aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--environments/global/roles/etherpad.yaml3
-rw-r--r--modules/role/manifests/etherpad.pp129
2 files changed, 132 insertions, 0 deletions
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml
new file mode 100644
index 0000000..f8781e1
--- /dev/null
+++ b/environments/global/roles/etherpad.yaml
@@ -0,0 +1,3 @@
1---
2classes:
3 role::etherpad: ~
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp
new file mode 100644
index 0000000..826525e
--- /dev/null
+++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,129 @@
1class role::etherpad (
2) {
3 $password_seed = lookup("base_installation::puppet_pass_seed")
4
5 include "base_installation"
6
7 include "profile::tools"
8 include "profile::postgresql"
9 include "profile::apache"
10
11 ensure_packages(["npm"])
12 ensure_packages(["abiword"])
13 ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
14 ensure_packages(["tidy"])
15 aur::package { "etherpad-lite": }
16
17 $modules = [
18 "ep_aa_file_menu_toolbar",
19 "ep_adminpads",
20 "ep_align",
21 "ep_bookmark",
22 "ep_clear_formatting",
23 "ep_colors",
24 "ep_copy_paste_select_all",
25 "ep_cursortrace",
26 "ep_embedmedia",
27 "ep_font_family",
28 "ep_font_size",
29 "ep_headings2",
30 "ep_ldapauth",
31 "ep_line_height",
32 "ep_markdown",
33 "ep_previewimages",
34 "ep_ruler",
35 "ep_scrollto",
36 "ep_set_title_on_pad",
37 "ep_subscript_and_superscript",
38 "ep_timesliderdiff"
39 ]
40
41 $modules.each |$module| {
42 exec { "npm_install_$module":
43 command => "/usr/bin/npm install $module",
44 unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
45 cwd => "/usr/share/etherpad-lite/",
46 environment => "HOME=/root",
47 require => Aur::Package["etherpad-lite"],
48 before => Service["etherpad-lite"],
49 notify => Service["etherpad-lite"],
50 }
51 ->
52 file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
53 ensure => present,
54 mode => "0644",
55 before => Service["etherpad-lite"],
56 }
57 }
58
59 service { "etherpad-lite":
60 enable => true,
61 ensure => "running",
62 require => Aur::Package["etherpad-lite"],
63 subscribe => Aur::Package["etherpad-lite"],
64 }
65
66 $web_host = "outils-1.v.immae.eu"
67 $pg_db = "etherpad-lite"
68 $pg_user = "etherpad-lite"
69 $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
70
71 file { "/var/lib/postgres/data/certs":
72 ensure => directory,
73 mode => "0700",
74 owner => $::profile::postgresql::pg_user,
75 group => $::profile::postgresql::pg_user,
76 require => File["/var/lib/postgres"],
77 }
78
79 file { "/var/lib/postgres/data/certs/cert.pem":
80 source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
81 mode => "0600",
82 links => "follow",
83 owner => $::profile::postgresql::pg_user,
84 group => $::profile::postgresql::pg_user,
85 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
86 }
87
88 file { "/var/lib/postgres/data/certs/privkey.pem":
89 source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
90 mode => "0600",
91 links => "follow",
92 owner => $::profile::postgresql::pg_user,
93 group => $::profile::postgresql::pg_user,
94 require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
95 }
96
97 postgresql::server::config_entry { "wal_level":
98 value => "logical",
99 }
100
101 postgresql::server::config_entry { "ssl":
102 value => "on",
103 require => Letsencrypt::Certonly[$web_host],
104 }
105
106 postgresql::server::config_entry { "ssl_cert_file":
107 value => "/var/lib/postgres/data/certs/cert.pem",
108 require => Letsencrypt::Certonly[$web_host],
109 }
110
111 postgresql::server::config_entry { "ssl_key_file":
112 value => "/var/lib/postgres/data/certs/privkey.pem",
113 require => Letsencrypt::Certonly[$web_host],
114 }
115
116 postgresql::server::db { $pg_db:
117 user => $pg_user,
118 password => postgresql_password($pg_user, $pg_password),
119 }
120
121 postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
122 type => 'local',
123 database => $pg_db,
124 user => $pg_user,
125 auth_method => 'ident',
126 order => "05-01",
127 }
128
129}