new: [onlyoffice] new charm

onlyoffice/hooks/init

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+## Init is run on host
+## For now it is run every time the script is launched, but
+## it should be launched only once after build.
+
+## Accessible variables are:
+## - SERVICE_NAME        Name of current service
+## - DOCKER_BASE_IMAGE   Base image from which this service might be built if any
+## - SERVICE_DATASTORE           Location on host of the DATASTORE of this service
+## - SERVICE_CONFIGSTORE         Location on host of the CONFIGSTORE of this service
+
+
+set -e
+
+if ! [ -e "$SERVICE_CONFIGSTORE/etc/onlyoffice/documentserver/local.json" ]; then
+    ## first time we need to extract configuration from image
+    mkdir -p "$SERVICE_CONFIGSTORE/etc/onlyoffice"
+    service_base_image_export_dir "$SERVICE_NAME" /etc/onlyoffice/documentserver "$SERVICE_CONFIGSTORE/etc/onlyoffice/"
+fi
+

onlyoffice/hooks/nextcloud_app-relation-joined

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -e
+
+KEY=$(relation-get secret) || true
+
+if [ -z "$KEY" ]; then
+    KEY=$(gen_password 64)
+fi
+
+## XXXvlab: we really need to have a state based cache thingy, because
+## setting the same password each time is really time consumming.
+compose --no-relations --no-init \
+        occ "$MASTER_TARGET_SERVICE_NAME" \
+        app:install onlyoffice \; \
+        config:system:set onlyoffice DocumentServerInternalUrl --value="http://$MASTER_BASE_SERVICE_NAME/" \; \
+        config:system:set onlyoffice StorageUrl --value="http://$MASTER_TARGET_SERVICE_NAME/" \; \
+        config:app:set onlyoffice jwt_secret --value="$KEY"
+
+
+ONLYOFFICE_CFG="$SERVICE_CONFIGSTORE/etc/onlyoffice/documentserver/local.json"
+out=$(jq ".services.CoAuthoring.token.enable.browser = true |
+          .services.CoAuthoring.token.enable.request.inbox = true |
+          .services.CoAuthoring.token.enable.request.outbox = true |
+          .services.CoAuthoring.secret.inbox.string = \"$KEY\" |
+          .services.CoAuthoring.secret.outbox.string = \"$KEY\" |
+          .services.CoAuthoring.secret.session.string = \"$KEY\"" \
+              "$ONLYOFFICE_CFG")
+
+H1=$(cat "$ONLYOFFICE_CFG" | hash_get)
+H2=$(echo "$out" | hash_get)
+if [ "$H1" != "$H2" ]; then
+    echo "$out" > "$ONLYOFFICE_CFG"
+
+    ## XXXvlab: onlyoffice need to be restarted if already running and local.json changed.
+    ## it is about docker exec $SERVICE_NAME supervisor restart ...
+    for container_id in $(get_running_containers_for_service "$SERVICE_NAME"); do
+        ## restarting all as documented here: https://api.onlyoffice.com/editors/signature/
+        docker exec "$container_id" supervisorctl restart all
+    done
+    relation-set secret "$KEY"
+
+fi

onlyoffice/hooks/web_proxy-relation-joined

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+DOMAIN=$(relation-get domain) || exit 1
+
+## These are mainly to setup the correct web-hook
+if [ "$MASTER_BASE_SERVICE_NAME" == "$DOMAIN" ]; then
+    ## This is because the IP will be the docker container version
+    PROTO="http"
+else
+    URL="$(relation-get url)" || exit 1
+    PROTO="${URL%%://*}"
+fi
+
+read-0 ts _ _ < <(get_service_relation "$SERVICE_NAME" "nextcloud-app") || {
+    err "Could not find ${DARKCYAN}nextcloud-app${WHITE} service name."
+    exit 1
+}
+
+
+compose --no-relations --no-init occ "$ts" \
+        config:system:set onlyoffice DocumentServerUrl --value="$PROTO://$DOMAIN/" \;

onlyoffice/metadata.yml

@@ -0,0 +1,27 @@
+docker-image: docker.0k.io/oods:1.0.0
+data-resources:
+  - /var/www/onlyoffice/Data
+  - /var/log/onlyoffice
+config-resources:
+  - /etc/onlyoffice/documentserver
+
+uses:
+  nextcloud-app:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required
+    auto: pair
+    solves:
+      interface: "UI server"
+
+  ## XXXvlab: public access should NOT be necessary, but seem the only way to make
+  ## it work: https://dev.onlyoffice.org/viewtopic.php?t=19272
+  web-proxy:
+    #constraint: required | recommended | optional
+    #auto: pair | summon | none ## default: pair
+    constraint: required
+    auto: summon
+    solves:
+      proxy: "Public access"
+    default-options:
+      target: !var-expand ${MASTER_BASE_SERVICE_NAME}:80