From 0a4258423857ed0746e8815f24be1c64f16eba94 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Thu, 6 Nov 2025 11:21:46 +0100
Subject: [PATCH] collabora: allow to use enterprise container image with
 support key

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/collabora-online/Dockerfile     | 15 +++++++++++++++
 Containers/collabora-online/healthcheck.sh |  7 +++++++
 nextcloud-aio-helm-chart/update-helm.sh    | 15 +++++++++++++++
 php/containers.json                        |  2 +-
 php/src/ContainerDefinitionFetcher.php     |  3 +++
 php/src/Data/ConfigurationManager.php      |  7 +++++++
 6 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 Containers/collabora-online/Dockerfile
 create mode 100644 Containers/collabora-online/healthcheck.sh

diff --git a/Containers/collabora-online/Dockerfile b/Containers/collabora-online/Dockerfile
new file mode 100644
index 00000000..72f79928
--- /dev/null
+++ b/Containers/collabora-online/Dockerfile
@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile:latest
+# From https://gitlab.collabora.com/collabora-online/docker
+# hadolint ignore=DL3007
+FROM registry.gitlab.collabora.com/collabora-online/docker:latest
+
+USER root
+ARG DEBIAN_FRONTEND=noninteractive
+
+COPY --chmod=775 healthcheck.sh /healthcheck.sh
+
+USER 1001
+
+HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
diff --git a/Containers/collabora-online/healthcheck.sh b/Containers/collabora-online/healthcheck.sh
new file mode 100644
index 00000000..45e9278b
--- /dev/null
+++ b/Containers/collabora-online/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0
diff --git a/nextcloud-aio-helm-chart/update-helm.sh b/nextcloud-aio-helm-chart/update-helm.sh
index d63dd39e..02428db8 100755
--- a/nextcloud-aio-helm-chart/update-helm.sh
+++ b/nextcloud-aio-helm-chart/update-helm.sh
@@ -343,6 +343,21 @@ EOL
 # shellcheck disable=SC1083
 find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional-talk.config"  \{} \;
 
+# Additional collabora config
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "s/image: ghcr.io.*/IMAGE_PLACEHOLDER/"  \{} \;
+cat << EOL > /tmp/additional-collabora.config
+          {{- if contains "--o:support_key=" (join " " (.Values.ADDITIONAL_COLLABORA_OPTIONS | default list)) }}
+          image: ghcr.io/nextcloud-releases/aio-collabora-online:$DOCKER_TAG
+          {{- else }}
+          image: ghcr.io/nextcloud-releases/aio-collabora:$DOCKER_TAG
+          {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/r /tmp/additional-collabora.config"  \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*collabora-deployment.yaml' -exec sed -i "/IMAGE_PLACEHOLDER/d"  \{} \;
+
 cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
 {{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
 # https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
diff --git a/php/containers.json b/php/containers.json
index 1a775c98..df0e2d28 100644
--- a/php/containers.json
+++ b/php/containers.json
@@ -380,7 +380,7 @@
       "internal_port": "9980",
       "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443,http://nextcloud-aio-apache:23973",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:logging.level_startup=warning --o:welcome.enable=false %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
         "server_name=%NC_DOMAIN%",
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 2ea04d82..7b092e45 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -67,6 +67,9 @@ readonly class ContainerDefinitionFetcher {
                 if (!$this->configurationManager->isCollaboraEnabled()) {
                     continue;
                 }
+                if ($this->configurationManager->isCollaboraSubscriptionEnabled()) {
+                    $entry['image'] = 'ghcr.io/nextcloud-releases/aio-collabora-online';
+                }
             } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index 50937222..58962248 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -978,6 +978,13 @@ class ConfigurationManager
         return $config['collabora_additional_options'];
     }
 
+    public function isCollaboraSubscriptionEnabled() : bool {
+        if (str_contains($this->GetAdditionalCollaboraOptions(), '--o:support_key=')) {
+            return true;
+        }
+        return false;
+    }
+
     public function DeleteAdditionalCollaboraOptions() : void {
         $config = $this->GetConfig();
         $config['collabora_additional_options'] = '';