90 lines
3.0 KiB
YAML
90 lines
3.0 KiB
YAML
---
|
|
|
|
# Name of this instance. Will control the name of the service and of various default settings (like DB name etc.)
|
|
# You must use different instance names if you want to run several copies on the same cluster
|
|
instance: onlyoffice
|
|
|
|
oo:
|
|
|
|
# Document Services
|
|
ds:
|
|
|
|
# Version of OnlyOffice
|
|
version: 8.0.1
|
|
|
|
# Docker image to use
|
|
image: '[[ .docker.repo ]]onlyoffice-docserver:[[ .oo.ds.version ]]-2'
|
|
|
|
# Resource allocation for OnlyOffice itself
|
|
resources:
|
|
cpu: 300
|
|
memory: 512
|
|
|
|
# The URL where OnlyOffice is available
|
|
public_url: https://oods.example.org
|
|
|
|
vault:
|
|
# Vault policies to attach to the task
|
|
policies:
|
|
- '[[ .instance ]][[ .consul.suffix ]]'
|
|
# Random secrets to generate
|
|
rand_secrets:
|
|
fields:
|
|
- jwt_token
|
|
- storage_secret
|
|
|
|
# Additional env vars to set in the container
|
|
env:
|
|
OO_STORAGE_SECRET: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
|
|
OO_JWT_TOKEN: '{{ with secret "[[ .vault.root ]]kv/service/[[ .instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'
|
|
|
|
# Controls how the service will be exposed with Traefik
|
|
traefik:
|
|
enabled: true
|
|
|
|
# OnlyOffice needs some specific CSP rules
|
|
csp:
|
|
img-src: "'self' data: https://*"
|
|
script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net https://onlyoffice.github.io"
|
|
style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com https://onlyoffice.github.io"
|
|
font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
|
|
connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io"
|
|
media-src: "'self' https://code.responsivevoice.org"
|
|
frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
|
|
|
|
# Wait for the database server to be ready before starting
|
|
wait_for:
|
|
- service: 'master.postgres[[ .consul.suffix ]]'
|
|
|
|
# Connect to the database server with the mesh
|
|
consul:
|
|
connect:
|
|
upstreams:
|
|
- destination_name: 'postgres[[ .consul.suffix ]]'
|
|
local_bind_port: 5432
|
|
|
|
# Rabbitmq service
|
|
rabbitmq:
|
|
# Docker image to use
|
|
image: rabbitmq:alpine
|
|
|
|
# Additional env vars to set in the container
|
|
env: {}
|
|
|
|
# Resource allocation
|
|
resources:
|
|
cpu: 200
|
|
memory: 156
|
|
|
|
# Volume used
|
|
volumes:
|
|
# This is for DocumentServer Data
|
|
data:
|
|
type: csi
|
|
source: '[[ .instance ]]-data'
|
|
|
|
# This is for RabbitMQ
|
|
rabbitmq:
|
|
type: csi
|
|
source: '[[ .instance ]]-rabbitmq'
|