class role::etherpad (
) {
  $password_seed = lookup("base_installation::puppet_pass_seed")

  include "base_installation"

  include "profile::tools"
  include "profile::postgresql"
  include "profile::apache"

  ensure_packages(["npm"])
  ensure_packages(["abiword"])
  ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
  ensure_packages(["tidy"])
  aur::package { "etherpad-lite": }

  $modules = [
    "ep_aa_file_menu_toolbar",
    "ep_adminpads",
    "ep_align",
    "ep_bookmark",
    "ep_clear_formatting",
    "ep_colors",
    "ep_copy_paste_select_all",
    "ep_cursortrace",
    "ep_embedmedia",
    "ep_font_family",
    "ep_font_size",
    "ep_headings2",
    "ep_ldapauth",
    "ep_line_height",
    "ep_markdown",
    "ep_previewimages",
    "ep_ruler",
    "ep_scrollto",
    "ep_set_title_on_pad",
    "ep_subscript_and_superscript",
    "ep_timesliderdiff"
    ]

  $modules.each |$module| {
    exec { "npm_install_$module":
      command     => "/usr/bin/npm install $module",
      unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
      cwd         => "/usr/share/etherpad-lite/",
      environment => "HOME=/root",
      require     => Aur::Package["etherpad-lite"],
      before      => Service["etherpad-lite"],
      notify      => Service["etherpad-lite"],
    }
    ->
    file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
      ensure => present,
      mode   => "0644",
      before => Service["etherpad-lite"],
    }
  }

  service { "etherpad-lite":
    enable    => true,
    ensure    => "running",
    require   => Aur::Package["etherpad-lite"],
    subscribe => Aur::Package["etherpad-lite"],
  }

  $web_host = "outils-1.v.immae.eu"
  $pg_db               = "etherpad-lite"
  $pg_user             = "etherpad-lite"
  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")

  file { "/var/lib/postgres/data/certs":
    ensure  => directory,
    mode    => "0700",
    owner   => $::profile::postgresql::pg_user,
    group   => $::profile::postgresql::pg_user,
    require => File["/var/lib/postgres"],
  }

  file { "/var/lib/postgres/data/certs/cert.pem":
    source  => "file:///etc/letsencrypt/live/$web_host/cert.pem",
    mode    => "0600",
    links   => "follow",
    owner   => $::profile::postgresql::pg_user,
    group   => $::profile::postgresql::pg_user,
    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
  }

  file { "/var/lib/postgres/data/certs/privkey.pem":
    source  => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
    mode    => "0600",
    links   => "follow",
    owner   => $::profile::postgresql::pg_user,
    group   => $::profile::postgresql::pg_user,
    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
  }

  postgresql::server::config_entry { "wal_level":
    value   => "logical",
  }

  postgresql::server::config_entry { "ssl":
    value   => "on",
    require => Letsencrypt::Certonly[$web_host],
  }

  postgresql::server::config_entry { "ssl_cert_file":
    value   => "/var/lib/postgres/data/certs/cert.pem",
    require => Letsencrypt::Certonly[$web_host],
  }

  postgresql::server::config_entry { "ssl_key_file":
    value   => "/var/lib/postgres/data/certs/privkey.pem",
    require => Letsencrypt::Certonly[$web_host],
  }

  postgresql::server::db { $pg_db:
    user     =>  $pg_user,
    password =>  postgresql_password($pg_user, $pg_password),
  }

  postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
    type        => 'local',
    database    => $pg_db,
    user        => $pg_user,
    auth_method => 'ident',
    order       => "05-01",
  }

}