modules/role/manifests/etherpad.pp

   1 class role::etherpad (
   2   String $web_host,
   3 ) {
   4   $password_seed = lookup("base_installation::puppet_pass_seed")
   5   $real_host   = lookup("base_installation::real_hostname")
   6   $web_listen  = "127.0.0.1"
   7   $web_port    = 18000
   8   $pg_db       = "etherpad-lite"
   9   $pg_user     = "etherpad-lite"
  10   $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
  11
  12   $ldap_server = lookup("base_installation::ldap_server")
  13   $ldap_base   = lookup("base_installation::ldap_base")
  14   $ldap_dn     = lookup("base_installation::ldap_dn")
  15   $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
  16   $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
  17   $ldap_password = generate_password(24, $password_seed, "ldap")
  18
  19
  20   include "base_installation"
  21
  22   include "profile::tools"
  23   include "profile::postgresql"
  24   include "profile::apache"
  25
  26   ensure_packages(["npm"])
  27   ensure_packages(["abiword"])
  28   ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
  29   ensure_packages(["tidy"])
  30   aur::package { "etherpad-lite": }
  31   -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
  32     diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
  33   }
  34   -> file { "/etc/etherpad-lite/settings.json":
  35     ensure  => present,
  36     owner   => "etherpad-lite",
  37     group   => "etherpad-lite",
  38     notify  => Service["etherpad-lite"],
  39     content => template("role/etherpad/settings.json.erb"),
  40   }
  41
  42   $modules = [
  43     "ep_aa_file_menu_toolbar",
  44     "ep_adminpads",
  45     "ep_align",
  46     "ep_bookmark",
  47     "ep_clear_formatting",
  48     "ep_colors",
  49     "ep_copy_paste_select_all",
  50     "ep_cursortrace",
  51     "ep_embedmedia",
  52     "ep_font_family",
  53     "ep_font_size",
  54     "ep_headings2",
  55     "ep_ldapauth",
  56     "ep_line_height",
  57     "ep_markdown",
  58     "ep_previewimages",
  59     "ep_ruler",
  60     "ep_scrollto",
  61     "ep_set_title_on_pad",
  62     "ep_subscript_and_superscript",
  63     "ep_timesliderdiff"
  64     ]
  65
  66   $modules.each |$module| {
  67     exec { "npm_install_$module":
  68       command     => "/usr/bin/npm install $module",
  69       unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
  70       cwd         => "/usr/share/etherpad-lite/",
  71       environment => "HOME=/root",
  72       require     => Aur::Package["etherpad-lite"],
  73       before      => Service["etherpad-lite"],
  74       notify      => Service["etherpad-lite"],
  75     }
  76     ->
  77     file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
  78       ensure => present,
  79       mode   => "0644",
  80       before => Service["etherpad-lite"],
  81     }
  82   }
  83
  84   service { "etherpad-lite":
  85     enable    => true,
  86     ensure    => "running",
  87     require   => [Aur::Package["etherpad-lite"], Service["postgresql"]],
  88     subscribe => Aur::Package["etherpad-lite"],
  89   }
  90
  91   profile::postgresql::master { "postgresql master for etherpad":
  92     letsencrypt_host => $real_host,
  93     backup_hosts     => ["backup-1"],
  94   }
  95
  96   postgresql::server::db { $pg_db:
  97     user     =>  $pg_user,
  98     password =>  postgresql_password($pg_user, $pg_password),
  99   }
 100
 101   postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
 102     type        => 'local',
 103     database    => $pg_db,
 104     user        => $pg_user,
 105     auth_method => 'ident',
 106     order       => "05-01",
 107   }
 108
 109   class { 'apache::mod::headers': }
 110   apache::vhost { $web_host:
 111     port                => '443',
 112     docroot             => false,
 113     manage_docroot      => false,
 114     proxy_dest          => "http://localhost:18000",
 115     request_headers     => 'set X-Forwarded-Proto "https"',
 116     ssl                 => true,
 117     ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
 118     ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
 119     ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
 120     require             => Letsencrypt::Certonly[$web_host],
 121     proxy_preserve_host => true;
 122     default: *          => $::profile::apache::apache_vhost_default;
 123   }
 124 }