DevOps/ansible-role-eom
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

adding collabora

Browse Source
This commit is contained in:
Eric Meehan 2024-12-09 21:36:13 -05:00
parent 3a50d78e85
commit 78b4b04bdc
13 changed files with 290 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
tasks/collabora.yaml Normal file
View File

@ -0,0 +1,44 @@
---
# tasks file for collabora
- name: Add Collabora repo
kubernetes.core.helm_repository:
name: collabora
repo_url: https://collaboraonline.github.io/online/
register: repo
- name: Update Helm repos
command: helm repo update
when: repo.changed
- name: Deploy Collabora
kubernetes.core.helm:
name: collabora
chart_ref: collabora/collabora-online
release_namespace: collabora
create_namespace: true
values:
collabora:
server_name: collabora.eom.dev
username: collabora_admin
password: "{{ collabora_admin_password }}"
aliasgroups:
- host: "https://nextcloud.eom.dev:443"
extra_params: --o:ssl.enable=false --o:ssl.termination=true
ingress:
enabled: true
className: "nginx"
annotations:
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
cert-manager.io/cluster-issuer: ca-issuer
hosts:
- host: collabora.eom.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- collabora.eom.dev
secretName: collabora-tls

2
tasks/elasticsearch.yaml
View File

@ -16,6 +16,6 @@
data: data:
replicaCount: 1 replicaCount: 1
persistence: persistence:
size: 256Gi size: 512Gi
ingest: ingest:
replicaCount: 1 replicaCount: 1

16
tasks/gitea.yaml
View File

@ -44,7 +44,7 @@
metrics: metrics:
enabled: true enabled: true
admin: admin:
username: gitea username: gitea_admin
password: "{{ gitea_admin_password }}" password: "{{ gitea_admin_password }}"
email: gitea@postfix.eom.dev email: gitea@postfix.eom.dev
ldap: ldap:
@ -70,12 +70,8 @@
global: global:
redis: redis:
password: "{{ gitea_admin_password }}" password: "{{ gitea_admin_password }}"
master:
persistence: persistence:
size: 32Gi enabled: true
replica:
persistence:
size: 32Gi
redis-cluster: redis-cluster:
enabled: false enabled: false
postgresql: postgresql:
@ -83,12 +79,12 @@
global: global:
postgresql: postgresql:
auth: auth:
username: gitea
password: "{{ gitea_admin_password }}" password: "{{ gitea_admin_password }}"
database: gitea
primary: primary:
persistence: persistence:
size: 256Gi enabled: true
readReplicas: size: 2Ti
persistence:
size: 256Gi
postgresql-ha: postgresql-ha:
enabled: false enabled: false

4
tasks/grafana.yaml
View File

@ -10,7 +10,7 @@
metrics: metrics:
enabled: true enabled: true
admin: admin:
user: grafana user: grafana_admin
password: "{{ grafana_admin_password }}" password: "{{ grafana_admin_password }}"
persistence: persistence:
size: 64Gi size: 64Gi
@ -56,6 +56,6 @@
type: alertmanager type: alertmanager
access: proxy access: proxy
orgId: 1 orgId: 1
url: http://prometheus-alertmanager.prometheus.svc.cluster.local:9093 url: http://prometheus-alertmanager.prometheus.svc.cluster.local
version: 1 version: 1
editable: true editable: true

2
tasks/jupyterhub.yaml
View File

@ -96,4 +96,4 @@
tls: tls:
- hosts: - hosts:
- jupyterhub.eom.dev - jupyterhub.eom.dev
secretName: jupyterhub secretName: jupyterhub-tls

2
tasks/main.yaml
View File

@ -3,4 +3,4 @@
- name: Deploy - name: Deploy
include_tasks: "{{ item }}" include_tasks: "{{ item }}"
loop: loop:
- owncast.yaml - collabora.yaml

41
tasks/mastodon.yaml
View File

@ -18,10 +18,17 @@
memory: 0Mi memory: 0Mi
limits: limits:
cpu: 1.5 cpu: 1.5
memory: 3072Mi memory: 8192Mi
adminUser: mastodon adminUser: mastodon_admin
adminEmail: mastodon@postfix.eom.dev adminEmail: mastodon_admin@postfix.eom.dev
adminPassword: "{{ mastodon_admin_password }}" adminPassword: "{{ mastodon_admin_password }}"
otpSecret: "{{ mastodon_otp_secret }}"
secretKeyBase: "{{ mastodon_secret_key_base }}"
vapidPrivateKey: "{{ mastodon_vapid_private_key }}"
vapidPublicKey: "{{ mastodon_vapid_public_key }}"
activeRecordEncryptionDeterministicKey: "{{ mastodon_active_record_encryption_deterministic_key }}"
activeRecordEncryptionKeyDerivationSalt: "{{ mastodon_active_record_encryption_key_derivation_salt }}"
activeRecordEncryptionPrimaryKey: "{{ mastodon_active_record_encryption_primary_key }}"
extraConfig: extraConfig:
LDAP_ENABLED: "true" LDAP_ENABLED: "true"
LDAP_HOST: openldap.openldap.svc.cluster.local LDAP_HOST: openldap.openldap.svc.cluster.local
@ -33,7 +40,6 @@
LDAP_UID: uid LDAP_UID: uid
LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev)) LDAP_SEARCH_FILTER: (&(objectClass=posixAccount)(|(%{uid}=%{email})(%{mail}=%{email}))(memberOf=cn=Mastodon Users,ou=Mastodon,ou=Services,dc=eom,dc=dev))
LDAP_MAIL: mail LDAP_MAIL: mail
enableS3: false
localDomain: mastodon.eom.dev localDomain: mastodon.eom.dev
smtp: smtp:
server: postfix.eom.dev server: postfix.eom.dev
@ -48,39 +54,36 @@
password: "{{ mastodon_admin_password }}" password: "{{ mastodon_admin_password }}"
persistence: persistence:
enabled: true enabled: true
size: 8Ti size: 64Gi
redis: redis:
enabled: true enabled: true
auth: auth:
password: "{{ mastodon_admin_password }}" password: "{{ mastodon_admin_password }}"
master:
persistence:
size: 32Gi
replica:
persistence:
size: 32Gi
postgresql: postgresql:
enabled: true enabled: true
global:
postgresql:
auth: auth:
username: mastodon
password: "{{ mastodon_admin_password }}" password: "{{ mastodon_admin_password }}"
database: mastodon
primary: primary:
persistence: persistence:
size: 256Gi enabled: true
readReplicas: size: 2Ti
persistence:
size: 256Gi
elasticsearch: elasticsearch:
enabled: true enabled: true
master: master:
persistence: persistence:
size: 32Gi size: 64Gi
data: data:
persistence: persistence:
size: 32Gi size: 512Gi
minio: minio:
enabled: false enabled: false
externalS3:
host: minio.api.eom.dev
accessKeyId: mastodon
accessKeySecret: "{{ mastodon_admin_password }}"
bucket: mastodon
apache: apache:
service: service:
type: ClusterIP type: ClusterIP

172
tasks/mediawiki.yaml
View File

@ -1,42 +1,144 @@
--- ---
# tasks file for mediawiki # tasks file for mediawiki
- name: Deploy MediaWiki - name: Create MediaWiki namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: mediawiki
- name: Deploy MariaDB
kubernetes.core.helm: kubernetes.core.helm:
name: mediawiki name: mariadb
chart_ref: bitnami/mediawiki chart_ref: bitnami/mariadb
release_namespace: mediawiki release_namespace: mediawiki
create_namespace: true
values: values:
mediawikiUser: mediawiki auth:
mediawikiPassword: "{{ mediawiki_admin_password }}" rootPassword: "{{ mediawiki_admin_password }}"
mediawikiEmail: mediawiki@postfix.eom.dev username: mediawiki
mediawikiName: MediaWiki
mediawikiHost: https://mediawiki.eom.dev/
smtpHost: postfix.eom.dev
smtpPort: 587
smtpUser: mediawiki
smtpPassword: "{{ mediawiki_admin_password }}"
persistence:
size: 32Gi
service:
type: ClusterIP
ingress:
enabled: true
annotations:
cert-manager.io/clusteer-issuer: ca-issuer
ingressClassName: nginx
pathType: Prefix
hostname: mediawiki.eom.dev
path: /
tls: true
mariadb:
db:
name: mediawiki
user: mediawiki
password: "{{ mediawiki_admin_password }}" password: "{{ mediawiki_admin_password }}"
master: database: mediawiki
primary:
persistence: persistence:
size: 256Gi size: 4Ti
slave:
persistence: - name: Create Deployment for MediaWiki
size: 256Gi k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: mediawiki
namespace: mediawiki
spec:
replicas: 1
selector:
matchLabels:
app: mediawiki
template:
metadata:
labels:
app: mediawiki
spec:
containers:
- name: mediawiki
image: ericomeehan/mediawiki-extended
imagePullPolicy: Always
env:
- name: WIKI_NAME
value: MediaWiki
- name: WIKI_ADMIN
value: mediawiki_admin
- name: WIKI_ADMIN_PASS
value: "{{ mediawiki_admin_password }}"
- name: WIKI_LANG
value: en
- name: WIKI_URL
value: https://mediawiki.eom.dev/
- name: DB_HOST
value: mariadb
- name: DB_PORT
value: "3306"
- name: DB_NAME
value: mediawiki
- name: DB_USER
value: mediawiki
- name: DB_PASS
value: "{{ mediawiki_admin_password }}"
- name: LDAP_BASE
value: dc=eom,dc=dev
- name: LDAP_SERVER_NAME
value: openldap.openldap.svc.cluster.local
- name: LDAP_SERVER_PORT
value: "389"
- name: LDAP_DOMAINNAME
value: openldap.openldap.svc.cluster.local
- name: LDAP_ENCTYPE
value: clear
- name: LDAP_USER_ATTR
value: uid
- name: LDAP_REAL_NAME_ATTR
value: cn
- name: LDAP_MAIL_ATTR
value: mail
- name: LDAP_BIND_USER
value: cn=readonly,dc=eom,dc=dev
- name: LDAP_BIND_PASS
value: "{{ openldap_readonly_password }}"
- name: LDAP_BUREAUCRAT_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_INTERFACE_ADMIN_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_SYSOP_GROUP
value: cn=Mediawiki Administrators,ou=MediaWiki,ou=Services,dc=eom,dc=dev
- name: LDAP_SEARCH_FILTER
value: (&(objectClass=posixAccount)(uid=%1$s)(memberOf=cn=Mediawiki Users,ou=MediaWiki,ou=Services,dc=eom,dc=dev))
ports:
- containerPort: 80
- name: Create Service for MediaWiki
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: mediawiki
namespace: mediawiki
spec:
selector:
app: mediawiki
ports:
- port: 80
name: http
type: ClusterIP
- name: Create Ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: mediawiki
namespace: mediawiki
spec:
ingressClassName: nginx
rules:
- host: mediawiki.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: mediawiki
port:
number: 80
tls:
- hosts:
- mediawiki.eom.dev
secretName: mediawiki

58
tasks/minio.yaml Normal file
View File

@ -0,0 +1,58 @@
---
# tasks file for minio
- name: Deploy MinIO
kubernetes.core.helm:
name: minio
chart_ref: bitnami/minio
release_namespace: minio
create_namespace: true
values:
metrics:
enabled: true
disableWebUI: true
auth:
rootUser: minio_admin
rootPassword: "{{ minio_admin_password }}"
defaultBuckets: default
volumePermissions:
enabled: true
mode: standalone
persistence:
size: 8Ti
extraEnvVars:
- name: MINIO_ROOT_USER
value: minio_admin
- name: MINIO_ROOT_PASSWORD
value: "{{ minio_admin_password }}"
- name: MINIO_SERVER_URL
value: https://minio.eom.dev/
- name: MINIO_IDENTITY_LDAP_SERVER_ADDR
value: openldap.openldap.svc.cluster.local:389
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
value: cn=readonly,dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
value: "{{ openldap_readonly_password }}"
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
value: dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
value: (&(objectClass=posixAccount)(uid=%s)(memberOf=cn=Minio Users,ou=Minio,ou=Services,dc=eom,dc=dev))
- name: MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES
value: uid,cn,mail,sshPublicKey
- name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
value: (&(objectclass=groupOfUniqueNames)(uniqueMember=%d))
- name: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
value: dc=eom,dc=dev
- name: MINIO_IDENTITY_LDAP_COMMENT
value: OpenLDAP
- name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
value: "on"
apiIngress:
enabled: true
hostname: minio.eom.dev
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: ca-issuer
tls:
- hosts:
- minio.eom.dev
secretName: minio-tls

18
tasks/nextcloud.yaml
View File

@ -19,7 +19,7 @@
values: values:
nextcloud: nextcloud:
host: nextcloud.eom.dev host: nextcloud.eom.dev
username: nextcloud username: nextcloud_admin
password: "{{ nextcloud_admin_password }}" password: "{{ nextcloud_admin_password }}"
configs: configs:
proxy.config.php: |- proxy.config.php: |-
@ -47,15 +47,17 @@
externalDatabase: externalDatabase:
enabled: true enabled: true
type: postgresql type: postgresql
host: nextcloud-postgresql host: postgresql
user: nextcloud user: nextcloud
password: "{{ nextcloud_admin_password }}" password: "{{ nextcloud_admin_password }}"
database: nextcloud database: nextcloud
persistence: persistence:
enabled: true enabled: true
size: 8Ti size: 4Ti
metrics: metrics:
enabled: true enabled: true
cronjob:
enabled: true
ingress: ingress:
enabled: true enabled: true
className: nginx className: nginx
@ -67,19 +69,15 @@
- hosts: - hosts:
- nextcloud.eom.dev - nextcloud.eom.dev
secretName: nextcloud-tls secretName: nextcloud-tls
cronjob:
enabled: true
redis:
enabled: true
auth:
password: "{{ nextcloud_admin_password }}"
postgresql: postgresql:
enabled: true enabled: true
global: global:
postgresql: postgresql:
auth: auth:
username: nextcloud
password: "{{ nextcloud_admin_password }}" password: "{{ nextcloud_admin_password }}"
database: nextcloud
primary: primary:
persistence: persistence:
enabled: true enabled: true
size: 256Gi size: 2Ti

4
tasks/openldap.yaml
View File

@ -23,7 +23,7 @@
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 16Gi storage: 128Gi
- name: Create PVC for OpenLDAP configuration - name: Create PVC for OpenLDAP configuration
k8s: k8s:
@ -39,7 +39,7 @@
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 16Gi storage: 32Gi
- name: Create Deployment for OpenLDAP - name: Create Deployment for OpenLDAP
k8s: k8s:

2
tasks/postfix.yaml
View File

@ -55,7 +55,7 @@
- ReadWriteOnce - ReadWriteOnce
resources: resources:
requests: requests:
storage: 1Ti storage: 2Ti
- name: Create a deployment - name: Create a deployment
k8s: k8s:

8
tasks/postgresql.yaml
View File

@ -14,12 +14,12 @@
pgpool: pgpool:
adminPassword: "{{ postgresql_admin_password }}" adminPassword: "{{ postgresql_admin_password }}"
customUsers: customUsers:
usernames: gitea,grafana,jupyterhub,mastodon,nextcloud usernames: gitea,grafana,jupyterhub,mastodon,mediawiki,nextcloud
passwords: "{{ gitea_admin_password }},{{ grafana_admin_password }},{{ jupyterhub_admin_password }},{{ mastodon_admin_password }},{{ nextcloud_admin_password }}" passwords: "{{ gitea_admin_password }},{{ grafana_admin_password }},{{ jupyterhub_admin_password }},{{ mastodon_admin_password }},{{ mediawiki_admin_password }},{{ nextcloud_admin_password }}"
backup: backup:
enabled: true enabled: true
persistence: persistence:
size: 2Ti size: 4Ti
postgresql: postgresql:
username: postgres username: postgres
password: "{{ postgresql_admin_password }}" password: "{{ postgresql_admin_password }}"
@ -34,5 +34,7 @@
CREATE DATABASE jupyterhub WITH OWNER jupyterhub; CREATE DATABASE jupyterhub WITH OWNER jupyterhub;
CREATE USER mastodon WITH PASSWORD '{{ mastodon_admin_password }}'; CREATE USER mastodon WITH PASSWORD '{{ mastodon_admin_password }}';
CREATE DATABASE mastodon WITH OWNER mastodon; CREATE DATABASE mastodon WITH OWNER mastodon;
CREATE USER mediawiki WITH PASSWORD '{{ mediawiki_admin_password }}';
CREATE DATABASE mediawiki WITH OWNER mediawiki;
CREATE USER nextcloud WITH PASSWORD '{{ nextcloud_admin_password }}'; CREATE USER nextcloud WITH PASSWORD '{{ nextcloud_admin_password }}';
CREATE DATABASE nextcloud WITH OWNER nextcloud; CREATE DATABASE nextcloud WITH OWNER nextcloud;