initial release

2023-10-12 16:09:33 +02:00
commit bc4589259a
10 changed files with 286 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,44 @@
+Role Name
+=========
+
+Deploy Collabora Code Server
+
+Requirements
+------------
+
+a vhost
+
+Role Variables
+--------------
+
+code_clients: list of ips and hostname that should be allowed to use code server. ip in the form "10\.10\.10\.10". ex:
+
+```yaml
+code_clients:
+- host: nuage.maisonduvelolyon.org
+- host: 51\.15\.253\.78
+```
+
+Dependencies
+------------
+
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas C <thomas@opendoor.fr>
+
--- a/code.opendoor.fr.conf
+++ b/code.opendoor.fr.conf
@@ -0,0 +1,70 @@
+<VirtualHost *:80>                                                                                                                                                                                                  
+   Servername code.opendoor.fr
+      DocumentRoot /srv/airline.opendoor.fr/www
+   <Directory /srv/airline.opendoor.fr/www>
+      require all granted
+      Options -indexes
+   </Directory>
+	RewriteEngine on
+   RewriteCond %{HTTPS} off
+   RewriteCond %{REQUEST_URI}  "!^/\.well-known"
+   RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
+ </VirtualHost>
+
+<VirtualHost *:443>
+  ServerName code.opendoor.fr
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+  SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
+  SSLCertificateChainFile /etc/letsencrypt/live/airline.opendoor.fr/fullchain.pem
+  SSLCertificateFile      /etc/letsencrypt/live/airline.opendoor.fr/cert.pem
+  SSLCertificateKeyFile   /etc/letsencrypt/live/airline.opendoor.fr/privkey.pem
+  #SetEnvIf Host "^(.*)$" THE_HOST=$1
+  #RequestHeader setifempty X-Forwarded-Proto https
+  #RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
+  #ProxyAddHeaders Off
+  ErrorLog /var/log/httpd/code_error.log
+  CustomLog /var/log/httpd//code_access.log combined
+
+  SSLCertificateFile              /etc/letsencrypt/live/code.opendoor.fr/cert.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/code.opendoor.fr/fullchain.pem
+  SSLCertificateKeyFile   /etc/letsencrypt/live/code.opendoor.fr/privkey.pem
+
+  AllowEncodedSlashes NoDecode
+  ProxyPreserveHost On
+
+# static html, js, images, etc. served from coolwsd
+# browser is the client part of Collabora Online                                                                              
+
+  ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
+  ProxyPassReverse    /browser http://127.0.0.1:9980/browser
+
+# WOPI discovery URL                                          
+
+  ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
+  ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery
+
+# Capabilities
+
+  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
+  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
+
+# Main websocket
+
+  ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon
+
+# Admin Console websocket
+
+  ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws
+
+# Download as, Fullscreen presentation and Image upload operations
+
+  ProxyPass           /cool http://127.0.0.1:9980/cool
+  ProxyPassReverse    /cool http://127.0.0.1:9980/cool
+
+# Compatibility with integrations that use the /lool/convert-to endpoint
+  ProxyPass           /lool http://127.0.0.1:9980/cool
+  ProxyPassReverse    /lool http://127.0.0.1:9980/cool
+
+</VirtualHost>
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for tco.code
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+---
+# handlers file for tco.code
+- name: restart coolwsd
+  ansible.builtin.service:
+    name: coolwsd
+    state: restarted
+
+- name: restart apache
+  ansible.builtin.service:
+    name: httpd
+    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies:
+- { role: tco.changelog, myrole_name: ansible_collabora_code }
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,61 @@
+---
+# tasks file for tco.code
+
+- name: "[Code] - prereq"
+  ansible.builtin.package:
+    name: python-lxml
+    state: present
+
+- name: "[Code] - repository"
+  yum_repository:
+    baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-rpm
+    name: Collabora Code repo
+    description: Collabora Code repo
+    gpgkey: "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key"
+
+- name: "[Code] - install packages"
+  ansible.builtin.package:
+    name:
+    - coolwsd
+    - CODE-brand
+    state: present
+
+- name: "[Code] - disable ssl"
+  community.general.xml:
+    path: /etc/coolwsd/coolwsd.xml
+    xpath: /config/ssl/enable
+    value: "false"
+  notify: restart coolwsd
+
+- name: "[Code] - enable ssl termination"
+  community.general.xml:
+    path: /etc/coolwsd/coolwsd.xml
+    xpath: /config/ssl/termination
+    value: "true"
+  notify: restart coolwsd
+
+- name: "[Code] - enable client "
+  community.general.xml:
+    path: /etc/coolwsd/coolwsd.xml
+    xpath: /config/net/post_allow
+    add_children:
+     "{{ code_clients }}"
+  notify: restart coolwsd
+
+- name: "[Code] - deploy apache conf"
+  block:
+  - ansible.builtin.template:
+      src: code_apache.conf.inc
+      dest: /etc/httpd/conf.d/
+    
+  - ansible.builtin.lineinfile:
+      path: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+      line: include /etc/httpd/conf.d/code_apache.conf.inc
+      insertafter: "ServerName"
+  notify: restart apache
+
+- name: "[Code] - enable and start service"
+  ansible.builtin.service:
+    name: coolwsd
+    enabled: true
+    state: started
--- a/templates/code_apache.conf.inc
+++ b/templates/code_apache.conf.inc
@@ -0,0 +1,36 @@
+
+  AllowEncodedSlashes NoDecode
+  ProxyPreserveHost On
+
+# static html, js, images, etc. served from coolwsd
+# browser is the client part of Collabora Online                                                                              
+  ProxyPass           /browser http://127.0.0.1:9980/browser retry=0
+  ProxyPassReverse    /browser http://127.0.0.1:9980/browser
+
+# WOPI discovery URL                                          
+
+  ProxyPass           /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0
+  ProxyPassReverse    /hosting/discovery http://127.0.0.1:9980/hosting/discovery
+
+# Capabilities
+
+  ProxyPass           /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0
+  ProxyPassReverse    /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities
+
+# Main websocket
+
+  ProxyPassMatch      "/cool/(.*)/ws$"      ws://127.0.0.1:9980/cool/$1/ws nocanon
+
+# Admin Console websocket
+
+  ProxyPass           /cool/adminws ws://127.0.0.1:9980/cool/adminws
+
+# Download as, Fullscreen presentation and Image upload operations
+
+  ProxyPass           /cool http://127.0.0.1:9980/cool
+  ProxyPassReverse    /cool http://127.0.0.1:9980/cool
+
+# Compatibility with integrations that use the /lool/convert-to endpoint
+  ProxyPass           /lool http://127.0.0.1:9980/cool
+  ProxyPassReverse    /lool http://127.0.0.1:9980/cool
+
--- a/tests/inventory
+++ b/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - tco.code
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -0,0 +1,2 @@
+---
+# vars file for tco.code