+class role::etherpad (
+) {
+ $password_seed = lookup("base_installation::puppet_pass_seed")
+
+ include "base_installation"
+
+ include "profile::tools"
+ include "profile::postgresql"
+ include "profile::apache"
+
+ ensure_packages(["npm"])
+ ensure_packages(["abiword"])
+ ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
+ ensure_packages(["tidy"])
+ aur::package { "etherpad-lite": }
+
+ $modules = [
+ "ep_aa_file_menu_toolbar",
+ "ep_adminpads",
+ "ep_align",
+ "ep_bookmark",
+ "ep_clear_formatting",
+ "ep_colors",
+ "ep_copy_paste_select_all",
+ "ep_cursortrace",
+ "ep_embedmedia",
+ "ep_font_family",
+ "ep_font_size",
+ "ep_headings2",
+ "ep_ldapauth",
+ "ep_line_height",
+ "ep_markdown",
+ "ep_previewimages",
+ "ep_ruler",
+ "ep_scrollto",
+ "ep_set_title_on_pad",
+ "ep_subscript_and_superscript",
+ "ep_timesliderdiff"
+ ]
+
+ $modules.each |$module| {
+ exec { "npm_install_$module":
+ command => "/usr/bin/npm install $module",
+ unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
+ cwd => "/usr/share/etherpad-lite/",
+ environment => "HOME=/root",
+ require => Aur::Package["etherpad-lite"],
+ before => Service["etherpad-lite"],
+ notify => Service["etherpad-lite"],
+ }
+ ->
+ file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
+ ensure => present,
+ mode => "0644",
+ before => Service["etherpad-lite"],
+ }
+ }
+
+ service { "etherpad-lite":
+ enable => true,
+ ensure => "running",
+ require => Aur::Package["etherpad-lite"],
+ subscribe => Aur::Package["etherpad-lite"],
+ }
+
+ $web_host = "outils-1.v.immae.eu"
+ $pg_db = "etherpad-lite"
+ $pg_user = "etherpad-lite"
+ $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+
+ file { "/var/lib/postgres/data/certs":
+ ensure => directory,
+ mode => "0700",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => File["/var/lib/postgres"],
+ }
+
+ file { "/var/lib/postgres/data/certs/cert.pem":
+ source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
+ mode => "0600",
+ links => "follow",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
+ }
+
+ file { "/var/lib/postgres/data/certs/privkey.pem":
+ source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
+ mode => "0600",
+ links => "follow",
+ owner => $::profile::postgresql::pg_user,
+ group => $::profile::postgresql::pg_user,
+ require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
+ }
+
+ postgresql::server::config_entry { "wal_level":
+ value => "logical",
+ }
+
+ postgresql::server::config_entry { "ssl":
+ value => "on",
+ require => Letsencrypt::Certonly[$web_host],
+ }
+
+ postgresql::server::config_entry { "ssl_cert_file":
+ value => "/var/lib/postgres/data/certs/cert.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ }
+
+ postgresql::server::config_entry { "ssl_key_file":
+ value => "/var/lib/postgres/data/certs/privkey.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ }
+
+ postgresql::server::db { $pg_db:
+ user => $pg_user,
+ password => postgresql_password($pg_user, $pg_password),
+ }
+
+ postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
+ type => 'local',
+ database => $pg_db,
+ user => $pg_user,
+ auth_method => 'ident',
+ order => "05-01",
+ }
+
+}