From 910986b808bdfb5977a70f6fd4320b8701208df7 Mon Sep 17 00:00:00 2001 From: Bert-Jan Fikse Date: Fri, 13 Mar 2026 14:37:02 +0100 Subject: [PATCH] feat: add drawio instance for nextcloud and opencloud Signed-off-by: Bert-Jan Fikse --- roles/drawio/defaults/main.yml | 17 +++++++++++ roles/drawio/handlers/main.yml | 5 ++++ roles/drawio/tasks/main.yml | 18 ++++++++++++ roles/drawio/templates/docker-compose.yml.j2 | 28 +++++++++++++++++++ roles/nextcloud/defaults/main.yml | 6 ++++ roles/nextcloud/tasks/drawio.yml | 19 +++++++++++++ roles/nextcloud/tasks/main.yml | 4 +++ roles/opencloud/defaults/main.yml | 10 +++++-- roles/opencloud/tasks/main.yml | 27 +++++++++++++++++- .../opencloud/templates/csp-override.yaml.j2 | 7 +++++ .../opencloud/templates/docker-compose.yml.j2 | 15 +++++++++- 11 files changed, 152 insertions(+), 4 deletions(-) create mode 100644 roles/drawio/templates/docker-compose.yml.j2 create mode 100644 roles/nextcloud/tasks/drawio.yml diff --git a/roles/drawio/defaults/main.yml b/roles/drawio/defaults/main.yml index dcb88be..7b67976 100644 --- a/roles/drawio/defaults/main.yml +++ b/roles/drawio/defaults/main.yml @@ -1,3 +1,20 @@ #SPDX-License-Identifier: MIT-0 --- # defaults file for drawio + +# Base directory configuration (inherited from base role or defined here) +docker_compose_base_dir: /etc/docker/compose + +# Drawio-specific configuration +drawio_service_name: drawio +drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name }}" + +# Service configuration +drawio_domain: "drawio.local.test" +drawio_image: "jgraph/drawio:latest" +drawio_port: 8080 +drawio_extra_hosts: [] + +# Traefik configuration +drawio_traefik_network: "proxy" +drawio_use_ssl: true \ No newline at end of file diff --git a/roles/drawio/handlers/main.yml b/roles/drawio/handlers/main.yml index 7bdf858..f1ef0da 100644 --- a/roles/drawio/handlers/main.yml +++ b/roles/drawio/handlers/main.yml @@ -1,3 +1,8 @@ #SPDX-License-Identifier: MIT-0 --- # handlers file for drawio + +- name: restart drawio + community.docker.docker_compose_v2: + project_src: "{{ drawio_docker_compose_dir }}" + state: restarted \ No newline at end of file diff --git a/roles/drawio/tasks/main.yml b/roles/drawio/tasks/main.yml index a3bc871..67bd50d 100644 --- a/roles/drawio/tasks/main.yml +++ b/roles/drawio/tasks/main.yml @@ -1,3 +1,21 @@ #SPDX-License-Identifier: MIT-0 --- # tasks file for drawio + +- name: Create docker compose directory + file: + path: "{{ drawio_docker_compose_dir }}" + state: directory + mode: '0755' + +- name: Create docker-compose file for drawio + template: + src: docker-compose.yml.j2 + dest: "{{ drawio_docker_compose_dir }}/docker-compose.yml" + mode: '0644' + notify: restart drawio + +- name: Start drawio container + community.docker.docker_compose_v2: + project_src: "{{ drawio_docker_compose_dir }}" + state: present \ No newline at end of file diff --git a/roles/drawio/templates/docker-compose.yml.j2 b/roles/drawio/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..b6b9ef5 --- /dev/null +++ b/roles/drawio/templates/docker-compose.yml.j2 @@ -0,0 +1,28 @@ +services: + drawio: + image: {{ drawio_image }} + container_name: {{ drawio_service_name }} + restart: unless-stopped + networks: + - {{ drawio_traefik_network }} +{% if drawio_extra_hosts is defined and drawio_extra_hosts | length > 0 %} + extra_hosts: +{% for host in drawio_extra_hosts %} + - "{{ host }}" +{% endfor %} +{% endif %} + labels: + - traefik.enable=true + - traefik.docker.network={{ drawio_traefik_network }} + - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`) + - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }} +{% if drawio_use_ssl %} + - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure + - traefik.http.routers.{{ drawio_service_name }}.tls=true +{% else %} + - traefik.http.routers.{{ drawio_service_name }}.entrypoints=web +{% endif %} + +networks: + {{ drawio_traefik_network }}: + external: true \ No newline at end of file diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml index e40ea55..ddafddf 100644 --- a/roles/nextcloud/defaults/main.yml +++ b/roles/nextcloud/defaults/main.yml @@ -29,6 +29,12 @@ nextcloud_enable_collabora: true nextcloud_collabora_domain: "office.local.test" nextcloud_collabora_disable_cert_verification: false +# Draw.io integration (set nextcloud_drawio_url to enable) +nextcloud_enable_drawio: false +nextcloud_drawio_url: "" +nextcloud_drawio_theme: "kennedy" +nextcloud_drawio_offline: "yes" + nextcloud_use_s3_storage: false nextcloud_s3_key: changeme nextcloud_s3_secret: changeme diff --git a/roles/nextcloud/tasks/drawio.yml b/roles/nextcloud/tasks/drawio.yml new file mode 100644 index 0000000..bd2e17e --- /dev/null +++ b/roles/nextcloud/tasks/drawio.yml @@ -0,0 +1,19 @@ +#SPDX-License-Identifier: MIT-0 +--- +# tasks file for configuring draw.io in Nextcloud + +- name: Configure draw.io URL + community.docker.docker_container_exec: + container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" + command: php /var/www/html/occ config:app:set drawio DrawioUrl --value={{ nextcloud_drawio_url }} + when: nextcloud_drawio_url | length > 0 + +- name: Configure draw.io theme + community.docker.docker_container_exec: + container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" + command: php /var/www/html/occ config:app:set drawio DrawioTheme --value={{ nextcloud_drawio_theme }} + +- name: Configure draw.io offline mode + community.docker.docker_container_exec: + container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1" + command: php /var/www/html/occ config:app:set drawio DrawioOffline --value={{ nextcloud_drawio_offline }} \ No newline at end of file diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 71f68c5..c849b17 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -70,6 +70,10 @@ ansible.builtin.include_tasks: collabora.yml when: nextcloud_enable_collabora +- name: Configure nextcloud draw.io + ansible.builtin.include_tasks: drawio.yml + when: nextcloud_enable_drawio + - name: Configure LDAP backend ansible.builtin.include_tasks: ldap.yml when: nextcloud_ldap_enabled diff --git a/roles/opencloud/defaults/main.yml b/roles/opencloud/defaults/main.yml index d7abfee..a939618 100644 --- a/roles/opencloud/defaults/main.yml +++ b/roles/opencloud/defaults/main.yml @@ -64,5 +64,11 @@ opencloud_ldap_group_schema_groupname: "cn" opencloud_ldap_group_schema_member: "member" opencloud_ldap_write_enabled: false -# CSP configuration (extra URLs to allow in connect-src) -opencloud_csp_extra_connect_src: [] \ No newline at end of file +# Draw.io integration (set opencloud_drawio_url to enable) +opencloud_drawio_url: "" +opencloud_drawio_theme: "minimal" +opencloud_drawio_extension_image: "opencloudeu/web-extensions:draw-io-latest" + +# CSP configuration (extra URLs to allow in connect-src and frame-src) +opencloud_csp_extra_connect_src: [] +opencloud_csp_extra_frame_src: [] \ No newline at end of file diff --git a/roles/opencloud/tasks/main.yml b/roles/opencloud/tasks/main.yml index d3ce5ba..e448bb9 100644 --- a/roles/opencloud/tasks/main.yml +++ b/roles/opencloud/tasks/main.yml @@ -31,7 +31,32 @@ owner: "1000" group: "1000" mode: '0644' - when: opencloud_csp_extra_connect_src | length > 0 + when: opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 + notify: restart opencloud + +- name: Create draw.io extension apps directory + file: + path: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io" + state: directory + owner: "1000" + group: "1000" + mode: '0755' + when: opencloud_drawio_url | length > 0 + +- name: Create draw.io extension config + copy: + content: | + { + "config": { + "url": "{{ opencloud_drawio_url }}", + "theme": "{{ opencloud_drawio_theme }}" + } + } + dest: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io/config.json" + owner: "1000" + group: "1000" + mode: '0644' + when: opencloud_drawio_url | length > 0 notify: restart opencloud - name: Create docker-compose file for opencloud diff --git a/roles/opencloud/templates/csp-override.yaml.j2 b/roles/opencloud/templates/csp-override.yaml.j2 index f71cd9b..29afd38 100644 --- a/roles/opencloud/templates/csp-override.yaml.j2 +++ b/roles/opencloud/templates/csp-override.yaml.j2 @@ -7,6 +7,13 @@ directives: {% for url in opencloud_csp_extra_connect_src %} - "{{ url }}" {% endfor %} +{% if opencloud_csp_extra_frame_src | length > 0 %} + frame-src: + - "'self'" +{% for url in opencloud_csp_extra_frame_src %} + - "{{ url }}" +{% endfor %} +{% endif %} script-src: - "'self'" - "'unsafe-inline'" diff --git a/roles/opencloud/templates/docker-compose.yml.j2 b/roles/opencloud/templates/docker-compose.yml.j2 index 88faa46..eca62b3 100644 --- a/roles/opencloud/templates/docker-compose.yml.j2 +++ b/roles/opencloud/templates/docker-compose.yml.j2 @@ -1,8 +1,21 @@ services: +{% if opencloud_drawio_url %} + drawio-ext: + image: {{ opencloud_drawio_extension_image }} + entrypoint: /bin/sh + command: ["-c", "cp -R /usr/share/nginx/html/apps/draw-io/ /apps/"] + volumes: + - {{ opencloud_docker_volume_dir }}/data/web/assets/apps:/apps +{% endif %} opencloud: image: {{ opencloud_image }} container_name: {{ opencloud_service_name }} restart: unless-stopped +{% if opencloud_drawio_url %} + depends_on: + drawio-ext: + condition: service_completed_successfully +{% endif %} entrypoint: - /bin/sh command: ["-c", "opencloud init || true; opencloud server"] @@ -18,7 +31,7 @@ services: OC_INSECURE: "true" OC_LOG_LEVEL: "{{ opencloud_log_level }}" PROXY_TLS: "false" -{% if opencloud_csp_extra_connect_src | length > 0 %} +{% if opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 %} PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml" {% endif %} IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"