feat: add drawio instance for nextcloud and opencloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 14:37:02 +01:00 · 2026-03-13 14:37:02 +01:00 · 910986b808
commit 910986b808
parent f3f2b6d5b7
11 changed files with 152 additions and 4 deletions
--- a/roles/opencloud/defaults/main.yml
+++ b/roles/opencloud/defaults/main.yml
@ -64,5 +64,11 @@ opencloud_ldap_group_schema_groupname: "cn"
 opencloud_ldap_group_schema_member: "member"
 opencloud_ldap_write_enabled: false

-# CSP configuration (extra URLs to allow in connect-src)
-opencloud_csp_extra_connect_src: []
+# Draw.io integration (set opencloud_drawio_url to enable)
+opencloud_drawio_url: ""
+opencloud_drawio_theme: "minimal"
+opencloud_drawio_extension_image: "opencloudeu/web-extensions:draw-io-latest"
+
+# CSP configuration (extra URLs to allow in connect-src and frame-src)
+opencloud_csp_extra_connect_src: []
+opencloud_csp_extra_frame_src: []
--- a/roles/opencloud/tasks/main.yml
+++ b/roles/opencloud/tasks/main.yml
@ -31,7 +31,32 @@
    owner: "1000"
    group: "1000"
    mode: '0644'
-  when: opencloud_csp_extra_connect_src | length > 0
+  when: opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0
+  notify: restart opencloud
+
+- name: Create draw.io extension apps directory
+  file:
+    path: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io"
+    state: directory
+    owner: "1000"
+    group: "1000"
+    mode: '0755'
+  when: opencloud_drawio_url | length > 0
+
+- name: Create draw.io extension config
+  copy:
+    content: |
+      {
+        "config": {
+          "url": "{{ opencloud_drawio_url }}",
+          "theme": "{{ opencloud_drawio_theme }}"
+        }
+      }
+    dest: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io/config.json"
+    owner: "1000"
+    group: "1000"
+    mode: '0644'
+  when: opencloud_drawio_url | length > 0
  notify: restart opencloud

 - name: Create docker-compose file for opencloud
--- a/roles/opencloud/templates/csp-override.yaml.j2
+++ b/roles/opencloud/templates/csp-override.yaml.j2
@ -7,6 +7,13 @@ directives:
 {% for url in opencloud_csp_extra_connect_src %}
    - "{{ url }}"
 {% endfor %}
+{% if opencloud_csp_extra_frame_src | length > 0 %}
+  frame-src:
+    - "'self'"
+{% for url in opencloud_csp_extra_frame_src %}
+    - "{{ url }}"
+{% endfor %}
+{% endif %}
  script-src:
    - "'self'"
    - "'unsafe-inline'"
--- a/roles/opencloud/templates/docker-compose.yml.j2
+++ b/roles/opencloud/templates/docker-compose.yml.j2
@ -1,8 +1,21 @@
 services:
+{% if opencloud_drawio_url %}
+  drawio-ext:
+    image: {{ opencloud_drawio_extension_image }}
+    entrypoint: /bin/sh
+    command: ["-c", "cp -R /usr/share/nginx/html/apps/draw-io/ /apps/"]
+    volumes:
+      - {{ opencloud_docker_volume_dir }}/data/web/assets/apps:/apps
+{% endif %}
  opencloud:
    image: {{ opencloud_image }}
    container_name: {{ opencloud_service_name }}
    restart: unless-stopped
+{% if opencloud_drawio_url %}
+    depends_on:
+      drawio-ext:
+        condition: service_completed_successfully
+{% endif %}
    entrypoint:
      - /bin/sh
    command: ["-c", "opencloud init || true; opencloud server"]
@ -18,7 +31,7 @@ services:
      OC_INSECURE: "true"
      OC_LOG_LEVEL: "{{ opencloud_log_level }}"
      PROXY_TLS: "false"
-{% if opencloud_csp_extra_connect_src | length > 0 %}
+{% if opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 %}
      PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml"
 {% endif %}
      IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"