From ca11d571624d998369cbaba46265b32c151e4458 Mon Sep 17 00:00:00 2001 From: Zolfa Date: Wed, 27 May 2020 16:14:12 +0200 Subject: [PATCH] roles/onlyoffice: new role ! --- roles/onlyoffice/defaults/main.yaml | 5 + roles/onlyoffice/files/default.json | 279 ++++++++++++++++++ .../files/onlyoffice-ds-common.conf | 21 ++ .../files/onlyoffice-ds-converter.service | 21 ++ .../files/onlyoffice-ds-docservice.conf | 75 +++++ .../files/onlyoffice-ds-docservice.service | 22 ++ .../onlyoffice/files/onlyoffice-ds-http.conf | 38 +++ .../files/onlyoffice-ds-spellchecker.conf | 4 + .../files/onlyoffice-ds-spellchecker.service | 21 ++ roles/onlyoffice/files/onlyoffice-ds.target | 6 + roles/onlyoffice/files/production-linux.json | 70 +++++ roles/onlyoffice/files/production.json | 14 + roles/onlyoffice/handlers/main.yaml | 8 + roles/onlyoffice/meta/main.yaml | 5 + roles/onlyoffice/tasks/main.yaml | 196 ++++++++++++ roles/onlyoffice/templates/local.json.j2 | 23 ++ 16 files changed, 808 insertions(+) create mode 100644 roles/onlyoffice/defaults/main.yaml create mode 100644 roles/onlyoffice/files/default.json create mode 100644 roles/onlyoffice/files/onlyoffice-ds-common.conf create mode 100644 roles/onlyoffice/files/onlyoffice-ds-converter.service create mode 100644 roles/onlyoffice/files/onlyoffice-ds-docservice.conf create mode 100644 roles/onlyoffice/files/onlyoffice-ds-docservice.service create mode 100644 roles/onlyoffice/files/onlyoffice-ds-http.conf create mode 100644 roles/onlyoffice/files/onlyoffice-ds-spellchecker.conf create mode 100644 roles/onlyoffice/files/onlyoffice-ds-spellchecker.service create mode 100644 roles/onlyoffice/files/onlyoffice-ds.target create mode 100644 roles/onlyoffice/files/production-linux.json create mode 100644 roles/onlyoffice/files/production.json create mode 100644 roles/onlyoffice/handlers/main.yaml create mode 100644 roles/onlyoffice/meta/main.yaml create mode 100644 roles/onlyoffice/tasks/main.yaml create mode 100644 roles/onlyoffice/templates/local.json.j2 diff --git a/roles/onlyoffice/defaults/main.yaml b/roles/onlyoffice/defaults/main.yaml new file mode 100644 index 0000000..43b5cd3 --- /dev/null +++ b/roles/onlyoffice/defaults/main.yaml @@ -0,0 +1,5 @@ +--- +nextcloud_host: 'nextcloud' +onlyoffice_nginx_fqdn: 'docs.{{ domain }}' +nginx_tls_1_2: true +... diff --git a/roles/onlyoffice/files/default.json b/roles/onlyoffice/files/default.json new file mode 100644 index 0000000..a11eada --- /dev/null +++ b/roles/onlyoffice/files/default.json @@ -0,0 +1,279 @@ +{ + "statsd": { + "useMetrics": false, + "host": "localhost", + "port": "8125", + "prefix": "ds." + }, + "log": { + "filePath": "", + "options": { + "replaceConsole": true + } + }, + "queue": { + "type": "rabbitmq", + "visibilityTimeout": 300, + "retentionPeriod": 900 + }, + "storage": { + "name": "storage-fs", + "fs": { + "folderPath": "", + "urlExpires": 900, + "secretString": "verysecretstring" + }, + "region": "", + "endpoint": "http://localhost/s3", + "bucketName": "cache", + "storageFolderName": "files", + "urlExpires": 604800, + "accessKeyId": "AKID", + "secretAccessKey": "SECRET", + "useRequestToGetUrl": false, + "useSignedUrl": false, + "externalHost": "" + }, + "rabbitmq": { + "url": "amqp://guest:guest@localhost:5672", + "socketOptions": {}, + "exchangepubsub": "ds.pubsub", + "queueconverttask": "ds.converttask", + "queueconvertresponse": "ds.convertresponse", + "exchangeconvertdead": "ds.exchangeconvertdead", + "queueconvertdead": "ds.convertdead", + "queuedelayed": "ds.delayed" + }, + "activemq": { + "connectOptions": { + "port": 5672, + "host": "localhost", + "name": "admin", + "reconnect": false + }, + "queueconverttask": "ds.converttask", + "queueconvertresponse": "ds.convertresponse", + "queueconvertdead": "ActiveMQ.DLQ", + "queuedelayed": "ds.delayed", + "topicpubsub": "ds.pubsub" + }, + "dnscache": { + "enable" : true, + "ttl" : 300, + "cachesize" : 1000 + }, + "services": { + "CoAuthoring": { + "server": { + "port": 8000, + "workerpercpu": 1, + "mode": "development", + "limits_tempfile_upload": 104857600, + "limits_image_size": 26214400, + "limits_image_download_timeout": { + "connectionAndInactivity": "10s", + "wholeCycle": "2m" + }, + "callbackRequestTimeout": { + "wholeCycle": "2m" + }, + "healthcheckfilepath": "../public/healthcheck.docx", + "savetimeoutdelay": 5000, + "edit_singleton": false, + "forgottenfiles": "forgotten", + "forgottenfilesname": "output", + "maxRequestChanges": 20000, + "openProtectedFile": true, + "editorDataStorage": "editorDataMemory" + }, + "requestDefaults": { + "headers": { + "User-Agent": "Node.js/6.13" + }, + "rejectUnauthorized": true + }, + "autoAssembly": { + "enable": false, + "interval": "5m", + "step": "1m" + }, + "utils": { + "utils_common_fontdir": "null", + "utils_fonts_search_patterns": "*.ttf;*.ttc;*.otf", + "resource_expires": 31536000, + "limits_image_types_upload": "jpg;png;gif;bmp" + }, + "sql": { + "type": "postgres", + "tableChanges": "doc_changes", + "tableResult": "task_result", + "dbHost": "/var/run/postgresql", + "dbPort": 5432, + "dbName": "onlyoffice", + "dbUser": "onlyoffice", + "dbPass": "", + "charset": "utf8", + "connectionlimit": 10, + "max_allowed_packet": 1048575 + }, + "redis": { + "name": "redis", + "prefix": "ds:", + "host": "localhost", + "port": 6379, + "options": {} + }, + "pubsub": { + "maxChanges": 1000 + }, + "expire": { + "saveLock": 60, + "presence": 300, + "locks": 604800, + "changeindex": 86400, + "lockDoc": 30, + "message": 86400, + "lastsave": 604800, + "forcesave": 604800, + "saved": 3600, + "documentsCron": "0 */2 * * * *", + "files": 86400, + "filesCron": "00 00 */1 * * *", + "filesremovedatonce": 100, + "sessionidle": "0", + "sessionabsolute": "30d", + "sessionclosecommand": "2m", + "pemStdTTL": "1h", + "pemCheckPeriod": "10m", + "updateVersionStatus": "5m" + }, + "ipfilter": { + "rules": [{"address": "*", "allowed": true}], + "useforrequest": false, + "errorcode": 403 + }, + "secret": { + "browser": {"string": "secret", "file": "", "tenants": {}}, + "inbox": {"string": "secret", "file": "", "tenants": {}}, + "outbox": {"string": "secret", "file": ""}, + "session": {"string": "secret", "file": ""} + }, + "token": { + "enable": { + "browser": false, + "request": { + "inbox": false, + "outbox": false + } + }, + "browser": { + "secretFromInbox": true + }, + "inbox": { + "header": "Authorization", + "prefix": "Bearer ", + "inBody": false + }, + "outbox": { + "header": "Authorization", + "prefix": "Bearer ", + "algorithm": "HS256", + "expires": "5m", + "inBody": false + }, + "session": { + "algorithm": "HS256", + "expires": "30d" + } + }, + "plugins": { + "uri": "/sdkjs-plugins", + "autostart": [] + }, + "editor":{ + "spellcheckerUrl": "/spellchecker", + "reconnection":{ + "attempts": 50, + "delay": "2s" + }, + "websocketMaxPayloadSize": "1.5MB" + }, + "sockjs": { + "sockjs_url": "", + "websocket": true + }, + "callbackBackoffOptions": { + "retries": 0, + "timeout":{ + "factor": 2, + "minTimeout": 1000, + "maxTimeout": 2147483647, + "randomize": false + }, + "httpStatus": "429,500-599" + } + } + }, + "license" : { + "license_file": "", + "warning_limit_percents": 70, + "packageType": 0 + }, + "FileConverter": { + "converter": { + "maxDownloadBytes": 104857600, + "downloadTimeout": { + "connectionAndInactivity": "10s", + "wholeCycle": "2m" + }, + "downloadAttemptMaxCount": 3, + "downloadAttemptDelay": 1000, + "maxprocesscount": 1, + "fontDir": "null", + "presentationThemesDir": "null", + "x2tPath": "null", + "docbuilderPath": "null", + "docbuilderAllFontsPath": "null", + "args": "", + "spawnOptions": {}, + "errorfiles": "", + "streamWriterBufferSize": 8388608, + "maxRedeliveredCount": 2, + "inputLimits": [ + { + "type": "docx;dotx;docm;dotm", + "zip": { + "uncompressed": "50MB", + "template": "*.xml" + } + }, + { + "type": "xlsx;xltx;xlsm;xltm", + "zip": { + "uncompressed": "300MB", + "template": "*.xml" + } + }, + { + "type": "pptx;ppsx;potx;pptm;ppsm;potm", + "zip": { + "uncompressed": "50MB", + "template": "*.xml" + } + } + ] + } + }, + "FileStorage": { + "host": "", + "port": 4567, + "directory": "", + "silent": true + }, + "SpellChecker": { + "server": { + "port": 8080, + "mode": "development" + } + } +} diff --git a/roles/onlyoffice/files/onlyoffice-ds-common.conf b/roles/onlyoffice/files/onlyoffice-ds-common.conf new file mode 100644 index 0000000..2970d05 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-common.conf @@ -0,0 +1,21 @@ +## Increase this if you want to upload large attachments +client_max_body_size 100m; + +gzip on; +gzip_vary on; +gzip_types text/plain + text/xml + text/css + text/csv + font/ttf + application/xml + application/javascript + application/x-javascript + application/json + application/octet-stream + application/x-font-ttf + application/rtf + application/wasm; + +access_log /var/log/onlyoffice/documentserver/nginx.access.log; +error_log /var/log/onlyoffice/documentserver/nginx.error.log; diff --git a/roles/onlyoffice/files/onlyoffice-ds-converter.service b/roles/onlyoffice/files/onlyoffice-ds-converter.service new file mode 100644 index 0000000..c790146 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-converter.service @@ -0,0 +1,21 @@ +[Unit] +Description=ONLYOFFICE DocumentServer - FileConverter +After=network.target +PartOf=onlyoffice-ds.target + +[Service] +User=onlyoffice +Type=simple +Environment="LD_LIBRARY_PATH=/opt/onlyoffice/documentserver/server/FileConverter/bin" "NODE_ENV=production-linux" "NODE_CONFIG_DIR=/etc/onlyoffice/documentserver" +ExecStart=/opt/onlyoffice/documentserver/server/FileConverter/converter +WorkingDirectory=/var/lib/onlyoffice/documentserver +LimitNOFILE=1048576 +LimitNPROC=64 +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +ReadWritePaths=/var/lib/onlyoffice/documentserver + +[Install] +WantedBy=multi-user.target diff --git a/roles/onlyoffice/files/onlyoffice-ds-docservice.conf b/roles/onlyoffice/files/onlyoffice-ds-docservice.conf new file mode 100644 index 0000000..4eb9290 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-docservice.conf @@ -0,0 +1,75 @@ +#welcome page +rewrite ^/$ $the_scheme://$the_host/welcome/ redirect; + +#support old version +rewrite ^\/OfficeWeb(\/apps\/.*)$ $the_scheme://$the_host/5.5.1-76/web-apps$1 redirect; + +#script caching protection +rewrite ^(\/web-apps\/apps\/(?!api\/).*)$ $the_scheme://$the_host/5.5.1-76$1 redirect; + +#disable caching for api.js +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps\/apps\/api\/documents\/api\.js)$ { + expires -1; + # gzip_static on; + alias /opt/onlyoffice/documentserver/$2; +} + +#suppress logging the unsupported locale error in web-apps +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps)(\/.*\.json)$ { + expires 365d; + error_log /dev/null crit; + # gzip_static on; + alias /opt/onlyoffice/documentserver/$2$3; +} + +#suppress logging the unsupported locale error in plugins +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(sdkjs-plugins)(\/.*\.json)$ { + expires 365d; + error_log /dev/null crit; + # gzip_static on; + alias /opt/onlyoffice/documentserver/$2$3; +} + +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(web-apps|sdkjs|sdkjs-plugins|fonts)(\/.*)$ { + expires 365d; + # gzip_static on; + alias /opt/onlyoffice/documentserver/$2$3; +} + +location ~ ^(\/cache\/files.*)(\/.*) { + alias /var/lib/onlyoffice/documentserver/App_Data$1; + add_header Content-Disposition "$arg_disposition; filename*=UTF-8''$arg_filename"; + + set $secret_string verysecretstring; + secure_link $arg_md5,$arg_expires; + secure_link_md5 "$secure_link_expires$uri$secret_string"; + + if ($secure_link = "") { + return 403; + } + + if ($secure_link = "0") { + return 410; + } +} + +# Allow internal service only from 127.0.0.1 +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?\/(info|internal)(\/.*)$ { + allow 127.0.0.1; + deny all; + proxy_pass http://docservice/$2$3; +} + +location / { + proxy_pass http://docservice; +} + +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/doc\/.*) { + proxy_pass http://docservice$2; + proxy_http_version 1.1; +} + +location /5.5.1-76/ { + proxy_pass http://docservice/; +} + diff --git a/roles/onlyoffice/files/onlyoffice-ds-docservice.service b/roles/onlyoffice/files/onlyoffice-ds-docservice.service new file mode 100644 index 0000000..9bdac44 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-docservice.service @@ -0,0 +1,22 @@ +[Unit] +Description=ONLYOFFICE DocumentServer - DocService +After=network.target +PartOf=onlyoffice-ds.target + +[Service] +User=onlyoffice +Group=onlyoffice +Type=simple +Environment="NODE_ENV=production-linux" "NODE_CONFIG_DIR=/etc/onlyoffice/documentserver" +ExecStart=/opt/onlyoffice/documentserver/server/DocService/docservice +WorkingDirectory=/var/lib/onlyoffice/documentserver +LimitNOFILE=1048576 +LimitNPROC=64 +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +ReadWritePaths=/var/lib/onlyoffice/documentserver + +[Install] +WantedBy=multi-user.target diff --git a/roles/onlyoffice/files/onlyoffice-ds-http.conf b/roles/onlyoffice/files/onlyoffice-ds-http.conf new file mode 100644 index 0000000..23a8881 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-http.conf @@ -0,0 +1,38 @@ +upstream docservice { + server localhost:8000; +} + +upstream spellchecker { + server localhost:8080; +} + +upstream example { + server localhost:3000; +} + +map $http_host $this_host { + "" $host; + default $http_host; +} + +map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; +} + +map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $this_host; +} + +map $http_upgrade $proxy_connection { + default upgrade; + "" close; +} + +proxy_set_header Host $http_host; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $proxy_connection; +proxy_set_header X-Forwarded-Host $the_host; +proxy_set_header X-Forwarded-Proto $the_scheme; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/roles/onlyoffice/files/onlyoffice-ds-spellchecker.conf b/roles/onlyoffice/files/onlyoffice-ds-spellchecker.conf new file mode 100644 index 0000000..a9d3ebd --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-spellchecker.conf @@ -0,0 +1,4 @@ +location ~ ^(\/[\d]+\.[\d]+\.[\d]+[\.|-][\d]+)?(\/spellchecker)(\/.*)$ { + proxy_pass http://spellchecker$3; + proxy_http_version 1.1; +} diff --git a/roles/onlyoffice/files/onlyoffice-ds-spellchecker.service b/roles/onlyoffice/files/onlyoffice-ds-spellchecker.service new file mode 100644 index 0000000..c4e066e --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds-spellchecker.service @@ -0,0 +1,21 @@ +[Unit] +Description=ONLYOFFICE DocumentServer - SpellChecker +After=network.target +PartOf=onlyoffice-ds.target + +[Service] +User=onlyoffice +Type=simple +Environment="NODE_ENV=production-linux" "NODE_CONFIG_DIR=/etc/onlyoffice/documentserver" +ExecStart=/opt/onlyoffice/documentserver/server/SpellChecker/spellchecker +WorkingDirectory=/var/lib/onlyoffice/documentserver +LimitNOFILE=1048576 +LimitNPROC=64 +PrivateTmp=true +PrivateDevices=true +ProtectHome=true +ProtectSystem=strict +ReadWritePaths=/var/lib/onlyoffice/documentserver + +[Install] +WantedBy=multi-user.target diff --git a/roles/onlyoffice/files/onlyoffice-ds.target b/roles/onlyoffice/files/onlyoffice-ds.target new file mode 100644 index 0000000..775ce72 --- /dev/null +++ b/roles/onlyoffice/files/onlyoffice-ds.target @@ -0,0 +1,6 @@ +[Unit] +After=network.target +Wants=onlyoffice-ds-spellchecker.service onlyoffice-ds-converter.service onlyoffice-ds-docservice.service + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/roles/onlyoffice/files/production-linux.json b/roles/onlyoffice/files/production-linux.json new file mode 100644 index 0000000..998e8d5 --- /dev/null +++ b/roles/onlyoffice/files/production-linux.json @@ -0,0 +1,70 @@ +{ + "log": { + "filePath": "/etc/onlyoffice/documentserver/log4js/production.json" + }, + "storage": { + "fs": { + "folderPath": "/var/lib/onlyoffice/documentserver/App_Data/cache/files" + } + }, + "services": { + "CoAuthoring": { + "server": { + "static_content": { + "/fonts": { + "path": "/opt/onlyoffice/documentserver/fonts", + "options": {"maxAge": "7d"} + }, + "/sdkjs": { + "path": "/opt/onlyoffice/documentserver/sdkjs", + "options": {"maxAge": "7d"} + }, + "/web-apps": { + "path": "/opt/onlyoffice/documentserver/web-apps", + "options": {"maxAge": "7d"} + }, + "/welcome": { + "path": "/opt/onlyoffice/documentserver/server/welcome", + "options": {"maxAge": "7d"} + }, + "/info": { + "path": "/opt/onlyoffice/documentserver/server/info", + "options": {"maxAge": "7d"} + }, + "/sdkjs-plugins": { + "path": "/opt/onlyoffice/documentserver/sdkjs-plugins", + "options": {"maxAge": "7d"} + } + } + }, + "utils": { + "utils_common_fontdir": "/usr/share/fonts" + }, + "sockjs": { + "sockjs_url": "/web-apps/vendor/sockjs/sockjs.min.js" + } + } + }, + "license": { + "license_file": "/var/www/onlyoffice/documentserver/../Data/license.lic", + "warning_limit_percents": 70, + "packageType": 0 + }, + "FileConverter": { + "converter": { + "fontDir": "/usr/share/fonts", + "presentationThemesDir": "/opt/onlyoffice/documentserver/sdkjs/slide/themes", + "x2tPath": "/opt/onlyoffice/documentserver/server/FileConverter/bin/x2t", + "docbuilderPath": "/opt/onlyoffice/documentserver/server/FileConverter/bin/docbuilder", + "docbuilderAllFontsPath": "/var/lib/onlyoffice/documentserver/App_Data/docbuilder/AllFonts.js" + } + }, + "FileStorage": { + "directory": "/var/lib/onlyoffice/documentserver/App_Data" + }, + "SpellChecker": { + "server": { + "dictDir": "/opt/onlyoffice/documentserver/server/SpellChecker/dictionaries" + } + } +} diff --git a/roles/onlyoffice/files/production.json b/roles/onlyoffice/files/production.json new file mode 100644 index 0000000..4ca6cdd --- /dev/null +++ b/roles/onlyoffice/files/production.json @@ -0,0 +1,14 @@ +{ + "appenders": { + "default": { + "type": "console", + "layout": { + "type": "pattern", + "pattern": "[%d] [%p] %c - %.10000m" + } + } + }, + "categories": { + "default": { "appenders": [ "default" ], "level": "WARN" } + } +} diff --git a/roles/onlyoffice/handlers/main.yaml b/roles/onlyoffice/handlers/main.yaml new file mode 100644 index 0000000..3616e91 --- /dev/null +++ b/roles/onlyoffice/handlers/main.yaml @@ -0,0 +1,8 @@ +--- +- name: 'restart onlyoffice' + systemd: + daemon_reload: true + name: 'onlyoffice-ds.target' + enabled: true + state: 'restarted' +... diff --git a/roles/onlyoffice/meta/main.yaml b/roles/onlyoffice/meta/main.yaml new file mode 100644 index 0000000..b0d472d --- /dev/null +++ b/roles/onlyoffice/meta/main.yaml @@ -0,0 +1,5 @@ +--- +dependencies: + - role: 'nginx' + nginx_site_fqdn: '{{ onlyoffice_nginx_fqdn }}' +... diff --git a/roles/onlyoffice/tasks/main.yaml b/roles/onlyoffice/tasks/main.yaml new file mode 100644 index 0000000..0d7ec00 --- /dev/null +++ b/roles/onlyoffice/tasks/main.yaml @@ -0,0 +1,196 @@ +--- +- name: 'install requirements' + apt: + pkg: + - 'postgresql' + - 'postgresql-contrib' + - 'python3-psycopg2' + - 'ca-certificates' + - 'redis-server' + - 'rabbitmq-server' + state: 'present' + update_cache: true + cache_valid_time: 3600 + +- name: 'USERS | create onlyoffice' + user: + name: 'onlyoffice' + system: true + home: '/opt/onlyoffice' + +- name: 'USERS | add www-data to onlyoffice' + user: + name: 'www-data' + groups: 'onlyoffice' + append: true + +- block: + - name: 'PGSQL | create onlyoffice DB' + postgresql_db: + name: 'onlyoffice' + - name: 'PGSQL | create onlyoffice DB user' + postgresql_user: + name: 'onlyoffice' + db: 'onlyoffice' +# password: '{{ onlyoffice_pgsql_passwd.passwd }}' + priv: 'ALL' + become: true + become_method: 'su' + become_user: 'postgres' + +#- name: 'install onlyoffice' +# apt: +# pkg: 'onlyoffice-documentserver' +# state: 'present' +# update_cache: true +# cache_valid_time: 3600 +- name: 'create onlyoffice folders' + file: + path: '{{ item }}' + state: 'directory' + owner: 'onlyoffice' + group: 'onlyoffice' + loop: + - '/opt/onlyoffice' + - '/etc/onlyoffice' + - '/etc/onlyoffice/documentserver/' + - '/etc/onlyoffice/documentserver/log4js' + - '/var/lib/onlyoffice' + - '/var/lib/onlyoffice/documentserver/' + +- name: 'extract onlyoffice documentserver' + unarchive: + remote_src: true + src: '/opt/documentserver.tar.gz' + dest: '/opt/onlyoffice' + owner: 'onlyoffice' + group: 'onlyoffice' + mode: '0750' + creates: '/opt/onlyoffice/documentserver/' + +- name: 'PGSQL | init DB' + shell: + cmd: 'psql -d onlyoffice < /opt/onlyoffice/documentserver/server/schema/postgresql/createdb.sql' + register: onlyoffice_pgsql_init + changed_when: onlyoffice_pgsql_init.stdout != 'CREATE TABLE\nCREATE TABLE\nCREATE FUNCTION' + become: true + become_method: 'su' + become_user: 'onlyoffice' + +- name: 'ONLYOFFICE | copy configs' + copy: + src: '{{ item.src }}' + dest: '/etc/onlyoffice/documentserver/{{ item.dest }}' + notify: 'restart onlyoffice' + loop: + - { src: 'production-linux.json', dest: 'production-linux.json' } + - { src: 'production.json', dest: 'log4js/production.json' } + - { src: 'default.json', dest: 'default.json' } + +- name: 'ONLYOFFICE | generate integration secret' + gen_passwd: 'length=32' + register: 'onlyoffice_integration_secret' + no_log: true + +- name: 'ONLYOFFICE | template configs' + template: + src: 'local.json.j2' + dest: '/etc/onlyoffice/documentserver/local.json' + notify: 'restart onlyoffice' + no_log: true + +- block: + - name: 'ONLYOFFICE | generate fonts' + shell: + cmd: | + ${PWD}/server/tools/allfontsgen \ + --input="${PWD}/core-fonts" \ + --allfonts-web="${PWD}/sdkjs/common/AllFonts.js" \ + --allfonts="${PWD}/server/FileConverter/bin/AllFonts.js" \ + --images="${PWD}/sdkjs/common/Images" \ + --selection="${PWD}/server/FileConverter/bin/font_selection.bin" \ + --output-web='fonts' \ + --use-system="true" + chdir: '/opt/onlyoffice/documentserver' + notify: 'restart onlyoffice' + - name: 'ONLYOFFICE | generate themes' + shell: + cmd: | + ${PWD}/server/tools/allthemesgen \ + --converter-dir="${PWD}/server/FileConverter/bin" \ + --src="${PWD}/sdkjs/slide/themes" \ + --output="${PWD}/sdkjs/common/Images" + chdir: '/opt/onlyoffice/documentserver' + notify: 'restart onlyoffice' + environment: + LD_LIBRARY_PATH: '/opt/onlyoffice/documentserver/server/FileConverter/bin' + become: true + become_method: 'su' + become_user: 'onlyoffice' + +- name: 'SYSTEMD | create services' + copy: + src: '{{ item }}' + dest: '/etc/systemd/system/{{ item }}' + loop: + - 'onlyoffice-ds-docservice.service' + - 'onlyoffice-ds-converter.service' + - 'onlyoffice-ds-spellchecker.service' + - 'onlyoffice-ds.target' + notify: 'restart onlyoffice' + +- name: 'NGINX | create onlyoffice upstreams' + copy: + src: 'onlyoffice-ds-http.conf' + dest: '/etc/nginx/conf.d/onlyoffice-ds-http.conf' + notify: 'reload nginx' + +- name: 'NGINX | create onlyoffice locations' + copy: + src: '{{ item }}' + dest: '/etc/nginx/locations/{{ onlyoffice_nginx_fqdn }}/{{ item }}' + loop: + - 'onlyoffice-ds-common.conf' + - 'onlyoffice-ds-docservice.conf' + - 'onlyoffice-ds-spellchecker.conf' + notify: 'reload nginx' + +- block: + - name: 'NEXTCLOUD | get installed apps' + import_tasks: 'roles/nextcloud/tasks/occ.yaml' + vars: + occ_args: 'app:list --output json' + + - name: 'NEXTCLOUD | install onlyoffice integration' + import_tasks: 'roles/nextcloud/tasks/occ.yaml' + vars: + occ_args: 'app:install onlyoffice --no-interaction' + nojson: true + when: + - not 'onlyoffice' in occ_out.enabled + - not 'onlyoffice' in occ_out.disabled + + - name: 'NEXTCLOUD | enable onlyoffice integration' + import_tasks: 'roles/nextcloud/tasks/occ.yaml' + vars: + occ_args: 'app:enable onlyoffice' + nojson: true + when: + - true and 'onlyoffice' in occ_out.disabled + + - name: 'NEXTCLOUD | configure onlyoffice integration' + occ: + command: 'config:app:set' + key: 'onlyoffice {{ item.key }}' + value: '{{ item.value }}' + loop: '{{ onlyoffice_nextcloud_settings|dict2items }}' + vars: + onlyoffice_nextcloud_settings: + DocumentServerUrl: 'https://{{ onlyoffice_nginx_fqdn }}/' + jwt_secret: '{{ onlyoffice_integration_secret.passwd }}' + no_log: true + + delegate_to: '{{ nextcloud_host }}' + tags: + - integration +... diff --git a/roles/onlyoffice/templates/local.json.j2 b/roles/onlyoffice/templates/local.json.j2 new file mode 100644 index 0000000..2768c0c --- /dev/null +++ b/roles/onlyoffice/templates/local.json.j2 @@ -0,0 +1,23 @@ +{ + "services": { + "CoAuthoring": { + "secret": { + "inbox": { + "string": "{{ onlyoffice_integration_secret.passwd }}" + }, + "outbox": { + "string": "{{ onlyoffice_integration_secret.passwd }}" + } + }, + "token": { + "enable": { + "browser": true, + "request": { + "inbox": true, + "outbox": true + } + } + } + } + } +}