diff --git a/defaults/main.yml b/defaults/main.yml index 7a1537e..2a1e0a0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -254,3 +254,8 @@ nextcloud_floc_optout_enabled: true # - https://hstspreload.org/#opt-in # See: `nextcloud_http_header_strict_transport_security` nextcloud_hsts_preload_enabled: false + +# Collabora Online integration. +# See the `collabora-online` role. +nextcloud_collabora_app_wopi_url: '' +nextcloud_collabora_app_wopi_allowlist: '10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' diff --git a/tasks/adjust_config.yml b/tasks/adjust_config.yml index 3ac3a72..bfa1286 100644 --- a/tasks/adjust_config.yml +++ b/tasks/adjust_config.yml @@ -12,7 +12,7 @@ - name: Adjust Nextcloud configuration (set trusted_proxies) ansible.builtin.command: cmd: |- - docker exec --user={{ nextcloud_uid }}:{{ nextcloud_gid }} {{ nextcloud_identifier }}-server php /var/www/html/occ --no-warnings config:system:set trusted_proxies 1 --type=string --value={{ nextcloud_reverse_proxy_container_network_subnet_result.stdout }} + docker exec --user={{ nextcloud_uid }}:{{ nextcloud_gid }} {{ nextcloud_identifier }}-server php /var/www/html/occ --no-warnings config:system:set trusted_proxies 0 --type=string --value={{ nextcloud_reverse_proxy_container_network_subnet_result.stdout }} - name: Adjust Nextcloud configuration (disable bruteforce protection) ansible.builtin.command: diff --git a/tasks/app_install_collabora.yml b/tasks/app_install_collabora.yml new file mode 100644 index 0000000..205d0d5 --- /dev/null +++ b/tasks/app_install_collabora.yml @@ -0,0 +1,48 @@ +--- + +- name: Fail if required Collabora App settings not defined + when: "vars[item] == ''" + ansible.builtin.fail: + msg: | + A required setting (`{{ item }}`) hasn't been defined. + with_items: + - nextcloud_collabora_app_wopi_url + - nextcloud_collabora_app_wopi_allowlist + +- name: Ensure Nextcloud is started + ansible.builtin.service: + name: "{{ nextcloud_identifier }}-server" + state: started + daemon_reload: true + register: nextcloud_start + +- name: Wait a while, so that Nextcloud can manage to start + ansible.builtin.pause: + seconds: 7 + when: nextcloud_start.changed | bool + +- name: Install Nextcloud office (Collabora app) + ansible.builtin.shell: + cmd: "docker exec --user={{ nextcloud_uid }}:{{ nextcloud_gid }} {{ nextcloud_identifier }}-server php /var/www/html/occ --no-warnings app:install richdocuments" + failed_when: false + register: collabora_install_result + +- name: Fail if Nextcloud office (Collabora app) failed to install + ansible.builtin.fail: + msg: "Nextcloud Office failed to install. Full error: {{ collabora_install_result }}" + when: "collabora_install_result.rc != 0 and collabora_install_result.stdout != 'richdocuments already installed'" + +- name: Check existence of Collabora network in Docker + ansible.builtin.command: + cmd: "{{ devture_systemd_docker_base_host_command_docker }} network inspect {{ collabora_online_container_network }} --format {%raw%}'{{ (index .IPAM.Config 0).Subnet }}'{%endraw%}" + register: collabora_online_container_network_subnet + changed_when: false + +- name: Configure Collabora app + ansible.builtin.shell: + cmd: "docker exec --user={{ nextcloud_uid }}:{{ nextcloud_gid }} {{ nextcloud_identifier }}-server php /var/www/html/occ --no-warnings config:app:set richdocuments {{ item.key }} --value=\"{{ item.value }}\"" + with_items: + - key: wopi_url + value: "{{ nextcloud_collabora_app_wopi_url }}" + - key: wopi_allowlist + value: "{{ nextcloud_collabora_app_wopi_allowlist }}" diff --git a/tasks/main.yml b/tasks/main.yml index 5422bc4..b0c326c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -24,6 +24,12 @@ - when: nextcloud_enabled | bool ansible.builtin.include_tasks: "{{ role_path }}/tasks/print_db_credentials.yml" +- tags: + - install-nextcloud-app-collabora + block: + - when: nextcloud_enabled | bool + ansible.builtin.include_tasks: "{{ role_path }}/tasks/app_install_collabora.yml" + - tags: - setup-all - setup-nextcloud