rik/surf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
411cd7c4b392c279ceaf18e5be7096f1aa1fa37f
surf/install_collabora.yml
jmdekker2 411cd7c4b3 Update install_collabora.yml
2025-05-19 14:56:41 +02:00

153 lines
4.6 KiB
YAML
Raw Blame History

- name: Voeg lokale host toe aan nextcloud groep
hosts: localhost
gather_facts: yes
tasks:
- name: Haal IP-adres op van huidige server
debug:
var: ansible_default_ipv4.address
- name: Voeg IP-adres toe aan 'nextcloud' groep
add_host:
name: "{{ ansible_default_ipv4.address }}"
groups: collabora
ansible_user: "{{ ansible_user }}"
- name: Installeer en configureer Collabora Online met Nginx, SSL en werkende jail path
hosts: collabora
become: true
vars:
nginx_ssl_cert_path: "/etc/letsencrypt/live/{{ collabora_public_url }}/fullchain.pem"
nginx_ssl_key_path: "/etc/letsencrypt/live/{{ collabora_public_url }}/privkey.pem"
collabora_jail_path: "/opt/collabora/jails"
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Installeer benodigde pakketten
apt:
name:
- docker.io
- docker-compose
- nginx
- certbot
- python3-certbot-nginx
state: present
update_cache: yes
- name: Zorg dat Docker actief is
systemd:
name: docker
enabled: true
state: started
- name: Maak jail-directory aan met juiste permissies voor Collabora
file:
path: "{{ collabora_jail_path }}"
state: directory
owner: root
group: root
mode: '0777' # WORLD WRITABLE (alleen binnen container gebruikt)
- name: Start of update Collabora container
docker_container:
name: collabora
image: "collabora/code:latest"
pull: true
state: started
recreate: true
restart_policy: always
published_ports:
- "127.0.0.1:{{ collabora_port }}:9980"
volumes:
- "{{ collabora_jail_path }}:{{ collabora_jail_path }}"
env:
domain: "{{ collabora_domain | regex_replace('\\.', '\\\\.') }}"
username: "{{ collabora_username }}"
password: "{{ collabora_password }}"
extra_params: --o:ssl.enable=false --o:ssl.termination=true
- name: Maak tijdelijke Nginx-configuratie voor Certbot
copy:
dest: /etc/nginx/sites-available/collabora
content: |
server {
listen 80;
server_name {{ collabora_public_url }};
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
notify: Reload nginx
- name: Activeer Nginx-site
file:
src: /etc/nginx/sites-available/collabora
dest: /etc/nginx/sites-enabled/collabora
state: link
force: yes
notify: Reload nginx
- name: Zorg dat Nginx actief is
systemd:
name: nginx
enabled: true
state: started
- name: Verkrijg Let's Encrypt certificaat via Certbot
command: >
certbot certonly --webroot -w /var/www/html -n --agree-tos --email {{ email_for_ssl }} -d {{ collabora_public_url }}
args:
creates: "{{ nginx_ssl_cert_path }}"
notify: Reload nginx
- name: Maak definitieve Nginx-configuratie met SSL voor Collabora aan
copy:
dest: /etc/nginx/sites-available/collabora
content: |
server {
listen 80;
server_name {{ collabora_public_url }};
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name {{ collabora_public_url }};
ssl_certificate {{ nginx_ssl_cert_path }};
ssl_certificate_key {{ nginx_ssl_key_path }};
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:{{ collabora_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
notify: Reload nginx
- name: Verwijder default-site indien actief
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: Reload nginx
handlers:
- name: Reload nginx
systemd:
name: nginx
state: reloaded
Reference in New Issue View Git Blame Copy Permalink