DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

adding collabora

Browse Source
This commit is contained in:
Eric Meehan 2024-12-09 21:36:13 -05:00
parent 3a50d78e85
commit 78b4b04bdc
13 changed files with 290 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
tasks/collabora.yaml Normal file
View File

@ -0,0 +1,44 @@
---
# tasks file for collabora
- name: Add Collabora repo
kubernetes.core.helm_repository:
name: collabora
repo_url: https://collaboraonline.github.io/online/
register: repo
- name: Update Helm repos
command: helm repo update
when: repo.changed
- name: Deploy Collabora
kubernetes.core.helm:
name: collabora
chart_ref: collabora/collabora-online
release_namespace: collabora
create_namespace: true
values:
collabora:
server_name: collabora.eom.dev
username: collabora_admin
password: "{{ collabora_admin_password }}"
aliasgroups:
- host: "https://nextcloud.eom.dev:443"
extra_params: --o:ssl.enable=false --o:ssl.termination=true
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: collabora.eom.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- collabora.eom.dev
secretName: collabora-tls

2
tasks/elasticsearch.yaml
View File

@ -16,6 +16,6 @@
data:
replicaCount: 1
persistence:
size: 256Gi
size: 512Gi
ingest:
replicaCount: 1

18
tasks/gitea.yaml
View File

@ -44,7 +44,7 @@
metrics:
enabled: true
admin:
username: gitea
username: gitea_admin
password: "{{ gitea_admin_password }}"
email: gitea@postfix.eom.dev
ldap:
@ -70,12 +70,8 @@
global:
redis:
password: "{{ gitea_admin_password }}"
master:
persistence:
size: 32Gi
replica:
persistence:
size: 32Gi
persistence:
enabled: true
redis-cluster:
enabled: false
postgresql:
@ -83,12 +79,12 @@
global:
postgresql:
auth:
username: gitea
password: "{{ gitea_admin_password }}"
database: gitea
primary:
persistence:
size: 256Gi
readReplicas:
persistence:
size: 256Gi
enabled: true
size: 2Ti
postgresql-ha:
enabled: false

4
tasks/grafana.yaml
View File

@ -10,7 +10,7 @@
metrics:
enabled: true
admin:
user: grafana
user: grafana_admin
password: "{{ grafana_admin_password }}"
persistence:
size: 64Gi
@ -56,6 +56,6 @@
type: alertmanager
access: proxy
orgId: 1
url: http://prometheus-alertmanager.prometheus.svc.cluster.local:9093
url: http://prometheus-alertmanager.prometheus.svc.cluster.local
version: 1
editable: true

2
tasks/jupyterhub.yaml
View File

@ -96,4 +96,4 @@
tls:
- hosts:
- jupyterhub.eom.dev
secretName: jupyterhub
secretName: jupyterhub-tls

2
tasks/main.yaml
View File

@ -3,4 +3,4 @@
- name: Deploy
include_tasks: "{{ item }}"
loop:
- owncast.yaml
- collabora.yaml

45
tasks/mastodon.yaml
View File

@ -18,10 +18,17 @@
memory: 0Mi
limits:
cpu: 1.5
memory: 3072Mi
adminUser: mastodon
adminEmail: mastodon@postfix.eom.dev
memory: 8192Mi
adminUser: mastodon_admin
adminEmail: mastodon_admin@postfix.eom.dev
adminPassword: "{{ mastodon_admin_password }}"
otpSecret: "{{ mastodon_otp_secret }}"
secretKeyBase: "{{ mastodon_secret_key_base }}"
vapidPrivateKey: "{{ mastodon_vapid_private_key }}"
vapidPublicKey: "{{ mastodon_vapid_public_key }}"
activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}"
activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}"
activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}"
extraConfig:
LDAP_ENABLED: "true"
LDAP_HOST: openldap.openldap.svc.cluster.local
@ -33,7 +40,6 @@
LDAP_UID: uid
LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev))
LDAP_MAIL: mail
enableS3: false
localDomain: mastodon.eom.dev
smtp:
server: postfix.eom.dev
@ -48,39 +54,36 @@
password: "{{ mastodon_admin_password }}"
persistence:
enabled: true
size: 8Ti
size: 64Gi
redis:
enabled: true
auth:
password: "{{ mastodon_admin_password }}"
master:
persistence:
size: 32Gi
replica:
persistence:
size: 32Gi
postgresql:
enabled: true
global:
postgresql:
auth:
password: "{{ mastodon_admin_password }}"
auth:
username: mastodon
password: "{{ mastodon_admin_password }}"
database: mastodon
primary:
persistence:
size: 256Gi
readReplicas:
persistence:
size: 256Gi
enabled: true
size: 2Ti
elasticsearch:
enabled: true
master:
persistence:
size: 32Gi
size: 64Gi
data:
persistence:
size: 32Gi
size: 512Gi
minio:
enabled: false
externalS3:
host: minio.api.eom.dev
accessKeyId: mastodon
accessKeySecret: "{{ mastodon_admin_password }}"
bucket: mastodon
apache:
service:
type: ClusterIP

170
tasks/mediawiki.yaml
View File

@ -1,42 +1,144 @@
---
# tasks file for mediawiki
- name: Deploy MediaWiki
- name: Create MediaWiki namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: mediawiki
- name: Deploy MariaDB
kubernetes.core.helm:
name: mediawiki
chart_ref: bitnami/mediawiki
name: mariadb
chart_ref: bitnami/mariadb
release_namespace: mediawiki
create_namespace: true
values:
mediawikiUser: mediawiki
mediawikiPassword: "{{ mediawiki_admin_password }}"
mediawikiEmail: mediawiki@postfix.eom.dev
mediawikiName: MediaWiki
mediawikiHost: https://mediawiki.eom.dev/
smtpHost: postfix.eom.dev
smtpPort: 587
smtpUser: mediawiki
smtpPassword: "{{ mediawiki_admin_password }}"
persistence:
size: 32Gi
service:
auth:
rootPassword: "{{ mediawiki_admin_password }}"
username: mediawiki
password: "{{ mediawiki_admin_password }}"
database: mediawiki
primary:
persistence:
size: 4Ti
- name: Create Deployment for MediaWiki
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mediawiki
namespace: mediawiki
spec:
replicas: 1
selector:
matchLabels:
app: mediawiki
template:
metadata:
labels:
app: mediawiki
spec:
containers:
- name: mediawiki
image: ericomeehan/mediawiki-extended
imagePullPolicy: Always
env:
- name: WIKI_NAME
value: MediaWiki
- name: WIKI_ADMIN
value: mediawiki_admin
- name: WIKI_ADMIN_PASS
value: "{{ mediawiki_admin_password }}"
- name: WIKI_LANG
value: en
- name: WIKI_URL
value: https://mediawiki.eom.dev/
- name: DB_HOST
value: mariadb
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: mediawiki
- name: DB_USER
value: mediawiki
- name: DB_PASS
value: "{{ mediawiki_admin_password }}"
- name: LDAP_BASE
value: dc=eom,dc=dev
- name: LDAP_SERVER_NAME
value: openldap.openldap.svc.cluster.local
- name: LDAP_SERVER_PORT
value: "389"
- name: LDAP_DOMAINNAME
value: openldap.openldap.svc.cluster.local
- name: LDAP_ENCTYPE
value: clear
- name: LDAP_USER_ATTR
value: uid
- name: LDAP_REAL_NAME_ATTR
value: cn
- name: LDAP_MAIL_ATTR
value: mail
- name: LDAP_BIND_USER
value: cn=readonly,dc=eom,dc=dev
- name: LDAP_BIND_PASS
value: "{{ openldap_readonly_password }}"
- name: LDAP_BUREAUCRAT_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_INTERFACE_ADMIN_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_SYSOP_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_SEARCH_FILTER
value: (&(objectClass=posixAccount)(uid=%1$s)(memberOf=cn=Mediawiki Users,ou=MediaWiki,ou=Services,dc=eom,dc=dev))
ports:
- containerPort: 80
- name: Create Service for MediaWiki
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mediawiki
namespace: mediawiki
spec:
selector:
app: mediawiki
ports:
- port: 80
name: http
type: ClusterIP
ingress:
enabled: true
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/clusteer-issuer: ca-issuer
cert-manager.io/cluster-issuer: ca-issuer
name: mediawiki
namespace: mediawiki
spec:
ingressClassName: nginx
pathType: Prefix
hostname: mediawiki.eom.dev
path: /
tls: true
mariadb:
db:
name: mediawiki
user: mediawiki
password: "{{ mediawiki_admin_password }}"
master:
persistence:
size: 256Gi
slave:
persistence:
size: 256Gi
rules:
- host: mediawiki.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: mediawiki
port:
number: 80
tls:
- hosts:
- mediawiki.eom.dev
secretName: mediawiki

58
tasks/minio.yaml Normal file
View File

@ -0,0 +1,58 @@
---
# tasks file for minio
- name: Deploy MinIO
kubernetes.core.helm:
name: minio
chart_ref: bitnami/minio
release_namespace: minio
create_namespace: true
values:
metrics:
enabled: true
disableWebUI: true
auth:
rootUser: minio_admin
rootPassword: "{{ minio_admin_password }}"
defaultBuckets: default
volumePermissions:
enabled: true
mode: standalone
persistence:
size: 8Ti
extraEnvVars:
- name: MINIO_ROOT_USER
value: minio_admin
- name: MINIO_ROOT_PASSWORD
value: "{{ minio_admin_password }}"
- name: MINIO_SERVER_URL
value: https://minio.eom.dev/
- name: MINIO_IDENTITY_LDAP_SERVER_ADDR
value: openldap.openldap.svc.cluster.local:389
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
value: cn=readonly,dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
value: "{{ openldap_readonly_password }}"
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
value: dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
value: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Minio Users,ou=Minio,ou=Services,dc=eom,dc=dev))
- name: MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES
value: uid,cn,mail,sshPublicKey
- name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
value: (&(objectclass=groupOfUniqueNames)(uniqueMember=%d))
- name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
value: dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_COMMENT
value: OpenLDAP
- name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
value: "on"
apiIngress:
enabled: true
hostname: minio.eom.dev
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
tls:
- hosts:
- minio.eom.dev
secretName: minio-tls

18
tasks/nextcloud.yaml
View File

@ -19,7 +19,7 @@
values:
nextcloud:
host: nextcloud.eom.dev
username: nextcloud
username: nextcloud_admin
password: "{{ nextcloud_admin_password }}"
configs:
proxy.config.php: |-
@ -47,15 +47,17 @@
externalDatabase:
enabled: true
type: postgresql
host: nextcloud-postgresql
host: postgresql
user: nextcloud
password: "{{ nextcloud_admin_password }}"
database: nextcloud
persistence:
enabled: true
size: 8Ti
size: 4Ti
metrics:
enabled: true
cronjob:
enabled: true
ingress:
enabled: true
className: nginx
@ -67,19 +69,15 @@
- hosts:
- nextcloud.eom.dev
secretName: nextcloud-tls
cronjob:
enabled: true
redis:
enabled: true
auth:
password: "{{ nextcloud_admin_password }}"
postgresql:
enabled: true
global:
postgresql:
auth:
username: nextcloud
password: "{{ nextcloud_admin_password }}"
database: nextcloud
primary:
persistence:
enabled: true
size: 256Gi
size: 2Ti

4
tasks/openldap.yaml
View File

@ -23,7 +23,7 @@
- ReadWriteOnce
resources:
requests:
storage: 16Gi
storage: 128Gi
- name: Create PVC for OpenLDAP configuration
k8s:
@ -39,7 +39,7 @@
- ReadWriteOnce
resources:
requests:
storage: 16Gi
storage: 32Gi
- name: Create Deployment for OpenLDAP
k8s:

2
tasks/postfix.yaml
View File

@ -55,7 +55,7 @@
- ReadWriteOnce
resources:
requests:
storage: 1Ti
storage: 2Ti
- name: Create a deployment
k8s:

8
tasks/postgresql.yaml
View File

@ -14,12 +14,12 @@
pgpool:
adminPassword: "{{ postgresql_admin_password }}"
customUsers:
usernames: gitea,grafana,jupyterhub,mastodon,nextcloud
passwords: "{{ gitea_admin_password }},{{ grafana_admin_password }},{{ jupyterhub_admin_password }},{{ mastodon_admin_password }},{{ nextcloud_admin_password }}"
usernames: gitea,grafana,jupyterhub,mastodon,mediawiki,nextcloud
passwords: "{{ gitea_admin_password }},{{ grafana_admin_password }},{{ jupyterhub_admin_password }},{{ mastodon_admin_password }},{{ mediawiki_admin_password }},{{ nextcloud_admin_password }}"
backup:
enabled: true
persistence:
size: 2Ti
size: 4Ti
postgresql:
username: postgres
password: "{{ postgresql_admin_password }}"
@ -34,5 +34,7 @@
CREATE DATABASE jupyterhub WITH OWNER jupyterhub;
CREATE USER mastodon WITH PASSWORD '{{ mastodon_admin_password }}';
CREATE DATABASE mastodon WITH OWNER mastodon;
CREATE USER mediawiki WITH PASSWORD '{{ mediawiki_admin_password }}';
CREATE DATABASE mediawiki WITH OWNER mediawiki;
CREATE USER nextcloud WITH PASSWORD '{{ nextcloud_admin_password }}';
CREATE DATABASE nextcloud WITH OWNER nextcloud;