9 files changed, 342 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules
index 0f21622..d68cf4e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -64,3 +64,6 @@
 [submodule "external_modules/slack"]
        path = external_modules/slack
        url = git://git.immae.eu/github/cegeka/puppet-slack
+[submodule "external_modules/patch"]
+        path = external_modules/patch
+        url = git://git.immae.eu/github/tohuwabohu/puppet-patch.git
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml
new file mode 100644
index 0000000..f8781e1
--- /dev/null
+++ b/environments/global/roles/etherpad.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  role::etherpad: ~
diff --git a/external_modules/patch b/external_modules/patch
new file mode 160000
+Subproject fed3814e759347d72b919ebeb1b6837c5d13373
diff --git a/modules/profile/files/postgresql_master/pam_postgresql b/modules/profile/files/postgresql_master/pam_postgresql
new file mode 100644
index 0000000..70a90ae
--- /dev/null
+++ b/modules/profile/files/postgresql_master/pam_postgresql
@@ -0,0 +1,3 @@
+auth            required        pam_ldap.so config=/etc/pam_ldap.d/postgresql.conf
+account         required        pam_ldap.so config=/etc/pam_ldap.d/postgresql.conf
diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp
new file mode 100644
index 0000000..9966f0d
--- /dev/null
+++ b/modules/profile/manifests/postgresql_master.pp
@@ -0,0 +1,115 @@
+define profile::postgresql_master (
+  $letsencrypt_host = undef,
+  $backup_hosts     = [],
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  ensure_resource("file", "/var/lib/postgres/data/certs", {
+    ensure  => directory,
+    mode    => "0700",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => File["/var/lib/postgres"],
+  })
+  ensure_resource("file", "/var/lib/postgres/data/certs/cert.pem", {
+    source  => "file:///etc/letsencrypt/live/$letsencrypt_host/cert.pem",
+    mode    => "0600",
+    links   => "follow",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
+  })
+  ensure_resource("file", "/var/lib/postgres/data/certs/privkey.pem", {
+    source  => "file:///etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
+    mode    => "0600",
+    links   => "follow",
+    owner   => $::profile::postgresql::pg_user,
+    group   => $::profile::postgresql::pg_user,
+    require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
+  })
+  ensure_resource("postgresql::server::config_entry", "wal_level", {
+    value => "logical",
+  })
+  ensure_resource("postgresql::server::config_entry", "ssl", {
+    value   => "on",
+    require => Letsencrypt::Certonly[$letsencrypt_host],
+  })
+  ensure_resource("postgresql::server::config_entry", "ssl_cert_file", {
+    value   => "/var/lib/postgres/data/certs/cert.pem",
+    require => Letsencrypt::Certonly[$letsencrypt_host],
+  })
+  ensure_resource("postgresql::server::config_entry", "ssl_key_file", {
+    value   => "/var/lib/postgres/data/certs/privkey.pem",
+    require => Letsencrypt::Certonly[$letsencrypt_host],
+  })
+  $backup_hosts.each |$backup_host| {
+    ensure_packages(["pam_ldap"])
+    $host = find_host($facts["ldapvar"]["other"], $backup_host)
+    unless empty($host) {
+      $host["ipHostNumber"].each |$ip| {
+        $infos = split($ip, "/")
+        $ipaddress = $infos[0]
+        if (length($infos) == 1 and $ipaddress =~ /:/) {
+          $mask = "128"
+        } elsif (length($infos) == 1) {
+          $mask = "32"
+        } else {
+          $mask = $infos[1]
+        }
+        postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
+          type        => 'hostssl',
+          database    => 'replication',
+          user        => $backup_host,
+          address     => "$ipaddress/$mask",
+          auth_method => 'pam',
+          order       => "06-01",
+        }
+      }
+      postgresql::server::role { $backup_host:
+        replication => true,
+      }
+      postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
+        ensure => present
+      }
+    }
+    $ldap_server = lookup("base_installation::ldap_server")
+    $ldap_base   = lookup("base_installation::ldap_base")
+    $ldap_dn     = lookup("base_installation::ldap_dn")
+    $ldap_password = generate_password(24, $password_seed, "ldap")
+    $ldap_attribute = "cn"
+    file { "/etc/pam_ldap.d":
+      ensure => directory,
+      mode   => "0755",
+      owner  => "root",
+      group  => "root",
+    } ->
+    file { "/etc/pam_ldap.d/postgresql.conf":
+      ensure  => "present",
+      mode    => "0600",
+      owner   => $::profile::postgresql::pg_user,
+      group   => "root",
+      content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+    } ->
+    file { "/etc/pam.d/postgresql":
+      ensure => "present",
+      mode   => "0644",
+      owner  => "root",
+      group  => "root",
+      source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+    }
+  }
+}
diff --git a/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb b/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb
new file mode 100644
index 0000000..f3d9674
--- /dev/null
+++ b/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb
@@ -0,0 +1,6 @@
+host <%= @ldap_server %>
+base <%= @ldap_base %>
+binddn <%= @ldap_dn %>
+bindpw <%= @ldap_password %>
+pam_login_attribute <%= @ldap_attribute %>
diff --git a/modules/role/files/etherpad/libreoffice_patch.diff b/modules/role/files/etherpad/libreoffice_patch.diff
new file mode 100644
index 0000000..dbfdf1a
--- /dev/null
+++ b/modules/role/files/etherpad/libreoffice_patch.diff
@@ -0,0 +1,11 @@
+--- a/LibreOffice.js      2018-06-18 09:54:15.087161212 +0200
+++ b/LibreOffice.js    2018-06-18 10:33:27.534055021 +0200
+@@ -63,6 +63,7 @@
+         '--invisible',
+         '--nologo',
+         '--nolockcheck',
+        '-env:UserInstallation=file:///tmp/',
+         '--convert-to', task.type,
+         task.srcFile,
+         '--outdir', tmpDir
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp
new file mode 100644
index 0000000..109da96
--- /dev/null
+++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,108 @@
+class role::etherpad (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  $web_host    = lookup("base_installation::real_hostname")
+  $web_listen  = "0.0.0.0"
+  $web_port    = 18000
+  $pg_db       = "etherpad-lite"
+  $pg_user     = "etherpad-lite"
+  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+  $ldap_server = lookup("base_installation::ldap_server")
+  $ldap_base   = lookup("base_installation::ldap_base")
+  $ldap_dn     = lookup("base_installation::ldap_dn")
+  $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
+  $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
+  $ldap_password = generate_password(24, $password_seed, "ldap")
+  include "base_installation"
+  include "profile::tools"
+  include "profile::postgresql"
+  include "profile::apache"
+  ensure_packages(["npm"])
+  ensure_packages(["abiword"])
+  ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
+  ensure_packages(["tidy"])
+  aur::package { "etherpad-lite": }
+  -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
+    diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
+  }
+  -> file { "/etc/etherpad-lite/settings.json":
+    ensure  => present,
+    owner   => "etherpad-lite",
+    group   => "etherpad-lite",
+    notify  => Service["etherpad-lite"],
+    content => template("role/etherpad/settings.json.erb"),
+  }
+  $modules = [
+    "ep_aa_file_menu_toolbar",
+    "ep_adminpads",
+    "ep_align",
+    "ep_bookmark",
+    "ep_clear_formatting",
+    "ep_colors",
+    "ep_copy_paste_select_all",
+    "ep_cursortrace",
+    "ep_embedmedia",
+    "ep_font_family",
+    "ep_font_size",
+    "ep_headings2",
+    "ep_ldapauth",
+    "ep_line_height",
+    "ep_markdown",
+    "ep_previewimages",
+    "ep_ruler",
+    "ep_scrollto",
+    "ep_set_title_on_pad",
+    "ep_subscript_and_superscript",
+    "ep_timesliderdiff"
+    ]
+  $modules.each |$module| {
+    exec { "npm_install_$module":
+      command     => "/usr/bin/npm install $module",
+      unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
+      cwd         => "/usr/share/etherpad-lite/",
+      environment => "HOME=/root",
+      require     => Aur::Package["etherpad-lite"],
+      before      => Service["etherpad-lite"],
+      notify      => Service["etherpad-lite"],
+    }
+    ->
+    file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
+      ensure => present,
+      mode   => "0644",
+      before => Service["etherpad-lite"],
+    }
+  }
+  service { "etherpad-lite":
+    enable    => true,
+    ensure    => "running",
+    require   => Aur::Package["etherpad-lite"],
+    subscribe => Aur::Package["etherpad-lite"],
+  }
+  profile::postgresql_master { "postgresql master for etherpad":
+    letsencrypt_host => $web_host,
+    backup_hosts     => ["backup-1"],
+  }
+  postgresql::server::db { $pg_db:
+    user     =>  $pg_user,
+    password =>  postgresql_password($pg_user, $pg_password),
+  }
+  postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
+    type        => 'local',
+    database    => $pg_db,
+    user        => $pg_user,
+    auth_method => 'ident',
+    order       => "05-01",
+  }
+}
diff --git a/modules/role/templates/etherpad/settings.json.erb b/modules/role/templates/etherpad/settings.json.erb
new file mode 100644
index 0000000..dfd69c1
--- /dev/null
+++ b/modules/role/templates/etherpad/settings.json.erb
@@ -0,0 +1,93 @@
+{
+  "title": "Etherpad",
+  "favicon": "favicon.ico",
+  "ip": "<%= @web_listen %>",
+  "port" : <%= @web_port %>,
+  "showSettingsInAdminPage" : false,
+  "dbType" : "postgres",
+  "dbSettings" : {
+    "user"    : "<%= @pg_user %>",
+    "host"    : "/run/postgresql",
+    "password": "",
+    "database": "<%= @pg_db %>",
+    "charset" : "utf8mb4"
+  },
+  "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
+  "padOptions": {
+    "noColors": false,
+    "showControls": true,
+    "showChat": true,
+    "showLineNumbers": true,
+    "useMonospaceFont": false,
+    "userName": false,
+    "userColor": false,
+    "rtl": false,
+    "alwaysShowChat": false,
+    "chatAndUsers": false,
+    "lang": "en-gb"
+  },
+  "suppressErrorsInPadText" : false,
+  "requireSession" : false,
+  "editOnly" : false,
+  "sessionNoPassword" : false,
+  "minify" : true,
+  "maxAge" : 21600,
+  "abiword" : "/usr/bin/abiword",
+  "soffice" : "/usr/bin/soffice",
+  "tidyHtml" : "/usr/bin/tidy",
+  "allowUnknownFileEnds" : true,
+  "requireAuthentication" : false,
+  "requireAuthorization" : false,
+  "trustProxy" : false,
+  "disableIPlogging" : false,
+  "automaticReconnectionTimeout" : 0,
+  "scrollWhenFocusLineIsOutOfViewport": {
+    "percentage": {
+      "editionAboveViewport": 0,
+      "editionBelowViewport": 0
+    },
+    "duration": 0,
+    "scrollWhenCaretIsInTheLastLineOfViewport": false,
+    "percentageToScrollWhenUserPressesArrowUp": 0
+  },
+  "users": {
+    "ldapauth": {
+      "url": "ldaps://<%= @ldap_server %>",
+      "accountBase": "<%= @ldap_base %>",
+      "accountPattern": "<%= @ldap_account_pattern %>",
+      "displayNameAttribute": "cn",
+      "searchDN": "<%= @ldap_dn %>",
+      "searchPWD": "<%= @ldap_password %>",
+      "groupSearchBase": "<%= @ldap_base %>",
+      "groupAttribute": "member",
+      "groupAttributeIsDN": true,
+      "searchScope": "sub",
+      "groupSearch": "<%= @ldap_group_pattern %>",
+      "anonymousReadonly": false
+    }
+  },
+  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
+  "loadTest": false,
+  "indentationOnNewLine": false,
+  "toolbar": {
+    "left": [
+      ["bold", "italic", "underline", "strikethrough"],
+      ["orderedlist", "unorderedlist", "indent", "outdent"],
+      ["undo", "redo"],
+      ["clearauthorship"]
+    ],
+    "right": [
+      ["importexport", "timeslider", "savedrevision"],
+      ["settings", "embed"],
+      ["showusers"]
+    ],
+    "timeslider": [
+      ["timeslider_export", "timeslider_returnToPad"]
+    ]
+  },
+  "loglevel": "INFO",
+  "logconfig" : { "appenders": [ { "type": "console" } ] }
+}

diff --git a/.gitmodules b/.gitmodules index 0f21622..d68cf4e 100644 --- a/.gitmodules +++ b/.gitmodules
@@ -64,3 +64,6 @@
64	[submodule "external_modules/slack"]	64	[submodule "external_modules/slack"]
65	path = external_modules/slack	65	path = external_modules/slack
66	url = git://git.immae.eu/github/cegeka/puppet-slack	66	url = git://git.immae.eu/github/cegeka/puppet-slack
		67	[submodule "external_modules/patch"]
		68	path = external_modules/patch
		69	url = git://git.immae.eu/github/tohuwabohu/puppet-patch.git


diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml new file mode 100644 index 0000000..f8781e1 --- /dev/null +++ b/environments/global/roles/etherpad.yaml
@@ -0,0 +1,3 @@
		1	---
		2	classes:
		3	role::etherpad: ~


diff --git a/external_modules/patch b/external_modules/patch new file mode 160000
			Subproject fed3814e759347d72b919ebeb1b6837c5d13373


diff --git a/modules/profile/files/postgresql_master/pam_postgresql b/modules/profile/files/postgresql_master/pam_postgresql new file mode 100644 index 0000000..70a90ae --- /dev/null +++ b/modules/profile/files/postgresql_master/pam_postgresql
@@ -0,0 +1,3 @@
		1	auth required pam_ldap.so config=/etc/pam_ldap.d/postgresql.conf
		2	account required pam_ldap.so config=/etc/pam_ldap.d/postgresql.conf
		3


diff --git a/modules/profile/manifests/postgresql_master.pp b/modules/profile/manifests/postgresql_master.pp new file mode 100644 index 0000000..9966f0d --- /dev/null +++ b/modules/profile/manifests/postgresql_master.pp
@@ -0,0 +1,115 @@
		1	define profile::postgresql_master (
		2	$letsencrypt_host = undef,
		3	$backup_hosts = [],
		4	) {
		5	$password_seed = lookup("base_installation::puppet_pass_seed")
		6
		7	ensure_resource("file", "/var/lib/postgres/data/certs", {
		8	ensure => directory,
		9	mode => "0700",
		10	owner => $::profile::postgresql::pg_user,
		11	group => $::profile::postgresql::pg_user,
		12	require => File["/var/lib/postgres"],
		13	})
		14
		15	ensure_resource("file", "/var/lib/postgres/data/certs/cert.pem", {
		16	source => "file:///etc/letsencrypt/live/$letsencrypt_host/cert.pem",
		17	mode => "0600",
		18	links => "follow",
		19	owner => $::profile::postgresql::pg_user,
		20	group => $::profile::postgresql::pg_user,
		21	require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
		22	})
		23
		24	ensure_resource("file", "/var/lib/postgres/data/certs/privkey.pem", {
		25	source => "file:///etc/letsencrypt/live/$letsencrypt_host/privkey.pem",
		26	mode => "0600",
		27	links => "follow",
		28	owner => $::profile::postgresql::pg_user,
		29	group => $::profile::postgresql::pg_user,
		30	require => [Letsencrypt::Certonly[$letsencrypt_host], File["/var/lib/postgres/data/certs"]]
		31	})
		32
		33	ensure_resource("postgresql::server::config_entry", "wal_level", {
		34	value => "logical",
		35	})
		36
		37	ensure_resource("postgresql::server::config_entry", "ssl", {
		38	value => "on",
		39	require => Letsencrypt::Certonly[$letsencrypt_host],
		40	})
		41
		42	ensure_resource("postgresql::server::config_entry", "ssl_cert_file", {
		43	value => "/var/lib/postgres/data/certs/cert.pem",
		44	require => Letsencrypt::Certonly[$letsencrypt_host],
		45	})
		46
		47	ensure_resource("postgresql::server::config_entry", "ssl_key_file", {
		48	value => "/var/lib/postgres/data/certs/privkey.pem",
		49	require => Letsencrypt::Certonly[$letsencrypt_host],
		50	})
		51
		52	$backup_hosts.each \|$backup_host\| {
		53	ensure_packages(["pam_ldap"])
		54
		55	$host = find_host($facts["ldapvar"]["other"], $backup_host)
		56	unless empty($host) {
		57	$host["ipHostNumber"].each \|$ip\| {
		58	$infos = split($ip, "/")
		59	$ipaddress = $infos[0]
		60	if (length($infos) == 1 and $ipaddress =~ /:/) {
		61	$mask = "128"
		62	} elsif (length($infos) == 1) {
		63	$mask = "32"
		64	} else {
		65	$mask = $infos[1]
		66	}
		67
		68	postgresql::server::pg_hba_rule { "allow TCP access to replication user from backup for replication from $ipaddress/$mask":
		69	type => 'hostssl',
		70	database => 'replication',
		71	user => $backup_host,
		72	address => "$ipaddress/$mask",
		73	auth_method => 'pam',
		74	order => "06-01",
		75	}
		76	}
		77
		78	postgresql::server::role { $backup_host:
		79	replication => true,
		80	}
		81
		82	postgresql_replication_slot { regsubst($backup_host, '-', "_", "G"):
		83	ensure => present
		84	}
		85	}
		86
		87	$ldap_server = lookup("base_installation::ldap_server")
		88	$ldap_base = lookup("base_installation::ldap_base")
		89	$ldap_dn = lookup("base_installation::ldap_dn")
		90	$ldap_password = generate_password(24, $password_seed, "ldap")
		91	$ldap_attribute = "cn"
		92
		93	file { "/etc/pam_ldap.d":
		94	ensure => directory,
		95	mode => "0755",
		96	owner => "root",
		97	group => "root",
		98	} ->
		99	file { "/etc/pam_ldap.d/postgresql.conf":
		100	ensure => "present",
		101	mode => "0600",
		102	owner => $::profile::postgresql::pg_user,
		103	group => "root",
		104	content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
		105	} ->
		106	file { "/etc/pam.d/postgresql":
		107	ensure => "present",
		108	mode => "0644",
		109	owner => "root",
		110	group => "root",
		111	source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
		112	}
		113	}
		114
		115	}


diff --git a/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb b/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb new file mode 100644 index 0000000..f3d9674 --- /dev/null +++ b/modules/profile/templates/postgresql_master/pam_ldap_postgresql.conf.erb
@@ -0,0 +1,6 @@
		1	host <%= @ldap_server %>
		2
		3	base <%= @ldap_base %>
		4	binddn <%= @ldap_dn %>
		5	bindpw <%= @ldap_password %>
		6	pam_login_attribute <%= @ldap_attribute %>


diff --git a/modules/role/files/etherpad/libreoffice_patch.diff b/modules/role/files/etherpad/libreoffice_patch.diff new file mode 100644 index 0000000..dbfdf1a --- /dev/null +++ b/modules/role/files/etherpad/libreoffice_patch.diff
@@ -0,0 +1,11 @@
		1	--- a/LibreOffice.js 2018-06-18 09:54:15.087161212 +0200
		2	+++ b/LibreOffice.js 2018-06-18 10:33:27.534055021 +0200
		3	@@ -63,6 +63,7 @@
		4	'--invisible',
		5	'--nologo',
		6	'--nolockcheck',
		7	+ '-env:UserInstallation=file:///tmp/',
		8	'--convert-to', task.type,
		9	task.srcFile,
		10	'--outdir', tmpDir
		11


diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp new file mode 100644 index 0000000..109da96 --- /dev/null +++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,108 @@
		1	class role::etherpad (
		2	) {
		3	$password_seed = lookup("base_installation::puppet_pass_seed")
		4	$web_host = lookup("base_installation::real_hostname")
		5	$web_listen = "0.0.0.0"
		6	$web_port = 18000
		7	$pg_db = "etherpad-lite"
		8	$pg_user = "etherpad-lite"
		9	$pg_password = generate_password(24, $password_seed, "postgres_etherpad")
		10
		11	$ldap_server = lookup("base_installation::ldap_server")
		12	$ldap_base = lookup("base_installation::ldap_base")
		13	$ldap_dn = lookup("base_installation::ldap_dn")
		14	$ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
		15	$ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
		16	$ldap_password = generate_password(24, $password_seed, "ldap")
		17
		18
		19	include "base_installation"
		20
		21	include "profile::tools"
		22	include "profile::postgresql"
		23	include "profile::apache"
		24
		25	ensure_packages(["npm"])
		26	ensure_packages(["abiword"])
		27	ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
		28	ensure_packages(["tidy"])
		29	aur::package { "etherpad-lite": }
		30	-> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
		31	diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
		32	}
		33	-> file { "/etc/etherpad-lite/settings.json":
		34	ensure => present,
		35	owner => "etherpad-lite",
		36	group => "etherpad-lite",
		37	notify => Service["etherpad-lite"],
		38	content => template("role/etherpad/settings.json.erb"),
		39	}
		40
		41	$modules = [
		42	"ep_aa_file_menu_toolbar",
		43	"ep_adminpads",
		44	"ep_align",
		45	"ep_bookmark",
		46	"ep_clear_formatting",
		47	"ep_colors",
		48	"ep_copy_paste_select_all",
		49	"ep_cursortrace",
		50	"ep_embedmedia",
		51	"ep_font_family",
		52	"ep_font_size",
		53	"ep_headings2",
		54	"ep_ldapauth",
		55	"ep_line_height",
		56	"ep_markdown",
		57	"ep_previewimages",
		58	"ep_ruler",
		59	"ep_scrollto",
		60	"ep_set_title_on_pad",
		61	"ep_subscript_and_superscript",
		62	"ep_timesliderdiff"
		63	]
		64
		65	$modules.each \|$module\| {
		66	exec { "npm_install_$module":
		67	command => "/usr/bin/npm install $module",
		68	unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
		69	cwd => "/usr/share/etherpad-lite/",
		70	environment => "HOME=/root",
		71	require => Aur::Package["etherpad-lite"],
		72	before => Service["etherpad-lite"],
		73	notify => Service["etherpad-lite"],
		74	}
		75	->
		76	file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
		77	ensure => present,
		78	mode => "0644",
		79	before => Service["etherpad-lite"],
		80	}
		81	}
		82
		83	service { "etherpad-lite":
		84	enable => true,
		85	ensure => "running",
		86	require => Aur::Package["etherpad-lite"],
		87	subscribe => Aur::Package["etherpad-lite"],
		88	}
		89
		90	profile::postgresql_master { "postgresql master for etherpad":
		91	letsencrypt_host => $web_host,
		92	backup_hosts => ["backup-1"],
		93	}
		94
		95	postgresql::server::db { $pg_db:
		96	user => $pg_user,
		97	password => postgresql_password($pg_user, $pg_password),
		98	}
		99
		100	postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
		101	type => 'local',
		102	database => $pg_db,
		103	user => $pg_user,
		104	auth_method => 'ident',
		105	order => "05-01",
		106	}
		107
		108	}


diff --git a/modules/role/templates/etherpad/settings.json.erb b/modules/role/templates/etherpad/settings.json.erb new file mode 100644 index 0000000..dfd69c1 --- /dev/null +++ b/modules/role/templates/etherpad/settings.json.erb
@@ -0,0 +1,93 @@
		1	{
		2	"title": "Etherpad",
		3	"favicon": "favicon.ico",
		4
		5	"ip": "<%= @web_listen %>",
		6	"port" : <%= @web_port %>,
		7	"showSettingsInAdminPage" : false,
		8	"dbType" : "postgres",
		9	"dbSettings" : {
		10	"user" : "<%= @pg_user %>",
		11	"host" : "/run/postgresql",
		12	"password": "",
		13	"database": "<%= @pg_db %>",
		14	"charset" : "utf8mb4"
		15	},
		16
		17	"defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
		18	"padOptions": {
		19	"noColors": false,
		20	"showControls": true,
		21	"showChat": true,
		22	"showLineNumbers": true,
		23	"useMonospaceFont": false,
		24	"userName": false,
		25	"userColor": false,
		26	"rtl": false,
		27	"alwaysShowChat": false,
		28	"chatAndUsers": false,
		29	"lang": "en-gb"
		30	},
		31
		32	"suppressErrorsInPadText" : false,
		33	"requireSession" : false,
		34	"editOnly" : false,
		35	"sessionNoPassword" : false,
		36	"minify" : true,
		37	"maxAge" : 21600,
		38	"abiword" : "/usr/bin/abiword",
		39	"soffice" : "/usr/bin/soffice",
		40	"tidyHtml" : "/usr/bin/tidy",
		41	"allowUnknownFileEnds" : true,
		42	"requireAuthentication" : false,
		43	"requireAuthorization" : false,
		44	"trustProxy" : false,
		45	"disableIPlogging" : false,
		46	"automaticReconnectionTimeout" : 0,
		47	"scrollWhenFocusLineIsOutOfViewport": {
		48	"percentage": {
		49	"editionAboveViewport": 0,
		50	"editionBelowViewport": 0
		51	},
		52	"duration": 0,
		53	"scrollWhenCaretIsInTheLastLineOfViewport": false,
		54	"percentageToScrollWhenUserPressesArrowUp": 0
		55	},
		56	"users": {
		57	"ldapauth": {
		58	"url": "ldaps://<%= @ldap_server %>",
		59	"accountBase": "<%= @ldap_base %>",
		60	"accountPattern": "<%= @ldap_account_pattern %>",
		61	"displayNameAttribute": "cn",
		62	"searchDN": "<%= @ldap_dn %>",
		63	"searchPWD": "<%= @ldap_password %>",
		64	"groupSearchBase": "<%= @ldap_base %>",
		65	"groupAttribute": "member",
		66	"groupAttributeIsDN": true,
		67	"searchScope": "sub",
		68	"groupSearch": "<%= @ldap_group_pattern %>",
		69	"anonymousReadonly": false
		70	}
		71	},
		72	"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
		73	"loadTest": false,
		74	"indentationOnNewLine": false,
		75	"toolbar": {
		76	"left": [
		77	["bold", "italic", "underline", "strikethrough"],
		78	["orderedlist", "unorderedlist", "indent", "outdent"],
		79	["undo", "redo"],
		80	["clearauthorship"]
		81	],
		82	"right": [
		83	["importexport", "timeslider", "savedrevision"],
		84	["settings", "embed"],
		85	["showusers"]
		86	],
		87	"timeslider": [
		88	["timeslider_export", "timeslider_returnToPad"]
		89	]
		90	},
		91	"loglevel": "INFO",
		92	"logconfig" : { "appenders": [ { "type": "console" } ] }
		93	}