From a838d8d7d357415f89c0afd87759cd89570e88b9 Mon Sep 17 00:00:00 2001
From: Maarten de Waard <maarten@greenhost.nl>
Date: Wed, 2 Oct 2019 16:10:44 +0200
Subject: [PATCH] use newest version with generated secrets instead of
 hardcoded ones

---
 ansible/group_vars/all/oas.yml         | 9 +++++----
 ansible/roles/apps/tasks/helmfiles.yml | 3 +++
 helmfiles/values/nextcloud.yaml.gotmpl | 6 ++++++
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/ansible/group_vars/all/oas.yml b/ansible/group_vars/all/oas.yml
index 882a73d08..b2f2d2f07 100644
--- a/ansible/group_vars/all/oas.yml
+++ b/ansible/group_vars/all/oas.yml
@@ -14,11 +14,12 @@ ansible_python_interpreter: "/usr/bin/env python3"
 
 # Nextcloud administrator password
 nextcloud_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/nextcloud_admin_password chars=ascii_letters') }}"
-# Nextcloud mariadb password for nextcloud db
 nextcloud_mariadb_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/nextcloud_mariadb_password chars=ascii_letters') }}"
-# Nextcloud mariadb root password
 nextcloud_mariadb_root_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/nextcloud_mariadb_root_password chars=ascii_letters') }}"
-# Grafana administrator password
+onlyoffice_jwt_secret: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_jwt_secret chars=ascii_letters') }}"
+onlyoffice_postgresql_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_postgresql_password chars=ascii_letters') }}"
+onlyoffice_rabbitmq_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/onlyoffice_rabbitmq_password chars=ascii_letters') }}"
+
 grafana_admin_password: "{{ lookup('password', '{{ cluster_dir }}/secrets/grafana_admin_password chars=ascii_letters') }}"
 
 # Kubernetes version
@@ -28,7 +29,7 @@ kubernetes_version: "v1.14.3-rancher1-1"
 git_charts_version: 'HEAD'
 git_local_storage_version: 'HEAD'
 # version of the https://open.greenhost.net/openappstack/nextcloud repo
-git_nextcloud_version: '20a744d242d9632f0616d97337d6ad18ef50dc67'
+git_nextcloud_version: 'cac00d369f5eeeddb7b33781ae3966b0c36fc308'
 
 # Application versions
 # https://github.com/kubernetes-sigs/krew/releases
diff --git a/ansible/roles/apps/tasks/helmfiles.yml b/ansible/roles/apps/tasks/helmfiles.yml
index dc448d488..309989fd0 100644
--- a/ansible/roles/apps/tasks/helmfiles.yml
+++ b/ansible/roles/apps/tasks/helmfiles.yml
@@ -24,6 +24,9 @@
     - NEXTCLOUD_PASSWORD: "{{ nextcloud_password }}"
     - NEXTCLOUD_MARIADB_PASSWORD: "{{ nextcloud_mariadb_password }}"
     - NEXTCLOUD_MARIADB_ROOT_PASSWORD: "{{ nextcloud_mariadb_root_password }}"
+    - ONLYOFFICE_JWT_SECRET: "{{ onlyoffice_jwt_secret }}"
+    - ONLYOFFICE_POSTGRESQL_PASSWORD: "{{ onlyoffice_postgresql_password }}"
+    - ONLYOFFICE_RABBITMQ_PASSWORD: "{{ onlyoffice_rabbitmq_password }}"
     - GRAFANA_ADMIN_PASSWORD: "{{ grafana_admin_password }}"
   shell: |
     set -e -x -o pipefail
diff --git a/helmfiles/values/nextcloud.yaml.gotmpl b/helmfiles/values/nextcloud.yaml.gotmpl
index 376beded4..41aa56a44 100644
--- a/helmfiles/values/nextcloud.yaml.gotmpl
+++ b/helmfiles/values/nextcloud.yaml.gotmpl
@@ -82,3 +82,9 @@ onlyoffice-documentserver:
 
   onlyoffice:
     server_name: "office.{{ .Environment.Values.domain }}"
+  jwtSecret: "{{ requiredEnv "ONLYOFFICE_JWT_SECRET" }}"
+  postgresql:
+    postgresqlPassword: "{{ requiredEnv "ONLYOFFICE_POSTGRESQL_PASSWORD" }}"
+  rabbitmq:
+    rabbitmq:
+      password: "{{ requiredEnv "ONLYOFFICE_RABBITMQ_PASSWORD" }}"
-- 
GitLab