Ansible role to install and configure collabora office.
Ansible Collections
ansible-galaxy collection install bodsch.coreor
ansible-galaxy collection install --requirements-file collections.ymlcollabora_user_default: cool
collabora_service: {}
collabora_config: {}collabora_service:
pidfile: ""
port: ""
disable_ssl: true
disable_cool_user_checking: true
# defaults:
# sys_template_path=/opt/cool/systemplate
# child_root_path=/opt/cool/child-roots
# file_server_root_path=/usr/share/coolwsd
overrides:
sys_template_path: /opt/cool/systemplate
child_root_path: /opt/cool/child-roots
file_server_root_path: /usr/share/coolwsd
config_file: ""
config_dir: ""
lo_template_path: ""collabora_config:
# The languages allowed.
allowed_languages: []
fetch_update_check: 24 # hours
cache_path: /var/cache/loolwsd
# You can manage the mounting feature. Either "false" or "true". (As a string.)
mount_jail_tree: true
server_name: ""
logging: {}
#
trace_event:
enable: false
path: /var/log/coolwsd.trace.json
#
network: {}
#
ssl: {}
#
security:
seccomp: ""
capabilities: ""
jwt_expiry_secs: ""
enable_macros_execution: ""
macro_security_level: ""
enable_websocket_urp: ""
enable_metrics_unauthenticated: ""
#
watermark:
opacity: ""
text: ""
#
user_interface:
# Controls the user interface style.
# The 'default' means: Take the value from ui_defaults, or decide for one of compact or tabbed (default|compact|tabbed)
mode: ""
# Use theme from the integrator
use_integration_theme: true
#
storage: {}
#
admin_console: {}collabora_config:
logging:
color: true
# Set the log level. Can be 0 through 8, none or "fatal", "critical", "error",
# "warning", "notice", "information", "debug", "trace".
level: warning
startup: information
most_verbose: notice
least_verbose: fatal
file:
enable: false
path: /var/log/loolwsd.log
rotation: never
archive: timestamp
compress: true
purge:
days: 10
count: 10
rotate_on_open: true
flush: false
anonymize:
user_data: true
salt: ""
docstats: false
userstats: falsecollabora_config:
storage:
hosts: []
# - description: ""
# allow: ""
# host: ""
wopi:
allow: true
# Maximum document size in bytes to load. 0 for unlimited.
max_file_size: 0
locking:
refresh: 900
alias_groups:
# default mode is 'first' / set mode to 'groups' and define group to allow multiple host
mode: "first"
groups: []
# - description: ""
# allow: ""
# host: ""
# aliases: []collabora_config:
network:
# Protocol to use IPv4, IPv6 or all for both
proto: IPv4
# Listen address that coolwsd binds to. Can be 'any' or 'loopback'.
listen: loopback
# Allow/deny client IP address for POST(REST).
post_allow:
hosts: []
# - description: "The IPv4 private 10.0.0.0/8 subnet (Podman)."
# network: '10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
# - description: "Ditto, but as IPv4-mapped IPv6 addresses"
# network: '::ffff:10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
# Allowed hosts as an external data source inside edited files.
# All allowed post_allow.host and storage.wopi entries are also considered to be
# allowed as a data source.
# Used for example in: PostMessage Action_InsertGraphics, =WEBSERVICE() function, external reference in the cell.
lok_allow:
hosts: []
# - description: "Localhost access by name"
# network: 'localhostcollabora_config:
ssl:
# Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable.
enabled: false
# Connection via proxy where coolwsd acts as working via https, but actually uses http.
termination: false
# These settings become relevant when `collabora_ssl_enabled` is set to
# `yes`.
cert_file: /etc/coolwsd/cert.pem
key_file: /etc/coolwsd/key.pem
ca_file: /etc/coolwsd/ca-chain.cert.pem
cipher_list:
- "ALL"
- "!ADH"
- "!LOW"
- "!EXP"
- "!MD5"
- "@STRENGTH"
# Enable HTTP Public key pinning
hpkp:
enable: false
report_only: false
# HPKP's max-age directive - time in seconds browser should remember the pins
max_age: 1000
# HPKP's report-uri directive - pin validation failure are reported at this URL
report_enable: false
report_uri:
# Base64 encoded SPKI fingerprints of keys to be pinned
pins: []
# Strict-Transport-Security settings, per rfc6797. Subdomains are always included.
sts:
# Whether or not Strict-Transport-Security is enabled. Enable only when ready for production. Cannot be disabled without resetting the browsers.
enabled: false
# Strict-Transport-Security max-age directive, in seconds. 0 is allowed; please see rfc6797 for details. Defaults to 1 year.
max_age: 31536000collabora_config:
admin_console:
enable: true
# Enable admin user authentication with PAM
enable_pam: false
# The username of the admin console. Ignored if PAM is enabled.
username: "admin"
# The password of the admin console. Deprecated on most platforms. Instead, use PAM or coolconfig to set up a secure password.
password: "50m3-53cu23-p455w02d."
# Log admin activities irrespective of logging.level
logging:
# log when an admin logged into the console
admin_login: true
# log when metrics endpoint is accessed and metrics endpoint authentication is enabled
metrics_fetch: true
# log when external monitor gets connected
monitor_connect: true
# log when admin does some action for example killing a process
admin_action: truePlease read Contribution
The master Branch is my Working Horse includes the "latest, hot shit" and can be complete broken!
If you want to use something stable, please use a Tagged Version!
- Bodo Schulz
FREE SOFTWARE, HELL YEAH!