class role::etherpad (
+ String $web_host,
) {
$password_seed = lookup("base_installation::puppet_pass_seed")
+ $real_host = lookup("base_installation::real_hostname")
+ $web_listen = "127.0.0.1"
+ $web_port = 18000
+ $pg_db = "etherpad-lite"
+ $pg_user = "etherpad-lite"
+ $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+
+ $ldap_server = lookup("base_installation::ldap_server")
+ $ldap_base = lookup("base_installation::ldap_base")
+ $ldap_dn = lookup("base_installation::ldap_dn")
+ $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
+ $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
+ $ldap_password = generate_password(24, $password_seed, "ldap")
+
include "base_installation"
include "profile::tools"
include "profile::postgresql"
include "profile::apache"
+ include "profile::monitoring"
ensure_packages(["npm"])
ensure_packages(["abiword"])
ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
ensure_packages(["tidy"])
aur::package { "etherpad-lite": }
+ -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
+ diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
+ }
+ -> file { "/etc/etherpad-lite/settings.json":
+ ensure => present,
+ owner => "etherpad-lite",
+ group => "etherpad-lite",
+ notify => Service["etherpad-lite"],
+ content => template("role/etherpad/settings.json.erb"),
+ }
$modules = [
"ep_aa_file_menu_toolbar",
service { "etherpad-lite":
enable => true,
ensure => "running",
- require => Aur::Package["etherpad-lite"],
+ require => [Aur::Package["etherpad-lite"], Service["postgresql"]],
subscribe => Aur::Package["etherpad-lite"],
}
- $web_host = "outils-1.v.immae.eu"
- $pg_db = "etherpad-lite"
- $pg_user = "etherpad-lite"
- $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
-
- file { "/var/lib/postgres/data/certs":
- ensure => directory,
- mode => "0700",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => File["/var/lib/postgres"],
- }
-
- file { "/var/lib/postgres/data/certs/cert.pem":
- source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
- mode => "0600",
- links => "follow",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
- }
-
- file { "/var/lib/postgres/data/certs/privkey.pem":
- source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
- mode => "0600",
- links => "follow",
- owner => $::profile::postgresql::pg_user,
- group => $::profile::postgresql::pg_user,
- require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
- }
-
- postgresql::server::config_entry { "wal_level":
- value => "logical",
- }
-
- postgresql::server::config_entry { "ssl":
- value => "on",
- require => Letsencrypt::Certonly[$web_host],
- }
-
- postgresql::server::config_entry { "ssl_cert_file":
- value => "/var/lib/postgres/data/certs/cert.pem",
- require => Letsencrypt::Certonly[$web_host],
- }
-
- postgresql::server::config_entry { "ssl_key_file":
- value => "/var/lib/postgres/data/certs/privkey.pem",
- require => Letsencrypt::Certonly[$web_host],
+ profile::postgresql::master { "postgresql master for etherpad":
+ letsencrypt_host => $real_host,
+ backup_hosts => ["backup-1"],
}
postgresql::server::db { $pg_db:
order => "05-01",
}
+ class { 'apache::mod::headers': }
+ apache::vhost { $web_host:
+ port => '443',
+ docroot => false,
+ manage_docroot => false,
+ proxy_dest => "http://localhost:18000",
+ request_headers => 'set X-Forwarded-Proto "https"',
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ proxy_preserve_host => true;
+ default: * => $::profile::apache::apache_vhost_default;
+ }
+
+ @profile::monitoring::external_service { "Etherpad service is running on $web_host":
+ type => "web",
+ master => {
+ check_command => "check_https!$web_host!/!<title>Etherpad"
+ }
+ }
+ @profile::monitoring::external_service { "$web_host ssl certificate is up to date":
+ type => "web",
+ master => {
+ check_command => "check_https_certificate!$web_host"
+ }
+ }
}