From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Tue, 5 Jun 2018 21:53:22 +0000 (+0200)
Subject: Add etherpad role
X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FPuppet.git;a=commitdiff_plain;h=c230c6632aba600c34301e1664a4b16acec050e9

Add etherpad role
---

diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml
new file mode 100644
index 0000000..f8781e1
--- /dev/null
+++ b/environments/global/roles/etherpad.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  role::etherpad: ~
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp
new file mode 100644
index 0000000..826525e
--- /dev/null
+++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,129 @@
+class role::etherpad (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+
+  include "base_installation"
+
+  include "profile::tools"
+  include "profile::postgresql"
+  include "profile::apache"
+
+  ensure_packages(["npm"])
+  ensure_packages(["abiword"])
+  ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
+  ensure_packages(["tidy"])
+  aur::package { "etherpad-lite": }
+
+  $modules = [
+    "ep_aa_file_menu_toolbar",
+    "ep_adminpads",
+    "ep_align",
+    "ep_bookmark",
+    "ep_clear_formatting",
+    "ep_colors",
+    "ep_copy_paste_select_all",
+    "ep_cursortrace",
+    "ep_embedmedia",
+    "ep_font_family",
+    "ep_font_size",
+    "ep_headings2",
+    "ep_ldapauth",
+    "ep_line_height",
+    "ep_markdown",
+    "ep_previewimages",
+    "ep_ruler",
+    "ep_scrollto",
+    "ep_set_title_on_pad",
+    "ep_subscript_and_superscript",
+    "ep_timesliderdiff"
+    ]
+
+  $modules.each |$module| {
+    exec { "npm_install_$module":
+      command     => "/usr/bin/npm install $module",
+      unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
+      cwd         => "/usr/share/etherpad-lite/",
+      environment => "HOME=/root",
+      require     => Aur::Package["etherpad-lite"],
+      before      => Service["etherpad-lite"],
+      notify      => Service["etherpad-lite"],
+    }
+    ->
+    file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
+      ensure => present,
+      mode   => "0644",
+      before => Service["etherpad-lite"],
+    }
+  }
+
+  service { "etherpad-lite":
+    enable    => true,
+    ensure    => "running",
+    require   => Aur::Package["etherpad-lite"],
+    subscribe => Aur::Package["etherpad-lite"],
+  }
+
+  $web_host = "outils-1.v.immae.eu"
+  $pg_db               = "etherpad-lite"
+  $pg_user             = "etherpad-lite"
+  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+
+  file { "/var/lib/postgres/data/certs":
+    ensure  => directory,
+    mode    => "0700",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => File["/var/lib/postgres"],
+  }
+
+  file { "/var/lib/postgres/data/certs/cert.pem":
+    source  => "file:///etc/letsencrypt/live/$web_host/cert.pem",
+    mode    => "0600",
+    links   => "follow",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
+  }
+
+  file { "/var/lib/postgres/data/certs/privkey.pem":
+    source  => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
+    mode    => "0600",
+    links   => "follow",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
+  }
+
+  postgresql::server::config_entry { "wal_level":
+    value   => "logical",
+  }
+
+  postgresql::server::config_entry { "ssl":
+    value   => "on",
+    require => Letsencrypt::Certonly[$web_host],
+  }
+
+  postgresql::server::config_entry { "ssl_cert_file":
+    value   => "/var/lib/postgres/data/certs/cert.pem",
+    require => Letsencrypt::Certonly[$web_host],
+  }
+
+  postgresql::server::config_entry { "ssl_key_file":
+    value   => "/var/lib/postgres/data/certs/privkey.pem",
+    require => Letsencrypt::Certonly[$web_host],
+  }
+
+  postgresql::server::db { $pg_db:
+    user     =>  $pg_user,
+    password =>  postgresql_password($pg_user, $pg_password),
+  }
+
+  postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
+    type        => 'local',
+    database    => $pg_db,
+    user        => $pg_user,
+    auth_method => 'ident',
+    order       => "05-01",
+  }
+
+}