feat: add drawio instance for nextcloud and opencloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>
2026-03-13 14:37:02 +01:00 · 2026-03-13 14:37:02 +01:00 · 910986b808
commit 910986b808
parent f3f2b6d5b7
11 changed files with 152 additions and 4 deletions
--- a/roles/drawio/defaults/main.yml
+++ b/roles/drawio/defaults/main.yml
@ -1,3 +1,20 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for drawio
 # Base directory configuration (inherited from base role or defined here)
 docker_compose_base_dir: /etc/docker/compose
 # Drawio-specific configuration
 drawio_service_name: drawio
 drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name }}"
 # Service configuration
 drawio_domain: "drawio.local.test"
 drawio_image: "jgraph/drawio:latest"
 drawio_port: 8080
 drawio_extra_hosts: []
 # Traefik configuration
 drawio_traefik_network: "proxy"
 drawio_use_ssl: true
--- a/roles/drawio/handlers/main.yml
+++ b/roles/drawio/handlers/main.yml
@ -1,3 +1,8 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # handlers file for drawio
 - name: restart drawio
  community.docker.docker_compose_v2:
    project_src: "{{ drawio_docker_compose_dir }}"
    state: restarted
--- a/roles/drawio/tasks/main.yml
+++ b/roles/drawio/tasks/main.yml
@ -1,3 +1,21 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for drawio
 - name: Create docker compose directory
  file:
    path: "{{ drawio_docker_compose_dir }}"
    state: directory
    mode: '0755'
 - name: Create docker-compose file for drawio
  template:
    src: docker-compose.yml.j2
    dest: "{{ drawio_docker_compose_dir }}/docker-compose.yml"
    mode: '0644'
  notify: restart drawio
 - name: Start drawio container
  community.docker.docker_compose_v2:
    project_src: "{{ drawio_docker_compose_dir }}"
    state: present
--- a/roles/drawio/templates/docker-compose.yml.j2
+++ b/roles/drawio/templates/docker-compose.yml.j2
@ -0,0 +1,28 @@
 services:
  drawio:
    image: {{ drawio_image }}
    container_name: {{ drawio_service_name }}
    restart: unless-stopped
    networks:
      - {{ drawio_traefik_network }}
 {% if drawio_extra_hosts is defined and drawio_extra_hosts | length > 0 %}
    extra_hosts:
 {% for host in drawio_extra_hosts %}
      - "{{ host }}"
 {% endfor %}
 {% endif %}
    labels:
      - traefik.enable=true
      - traefik.docker.network={{ drawio_traefik_network }}
      - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`)
      - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }}
 {% if drawio_use_ssl %}
      - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure
      - traefik.http.routers.{{ drawio_service_name }}.tls=true
 {% else %}
      - traefik.http.routers.{{ drawio_service_name }}.entrypoints=web
 {% endif %}
 networks:
  {{ drawio_traefik_network }}:
    external: true
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@ -29,6 +29,12 @@ nextcloud_enable_collabora: true
 nextcloud_collabora_domain: "office.local.test"
 nextcloud_collabora_disable_cert_verification: false
 # Draw.io integration (set nextcloud_drawio_url to enable)
 nextcloud_enable_drawio: false
 nextcloud_drawio_url: ""
 nextcloud_drawio_theme: "kennedy"
 nextcloud_drawio_offline: "yes"
 nextcloud_use_s3_storage: false
 nextcloud_s3_key: changeme
 nextcloud_s3_secret: changeme
--- a/roles/nextcloud/tasks/drawio.yml
+++ b/roles/nextcloud/tasks/drawio.yml
@ -0,0 +1,19 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for configuring draw.io in Nextcloud
 - name: Configure draw.io URL
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set drawio DrawioUrl --value={{ nextcloud_drawio_url }}
  when: nextcloud_drawio_url | length > 0
 - name: Configure draw.io theme
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set drawio DrawioTheme --value={{ nextcloud_drawio_theme }}
 - name: Configure draw.io offline mode
  community.docker.docker_container_exec:
    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
    command: php /var/www/html/occ config:app:set drawio DrawioOffline --value={{ nextcloud_drawio_offline }}
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -70,6 +70,10 @@
  ansible.builtin.include_tasks: collabora.yml
  when: nextcloud_enable_collabora
 - name: Configure nextcloud draw.io
  ansible.builtin.include_tasks: drawio.yml
  when: nextcloud_enable_drawio
 - name: Configure LDAP backend
  ansible.builtin.include_tasks: ldap.yml
  when: nextcloud_ldap_enabled
--- a/roles/opencloud/defaults/main.yml
+++ b/roles/opencloud/defaults/main.yml
@ -64,5 +64,11 @@ opencloud_ldap_group_schema_groupname: "cn"
 opencloud_ldap_group_schema_member: "member"
 opencloud_ldap_write_enabled: false
-# CSP configuration (extra URLs to allow in connect-src)
+# Draw.io integration (set opencloud_drawio_url to enable)
 opencloud_drawio_url: ""
 opencloud_drawio_theme: "minimal"
 opencloud_drawio_extension_image: "opencloudeu/web-extensions:draw-io-latest"
 # CSP configuration (extra URLs to allow in connect-src and frame-src)
 opencloud_csp_extra_connect_src: []
 opencloud_csp_extra_frame_src: []
--- a/roles/opencloud/tasks/main.yml
+++ b/roles/opencloud/tasks/main.yml
@ -31,7 +31,32 @@
    owner: "1000"
    group: "1000"
    mode: '0644'
-  when: opencloud_csp_extra_connect_src | length > 0
+  when: opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0
  notify: restart opencloud
 - name: Create draw.io extension apps directory
  file:
    path: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io"
    state: directory
    owner: "1000"
    group: "1000"
    mode: '0755'
  when: opencloud_drawio_url | length > 0
 - name: Create draw.io extension config
  copy:
    content: |
      {
        "config": {
          "url": "{{ opencloud_drawio_url }}",
          "theme": "{{ opencloud_drawio_theme }}"
        }
      }
    dest: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io/config.json"
    owner: "1000"
    group: "1000"
    mode: '0644'
  when: opencloud_drawio_url | length > 0
  notify: restart opencloud
 - name: Create docker-compose file for opencloud
--- a/roles/opencloud/templates/csp-override.yaml.j2
+++ b/roles/opencloud/templates/csp-override.yaml.j2
@ -7,6 +7,13 @@ directives:
 {% for url in opencloud_csp_extra_connect_src %}
    - "{{ url }}"
 {% endfor %}
 {% if opencloud_csp_extra_frame_src | length > 0 %}
  frame-src:
    - "'self'"
 {% for url in opencloud_csp_extra_frame_src %}
    - "{{ url }}"
 {% endfor %}
 {% endif %}
  script-src:
    - "'self'"
    - "'unsafe-inline'"
--- a/roles/opencloud/templates/docker-compose.yml.j2
+++ b/roles/opencloud/templates/docker-compose.yml.j2
@ -1,8 +1,21 @@
 services:
 {% if opencloud_drawio_url %}
  drawio-ext:
    image: {{ opencloud_drawio_extension_image }}
    entrypoint: /bin/sh
    command: ["-c", "cp -R /usr/share/nginx/html/apps/draw-io/ /apps/"]
    volumes:
      - {{ opencloud_docker_volume_dir }}/data/web/assets/apps:/apps
 {% endif %}
  opencloud:
    image: {{ opencloud_image }}
    container_name: {{ opencloud_service_name }}
    restart: unless-stopped
 {% if opencloud_drawio_url %}
    depends_on:
      drawio-ext:
        condition: service_completed_successfully
 {% endif %}
    entrypoint:
      - /bin/sh
    command: ["-c", "opencloud init || true; opencloud server"]
@ -18,7 +31,7 @@ services:
      OC_INSECURE: "true"
      OC_LOG_LEVEL: "{{ opencloud_log_level }}"
      PROXY_TLS: "false"
-{% if opencloud_csp_extra_connect_src | length > 0 %}
+{% if opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 %}
      PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml"
 {% endif %}
      IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"