add onlyoffice deployment along with collabora for backup if needed [ci skip]

2025-08-17 19:27:34 +00:00 · 2025-08-17 19:27:34 +00:00 · 2f2787f934
commit 2f2787f934
parent 958f41a1da
7 changed files with 159 additions and 4 deletions
--- a/main.tf
+++ b/main.tf
@ -106,6 +106,8 @@ variable "realestate_crawler_notification_settings" {
  type = map(string)
 }
 variable "kured_notify_url" {}
 variable "onlyoffice_db_password" { type = string }
 variable "onlyoffice_jwt_token" { type = string }
 # data "terraform_remote_state" "foo" {
 #   backend = "kubernetes"
@ -425,6 +427,9 @@ module "kubernetes_cluster" {
  realestate_crawler_notification_settings = var.realestate_crawler_notification_settings
  kured_notify_url = var.kured_notify_url
  onlyoffice_db_password = var.onlyoffice_db_password
  onlyoffice_jwt_token   = var.onlyoffice_jwt_token
 }
--- a/modules/kubernetes/main.tf
+++ b/modules/kubernetes/main.tf
@ -88,6 +88,8 @@ variable "realestate_crawler_notification_settings" {
  }
 }
 variable "kured_notify_url" {}
 variable "onlyoffice_db_password" { type = string }
 variable "onlyoffice_jwt_token" { type = string }
@ -643,10 +645,12 @@ module "kured" {
  notify_url      = var.kured_notify_url
 }
-# module "onlyoffice" {
+module "onlyoffice" {
-#   source          = "./onlyoffice"
+  source          = "./onlyoffice"
-#   tls_secret_name = var.tls_secret_name
+  tls_secret_name = var.tls_secret_name
-# }
+  db_password     = var.onlyoffice_db_password
  jwt_token       = var.onlyoffice_jwt_token
 }
 module "forgejo" {
--- a/modules/kubernetes/nextcloud/chart_values.yaml
+++ b/modules/kubernetes/nextcloud/chart_values.yaml
@ -49,3 +49,13 @@ startupProbe:
 podAnnotations:
  diun.enable: "true"
  diun.include_tags: "^[0-9]+(?:.[0-9]+)?(?:.[0-9]+)?.*"
 collabora:
  enabled: true # Currently the app is disabled as using onlyoffice instead
  autoscaling:
    # enable autocaling, please check collabora README.md first
    enabled: true
 cronjob:
  enabled: true
--- a/modules/kubernetes/nextcloud/main.tf
+++ b/modules/kubernetes/nextcloud/main.tf
@ -168,5 +168,13 @@ module "whiteboard_ingress" {
  extra_annotations = {
    "nginx.ingress.kubernetes.io/client-max-body-size" : "0"
    "nginx.ingress.kubernetes.io/proxy-body-size" : "0",
    # Websockets
    # "nginx.ingress.kubernetes.io/proxy-set-header" : "Upgrade $http_upgrade"
    # "nginx.ingress.kubernetes.io/proxy-set-header" : "Connection $connection_upgrade" # this makes a difference for web!!!
    # Timeouts
    "nginx.ingress.kubernetes.io/proxy-read-timeout" : "6000s",
    "nginx.ingress.kubernetes.io/proxy-send-timeout" : "6000s",
  }
 }
--- a/modules/kubernetes/onlyoffice/main.tf
+++ b/modules/kubernetes/onlyoffice/main.tf
@ -0,0 +1,128 @@
 variable "tls_secret_name" {}
 variable "db_password" { type = string }
 variable "jwt_token" { type = string }
 resource "kubernetes_namespace" "onlyoffice" {
  metadata {
    name = "onlyoffice"
    labels = {
      "istio-injection" : "disabled"
    }
  }
 }
 module "tls_secret" {
  source          = "../setup_tls_secret"
  namespace       = "onlyoffice"
  tls_secret_name = var.tls_secret_name
 }
 resource "kubernetes_deployment" "onlyoffice-document-server" {
  metadata {
    name      = "onlyoffice-document-server"
    namespace = "onlyoffice"
    labels = {
      app = "onlyoffice-document-server"
    }
  }
  spec {
    replicas = 1
    selector {
      match_labels = {
        app = "onlyoffice-document-server"
      }
    }
    template {
      metadata {
        labels = {
          app = "onlyoffice-document-server"
        }
      }
      spec {
        container {
          name  = "onlyoffice-document-server"
          image = "onlyoffice/documentserver:8.2.3"
          port {
            name           = "http"
            container_port = 80
            protocol       = "TCP"
          }
          env {
            name  = "DB_TYPE"
            value = "mariadb"
          }
          env {
            name  = "DB_HOST"
            value = "mysql.dbaas"
          }
          env {
            name  = "DB_PORT"
            value = 3306
          }
          env {
            name  = "DB_NAME"
            value = "onlyoffice"
          }
          env {
            name  = "DB_USER"
            value = "onlyoffice"
          }
          env {
            name  = "DB_PWD"
            value = var.db_password
          }
          env {
            name  = "REDIS_SERVER_HOST"
            value = "redis.redis"
          }
          env {
            name  = "REDIS_SERVER_PORT"
            value = 6379
          }
          env {
            name  = "JWT_SECRET"
            value = var.jwt_token
          }
          volume_mount {
            name       = "data"
            mount_path = "/var/www/onlyoffice/Data"
          }
        }
        volume {
          name = "data"
          nfs {
            path   = "/mnt/main/onlyoffice"
            server = "10.0.10.15"
          }
        }
      }
    }
  }
 }
 resource "kubernetes_service" "onlyoffice" {
  metadata {
    name      = "onlyoffice-document-server"
    namespace = "onlyoffice"
    labels = {
      "app" = "onlyoffice-document-server"
    }
  }
  spec {
    selector = {
      app = "onlyoffice-document-server"
    }
    port {
      port = "80"
    }
  }
 }
 module "ingress" {
  source          = "../ingress_factory"
  namespace       = "onlyoffice"
  name            = "onlyoffice"
  service_name    = "onlyoffice-document-server"
  tls_secret_name = var.tls_secret_name
 }
--- a/terraform.tfstate
+++ b/terraform.tfstate
--- a/terraform.tfvars
+++ b/terraform.tfvars