Fix Nextcloud Talk Recording volumes and fully enable external DB/Redis integration for ONLYOFFICE.

Includes: - Talk recording tmp volume wiring for Nextcloud - ONLYOFFICE external PostgreSQL/Redis env integration - Added explicit volumes for pgdata/redis/rabbitmq - Switched ONLYOFFICE role to sys-stk-full-stateful - Updated docker-compose mounts and vars - CSP and feature flag improvements Conversation reference: https://chatgpt.com/share/6922f50e-cc44-800f-89fc-e1251c5bbe45
2025-11-26 14:46:56 +00:00 · 2025-11-23 12:51:03 +01:00
parent 854e6902d3
commit e333c9d85b
9 changed files with 78 additions and 11 deletions
--- a/roles/web-app-nextcloud/config/main.yml
+++ b/roles/web-app-nextcloud/config/main.yml
@@ -42,6 +42,7 @@ docker:
    data:                   nextcloud_data
    whiteboard_tmp:         nextcloud_whiteboard_tmp
    whiteboard_fontcache:   nextcloud_whiteboard_fontcache
+    talk_recording_tmp:     nextcloud_talk_recording_tmp
  services:
    redis:
      enabled:              true
--- a/roles/web-app-nextcloud/templates/docker-compose.yml.j2
+++ b/roles/web-app-nextcloud/templates/docker-compose.yml.j2
@@ -129,9 +129,10 @@
    networks:
      default:
        ipv4_address: 192.168.102.72
+    volumes:
+      - talk_recording_tmp:/tmp
 {% endif %}

-
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ NEXTCLOUD_VOLUME }}
@@ -141,5 +142,9 @@
  whiteboard_fontcache:
    name: {{ NEXTCLOUD_WHITEBOARD_FRONTCACHE_VOLUME }}
 {% endif %}
+{% if NEXTCLOUD_RECORDING_ENABLED | bool %}
+  talk_recording_tmp:
+    name: {{ NEXTCLOUD_RECORDING_TMP_VOLUME }}
+{% endif %}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
--- a/roles/web-app-nextcloud/templates/env.j2
+++ b/roles/web-app-nextcloud/templates/env.j2
@@ -62,7 +62,6 @@ STORAGE_STRATEGY=redis
 REDIS_URL=redis://redis:6379/0
 # Chromium (headless) hardening for Whiteboard
 CHROMIUM_FLAGS=--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage --use-gl=swiftshader --disable-software-rasterizer
-# Falls das Image Chromium mitbringt – Pfad meistens /usr/bin/chromium oder /usr/bin/chromium-browser:
 PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
 PUPPETEER_SKIP_DOWNLOAD=true
 {% endif %}
--- a/roles/web-app-nextcloud/vars/main.yml
+++ b/roles/web-app-nextcloud/vars/main.yml
@@ -141,6 +141,7 @@ NEXTCLOUD_RECORDING_VERSION:              "{{ applications | get_app_conf(applic
 NEXTCLOUD_RECORDING_ENABLED:              "{{ NEXTCLOUD_HPB_PLUGIN_ENABLED }}"
 NEXTCLOUD_RECORDING_PORT:                 1234
 NEXTCLOUD_RECORDING_SECRET:               "{{ applications | get_app_conf(application_id, 'credentials.talk_recording_secret') }}"
+NEXTCLOUD_RECORDING_TMP_VOLUME:           "{{ applications | get_app_conf(application_id, 'docker.volumes.talk_recording_tmp') }}"

 ### Collabora
 NEXTCLOUD_COLLABORA_URL:                  "{{ domains | get_url('web-svc-collabora', WEB_PROTOCOL) }}"
--- a/roles/web-svc-onlyoffice/config/main.yml
+++ b/roles/web-svc-onlyoffice/config/main.yml
@@ -22,9 +22,9 @@ server:
 docker:
  services:
    redis:
-      enabled: false
+      enabled: true
    database:
-      enabled: false
+      enabled: true
    onlyoffice:
      image:            "onlyoffice/documentserver"
      version:          "latest"
@@ -33,6 +33,19 @@ docker:
      mem_reservation:  "1g"
      mem_limit:        "2g"
      pids_limit:       2048
+  volumes:
+    data:         onlyoffice_data          # /var/www/onlyoffice/Data
+    logs:         onlyoffice_logs          # /var/log/onlyoffice
+    fonts:        onlyoffice_fonts         # /usr/share/fonts/truetype/custom
+    lib:          onlyoffice_lib           # /var/lib/onlyoffice
+    rabbitmqdata: onlyoffice_rabbitmqdata  # /var/lib/rabbitmq
+    
+    # The redis and db volume are just dummy volumes and aren't used 
+    pgdata:       onlyoffice_pgdata        # /var/lib/postgresql
+    redisdata:    onlyoffice_redisdata     # /var/lib/redis
 features:
  logout:           false
  desktop:          true
+  matomo:           true
+  css:              true
+  central_database: true
--- a/roles/web-svc-onlyoffice/tasks/01_core.yml
+++ b/roles/web-svc-onlyoffice/tasks/01_core.yml
@@ -1,6 +1,6 @@
- name: "Load core functions for '{{ application_id }}'"
+- name: "load docker, db and proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-full-stateless
+    name: sys-stk-full-stateful
  vars:
    docker_compose_flush_handlers:        true
    docker_compose_file_creation_enabled: true
--- a/roles/web-svc-onlyoffice/templates/docker-compose.yml.j2
+++ b/roles/web-svc-onlyoffice/templates/docker-compose.yml.j2
@@ -8,5 +8,30 @@
      - "127.0.0.1:{{ http_port }}:{{ container_port }}"
 {% include 'roles/docker-container/templates/healthcheck/curl.yml.j2' %}
 {% include 'roles/docker-container/templates/networks.yml.j2' %}
+    volumes:
+      - data:/var/www/onlyoffice/Data
+      - logs:/var/log/onlyoffice
+      - fonts:/usr/share/fonts/truetype/custom
+      - lib:/var/lib/onlyoffice
+      - pgdata:/var/lib/postgresql
+      - redisdata:/var/lib/redis
+      - rabbitmqdata:/var/lib/rabbitmq
+{% include 'roles/docker-container/templates/depends_on/dmbs_excl.yml.j2' %}

 {% include 'roles/docker-compose/templates/networks.yml.j2' %}
+
+{% include 'roles/docker-compose/templates/volumes.yml.j2' %}
+  data:
+    name: {{ ONLYOFFICE_VOLUME_DATA }}
+  logs:
+    name: {{ ONLYOFFICE_VOLUME_LOGS }}
+  fonts:
+    name: {{ ONLYOFFICE_VOLUME_FONTS }}
+  lib:
+    name: {{ ONLYOFFICE_VOLUME_LIB }}
+  pgdata:
+    name: {{ ONLYOFFICE_VOLUME_PGDATA }}
+  redisdata:
+    name: {{ ONLYOFFICE_VOLUME_REDIS }}
+  rabbitmqdata:
+    name: {{ ONLYOFFICE_VOLUME_RABBITMQ }}
--- a/roles/web-svc-onlyoffice/templates/env.j2
+++ b/roles/web-svc-onlyoffice/templates/env.j2
@@ -1,3 +1,16 @@
+# ONLYOFFICE external PostgreSQL settings
+DB_TYPE={{ database_type }}
+DB_HOST={{ database_host }}
+DB_PORT={{ database_port }}
+DB_NAME={{ database_name }}
+DB_USER={{ database_username }}
+DB_PWD={{ database_password }}
+
+# Redis
+REDIS_SERVER_HOST=redis
+REDIS_SERVER_PORT=6379
+# AMQP_URI=amqp://user:password@rabbitmq.example.internal:5672/onlyoffice
+
 JWT_ENABLED=true
 JWT_SECRET={{ ONLYOFFICE_JWT_SECRET }}
 JWT_HEADER=Authorization
--- a/roles/web-svc-onlyoffice/vars/main.yml
+++ b/roles/web-svc-onlyoffice/vars/main.yml
@@ -1,12 +1,22 @@
 ---
+# General
 application_id:             web-svc-onlyoffice
-
+database_type:              "postgres"
 domain:                     "{{ domains | get_domain(application_id) }}"
 http_port:                  "{{ ports.localhost.http[application_id] }}"
-
 container_port:             80   # OnlyOffice DocumentServer Standardport

+# ONLYOFFICE
 ONLYOFFICE_CONTAINER:       "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.name') }}"
 ONLYOFFICE_IMAGE:           "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.image') }}"
 ONLYOFFICE_VERSION:         "{{ applications | get_app_conf(application_id, 'docker.services.onlyoffice.version') }}"
 ONLYOFFICE_JWT_SECRET:      "{{ applications | get_app_conf(application_id, 'credentials.onlyoffice_jwt_secret') }}"
+
+## Volumes
+ONLYOFFICE_VOLUME_DATA:     "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
+ONLYOFFICE_VOLUME_LOGS:     "{{ applications | get_app_conf(application_id, 'docker.volumes.logs') }}"
+ONLYOFFICE_VOLUME_FONTS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.fonts') }}"
+ONLYOFFICE_VOLUME_LIB:      "{{ applications | get_app_conf(application_id, 'docker.volumes.lib') }}"
+ONLYOFFICE_VOLUME_PGDATA:   "{{ applications | get_app_conf(application_id, 'docker.volumes.pgdata') }}"
+ONLYOFFICE_VOLUME_REDIS:    "{{ applications | get_app_conf(application_id, 'docker.volumes.redisdata') }}"
+ONLYOFFICE_VOLUME_RABBITMQ: "{{ applications | get_app_conf(application_id, 'docker.volumes.rabbitmqdata') }}"