X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Frole%2Fmanifests%2Fetherpad.pp;h=119af5653d808284e8d0f81763404ede9d691e9b;hb=f7ef7ce7f8d596d38739c5e96623e8630e1036ae;hp=28b9eb6c3c27dad9ec30dc0b01e395aca43ba454;hpb=0a145a25c0a8cbcd50d515d2a828bd6665836ddb;p=perso%2FImmae%2FProjets%2FPuppet.git diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp index 28b9eb6..119af56 100644 --- a/modules/role/manifests/etherpad.pp +++ b/modules/role/manifests/etherpad.pp @@ -1,8 +1,9 @@ class role::etherpad ( + String $web_host, ) { $password_seed = lookup("base_installation::puppet_pass_seed") - $web_host = lookup("base_installation::real_hostname") - $web_listen = "0.0.0.0" + $real_host = lookup("base_installation::real_hostname") + $web_listen = "127.0.0.1" $web_port = 18000 $pg_db = "etherpad-lite" $pg_user = "etherpad-lite" @@ -21,6 +22,7 @@ class role::etherpad ( include "profile::tools" include "profile::postgresql" include "profile::apache" + include "profile::monitoring" ensure_packages(["npm"]) ensure_packages(["abiword"]) @@ -83,12 +85,12 @@ class role::etherpad ( service { "etherpad-lite": enable => true, ensure => "running", - require => Aur::Package["etherpad-lite"], + require => [Aur::Package["etherpad-lite"], Service["postgresql"]], subscribe => Aur::Package["etherpad-lite"], } profile::postgresql::master { "postgresql master for etherpad": - letsencrypt_host => $web_host, + letsencrypt_host => $real_host, backup_hosts => ["backup-1"], } @@ -105,4 +107,32 @@ class role::etherpad ( order => "05-01", } + class { 'apache::mod::headers': } + apache::vhost { $web_host: + port => '443', + docroot => false, + manage_docroot => false, + proxy_dest => "http://localhost:18000", + request_headers => 'set X-Forwarded-Proto "https"', + ssl => true, + ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", + ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", + ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", + require => Letsencrypt::Certonly[$web_host], + proxy_preserve_host => true; + default: * => $::profile::apache::apache_vhost_default; + } + + @profile::monitoring::external_service { "Etherpad service is running on $web_host": + type => "web", + master => { + check_command => "check_https!$web_host!/!Etherpad" + } + } + @profile::monitoring::external_service { "$web_host ssl certificate is up to date": + type => "web", + master => { + check_command => "check_https_certificate!$web_host" + } + } }