feat: add drawio instance for nextcloud and opencloud

Signed-off-by: Bert-Jan Fikse <bert-jan@whatwedo.ch>

roles/drawio/defaults/main.yml

@@ -1,3 +1,20 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # defaults file for drawio
+
+# Base directory configuration (inherited from base role or defined here)
+docker_compose_base_dir: /etc/docker/compose
+
+# Drawio-specific configuration
+drawio_service_name: drawio
+drawio_docker_compose_dir: "{{ docker_compose_base_dir }}/{{ drawio_service_name }}"
+
+# Service configuration
+drawio_domain: "drawio.local.test"
+drawio_image: "jgraph/drawio:latest"
+drawio_port: 8080
+drawio_extra_hosts: []
+
+# Traefik configuration
+drawio_traefik_network: "proxy"
+drawio_use_ssl: true

roles/drawio/handlers/main.yml

@@ -1,3 +1,8 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # handlers file for drawio
+
+- name: restart drawio
+  community.docker.docker_compose_v2:
+    project_src: "{{ drawio_docker_compose_dir }}"
+    state: restarted

roles/drawio/tasks/main.yml

@@ -1,3 +1,21 @@
 #SPDX-License-Identifier: MIT-0
 ---
 # tasks file for drawio
+
+- name: Create docker compose directory
+  file:
+    path: "{{ drawio_docker_compose_dir }}"
+    state: directory
+    mode: '0755'
+
+- name: Create docker-compose file for drawio
+  template:
+    src: docker-compose.yml.j2
+    dest: "{{ drawio_docker_compose_dir }}/docker-compose.yml"
+    mode: '0644'
+  notify: restart drawio
+
+- name: Start drawio container
+  community.docker.docker_compose_v2:
+    project_src: "{{ drawio_docker_compose_dir }}"
+    state: present

roles/drawio/templates/docker-compose.yml.j2

@@ -0,0 +1,28 @@
+services:
+  drawio:
+    image: {{ drawio_image }}
+    container_name: {{ drawio_service_name }}
+    restart: unless-stopped
+    networks:
+      - {{ drawio_traefik_network }}
+{% if drawio_extra_hosts is defined and drawio_extra_hosts | length > 0 %}
+    extra_hosts:
+{% for host in drawio_extra_hosts %}
+      - "{{ host }}"
+{% endfor %}
+{% endif %}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ drawio_traefik_network }}
+      - traefik.http.routers.{{ drawio_service_name }}.rule=Host(`{{ drawio_domain }}`)
+      - traefik.http.services.{{ drawio_service_name }}.loadbalancer.server.port={{ drawio_port }}
+{% if drawio_use_ssl %}
+      - traefik.http.routers.{{ drawio_service_name }}.entrypoints=websecure
+      - traefik.http.routers.{{ drawio_service_name }}.tls=true
+{% else %}
+      - traefik.http.routers.{{ drawio_service_name }}.entrypoints=web
+{% endif %}
+
+networks:
+  {{ drawio_traefik_network }}:
+    external: true

roles/nextcloud/defaults/main.yml

@@ -29,6 +29,12 @@ nextcloud_enable_collabora: true
 nextcloud_collabora_domain: "office.local.test"
 nextcloud_collabora_disable_cert_verification: false
 
+# Draw.io integration (set nextcloud_drawio_url to enable)
+nextcloud_enable_drawio: false
+nextcloud_drawio_url: ""
+nextcloud_drawio_theme: "kennedy"
+nextcloud_drawio_offline: "yes"
+
 nextcloud_use_s3_storage: false
 nextcloud_s3_key: changeme
 nextcloud_s3_secret: changeme

roles/nextcloud/tasks/drawio.yml

@@ -0,0 +1,19 @@
+#SPDX-License-Identifier: MIT-0
+---
+# tasks file for configuring draw.io in Nextcloud
+
+- name: Configure draw.io URL
+  community.docker.docker_container_exec:
+    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
+    command: php /var/www/html/occ config:app:set drawio DrawioUrl --value={{ nextcloud_drawio_url }}
+  when: nextcloud_drawio_url | length > 0
+
+- name: Configure draw.io theme
+  community.docker.docker_container_exec:
+    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
+    command: php /var/www/html/occ config:app:set drawio DrawioTheme --value={{ nextcloud_drawio_theme }}
+
+- name: Configure draw.io offline mode
+  community.docker.docker_container_exec:
+    container: "{{ nextcloud_docker_compose_dir | basename }}-nextcloud-1"
+    command: php /var/www/html/occ config:app:set drawio DrawioOffline --value={{ nextcloud_drawio_offline }}

roles/nextcloud/tasks/main.yml

@@ -70,6 +70,10 @@
   ansible.builtin.include_tasks: collabora.yml
   when: nextcloud_enable_collabora
 
+- name: Configure nextcloud draw.io
+  ansible.builtin.include_tasks: drawio.yml
+  when: nextcloud_enable_drawio
+
 - name: Configure LDAP backend
   ansible.builtin.include_tasks: ldap.yml
   when: nextcloud_ldap_enabled

roles/opencloud/defaults/main.yml

@@ -64,5 +64,11 @@ opencloud_ldap_group_schema_groupname: "cn"
 opencloud_ldap_group_schema_member: "member"
 opencloud_ldap_write_enabled: false
 
-# CSP configuration (extra URLs to allow in connect-src)
+# Draw.io integration (set opencloud_drawio_url to enable)
+opencloud_drawio_url: ""
+opencloud_drawio_theme: "minimal"
+opencloud_drawio_extension_image: "opencloudeu/web-extensions:draw-io-latest"
+
+# CSP configuration (extra URLs to allow in connect-src and frame-src)
 opencloud_csp_extra_connect_src: []
+opencloud_csp_extra_frame_src: []

roles/opencloud/tasks/main.yml

@@ -31,7 +31,32 @@
     owner: "1000"
     group: "1000"
     mode: '0644'
-  when: opencloud_csp_extra_connect_src | length > 0
+  when: opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0
+  notify: restart opencloud
+
+- name: Create draw.io extension apps directory
+  file:
+    path: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io"
+    state: directory
+    owner: "1000"
+    group: "1000"
+    mode: '0755'
+  when: opencloud_drawio_url | length > 0
+
+- name: Create draw.io extension config
+  copy:
+    content: |
+      {
+        "config": {
+          "url": "{{ opencloud_drawio_url }}",
+          "theme": "{{ opencloud_drawio_theme }}"
+        }
+      }
+    dest: "{{ opencloud_docker_volume_dir }}/data/web/assets/apps/draw-io/config.json"
+    owner: "1000"
+    group: "1000"
+    mode: '0644'
+  when: opencloud_drawio_url | length > 0
   notify: restart opencloud
 
 - name: Create docker-compose file for opencloud

roles/opencloud/templates/csp-override.yaml.j2

@@ -7,6 +7,13 @@ directives:
 {% for url in opencloud_csp_extra_connect_src %}
     - "{{ url }}"
 {% endfor %}
+{% if opencloud_csp_extra_frame_src | length > 0 %}
+  frame-src:
+    - "'self'"
+{% for url in opencloud_csp_extra_frame_src %}
+    - "{{ url }}"
+{% endfor %}
+{% endif %}
   script-src:
     - "'self'"
     - "'unsafe-inline'"

roles/opencloud/templates/docker-compose.yml.j2

@@ -1,8 +1,21 @@
 services:
+{% if opencloud_drawio_url %}
+  drawio-ext:
+    image: {{ opencloud_drawio_extension_image }}
+    entrypoint: /bin/sh
+    command: ["-c", "cp -R /usr/share/nginx/html/apps/draw-io/ /apps/"]
+    volumes:
+      - {{ opencloud_docker_volume_dir }}/data/web/assets/apps:/apps
+{% endif %}
   opencloud:
     image: {{ opencloud_image }}
     container_name: {{ opencloud_service_name }}
     restart: unless-stopped
+{% if opencloud_drawio_url %}
+    depends_on:
+      drawio-ext:
+        condition: service_completed_successfully
+{% endif %}
     entrypoint:
       - /bin/sh
     command: ["-c", "opencloud init || true; opencloud server"]
@@ -18,7 +31,7 @@ services:
       OC_INSECURE: "true"
       OC_LOG_LEVEL: "{{ opencloud_log_level }}"
       PROXY_TLS: "false"
-{% if opencloud_csp_extra_connect_src | length > 0 %}
+{% if opencloud_csp_extra_connect_src | length > 0 or opencloud_csp_extra_frame_src | length > 0 %}
       PROXY_CSP_CONFIG_FILE_OVERRIDE_LOCATION: "/etc/opencloud/csp-override.yaml"
 {% endif %}
       IDM_ADMIN_PASSWORD: "{{ opencloud_admin_password }}"