diff --git a/main.tf b/main.tf index 6ca8d077..d104e4d0 100644 --- a/main.tf +++ b/main.tf @@ -106,6 +106,8 @@ variable "realestate_crawler_notification_settings" { type = map(string) } variable "kured_notify_url" {} +variable "onlyoffice_db_password" { type = string } +variable "onlyoffice_jwt_token" { type = string } # data "terraform_remote_state" "foo" { # backend = "kubernetes" @@ -425,6 +427,9 @@ module "kubernetes_cluster" { realestate_crawler_notification_settings = var.realestate_crawler_notification_settings kured_notify_url = var.kured_notify_url + + onlyoffice_db_password = var.onlyoffice_db_password + onlyoffice_jwt_token = var.onlyoffice_jwt_token } diff --git a/modules/kubernetes/main.tf b/modules/kubernetes/main.tf index 49d6fa70..b2294159 100644 --- a/modules/kubernetes/main.tf +++ b/modules/kubernetes/main.tf @@ -88,6 +88,8 @@ variable "realestate_crawler_notification_settings" { } } variable "kured_notify_url" {} +variable "onlyoffice_db_password" { type = string } +variable "onlyoffice_jwt_token" { type = string } @@ -643,10 +645,12 @@ module "kured" { notify_url = var.kured_notify_url } -# module "onlyoffice" { -# source = "./onlyoffice" -# tls_secret_name = var.tls_secret_name -# } +module "onlyoffice" { + source = "./onlyoffice" + tls_secret_name = var.tls_secret_name + db_password = var.onlyoffice_db_password + jwt_token = var.onlyoffice_jwt_token +} module "forgejo" { diff --git a/modules/kubernetes/nextcloud/chart_values.yaml b/modules/kubernetes/nextcloud/chart_values.yaml index a2f02b8f..46f2b1bc 100644 --- a/modules/kubernetes/nextcloud/chart_values.yaml +++ b/modules/kubernetes/nextcloud/chart_values.yaml @@ -49,3 +49,13 @@ startupProbe: podAnnotations: diun.enable: "true" diun.include_tags: "^[0-9]+(?:.[0-9]+)?(?:.[0-9]+)?.*" + +collabora: + enabled: true # Currently the app is disabled as using onlyoffice instead + + autoscaling: + # enable autocaling, please check collabora README.md first + enabled: true + +cronjob: + enabled: true diff --git a/modules/kubernetes/nextcloud/main.tf b/modules/kubernetes/nextcloud/main.tf index 96c45a80..fe294b11 100644 --- a/modules/kubernetes/nextcloud/main.tf +++ b/modules/kubernetes/nextcloud/main.tf @@ -168,5 +168,13 @@ module "whiteboard_ingress" { extra_annotations = { "nginx.ingress.kubernetes.io/client-max-body-size" : "0" "nginx.ingress.kubernetes.io/proxy-body-size" : "0", + + # Websockets + # "nginx.ingress.kubernetes.io/proxy-set-header" : "Upgrade $http_upgrade" + # "nginx.ingress.kubernetes.io/proxy-set-header" : "Connection $connection_upgrade" # this makes a difference for web!!! + + # Timeouts + "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000s", + "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000s", } } diff --git a/modules/kubernetes/onlyoffice/main.tf b/modules/kubernetes/onlyoffice/main.tf new file mode 100644 index 00000000..51c5560d --- /dev/null +++ b/modules/kubernetes/onlyoffice/main.tf @@ -0,0 +1,128 @@ +variable "tls_secret_name" {} +variable "db_password" { type = string } +variable "jwt_token" { type = string } + +resource "kubernetes_namespace" "onlyoffice" { + metadata { + name = "onlyoffice" + labels = { + "istio-injection" : "disabled" + } + } +} + +module "tls_secret" { + source = "../setup_tls_secret" + namespace = "onlyoffice" + tls_secret_name = var.tls_secret_name +} + +resource "kubernetes_deployment" "onlyoffice-document-server" { + metadata { + name = "onlyoffice-document-server" + namespace = "onlyoffice" + labels = { + app = "onlyoffice-document-server" + } + } + spec { + replicas = 1 + selector { + match_labels = { + app = "onlyoffice-document-server" + } + } + template { + metadata { + labels = { + app = "onlyoffice-document-server" + } + } + spec { + container { + name = "onlyoffice-document-server" + image = "onlyoffice/documentserver:8.2.3" + port { + name = "http" + container_port = 80 + protocol = "TCP" + } + env { + name = "DB_TYPE" + value = "mariadb" + } + env { + name = "DB_HOST" + value = "mysql.dbaas" + } + env { + name = "DB_PORT" + value = 3306 + } + env { + name = "DB_NAME" + value = "onlyoffice" + } + env { + name = "DB_USER" + value = "onlyoffice" + } + env { + name = "DB_PWD" + value = var.db_password + } + env { + name = "REDIS_SERVER_HOST" + value = "redis.redis" + } + env { + name = "REDIS_SERVER_PORT" + value = 6379 + } + env { + name = "JWT_SECRET" + value = var.jwt_token + } + + volume_mount { + name = "data" + mount_path = "/var/www/onlyoffice/Data" + } + } + volume { + name = "data" + nfs { + path = "/mnt/main/onlyoffice" + server = "10.0.10.15" + } + } + } + } + } +} + +resource "kubernetes_service" "onlyoffice" { + metadata { + name = "onlyoffice-document-server" + namespace = "onlyoffice" + labels = { + "app" = "onlyoffice-document-server" + } + } + + spec { + selector = { + app = "onlyoffice-document-server" + } + port { + port = "80" + } + } +} +module "ingress" { + source = "../ingress_factory" + namespace = "onlyoffice" + name = "onlyoffice" + service_name = "onlyoffice-document-server" + tls_secret_name = var.tls_secret_name +} diff --git a/terraform.tfstate b/terraform.tfstate index ad19f033..7d3b6426 100644 Binary files a/terraform.tfstate and b/terraform.tfstate differ diff --git a/terraform.tfvars b/terraform.tfvars index 96c5e1c7..c3a593fd 100644 Binary files a/terraform.tfvars and b/terraform.tfvars differ