onlyoffice-docserver/variables.yml

---

oo:
  instance: onlyoffice

  ds:
    image: danielberteaud/onlyoffice-docserver:latest
    resources:
      cpu: 200
      memory: 512
    public_url: https://oods.example.org
    env:
      OO_STORAGE_SECRET: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.storage_secret }}{{ end }}'
      OO_JWT_TOKEN: '{{ with secret "[[ .vault.prefix ]]kv/service/[[ .oo.instance ]]" }}{{ .Data.data.jwt_token }}{{ end }}'
      OO_DB_HOST: 127.0.0.1
      OO_DB_PORT: 5432
      OO_DB_NAME: '[[ .oo.instance ]]'
      OO_DB_USER: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.username }}{{ end }}'
      OO_DB_PASS: '{{ with secret "[[ .vault.prefix ]]database/creds/[[ .oo.instance ]]" }}{{ .Data.password }}{{ end }}'
    traefik:
      enabled: true
      csp:
        default-src: "'self'"
        img-src: "'self' data: https://*"
        script-src: "'self' 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://www.youtube.com/ https://*.cloudfront.net https://cdn.rawgit.com https://code.jquery.com https://translate.googleapis.com https://code.responsivevoice.org https://cdn.jsdelivr.net"
        style-src: "'self' 'unsafe-inline' data: https://fonts.googleapis.com https://translate.googleapis.com"
        font-src: "'self' data: https://fonts.googleapis.com https://fonts.gstatic.com"
        connect-src: "'self' https://www.zotero.org https://cdn.jsdelivr.net https://cdn.rawgit.com https://translate.googleapis.com https://code.responsivevoice.org https://onlyoffice.github.io"
        media-src: "'self' https://code.responsivevoice.org"
        frame-src: "'self' https://www.youtube.com https://onlyoffice.github.io"
      base_middlewares:
        - rate-limit-std@file
        - inflight-std@file
        - security-headers@file
        - hsts@file
        - compression@file
    wait_for:
      - service: 'master.postgres[[ .consul.suffix ]]'
    consul:
      connect:
        upstreams:
          - destination_name: 'postgres[[ .consul.suffix ]]'
            local_bind_port: 5432

  rabbitmq:
    image: rabbitmq:alpine
    env: {}
    resources:
      cpu: 80
      memory: 156

  volumes:
    data:
      type: csi
      source: '[[ .oo.instance ]]-data'
    rabbitmq:
      type: csi
      source: '[[ .oo.instance ]]-rabbitmq'