Fix Nextcloud Talk Recording volumes and fully enable external DB/Redis integration for ONLYOFFICE.

Includes:
- Talk recording tmp volume wiring for Nextcloud
- ONLYOFFICE external PostgreSQL/Redis env integration
- Added explicit volumes for pgdata/redis/rabbitmq
- Switched ONLYOFFICE role to sys-stk-full-stateful
- Updated docker-compose mounts and vars
- CSP and feature flag improvements

Conversation reference: https://chatgpt.com/share/6922f50e-cc44-800f-89fc-e1251c5bbe45

roles/web-app-nextcloud/config/main.yml

@@ -42,6 +42,7 @@ docker:
     data:                   nextcloud_data
     whiteboard_tmp:         nextcloud_whiteboard_tmp
     whiteboard_fontcache:   nextcloud_whiteboard_fontcache
+    talk_recording_tmp:     nextcloud_talk_recording_tmp
   services:
     redis:
       enabled:              true

roles/web-app-nextcloud/templates/docker-compose.yml.j2

@@ -129,9 +129,10 @@
     networks:
       default:
         ipv4_address: 192.168.102.72
+    volumes:
+      - talk_recording_tmp:/tmp
 {% endif %}
 
-
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
   data:
     name: {{ NEXTCLOUD_VOLUME }}
@@ -141,5 +142,9 @@
   whiteboard_fontcache:
     name: {{ NEXTCLOUD_WHITEBOARD_FRONTCACHE_VOLUME }}
 {% endif %}
+{% if NEXTCLOUD_RECORDING_ENABLED | bool %}
+  talk_recording_tmp:
+    name: {{ NEXTCLOUD_RECORDING_TMP_VOLUME }}
+{% endif %}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}

roles/web-app-nextcloud/templates/env.j2

@@ -62,7 +62,6 @@ STORAGE_STRATEGY=redis
 REDIS_URL=redis://redis:6379/0
 # Chromium (headless) hardening for Whiteboard
 CHROMIUM_FLAGS=--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage --use-gl=swiftshader --disable-software-rasterizer
-# Falls das Image Chromium mitbringt – Pfad meistens /usr/bin/chromium oder /usr/bin/chromium-browser:
 PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
 PUPPETEER_SKIP_DOWNLOAD=true
 {% endif %}

roles/web-app-nextcloud/vars/main.yml

@@ -141,6 +141,7 @@ NEXTCLOUD_RECORDING_VERSION:              "{{ applications | get_app_conf(applic
 NEXTCLOUD_RECORDING_ENABLED:              "{{ NEXTCLOUD_HPB_PLUGIN_ENABLED }}"
 NEXTCLOUD_RECORDING_PORT:                 1234
 NEXTCLOUD_RECORDING_SECRET:               "{{ applications | get_app_conf(application_id, 'credentials.talk_recording_secret') }}"
+NEXTCLOUD_RECORDING_TMP_VOLUME:           "{{ applications | get_app_conf(application_id, 'docker.volumes.talk_recording_tmp') }}"
 
 ### Collabora
 NEXTCLOUD_COLLABORA_URL:                  "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"

roles/web-svc-onlyoffice/config/main.yml

@@ -22,9 +22,9 @@ server:
 docker:
   services:
     redis:
-      enabled: false
+      enabled: true
     database:
-      enabled: false
+      enabled: true
     onlyoffice:
       image:            "onlyoffice/documentserver"
       version:          "latest"
@@ -33,6 +33,19 @@ docker:
       mem_reservation:  "1g"
       mem_limit:        "2g"
       pids_limit:       2048
+  volumes:
+    data:         onlyoffice_data          # /var/www/onlyoffice/Data
+    logs:         onlyoffice_logs          # /var/log/onlyoffice
+    fonts:        onlyoffice_fonts         # /usr/share/fonts/truetype/custom
+    lib:          onlyoffice_lib           # /var/lib/onlyoffice
+    rabbitmqdata: onlyoffice_rabbitmqdata  # /var/lib/rabbitmq
+    
+    # The redis and db volume are just dummy volumes and aren't used 
+    pgdata:       onlyoffice_pgdata        # /var/lib/postgresql
+    redisdata:    onlyoffice_redisdata     # /var/lib/redis
 features:
-  logout:  false
+  logout:           false
-  desktop: true
+  desktop:          true
+  matomo:           true
+  css:              true
+  central_database: true

roles/web-svc-onlyoffice/tasks/01_core.yml

@@ -1,6 +1,6 @@
-- name: "Load core functions for '{{ application_id }}'"
+- name: "load docker, db and proxy for {{ application_id }}"
   include_role:
-    name: sys-stk-full-stateless
+    name: sys-stk-full-stateful
   vars:
     docker_compose_flush_handlers:        true
     docker_compose_file_creation_enabled: true

roles/web-svc-onlyoffice/templates/docker-compose.yml.j2

@@ -8,5 +8,30 @@
       - "127.0.0.1:{{ http_port }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
+    volumes:
+      - data:/var/www/onlyoffice/Data
+      - logs:/var/log/onlyoffice
+      - fonts:/usr/share/fonts/truetype/custom
+      - lib:/var/lib/onlyoffice
+      - pgdata:/var/lib/postgresql
+      - redisdata:/var/lib/redis
+      - rabbitmqdata:/var/lib/rabbitmq
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}
 
 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ ONLYOFFICE_VOLUME_DATA }}
+  logs:
+    name: {{ ONLYOFFICE_VOLUME_LOGS }}
+  fonts:
+    name: {{ ONLYOFFICE_VOLUME_FONTS }}
+  lib:
+    name: {{ ONLYOFFICE_VOLUME_LIB }}
+  pgdata:
+    name: {{ ONLYOFFICE_VOLUME_PGDATA }}
+  redisdata:
+    name: {{ ONLYOFFICE_VOLUME_REDIS }}
+  rabbitmqdata:
+    name: {{ ONLYOFFICE_VOLUME_RABBITMQ }}

roles/web-svc-onlyoffice/templates/env.j2

@@ -1,3 +1,16 @@
+# ONLYOFFICE external PostgreSQL settings
+DB_TYPE={{ database_type }}
+DB_HOST={{ database_host }}
+DB_PORT={{ database_port }}
+DB_NAME={{ database_name }}
+DB_USER={{ database_username }}
+DB_PWD={{ database_password }}
+
+# Redis
+REDIS_SERVER_HOST=redis
+REDIS_SERVER_PORT=6379
+# AMQP_URI=amqp://user:password@rabbitmq.example.internal:5672/onlyoffice
+
 JWT_ENABLED=true
 JWT_SECRET={{ ONLYOFFICE_JWT_SECRET }}
 JWT_HEADER=Authorization

roles/web-svc-onlyoffice/vars/main.yml

@@ -1,12 +1,22 @@
 ---
+# General
 application_id:             web-svc-onlyoffice
-
+database_type:              "postgres"
 domain:                     "{{ domains | get_domain(application_id) }}"
 http_port:                  "{{ ports.localhost.http[application_id] }}"
-
 container_port:             80   # OnlyOffice DocumentServer Standardport
 
+# ONLYOFFICE
 ONLYOFFICE_CONTAINER:       "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.name') }}"
 ONLYOFFICE_IMAGE:           "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.image') }}"
 ONLYOFFICE_VERSION:         "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.version') }}"
-ONLYOFFICE_JWT_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.onlyoffice_jwt_secret') }}"
+ONLYOFFICE_JWT_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.onlyoffice_jwt_secret') }}"
+
+## Volumes
+ONLYOFFICE_VOLUME_DATA:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+ONLYOFFICE_VOLUME_LOGS:     "{{ applications | get_app_conf(application_id, 'docker.volumes.logs') }}"
+ONLYOFFICE_VOLUME_FONTS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.fonts') }}"
+ONLYOFFICE_VOLUME_LIB:      "{{ applications | get_app_conf(application_id, 'docker.volumes.lib') }}"
+ONLYOFFICE_VOLUME_PGDATA:   "{{ applications | get_app_conf(application_id, 'docker.volumes.pgdata') }}"
+ONLYOFFICE_VOLUME_REDIS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.redisdata') }}"
+ONLYOFFICE_VOLUME_RABBITMQ: "{{ applications | get_app_conf(application_id, 'docker.volumes.rabbitmqdata') }}"