]>
Commit | Line | Data |
---|---|---|
c230c663 | 1 | class role::etherpad ( |
c6709846 | 2 | String $web_host, |
c230c663 IB |
3 | ) { |
4 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
c6709846 IB |
5 | $real_host = lookup("base_installation::real_hostname") |
6 | $web_listen = "127.0.0.1" | |
580bd7fc IB |
7 | $web_port = 18000 |
8 | $pg_db = "etherpad-lite" | |
9 | $pg_user = "etherpad-lite" | |
10 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") | |
11 | ||
12 | $ldap_server = lookup("base_installation::ldap_server") | |
13 | $ldap_base = lookup("base_installation::ldap_base") | |
14 | $ldap_dn = lookup("base_installation::ldap_dn") | |
15 | $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))" | |
16 | $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)" | |
17 | $ldap_password = generate_password(24, $password_seed, "ldap") | |
18 | ||
c230c663 IB |
19 | |
20 | include "base_installation" | |
21 | ||
22 | include "profile::tools" | |
23 | include "profile::postgresql" | |
24 | include "profile::apache" | |
25 | ||
26 | ensure_packages(["npm"]) | |
27 | ensure_packages(["abiword"]) | |
28 | ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"]) | |
29 | ensure_packages(["tidy"]) | |
30 | aur::package { "etherpad-lite": } | |
a1c31465 IB |
31 | -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js": |
32 | diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff", | |
33 | } | |
580bd7fc IB |
34 | -> file { "/etc/etherpad-lite/settings.json": |
35 | ensure => present, | |
36 | owner => "etherpad-lite", | |
37 | group => "etherpad-lite", | |
38 | notify => Service["etherpad-lite"], | |
39 | content => template("role/etherpad/settings.json.erb"), | |
40 | } | |
c230c663 IB |
41 | |
42 | $modules = [ | |
43 | "ep_aa_file_menu_toolbar", | |
44 | "ep_adminpads", | |
45 | "ep_align", | |
46 | "ep_bookmark", | |
47 | "ep_clear_formatting", | |
48 | "ep_colors", | |
49 | "ep_copy_paste_select_all", | |
50 | "ep_cursortrace", | |
51 | "ep_embedmedia", | |
52 | "ep_font_family", | |
53 | "ep_font_size", | |
54 | "ep_headings2", | |
55 | "ep_ldapauth", | |
56 | "ep_line_height", | |
57 | "ep_markdown", | |
58 | "ep_previewimages", | |
59 | "ep_ruler", | |
60 | "ep_scrollto", | |
61 | "ep_set_title_on_pad", | |
62 | "ep_subscript_and_superscript", | |
63 | "ep_timesliderdiff" | |
64 | ] | |
65 | ||
66 | $modules.each |$module| { | |
67 | exec { "npm_install_$module": | |
68 | command => "/usr/bin/npm install $module", | |
69 | unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module", | |
70 | cwd => "/usr/share/etherpad-lite/", | |
71 | environment => "HOME=/root", | |
72 | require => Aur::Package["etherpad-lite"], | |
73 | before => Service["etherpad-lite"], | |
74 | notify => Service["etherpad-lite"], | |
75 | } | |
76 | -> | |
77 | file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized": | |
78 | ensure => present, | |
79 | mode => "0644", | |
80 | before => Service["etherpad-lite"], | |
81 | } | |
82 | } | |
83 | ||
84 | service { "etherpad-lite": | |
85 | enable => true, | |
86 | ensure => "running", | |
7485fdca | 87 | require => [Aur::Package["etherpad-lite"], Service["postgresql"]], |
c230c663 IB |
88 | subscribe => Aur::Package["etherpad-lite"], |
89 | } | |
90 | ||
436cae5e | 91 | profile::postgresql::master { "postgresql master for etherpad": |
c6709846 | 92 | letsencrypt_host => $real_host, |
f568173a | 93 | backup_hosts => ["backup-1"], |
c230c663 IB |
94 | } |
95 | ||
96 | postgresql::server::db { $pg_db: | |
97 | user => $pg_user, | |
98 | password => postgresql_password($pg_user, $pg_password), | |
99 | } | |
100 | ||
101 | postgresql::server::pg_hba_rule { "allow local access to $pg_user user": | |
102 | type => 'local', | |
103 | database => $pg_db, | |
104 | user => $pg_user, | |
105 | auth_method => 'ident', | |
106 | order => "05-01", | |
107 | } | |
108 | ||
c6709846 IB |
109 | class { 'apache::mod::headers': } |
110 | apache::vhost { $web_host: | |
111 | port => '443', | |
112 | docroot => false, | |
113 | manage_docroot => false, | |
114 | proxy_dest => "http://localhost:18000", | |
115 | request_headers => 'set X-Forwarded-Proto "https"', | |
116 | ssl => true, | |
117 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
118 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
119 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
120 | require => Letsencrypt::Certonly[$web_host], | |
121 | proxy_preserve_host => true; | |
122 | default: * => $::profile::apache::apache_vhost_default; | |
123 | } | |
c230c663 | 124 | } |