commit bc4589259abb65ef2d507510aeb0debfd00f3849 Author: Thomas Constans Date: Thu Oct 12 16:09:33 2023 +0200 initial release diff --git a/README.md b/README.md new file mode 100644 index 0000000..a72bce3 --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +Role Name +========= + +Deploy Collabora Code Server + +Requirements +------------ + +a vhost + +Role Variables +-------------- + +code_clients: list of ips and hostname that should be allowed to use code server. ip in the form "10\.10\.10\.10". ex: + +```yaml +code_clients: +- host: nuage.maisonduvelolyon.org +- host: 51\.15\.253\.78 +``` + +Dependencies +------------ + + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +Thomas C + diff --git a/code.opendoor.fr.conf b/code.opendoor.fr.conf new file mode 100644 index 0000000..0645221 --- /dev/null +++ b/code.opendoor.fr.conf @@ -0,0 +1,70 @@ + + Servername code.opendoor.fr + DocumentRoot /srv/airline.opendoor.fr/www + + require all granted + Options -indexes + + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} "!^/\.well-known" + RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] + + + + ServerName code.opendoor.fr + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + SSLCertificateChainFile /etc/letsencrypt/live/airline.opendoor.fr/fullchain.pem + SSLCertificateFile /etc/letsencrypt/live/airline.opendoor.fr/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/airline.opendoor.fr/privkey.pem + #SetEnvIf Host "^(.*)$" THE_HOST=$1 + #RequestHeader setifempty X-Forwarded-Proto https + #RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e + #ProxyAddHeaders Off + ErrorLog /var/log/httpd/code_error.log + CustomLog /var/log/httpd//code_access.log combined + + SSLCertificateFile /etc/letsencrypt/live/code.opendoor.fr/cert.pem + SSLCertificateChainFile /etc/letsencrypt/live/code.opendoor.fr/fullchain.pem + SSLCertificateKeyFile /etc/letsencrypt/live/code.opendoor.fr/privkey.pem + + AllowEncodedSlashes NoDecode + ProxyPreserveHost On + +# static html, js, images, etc. served from coolwsd +# browser is the client part of Collabora Online + + ProxyPass /browser http://127.0.0.1:9980/browser retry=0 + ProxyPassReverse /browser http://127.0.0.1:9980/browser + +# WOPI discovery URL + + ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0 + ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery + +# Capabilities + + ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities + +# Main websocket + + ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon + +# Admin Console websocket + + ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws + +# Download as, Fullscreen presentation and Image upload operations + + ProxyPass /cool http://127.0.0.1:9980/cool + ProxyPassReverse /cool http://127.0.0.1:9980/cool + +# Compatibility with integrations that use the /lool/convert-to endpoint + ProxyPass /lool http://127.0.0.1:9980/cool + ProxyPassReverse /lool http://127.0.0.1:9980/cool + + diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c4c88ed --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tco.code diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..e6bea57 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for tco.code +- name: restart coolwsd + ansible.builtin.service: + name: coolwsd + state: restarted + +- name: restart apache + ansible.builtin.service: + name: httpd + state: restarted diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..bb3ba1a --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: +- { role: tco.changelog, myrole_name: ansible_collabora_code } + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..16d2dc5 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,61 @@ +--- +# tasks file for tco.code + +- name: "[Code] - prereq" + ansible.builtin.package: + name: python-lxml + state: present + +- name: "[Code] - repository" + yum_repository: + baseurl: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-rpm + name: Collabora Code repo + description: Collabora Code repo + gpgkey: "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-centos7/repodata/repomd.xml.key" + +- name: "[Code] - install packages" + ansible.builtin.package: + name: + - coolwsd + - CODE-brand + state: present + +- name: "[Code] - disable ssl" + community.general.xml: + path: /etc/coolwsd/coolwsd.xml + xpath: /config/ssl/enable + value: "false" + notify: restart coolwsd + +- name: "[Code] - enable ssl termination" + community.general.xml: + path: /etc/coolwsd/coolwsd.xml + xpath: /config/ssl/termination + value: "true" + notify: restart coolwsd + +- name: "[Code] - enable client " + community.general.xml: + path: /etc/coolwsd/coolwsd.xml + xpath: /config/net/post_allow + add_children: + "{{ code_clients }}" + notify: restart coolwsd + +- name: "[Code] - deploy apache conf" + block: + - ansible.builtin.template: + src: code_apache.conf.inc + dest: /etc/httpd/conf.d/ + + - ansible.builtin.lineinfile: + path: /etc/httpd/conf.d/{{ apache_server_name }}.conf + line: include /etc/httpd/conf.d/code_apache.conf.inc + insertafter: "ServerName" + notify: restart apache + +- name: "[Code] - enable and start service" + ansible.builtin.service: + name: coolwsd + enabled: true + state: started diff --git a/templates/code_apache.conf.inc b/templates/code_apache.conf.inc new file mode 100644 index 0000000..289bd29 --- /dev/null +++ b/templates/code_apache.conf.inc @@ -0,0 +1,36 @@ + + AllowEncodedSlashes NoDecode + ProxyPreserveHost On + +# static html, js, images, etc. served from coolwsd +# browser is the client part of Collabora Online + ProxyPass /browser http://127.0.0.1:9980/browser retry=0 + ProxyPassReverse /browser http://127.0.0.1:9980/browser + +# WOPI discovery URL + + ProxyPass /hosting/discovery http://127.0.0.1:9980/hosting/discovery retry=0 + ProxyPassReverse /hosting/discovery http://127.0.0.1:9980/hosting/discovery + +# Capabilities + + ProxyPass /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities retry=0 + ProxyPassReverse /hosting/capabilities http://127.0.0.1:9980/hosting/capabilities + +# Main websocket + + ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:9980/cool/$1/ws nocanon + +# Admin Console websocket + + ProxyPass /cool/adminws ws://127.0.0.1:9980/cool/adminws + +# Download as, Fullscreen presentation and Image upload operations + + ProxyPass /cool http://127.0.0.1:9980/cool + ProxyPassReverse /cool http://127.0.0.1:9980/cool + +# Compatibility with integrations that use the /lool/convert-to endpoint + ProxyPass /lool http://127.0.0.1:9980/cool + ProxyPassReverse /lool http://127.0.0.1:9980/cool + diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..4b0ec55 --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - tco.code diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..8d82b26 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tco.code