From 6fcedd9162f1debac85acb38c76c5f06b99dc508 Mon Sep 17 00:00:00 2001
From: il <il@ilnmors.internal>
Date: Tue, 5 May 2026 21:12:47 +0900
Subject: [PATCH] feat(collabora): release collabora

deployment note:
- link to nextcloud
- document opening is verified (including korean fonts)
---
 ansible/inventory/group_vars/all.yaml         |  8 ++++++
 ansible/playbooks/app/site.yaml               |  7 +++++
 ansible/roles/app/handlers/main.yaml          | 11 ++++++++
 .../app/tasks/services/set_collabora.yaml     | 17 +++++++++++
 .../app/collabora/collabora.container.j2      | 25 +++++++++++++++++
 .../common/caddy/etc/app/Caddyfile.j2         |  6 ++++
 .../common/caddy/etc/auth/Caddyfile.j2        |  9 ++++++
 docs/services/app/collabora.md                | 28 +++++++++++++++++++
 docs/specifications/environments.md           |  2 +-
 9 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/app/tasks/services/set_collabora.yaml
 create mode 100644 config/services/containers/app/collabora/collabora.container.j2
 create mode 100644 docs/services/app/collabora.md

diff --git a/ansible/inventory/group_vars/all.yaml b/ansible/inventory/group_vars/all.yaml
index b7c4ef3..b37d864 100644
--- a/ansible/inventory/group_vars/all.yaml
+++ b/ansible/inventory/group_vars/all.yaml
@@ -156,6 +156,13 @@ services:
       http: "8002"
       redis: "6382"
     subuid: "100032"
+  collabora:
+    domain:
+      public: "collabora"
+      internal: "collabora.app"
+    ports:
+      http: "9980"
+    subuid: "101000"
 
 version:
   packages:
@@ -193,3 +200,4 @@ version:
     manticore: "25.0.0"
     affine: "0.26.3"
     nextcloud: "33.0.3"
+    collabora: "25.04.9.4.1"
diff --git a/ansible/playbooks/app/site.yaml b/ansible/playbooks/app/site.yaml
index 44f4b5e..8fb42a2 100644
--- a/ansible/playbooks/app/site.yaml
+++ b/ansible/playbooks/app/site.yaml
@@ -233,6 +233,13 @@
           tags: ["site", "nextcloud"]
       tags: ["site", "nextcloud"]
 
+    - name: Set collabora
+      ansible.builtin.include_role:
+        name: "app"
+        tasks_from: "services/set_collabora"
+        apply:
+          tags: ["site", "collabora"]
+      tags: ["site", "collabora"]
 
     - name: Flush handlers right now
       ansible.builtin.meta: "flush_handlers"
diff --git a/ansible/roles/app/handlers/main.yaml b/ansible/roles/app/handlers/main.yaml
index 093d61f..a98f7cd 100644
--- a/ansible/roles/app/handlers/main.yaml
+++ b/ansible/roles/app/handlers/main.yaml
@@ -111,3 +111,14 @@
   changed_when: false
   listen: "notification_restart_nextcloud"
   ignore_errors: true # noqa: ignore-errors
+
+- name: Restart collabora
+  ansible.builtin.systemd:
+    name: "collabora.service"
+    state: "restarted"
+    enabled: true
+    scope: "user"
+    daemon_reload: true
+  changed_when: false
+  listen: "notification_restart_collabora"
+  ignore_errors: true # noqa: ignore-errors
diff --git a/ansible/roles/app/tasks/services/set_collabora.yaml b/ansible/roles/app/tasks/services/set_collabora.yaml
new file mode 100644
index 0000000..9d661c4
--- /dev/null
+++ b/ansible/roles/app/tasks/services/set_collabora.yaml
@@ -0,0 +1,17 @@
+---
+- name: Deploy container file
+  ansible.builtin.template:
+    src: "{{ hostvars['console']['node']['config_path'] }}/services/containers/app/collabora/collabora.container.j2"
+    dest: "{{ node['home_path'] }}/.config/containers/systemd/collabora.container"
+    owner: "{{ ansible_user }}"
+    group: "svadmins"
+    mode: "0644"
+  notify: "notification_restart_collabora"
+
+- name: Enable collabora.service
+  ansible.builtin.systemd:
+    name: "collabora.service"
+    state: "started"
+    enabled: true
+    daemon_reload: true
+    scope: "user"
diff --git a/config/services/containers/app/collabora/collabora.container.j2 b/config/services/containers/app/collabora/collabora.container.j2
new file mode 100644
index 0000000..14000db
--- /dev/null
+++ b/config/services/containers/app/collabora/collabora.container.j2
@@ -0,0 +1,25 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=Collabora Online
+
+[Container]
+Image=docker.io/collabora/code:{{ version['containers']['collabora'] }}
+ContainerName=collabora
+HostName=collabora
+
+PublishPort={{ services['collabora']['ports']['http'] }}:9980/tcp
+
+Environment="TZ=Asia/Seoul"
+Environment="aliasgroup1=https://{{ services['nextcloud']['domain']['public'] }}.{{ domain['public'] }}"
+# Environment="aliasgroup2=other_server_FQDN"
+Environment="extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:server_name={{ services['collabora']['domain']['public'] }}.{{ domain['public'] }} --o:admin_console.enable=false"
+
+[Service]
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target
\ No newline at end of file
diff --git a/config/services/containers/common/caddy/etc/app/Caddyfile.j2 b/config/services/containers/common/caddy/etc/app/Caddyfile.j2
index 686aca4..1e0cea2 100644
--- a/config/services/containers/common/caddy/etc/app/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/app/Caddyfile.j2
@@ -83,3 +83,9 @@
                 header_up Host {http.request.header.X-Forwarded-Host}
         }
 }
+{{ services['collabora']['domain']['internal'] }}.{{ domain['internal'] }} {
+        import private_tls
+        reverse_proxy host.containers.internal:{{ services['collabora']['ports']['http'] }} {
+                header_up Host {http.request.header.X-Forwarded-Host}
+        }
+}
diff --git a/config/services/containers/common/caddy/etc/auth/Caddyfile.j2 b/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
index 433d0d5..708930b 100644
--- a/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
+++ b/config/services/containers/common/caddy/etc/auth/Caddyfile.j2
@@ -145,6 +145,15 @@
                 }
         }
 }
+{{ services['collabora']['domain']['public'] }}.{{ domain['public'] }} {
+        import crowdsec_log
+        route {
+                crowdsec
+                reverse_proxy https://{{services['collabora']['domain']['internal'] }}.{{ domain['internal'] }} {
+                        header_up Host {http.reverse_proxy.upstream.host}
+                }
+        }
+}
 
 # Internal domain
 {{ node['name'] }}.{{ domain['internal'] }} {
diff --git a/docs/services/app/collabora.md b/docs/services/app/collabora.md
new file mode 100644
index 0000000..43d7eea
--- /dev/null
+++ b/docs/services/app/collabora.md
@@ -0,0 +1,28 @@
+# Collabora office
+
+## Prerequisite
+
+- Nothing
+
+## Configuration
+
+- Admin page is disabled by Environment options
+    - `admin_console.enable=false`
+
+### Link to nextcloud
+
+- https://nextcloud.ilnmors.com
+    - login with admin account
+
+- Profile: Apps: Nextcloud Office 
+    - Check installation and enable
+
+- Profile: Administration Settings: Nextcloud Office: Your own server
+    - http://host.containers.internal:9980 (collabora container port)
+    - Public FQDN is set automatically
+    - save
+
+- Files
+    - Verify document opening (verified)
+    - The basic font `Noto Sans KR` exists
+        - Korean is presented very well
diff --git a/docs/specifications/environments.md b/docs/specifications/environments.md
index 50c35f4..004afb9 100644
--- a/docs/specifications/environments.md
+++ b/docs/specifications/environments.md
@@ -123,7 +123,7 @@
         - [x] OpenCloud
         - [x] affine \(Notion substitution\)
         - [x] Nextcloud \(Use nextcloud as CalDAV and CardDav, kanban and todo\)
-        - [ ] Collabora office
+        - [x] Collabora office \(Link to Nextcloud, it works well\)
         - WriteFreely
         - MediaCMS
         - Funkwhale