add onlyoffice deployment along with collabora for backup if needed [ci skip]

2025-08-17 19:27:34 +00:00 · 2025-08-17 19:27:34 +00:00 · 2f2787f934
commit 2f2787f934
parent 958f41a1da
7 changed files with 159 additions and 4 deletions
--- a/main.tf
+++ b/main.tf
@ -106,6 +106,8 @@ variable "realestate_crawler_notification_settings" {
  type = map(string)
 }
 variable "kured_notify_url" {}
+variable "onlyoffice_db_password" { type = string }
+variable "onlyoffice_jwt_token" { type = string }

 # data "terraform_remote_state" "foo" {
 #   backend = "kubernetes"
@ -425,6 +427,9 @@ module "kubernetes_cluster" {
  realestate_crawler_notification_settings = var.realestate_crawler_notification_settings

  kured_notify_url = var.kured_notify_url
+
+  onlyoffice_db_password = var.onlyoffice_db_password
+  onlyoffice_jwt_token   = var.onlyoffice_jwt_token
 }


--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -88,6 +88,8 @@ variable "realestate_crawler_notification_settings" {
  }
 }
 variable "kured_notify_url" {}
+variable "onlyoffice_db_password" { type = string }
+variable "onlyoffice_jwt_token" { type = string }



@ -643,10 +645,12 @@ module "kured" {
  notify_url      = var.kured_notify_url
 }

-# module "onlyoffice" {
-#   source          = "./onlyoffice"
-#   tls_secret_name = var.tls_secret_name
-# }
+module "onlyoffice" {
+  source          = "./onlyoffice"
+  tls_secret_name = var.tls_secret_name
+  db_password     = var.onlyoffice_db_password
+  jwt_token       = var.onlyoffice_jwt_token
+}


 module "forgejo" {
--- a/modules/kubernetes/nextcloud/chart_values.yaml
+++ b/modules/kubernetes/nextcloud/chart_values.yaml
@ -49,3 +49,13 @@ startupProbe:
 podAnnotations:
  diun.enable: "true"
  diun.include_tags: "^[0-9]+(?:.[0-9]+)?(?:.[0-9]+)?.*"
+
+collabora:
+  enabled: true # Currently the app is disabled as using onlyoffice instead
+
+  autoscaling:
+    # enable autocaling, please check collabora README.md first
+    enabled: true
+
+cronjob:
+  enabled: true
--- a/modules/kubernetes/nextcloud/main.tf
+++ b/modules/kubernetes/nextcloud/main.tf
@ -168,5 +168,13 @@ module "whiteboard_ingress" {
  extra_annotations = {
    "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
    "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
+
+    # Websockets
+    # "nginx.ingress.kubernetes.io/proxy-set-header" : "Upgrade $http_upgrade"
+    # "nginx.ingress.kubernetes.io/proxy-set-header" : "Connection $connection_upgrade" # this makes a difference for web!!!
+
+    # Timeouts
+    "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000s",
+    "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000s",
  }
 }
--- a/modules/kubernetes/onlyoffice/main.tf
+++ b/modules/kubernetes/onlyoffice/main.tf
@ -0,0 +1,128 @@
+variable "tls_secret_name" {}
+variable "db_password" { type = string }
+variable "jwt_token" { type = string }
+
+resource "kubernetes_namespace" "onlyoffice" {
+  metadata {
+    name = "onlyoffice"
+    labels = {
+      "istio-injection" : "disabled"
+    }
+  }
+}
+
+module "tls_secret" {
+  source          = "../setup_tls_secret"
+  namespace       = "onlyoffice"
+  tls_secret_name = var.tls_secret_name
+}
+
+resource "kubernetes_deployment" "onlyoffice-document-server" {
+  metadata {
+    name      = "onlyoffice-document-server"
+    namespace = "onlyoffice"
+    labels = {
+      app = "onlyoffice-document-server"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "onlyoffice-document-server"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "onlyoffice-document-server"
+        }
+      }
+      spec {
+        container {
+          name  = "onlyoffice-document-server"
+          image = "onlyoffice/documentserver:8.2.3"
+          port {
+            name           = "http"
+            container_port = 80
+            protocol       = "TCP"
+          }
+          env {
+            name  = "DB_TYPE"
+            value = "mariadb"
+          }
+          env {
+            name  = "DB_HOST"
+            value = "mysql.dbaas"
+          }
+          env {
+            name  = "DB_PORT"
+            value = 3306
+          }
+          env {
+            name  = "DB_NAME"
+            value = "onlyoffice"
+          }
+          env {
+            name  = "DB_USER"
+            value = "onlyoffice"
+          }
+          env {
+            name  = "DB_PWD"
+            value = var.db_password
+          }
+          env {
+            name  = "REDIS_SERVER_HOST"
+            value = "redis.redis"
+          }
+          env {
+            name  = "REDIS_SERVER_PORT"
+            value = 6379
+          }
+          env {
+            name  = "JWT_SECRET"
+            value = var.jwt_token
+          }
+
+          volume_mount {
+            name       = "data"
+            mount_path = "/var/www/onlyoffice/Data"
+          }
+        }
+        volume {
+          name = "data"
+          nfs {
+            path   = "/mnt/main/onlyoffice"
+            server = "10.0.10.15"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "onlyoffice" {
+  metadata {
+    name      = "onlyoffice-document-server"
+    namespace = "onlyoffice"
+    labels = {
+      "app" = "onlyoffice-document-server"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "onlyoffice-document-server"
+    }
+    port {
+      port = "80"
+    }
+  }
+}
+module "ingress" {
+  source          = "../ingress_factory"
+  namespace       = "onlyoffice"
+  name            = "onlyoffice"
+  service_name    = "onlyoffice-document-server"
+  tls_secret_name = var.tls_secret_name
+}
--- a/terraform.tfstate
+++ b/terraform.tfstate
--- a/terraform.tfvars
+++ b/terraform.tfvars