From 87486db906bf12ae248800410effac97f712c1c7 Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Thu, 23 Jul 2020 06:50:59 +0200
Subject: [PATCH] onlyoffice documentserver installation

---
 README.md                     |  1 +
 defaults/main.yaml            |  8 ++++++++
 handlers/main.yml             |  4 ++++
 tasks/certificate.yaml        | 13 +++++++++++++
 tasks/config.yaml             |  7 +++++++
 tasks/database.yaml           | 27 +++++++++++++++++++++++++++
 tasks/license.yaml            |  8 ++++++++
 tasks/main.yaml               | 20 ++++++++++++++++++++
 tasks/nginx.yaml              | 25 +++++++++++++++++++++++++
 tasks/pre-install-config.yaml | 29 +++++++++++++++++++++++++++++
 tasks/setup.yaml              | 23 +++++++++++++++++++++++
 templates/nginx-vhost.conf.j2 | 32 ++++++++++++++++++++++++++++++++
 vars/main.yaml                | 31 +++++++++++++++++++++++++++++++
 13 files changed, 228 insertions(+)
 create mode 100644 defaults/main.yaml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/certificate.yaml
 create mode 100644 tasks/config.yaml
 create mode 100644 tasks/database.yaml
 create mode 100644 tasks/license.yaml
 create mode 100644 tasks/main.yaml
 create mode 100644 tasks/nginx.yaml
 create mode 100644 tasks/pre-install-config.yaml
 create mode 100644 tasks/setup.yaml
 create mode 100644 templates/nginx-vhost.conf.j2
 create mode 100644 vars/main.yaml

diff --git a/README.md b/README.md
index e30f757..3d84385 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,3 @@
 # ansible-role-onlyoffice
 
+# https://helpcenter.onlyoffice.com/de/server/integration-edition/linux/linux-installation.aspx
diff --git a/defaults/main.yaml b/defaults/main.yaml
new file mode 100644
index 0000000..4e876db
--- /dev/null
+++ b/defaults/main.yaml
@@ -0,0 +1,8 @@
+onlyoffice_server_name: "{{ inventory_hostname }}"
+
+onlyoffice_db_host: localhost
+onlyoffice_db_name: onlyoffice
+onlyoffice_db_user: onlyoffice
+onlyoffice_db_pass: onlyoffice
+
+onlyoffice_documentserver_token: secret
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..fd76186
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart onlyoffice documentserver
+  command: supervisorctl restart all
diff --git a/tasks/certificate.yaml b/tasks/certificate.yaml
new file mode 100644
index 0000000..f610e5f
--- /dev/null
+++ b/tasks/certificate.yaml
@@ -0,0 +1,13 @@
+---
+
+- import_role:
+    name: certificate
+  vars:
+    certificate_name: "{{onlyoffice_server_name}}"
+    certificate_common_name: "{{onlyoffice_server_name}}"
+    certificate_directory: /etc/ssl
+    certificate_key_usage:
+      - digitalSignature
+      - keyEncipherment
+    certificate_extended_key_usage:
+      - serverAuth
diff --git a/tasks/config.yaml b/tasks/config.yaml
new file mode 100644
index 0000000..a9d76bc
--- /dev/null
+++ b/tasks/config.yaml
@@ -0,0 +1,7 @@
+---
+
+- name: onlyoffice documentserver config
+  copy:
+    content: "{{ onlyoffice_documentserver_local_json | to_json }}"
+    dest: /etc/onlyoffice/documentserver/local.json
+  notify: restart onlyoffice documentserver
diff --git a/tasks/database.yaml b/tasks/database.yaml
new file mode 100644
index 0000000..aacbfd0
--- /dev/null
+++ b/tasks/database.yaml
@@ -0,0 +1,27 @@
+---
+
+- name: postgresql user
+  postgresql_user:
+    name: "{{ onlyoffice_db_user }}"
+    password: "{{ onlyoffice_db_pass }}"
+  delegate_to: "{{ (onlyoffice_db_host != 'localhost') | ternary(onlyoffice_db_host,inventory_hostname) }}"
+  become: yes
+  become_user: postgres
+
+- name: postgresql database
+  postgresql_db:
+    name: "{{onlyoffice_db_name}}"
+    owner: "{{onlyoffice_db_user}}"
+  delegate_to: "{{ (onlyoffice_db_host != 'localhost') | ternary(onlyoffice_db_host,inventory_hostname) }}"
+  become: yes
+  become_user: postgres
+
+- name: postgresql access
+  postgresql_privs:
+    db: "{{onlyoffice_db_name}}"
+    privs: ALL
+    type: database
+    role: "{{ onlyoffice_db_user }}"
+  delegate_to: "{{ (onlyoffice_db_host != 'localhost') | ternary(onlyoffice_db_host,inventory_hostname) }}"
+  become: yes
+  become_user: postgres
diff --git a/tasks/license.yaml b/tasks/license.yaml
new file mode 100644
index 0000000..259136c
--- /dev/null
+++ b/tasks/license.yaml
@@ -0,0 +1,8 @@
+---
+
+- name: copy onlyoffice license
+  copy:
+    src: license.lic
+    dest: /var/www/onlyoffice/Data/license.lic
+  failed_when: false
+  notify: restart onlyoffice documentserver
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..9984d91
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,20 @@
+---
+- import_tasks: setup.yaml
+
+- import_tasks: database.yaml
+
+- import_tasks: pre-install-config.yaml
+
+- name: onlyoffice documentserver debian package
+  apt:
+    pkg: onlyoffice-documentserver
+
+- import_tasks: license.yaml
+
+- import_tasks: config.yaml
+
+- import_role:
+    name: nginx
+
+- import_tasks: certificate.yaml
+- import_tasks: nginx.yaml
diff --git a/tasks/nginx.yaml b/tasks/nginx.yaml
new file mode 100644
index 0000000..5ca3346
--- /dev/null
+++ b/tasks/nginx.yaml
@@ -0,0 +1,25 @@
+---
+
+- name: nginx nextcloud vhost
+  template:
+    src: nginx-vhost.conf.j2
+    dest: /etc/nginx/sites-available/onlyoffice
+  notify: restart nginx
+
+- name: remove default onlyoffice config
+  file:
+    path: /etc/nginx/conf.d/ds.conf
+    state: absent
+  notify: restart nginx
+
+- name: nginx nextcloud vhost enabled
+  file:
+    src: ../sites-available/onlyoffice
+    dest: /etc/nginx/sites-enabled/onlyoffice
+    state: link
+  notify: restart nginx
+
+- name: start nginx
+  service:
+    name: nginx
+    state: started
diff --git a/tasks/pre-install-config.yaml b/tasks/pre-install-config.yaml
new file mode 100644
index 0000000..bed4de0
--- /dev/null
+++ b/tasks/pre-install-config.yaml
@@ -0,0 +1,29 @@
+---
+
+- name: set onlyoffice database host
+  debconf:
+    name: onlyoffice-documentserver
+    question: onlyoffice/db-host
+    value: "{{ onlyoffice_db_host }}"
+    vtype: string
+
+- name: set onlyoffice database user
+  debconf:
+    name: onlyoffice-documentserver
+    question: onlyoffice/db-user
+    value: "{{ onlyoffice_db_user }}"
+    vtype: string
+
+- name: set onlyoffice database pass
+  debconf:
+    name: onlyoffice-documentserver
+    question: onlyoffice/db-pass
+    value: "{{ onlyoffice_db_pass }}"
+    vtype: string
+
+- name: set onlyoffice database name
+  debconf:
+    name: onlyoffice-documentserver
+    question: onlyoffice/db-name
+    value: "{{ onlyoffice_db_name }}"
+    vtype: string
diff --git a/tasks/setup.yaml b/tasks/setup.yaml
new file mode 100644
index 0000000..89d0ebb
--- /dev/null
+++ b/tasks/setup.yaml
@@ -0,0 +1,23 @@
+---
+
+- name: debian package requirements
+  apt:
+    pkg:
+      - nginx-extras
+      - rabbitmq-server
+      - redis-server
+      - postgresql
+      # required by ansible
+      - gnupg
+      - python-psycopg2
+
+- name: onlyoffice apt repo key
+  apt_key:
+    keyserver: keyserver.ubuntu.com
+    id: CB2DE8E5
+    keyring: /etc/apt/trusted.gpg.d/onlyoffice.gpg
+
+- name: onlyoffice apt repo
+  apt_repository:
+    repo: deb https://download.onlyoffice.com/repo/debian squeeze main
+    filename: onlyoffice
diff --git a/templates/nginx-vhost.conf.j2 b/templates/nginx-vhost.conf.j2
new file mode 100644
index 0000000..0a4de3e
--- /dev/null
+++ b/templates/nginx-vhost.conf.j2
@@ -0,0 +1,32 @@
+{{ ansible_managed | comment }}
+
+include /etc/nginx/includes/http-common.conf;
+
+server {
+  listen 80;
+  listen [::]:80;
+  server_tokens off;
+
+  server_name {{onlyoffice_server_name}};
+
+  location /.well-known/acme-challenge {
+    default_type "text/plain";
+    root /var/www/default;
+  }
+
+  # enforce https
+  #return 301 https://$server_name:443$request_uri;
+}
+
+server {
+  listen 443;
+  listen [::]:443;
+  server_tokens off;
+
+  server_name {{onlyoffice_server_name}};
+
+  ssl_certificate /etc/ssl/certs/{{onlyoffice_server_name}}.fullchain.pem;
+  ssl_certificate_key /etc/ssl/private/{{onlyoffice_server_name}}.key.pem;
+
+  include /etc/nginx/includes/ds-*.conf;
+}
diff --git a/vars/main.yaml b/vars/main.yaml
new file mode 100644
index 0000000..9b9e1aa
--- /dev/null
+++ b/vars/main.yaml
@@ -0,0 +1,31 @@
+onlyoffice_documentserver_local_json:
+  services:
+    CoAuthoring:
+      sql:
+        type: postgres
+        dbHost: "{{ onlyoffice_db_host }}"
+        dbPort: '5432'
+        dbName: "{{ onlyoffice_db_name }}"
+        dbUser: "{{ onlyoffice_db_user }}"
+        dbPass: "{{ onlyoffice_db_pass }}"
+      redis:
+        host: localhost
+      token:
+        enable:
+          request:
+            inbox: true
+            outbox: true
+          browser: true
+        inbox:
+          header: Authorization
+        outbox:
+          header: Authorization
+      secret:
+        inbox:
+          string: "{{ onlyoffice_documentserver_token }}"
+        outbox:
+          string: "{{ onlyoffice_documentserver_token }}"
+        session:
+          string: "{{ onlyoffice_documentserver_token }}"
+  rabbitmq:
+    url: amqp://guest:guest@localhost