From: Hamatoma Date: Wed, 5 Nov 2025 15:35:11 +0000 (+0100) Subject: V0.1.8 Dokumentation, onlyoffice X-Git-Url: https://gitweb.hamatoma.de/?a=commitdiff_plain;h=2d0db3950d55209336f69faf3a80abf396073695;p=ansknife.git V0.1.8 Dokumentation, onlyoffice - 10_einrichten_ansible_auf_workstation.md: missing "add_user" - new installation template: onlyoffice --- diff --git a/CHANGELOG.md b/CHANGELOG.md index 4372f3e..04aecc8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# V0.1.8 Dokumentation, onlyoffice + +- 10_einrichten_ansible_auf_workstation.md: missing "add_user" +- new installation template: onlyoffice + + # V0.1.7 Documentation - README.md diff --git a/docu/de/10_einrichten_ansible_auf_workstation.md b/docu/de/10_einrichten_ansible_auf_workstation.md index b96c14d..939fb84 100644 --- a/docu/de/10_einrichten_ansible_auf_workstation.md +++ b/docu/de/10_einrichten_ansible_auf_workstation.md @@ -30,6 +30,7 @@ Es wird ein Passwort abgefragt, mit dem dann das Zertifikat geschützt ist. ### Zugriff auf localhost per ssh ermöglichen Um die Konfiguration zu ändern muss ssh auf die lokale Workstation per ssh zugreifen können: ``` +adduser ansadm -uid=260 DIR=/home/ansadm/.ssh cat $DIR/id_rsa.pub >>$DIR/authorized_keys chmod 600 $DIR/authorized_keys diff --git a/playbooks.templates/nextcloud_create.yaml b/playbooks.templates/nextcloud_create.yaml new file mode 100644 index 0000000..540be99 --- /dev/null +++ b/playbooks.templates/nextcloud_create.yaml @@ -0,0 +1,63 @@ +--- +- name: Creates a Nextcloud instance (all in one, AIO) with Docker + # needed facts (variables) from commandline (e.g. -e domain=example.com -e force=true): + # - + # All variables are taken from vars/nextcloud.yaml + hosts: all + vars_files: + - ../vars/common.yaml + - ../vars/ssl-certificate.yaml + - ../vars/nextcloud.yaml + tasks: + - name: create certificate for {{ domain }} + import_tasks: ../tasks/t_ssl_create_certificate.yaml + vars: + domain: "{{ nc_domain }}" + + - name: Create the NGINX configuration for {{domain}} + import_tasks: ../tasks/t_nginx_create_site.yaml + vars: + domain: "{{ nc_domain }}" + document_root: "/srv/www/{{ nc_domain }}" + when: false + + - name: Create the directory for Nextcloud instance + ansible.builtin.file: + path: "/srv/www/{{ nc_domain }}" + state: directory + owner: www-data + group: www-data + mode: '0775' + + - name: Create the directory for Nextcloud data + ansible.builtin.file: + path: "{{ nc_files }}" + state: directory + owner: www-data + group: www-data + mode: '0775' + recurse: true + + - name: Install the docker compose f + ansible.builtin.template: + src: ../templates.local/nextcloud/docker.composer.yaml.j2 + dest: /srv/www/{{ nc_domain }}/docker-compose.yaml + owner: www-data + group: www-data + mode: '0644' + - name: Ensure the file with the Diffie/Hellman key exchange parameters exists + ansible.builtin.get_url: + url: https://ssl-config.mozilla.org/ffdhe2048.txt + dest: /etc/nginx/snippets/dhparam + mode: '0644' + owner: root + group: root + force: no + + - name: Install the nginx configuration for Nextcloud + ansible.builtin.template: + src: ../templates.local/nextcloud/markt.gemeinwohl-gesellschaft.de.j2 + dest: /etc/nginx/sites-available/{{ nc_domain }} + owner: root + group: root + mode: '0644' diff --git a/playbooks.templates/onlyoffice.yaml b/playbooks.templates/onlyoffice.yaml new file mode 100644 index 0000000..ed85b97 --- /dev/null +++ b/playbooks.templates/onlyoffice.yaml @@ -0,0 +1,16 @@ +--- +- name: Creates a database, a database user of a web application. + # Stores the data in configuration files (remote and local) + # needed facts (variables) from the command line: (e.g. -e webapp_name=webapp): + hosts: all + vars_files: + - ../vars/common.yaml + - ../vars/onlyoffice.yaml + tasks: + - name: Create the docker compose file for onlyoffice + ansible.builtin.template: + src: ../templates.fix/onlyoffice/docker-compose.yaml.j2 + dest: "{{ onlyoffice_base }}/docker-compose.yaml" + owner: root + group: root + mode: '0644' diff --git a/templates.fix/nginx/reverseproxy.j2 b/templates.fix/nginx/reverseproxy.j2 new file mode 100644 index 0000000..b04e292 --- /dev/null +++ b/templates.fix/nginx/reverseproxy.j2 @@ -0,0 +1,34 @@ +# needed variables: +# domain: the site domain +# ip: the interface ip (0.0.0.0 or 127.0.0.1) +# nickname: a short name of the site (names the log files) +# port: the port of the application +server { + listen 80; + server_name {{ domain }}; + include snippets/letsencrypt.conf; + root /srv/www/{{ domain }}; + location / { + return 301 https://$server_name$request_uri; # enforce https + } +} + +server { + listen 443 ssl; + http2 on; + server_name {{ domain }}; + access_log /var/log/nginx/a_{{ nickname }}.log; + error_log /var/log/nginx/e_{{ nickname }}.log; + + ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; + #ssl_certificate /etc/ssl/certs/{{ domain }}.pem; + #ssl_certificate_key /etc/ssl/private/{{ domain }}.key; + location / { + proxy_pass http://{{ ip }}:{{ port }}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/templates.fix/onlyoffice/docker-compose.yaml.j2 b/templates.fix/onlyoffice/docker-compose.yaml.j2 new file mode 100644 index 0000000..75a7d81 --- /dev/null +++ b/templates.fix/onlyoffice/docker-compose.yaml.j2 @@ -0,0 +1,28 @@ +version: '3.7' +services: + # This service runs the ONLYOFFICE Document Server + onlyoffice: + # A friendly name for your container + container_name: onlyoffice-docs + # The official ONLYOFFICE Document Server image + image: onlyoffice/documentserver + # Expose port 80 (HTTP) from the container to port 80 on the host + ports: + - "{{ onlyoffice_port }}:80" + # Environment variable for security: JWT is critical for integration + environment: + # !! CRITICAL: REPLACE 'my_jwt_secret' with a strong, random password. + # You must use this same secret key in any client application (e.g., Nextcloud). + - JWT_SECRET="{{ onlyoffice_secret }}" + # Ensures the container automatically restarts if it crashes or the host reboots + restart: always + # Maps local host directories to container directories for persistent storage + volumes: + # Logs for troubleshooting + - "{{ onlyoffice_base }}/logs:/var/log/onlyoffice" + # Main data directory, contains certificates and configuration + - "{{ onlyoffice_base }}/data:/var/www/onlyoffice/Data" + # Internal cache files + - "{{ onlyoffice_base }}/lib:/var/lib/onlyoffice" + # PostgreSQL database files for Document Server + - "{{ onlyoffice_db_base }}/postgresql:/var/lib/postgresql" diff --git a/templates.fix/scripts/SaveDatabases b/templates.fix/scripts/SaveDatabases index 11e1720..66d602a 100755 --- a/templates.fix/scripts/SaveDatabases +++ b/templates.fix/scripts/SaveDatabases @@ -8,6 +8,7 @@ function SaveOne(){ local domain=$1 if [ -e $BASE_WEBAPPS/$domain.conf ]; then . $BASE_WEBAPPS/$domain.conf + mkdir -p $domain/db if [ -n "$db_name" -a "$db_type" = 'mysql' ]; then local sql=$BASE_DIR/$domain/db/$domain.sql.gz mysqldump -h $db_host -u $db_user "-p$db_password" $db_name | gzip > $sql @@ -18,9 +19,11 @@ function SaveOne(){ function SaveAll(){ cd $BASE_DIR for domain in *; do - if [ -d $BASE_DIR/$domain/db ]; then - SaveOne $domain - fi + SaveOne $domain done } -SaveAll \ No newline at end of file +if [ "$1" = "one" ]; then + test -n "$2" && SaveOne $2 +else + SaveAll +fi diff --git a/templates.vars/nextcloud.yaml b/templates.vars/nextcloud.yaml new file mode 100644 index 0000000..0528637 --- /dev/null +++ b/templates.vars/nextcloud.yaml @@ -0,0 +1,4 @@ +nc_domain: markt.gemeinwohl-gesellschaft.de +nc_apache_port: 11000 +nc_files: /srv/data/markt.gemeinwohl-gesellschaft.de +