgdata/redis/rabbitmq - Switched ONLYOFFICE role to sys-stk-full-stateful - Updated docker-compose mounts and vars - CSP and feature flag improvements Conversation reference: https://chatgpt.com/share/6922f50e-cc44-800f-89fc-e1251c5bbe45
2025-11-26 06:43:10 +00:00 · 2025-11-23 12:51:03 +01:00
parent 854e6902d3
commit e333c9d85b
9 changed files with 78 additions and 11 deletions
--- a/roles/web-svc-onlyoffice/config/main.yml
+++ b/roles/web-svc-onlyoffice/config/main.yml
@@ -22,9 +22,9 @@ server:
 docker:
  services:
    redis:
-      enabled: false
+      enabled: true
    database:
-      enabled: false
+      enabled: true
    onlyoffice:
      image:            "onlyoffice/documentserver"
      version:          "latest"
@@ -33,6 +33,19 @@ docker:
      mem_reservation:  "1g"
      mem_limit:        "2g"
      pids_limit:       2048
+  volumes:
+    data:         onlyoffice_data          # /var/www/onlyoffice/Data
+    logs:         onlyoffice_logs          # /var/log/onlyoffice
+    fonts:        onlyoffice_fonts         # /usr/share/fonts/truetype/custom
+    lib:          onlyoffice_lib           # /var/lib/onlyoffice
+    rabbitmqdata: onlyoffice_rabbitmqdata  # /var/lib/rabbitmq
+    
+    # The redis and db volume are just dummy volumes and aren't used 
+    pgdata:       onlyoffice_pgdata        # /var/lib/postgresql
+    redisdata:    onlyoffice_redisdata     # /var/lib/redis
 features:
-  logout:  false
-  desktop: true
+  logout:           false
+  desktop:          true
+  matomo:           true
+  css:              true
+  central_database: true
--- a/roles/web-svc-onlyoffice/tasks/01_core.yml
+++ b/roles/web-svc-onlyoffice/tasks/01_core.yml
@@ -1,6 +1,6 @@
- name: "Load core functions for '{{ application_id }}'"
+- name: "load docker, db and proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-full-stateless
+    name: sys-stk-full-stateful
  vars:
    docker_compose_flush_handlers:        true
    docker_compose_file_creation_enabled: true
--- a/roles/web-svc-onlyoffice/templates/docker-compose.yml.j2
+++ b/roles/web-svc-onlyoffice/templates/docker-compose.yml.j2
@@ -8,5 +8,30 @@
      - "127.0.0.1:{{ http_port }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
+    volumes:
+      - data:/var/www/onlyoffice/Data
+      - logs:/var/log/onlyoffice
+      - fonts:/usr/share/fonts/truetype/custom
+      - lib:/var/lib/onlyoffice
+      - pgdata:/var/lib/postgresql
+      - redisdata:/var/lib/redis
+      - rabbitmqdata:/var/lib/rabbitmq
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ ONLYOFFICE_VOLUME_DATA }}
+  logs:
+    name: {{ ONLYOFFICE_VOLUME_LOGS }}
+  fonts:
+    name: {{ ONLYOFFICE_VOLUME_FONTS }}
+  lib:
+    name: {{ ONLYOFFICE_VOLUME_LIB }}
+  pgdata:
+    name: {{ ONLYOFFICE_VOLUME_PGDATA }}
+  redisdata:
+    name: {{ ONLYOFFICE_VOLUME_REDIS }}
+  rabbitmqdata:
+    name: {{ ONLYOFFICE_VOLUME_RABBITMQ }}
--- a/roles/web-svc-onlyoffice/templates/env.j2
+++ b/roles/web-svc-onlyoffice/templates/env.j2
@@ -1,3 +1,16 @@
+# ONLYOFFICE external PostgreSQL settings
+DB_TYPE={{ database_type }}
+DB_HOST={{ database_host }}
+DB_PORT={{ database_port }}
+DB_NAME={{ database_name }}
+DB_USER={{ database_username }}
+DB_PWD={{ database_password }}
+
+# Redis
+REDIS_SERVER_HOST=redis
+REDIS_SERVER_PORT=6379
+# AMQP_URI=amqp://user:password@rabbitmq.example.internal:5672/onlyoffice
+
 JWT_ENABLED=true
 JWT_SECRET={{ ONLYOFFICE_JWT_SECRET }}
 JWT_HEADER=Authorization
--- a/roles/web-svc-onlyoffice/vars/main.yml
+++ b/roles/web-svc-onlyoffice/vars/main.yml
@@ -1,12 +1,22 @@
 ---
+# General
 application_id:             web-svc-onlyoffice
-
+database_type:              "postgres"
 domain:                     "{{ domains | get_domain(application_id) }}"
 http_port:                  "{{ ports.localhost.http[application_id] }}"
-
 container_port:             80   # OnlyOffice DocumentServer Standardport

+# ONLYOFFICE
 ONLYOFFICE_CONTAINER:       "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.name') }}"
 ONLYOFFICE_IMAGE:           "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.image') }}"
 ONLYOFFICE_VERSION:         "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.version') }}"
-ONLYOFFICE_JWT_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.onlyoffice_jwt_secret') }}"
+ONLYOFFICE_JWT_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.onlyoffice_jwt_secret') }}"
+
+## Volumes
+ONLYOFFICE_VOLUME_DATA:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+ONLYOFFICE_VOLUME_LOGS:     "{{ applications | get_app_conf(application_id, 'docker.volumes.logs') }}"
+ONLYOFFICE_VOLUME_FONTS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.fonts') }}"
+ONLYOFFICE_VOLUME_LIB:      "{{ applications | get_app_conf(application_id, 'docker.volumes.lib') }}"
+ONLYOFFICE_VOLUME_PGDATA:   "{{ applications | get_app_conf(application_id, 'docker.volumes.pgdata') }}"
+ONLYOFFICE_VOLUME_REDIS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.redisdata') }}"
+ONLYOFFICE_VOLUME_RABBITMQ: "{{ applications | get_app_conf(application_id, 'docker.volumes.rabbitmqdata') }}"