]>
Commit | Line | Data |
---|---|---|
c230c663 IB |
1 | class role::etherpad ( |
2 | ) { | |
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
4 | ||
5 | include "base_installation" | |
6 | ||
7 | include "profile::tools" | |
8 | include "profile::postgresql" | |
9 | include "profile::apache" | |
10 | ||
11 | ensure_packages(["npm"]) | |
12 | ensure_packages(["abiword"]) | |
13 | ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"]) | |
14 | ensure_packages(["tidy"]) | |
15 | aur::package { "etherpad-lite": } | |
16 | ||
17 | $modules = [ | |
18 | "ep_aa_file_menu_toolbar", | |
19 | "ep_adminpads", | |
20 | "ep_align", | |
21 | "ep_bookmark", | |
22 | "ep_clear_formatting", | |
23 | "ep_colors", | |
24 | "ep_copy_paste_select_all", | |
25 | "ep_cursortrace", | |
26 | "ep_embedmedia", | |
27 | "ep_font_family", | |
28 | "ep_font_size", | |
29 | "ep_headings2", | |
30 | "ep_ldapauth", | |
31 | "ep_line_height", | |
32 | "ep_markdown", | |
33 | "ep_previewimages", | |
34 | "ep_ruler", | |
35 | "ep_scrollto", | |
36 | "ep_set_title_on_pad", | |
37 | "ep_subscript_and_superscript", | |
38 | "ep_timesliderdiff" | |
39 | ] | |
40 | ||
41 | $modules.each |$module| { | |
42 | exec { "npm_install_$module": | |
43 | command => "/usr/bin/npm install $module", | |
44 | unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module", | |
45 | cwd => "/usr/share/etherpad-lite/", | |
46 | environment => "HOME=/root", | |
47 | require => Aur::Package["etherpad-lite"], | |
48 | before => Service["etherpad-lite"], | |
49 | notify => Service["etherpad-lite"], | |
50 | } | |
51 | -> | |
52 | file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized": | |
53 | ensure => present, | |
54 | mode => "0644", | |
55 | before => Service["etherpad-lite"], | |
56 | } | |
57 | } | |
58 | ||
59 | service { "etherpad-lite": | |
60 | enable => true, | |
61 | ensure => "running", | |
62 | require => Aur::Package["etherpad-lite"], | |
63 | subscribe => Aur::Package["etherpad-lite"], | |
64 | } | |
65 | ||
66 | $web_host = "outils-1.v.immae.eu" | |
67 | $pg_db = "etherpad-lite" | |
68 | $pg_user = "etherpad-lite" | |
69 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") | |
70 | ||
71 | file { "/var/lib/postgres/data/certs": | |
72 | ensure => directory, | |
73 | mode => "0700", | |
74 | owner => $::profile::postgresql::pg_user, | |
75 | group => $::profile::postgresql::pg_user, | |
76 | require => File["/var/lib/postgres"], | |
77 | } | |
78 | ||
79 | file { "/var/lib/postgres/data/certs/cert.pem": | |
80 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", | |
81 | mode => "0600", | |
82 | links => "follow", | |
83 | owner => $::profile::postgresql::pg_user, | |
84 | group => $::profile::postgresql::pg_user, | |
85 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | |
86 | } | |
87 | ||
88 | file { "/var/lib/postgres/data/certs/privkey.pem": | |
89 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", | |
90 | mode => "0600", | |
91 | links => "follow", | |
92 | owner => $::profile::postgresql::pg_user, | |
93 | group => $::profile::postgresql::pg_user, | |
94 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | |
95 | } | |
96 | ||
97 | postgresql::server::config_entry { "wal_level": | |
98 | value => "logical", | |
99 | } | |
100 | ||
101 | postgresql::server::config_entry { "ssl": | |
102 | value => "on", | |
103 | require => Letsencrypt::Certonly[$web_host], | |
104 | } | |
105 | ||
106 | postgresql::server::config_entry { "ssl_cert_file": | |
107 | value => "/var/lib/postgres/data/certs/cert.pem", | |
108 | require => Letsencrypt::Certonly[$web_host], | |
109 | } | |
110 | ||
111 | postgresql::server::config_entry { "ssl_key_file": | |
112 | value => "/var/lib/postgres/data/certs/privkey.pem", | |
113 | require => Letsencrypt::Certonly[$web_host], | |
114 | } | |
115 | ||
116 | postgresql::server::db { $pg_db: | |
117 | user => $pg_user, | |
118 | password => postgresql_password($pg_user, $pg_password), | |
119 | } | |
120 | ||
121 | postgresql::server::pg_hba_rule { "allow local access to $pg_user user": | |
122 | type => 'local', | |
123 | database => $pg_db, | |
124 | user => $pg_user, | |
125 | auth_method => 'ident', | |
126 | order => "05-01", | |
127 | } | |
128 | ||
129 | } |