modules/role/manifests/etherpad.pp

   1 class role::etherpad (
   2   String $web_host,
   3 ) {
   4   $password_seed = lookup("base_installation::puppet_pass_seed")
   5   $real_host   = lookup("base_installation::real_hostname")
   6   $web_listen  = "127.0.0.1"
   7   $web_port    = 18000
   8   $pg_db       = "etherpad-lite"
   9   $pg_user     = "etherpad-lite"
  10   $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
  11
  12   $ldap_server = lookup("base_installation::ldap_server")
  13   $ldap_base   = lookup("base_installation::ldap_base")
  14   $ldap_dn     = lookup("base_installation::ldap_dn")
  15   $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
  16   $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
  17   $ldap_password = generate_password(24, $password_seed, "ldap")
  18
  19
  20   include "base_installation"
  21
  22   include "profile::tools"
  23   include "profile::postgresql"
  24   include "profile::apache"
  25   include "profile::monitoring"
  26
  27   ensure_packages(["npm"])
  28   ensure_packages(["abiword"])
  29   ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
  30   ensure_packages(["tidy"])
  31   aur::package { "etherpad-lite": }
  32   -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
  33     diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
  34   }
  35   -> file { "/etc/etherpad-lite/settings.json":
  36     ensure  => present,
  37     owner   => "etherpad-lite",
  38     group   => "etherpad-lite",
  39     notify  => Service["etherpad-lite"],
  40     content => template("role/etherpad/settings.json.erb"),
  41   }
  42
  43   $modules = [
  44     "ep_aa_file_menu_toolbar",
  45     "ep_adminpads",
  46     "ep_align",
  47     "ep_bookmark",
  48     "ep_clear_formatting",
  49     "ep_colors",
  50     "ep_copy_paste_select_all",
  51     "ep_cursortrace",
  52     "ep_embedmedia",
  53     "ep_font_family",
  54     "ep_font_size",
  55     "ep_headings2",
  56     "ep_ldapauth",
  57     "ep_line_height",
  58     "ep_markdown",
  59     "ep_previewimages",
  60     "ep_ruler",
  61     "ep_scrollto",
  62     "ep_set_title_on_pad",
  63     "ep_subscript_and_superscript",
  64     "ep_timesliderdiff"
  65     ]
  66
  67   $modules.each |$module| {
  68     exec { "npm_install_$module":
  69       command     => "/usr/bin/npm install $module",
  70       unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
  71       cwd         => "/usr/share/etherpad-lite/",
  72       environment => "HOME=/root",
  73       require     => Aur::Package["etherpad-lite"],
  74       before      => Service["etherpad-lite"],
  75       notify      => Service["etherpad-lite"],
  76     }
  77     ->
  78     file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
  79       ensure => present,
  80       mode   => "0644",
  81       before => Service["etherpad-lite"],
  82     }
  83   }
  84
  85   service { "etherpad-lite":
  86     enable    => true,
  87     ensure    => "running",
  88     require   => [Aur::Package["etherpad-lite"], Service["postgresql"]],
  89     subscribe => Aur::Package["etherpad-lite"],
  90   }
  91
  92   profile::postgresql::master { "postgresql master for etherpad":
  93     letsencrypt_host => $real_host,
  94     backup_hosts     => ["backup-1"],
  95   }
  96
  97   postgresql::server::db { $pg_db:
  98     user     =>  $pg_user,
  99     password =>  postgresql_password($pg_user, $pg_password),
 100   }
 101
 102   postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
 103     type        => 'local',
 104     database    => $pg_db,
 105     user        => $pg_user,
 106     auth_method => 'ident',
 107     order       => "05-01",
 108   }
 109
 110   class { 'apache::mod::headers': }
 111   apache::vhost { $web_host:
 112     port                => '443',
 113     docroot             => false,
 114     manage_docroot      => false,
 115     proxy_dest          => "http://localhost:18000",
 116     request_headers     => 'set X-Forwarded-Proto "https"',
 117     ssl                 => true,
 118     ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
 119     ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
 120     ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
 121     require             => Letsencrypt::Certonly[$web_host],
 122     proxy_preserve_host => true;
 123     default: *          => $::profile::apache::apache_vhost_default;
 124   }
 125
 126   @profile::monitoring::external_service { "Etherpad service is running on $web_host":
 127     type   => "web",
 128     master => {
 129       check_command => "check_https!$web_host!/!<title>Etherpad"
 130     }
 131   }
 132   @profile::monitoring::external_service { "$web_host ssl certificate is up to date":
 133     type   => "web",
 134     master => {
 135       check_command => "check_https_certificate!$web_host"
 136     }
 137   }
 138 }