From 08586d778c27af4393a166e16ae9244d1d7b266c Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Fri, 13 Feb 2026 10:24:11 +0100 Subject: [PATCH] added onlyoffice --- argocd-apps/homelab.yaml | 21 +++ office-system/onlyoffice.yaml | 258 ++++++++++++++++++++++++++++++++++ 2 files changed, 279 insertions(+) create mode 100644 office-system/onlyoffice.yaml diff --git a/argocd-apps/homelab.yaml b/argocd-apps/homelab.yaml index ee535ec..db1d8ad 100644 --- a/argocd-apps/homelab.yaml +++ b/argocd-apps/homelab.yaml @@ -1078,4 +1078,25 @@ spec: syncOptions: - CreateNamespace=true - ServerSideApply=true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: office + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: office-system + destination: + server: https://kubernetes.default.svc + namespace: office-system + syncPolicy: + syncOptions: + - CreateNamespace=true + - ServerSideApply=true --- \ No newline at end of file diff --git a/office-system/onlyoffice.yaml b/office-system/onlyoffice.yaml new file mode 100644 index 0000000..5277321 --- /dev/null +++ b/office-system/onlyoffice.yaml @@ -0,0 +1,258 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: onlyoffice + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + app.kubernetes.io/version: "9.0.2" +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + template: + metadata: + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + app.kubernetes.io/version: "9.0.2" + annotations: + match-regex.version-checker.io/onlyoffice: '^\d+\.\d+\.\d+$' + spec: + containers: + - name: onlyoffice + image: onlyoffice/documentserver:9.0.2 + imagePullPolicy: IfNotPresent + env: + - name: TZ + value: Europe/Budapest + - name: JWT_ENABLED + value: "true" + - name: JWT_SECRET + valueFrom: + secretKeyRef: + name: onlyoffice-secrets + key: jwt-secret + - name: JWT_HEADER + value: Authorization + - name: JWT_IN_BODY + value: "true" + ports: + - containerPort: 80 + name: http + protocol: TCP + livenessProbe: + httpGet: + path: /healthcheck + port: http + initialDelaySeconds: 120 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /healthcheck + port: http + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + resources: + requests: + cpu: 200m + memory: 1Gi + limits: + cpu: 2000m + memory: 4Gi + volumeMounts: + - name: data + mountPath: /var/www/onlyoffice/Data + - name: lib + mountPath: /var/lib/onlyoffice + - name: logs + mountPath: /var/log/onlyoffice + - name: db + mountPath: /var/lib/postgresql + volumes: + - name: data + persistentVolumeClaim: + claimName: onlyoffice-data + - name: lib + persistentVolumeClaim: + claimName: onlyoffice-lib + - name: logs + persistentVolumeClaim: + claimName: onlyoffice-logs + - name: db + persistentVolumeClaim: + claimName: onlyoffice-db +--- +apiVersion: v1 +kind: Service +metadata: + name: onlyoffice + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + app.kubernetes.io/version: "9.0.2" +spec: + type: ClusterIP + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: onlyoffice + namespace: office-system + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + external-dns.alpha.kubernetes.io/hostname: office.dooplex.hu,office.home + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: 100m + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc" + nginx.ingress.kubernetes.io/configuration-snippet: | + set $geo_allowed 0; + if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; } + if ($remote_addr ~ "^10\.") { set $geo_allowed 1; } + if ($geoip2_country_code = "HU") { set $geo_allowed 1; } + if ($geo_allowed = 0) { + return 403 "Access restricted to Hungary"; + } + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice +spec: + ingressClassName: nginx-internal + rules: + - host: office.dooplex.hu + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: onlyoffice + port: + number: 80 + - host: office.home + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: onlyoffice + port: + number: 80 + tls: + - hosts: + - office.dooplex.hu + secretName: onlyoffice-tls +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: onlyoffice-data + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-hdd + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: onlyoffice-lib + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-ssd2 + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: onlyoffice-logs + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-ssd2 + resources: + requests: + storage: 2Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: onlyoffice-db + namespace: office-system + labels: + app.kubernetes.io/instance: onlyoffice + app.kubernetes.io/name: onlyoffice + recurring-job-group.longhorn.io/needbackup: enabled + recurring-job.longhorn.io/source: enabled +spec: + accessModes: + - ReadWriteOnce + storageClassName: longhorn-ssd2 + resources: + requests: + storage: 5Gi +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: onlyoffice + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: homelab + source: + repoURL: https://gitea.dooplex.hu/admin/homelab-manifests.git + targetRevision: main + path: office-system + destination: + server: https://kubernetes.default.svc + namespace: office-system + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true \ No newline at end of file