]>
Commit | Line | Data |
---|---|---|
c230c663 IB |
1 | class role::etherpad ( |
2 | ) { | |
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
4 | ||
5 | include "base_installation" | |
6 | ||
7 | include "profile::tools" | |
8 | include "profile::postgresql" | |
9 | include "profile::apache" | |
10 | ||
11 | ensure_packages(["npm"]) | |
12 | ensure_packages(["abiword"]) | |
13 | ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"]) | |
14 | ensure_packages(["tidy"]) | |
15 | aur::package { "etherpad-lite": } | |
a1c31465 IB |
16 | -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js": |
17 | diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff", | |
18 | } | |
c230c663 IB |
19 | |
20 | $modules = [ | |
21 | "ep_aa_file_menu_toolbar", | |
22 | "ep_adminpads", | |
23 | "ep_align", | |
24 | "ep_bookmark", | |
25 | "ep_clear_formatting", | |
26 | "ep_colors", | |
27 | "ep_copy_paste_select_all", | |
28 | "ep_cursortrace", | |
29 | "ep_embedmedia", | |
30 | "ep_font_family", | |
31 | "ep_font_size", | |
32 | "ep_headings2", | |
33 | "ep_ldapauth", | |
34 | "ep_line_height", | |
35 | "ep_markdown", | |
36 | "ep_previewimages", | |
37 | "ep_ruler", | |
38 | "ep_scrollto", | |
39 | "ep_set_title_on_pad", | |
40 | "ep_subscript_and_superscript", | |
41 | "ep_timesliderdiff" | |
42 | ] | |
43 | ||
44 | $modules.each |$module| { | |
45 | exec { "npm_install_$module": | |
46 | command => "/usr/bin/npm install $module", | |
47 | unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module", | |
48 | cwd => "/usr/share/etherpad-lite/", | |
49 | environment => "HOME=/root", | |
50 | require => Aur::Package["etherpad-lite"], | |
51 | before => Service["etherpad-lite"], | |
52 | notify => Service["etherpad-lite"], | |
53 | } | |
54 | -> | |
55 | file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized": | |
56 | ensure => present, | |
57 | mode => "0644", | |
58 | before => Service["etherpad-lite"], | |
59 | } | |
60 | } | |
61 | ||
62 | service { "etherpad-lite": | |
63 | enable => true, | |
64 | ensure => "running", | |
65 | require => Aur::Package["etherpad-lite"], | |
66 | subscribe => Aur::Package["etherpad-lite"], | |
67 | } | |
68 | ||
69 | $web_host = "outils-1.v.immae.eu" | |
70 | $pg_db = "etherpad-lite" | |
71 | $pg_user = "etherpad-lite" | |
72 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") | |
73 | ||
74 | file { "/var/lib/postgres/data/certs": | |
75 | ensure => directory, | |
76 | mode => "0700", | |
77 | owner => $::profile::postgresql::pg_user, | |
78 | group => $::profile::postgresql::pg_user, | |
79 | require => File["/var/lib/postgres"], | |
80 | } | |
81 | ||
82 | file { "/var/lib/postgres/data/certs/cert.pem": | |
83 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", | |
84 | mode => "0600", | |
85 | links => "follow", | |
86 | owner => $::profile::postgresql::pg_user, | |
87 | group => $::profile::postgresql::pg_user, | |
88 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | |
89 | } | |
90 | ||
91 | file { "/var/lib/postgres/data/certs/privkey.pem": | |
92 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", | |
93 | mode => "0600", | |
94 | links => "follow", | |
95 | owner => $::profile::postgresql::pg_user, | |
96 | group => $::profile::postgresql::pg_user, | |
97 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | |
98 | } | |
99 | ||
100 | postgresql::server::config_entry { "wal_level": | |
101 | value => "logical", | |
102 | } | |
103 | ||
104 | postgresql::server::config_entry { "ssl": | |
105 | value => "on", | |
106 | require => Letsencrypt::Certonly[$web_host], | |
107 | } | |
108 | ||
109 | postgresql::server::config_entry { "ssl_cert_file": | |
110 | value => "/var/lib/postgres/data/certs/cert.pem", | |
111 | require => Letsencrypt::Certonly[$web_host], | |
112 | } | |
113 | ||
114 | postgresql::server::config_entry { "ssl_key_file": | |
115 | value => "/var/lib/postgres/data/certs/privkey.pem", | |
116 | require => Letsencrypt::Certonly[$web_host], | |
117 | } | |
118 | ||
119 | postgresql::server::db { $pg_db: | |
120 | user => $pg_user, | |
121 | password => postgresql_password($pg_user, $pg_password), | |
122 | } | |
123 | ||
124 | postgresql::server::pg_hba_rule { "allow local access to $pg_user user": | |
125 | type => 'local', | |
126 | database => $pg_db, | |
127 | user => $pg_user, | |
128 | auth_method => 'ident', | |
129 | order => "05-01", | |
130 | } | |
131 | ||
132 | } |