diff options
-rw-r--r-- | environments/global/roles/etherpad.yaml | 3 | ||||
-rw-r--r-- | modules/role/manifests/etherpad.pp | 129 |
2 files changed, 132 insertions, 0 deletions
diff --git a/environments/global/roles/etherpad.yaml b/environments/global/roles/etherpad.yaml new file mode 100644 index 0000000..f8781e1 --- /dev/null +++ b/environments/global/roles/etherpad.yaml | |||
@@ -0,0 +1,3 @@ | |||
1 | --- | ||
2 | classes: | ||
3 | role::etherpad: ~ | ||
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp new file mode 100644 index 0000000..826525e --- /dev/null +++ b/modules/role/manifests/etherpad.pp | |||
@@ -0,0 +1,129 @@ | |||
1 | class role::etherpad ( | ||
2 | ) { | ||
3 | $password_seed = lookup("base_installation::puppet_pass_seed") | ||
4 | |||
5 | include "base_installation" | ||
6 | |||
7 | include "profile::tools" | ||
8 | include "profile::postgresql" | ||
9 | include "profile::apache" | ||
10 | |||
11 | ensure_packages(["npm"]) | ||
12 | ensure_packages(["abiword"]) | ||
13 | ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"]) | ||
14 | ensure_packages(["tidy"]) | ||
15 | aur::package { "etherpad-lite": } | ||
16 | |||
17 | $modules = [ | ||
18 | "ep_aa_file_menu_toolbar", | ||
19 | "ep_adminpads", | ||
20 | "ep_align", | ||
21 | "ep_bookmark", | ||
22 | "ep_clear_formatting", | ||
23 | "ep_colors", | ||
24 | "ep_copy_paste_select_all", | ||
25 | "ep_cursortrace", | ||
26 | "ep_embedmedia", | ||
27 | "ep_font_family", | ||
28 | "ep_font_size", | ||
29 | "ep_headings2", | ||
30 | "ep_ldapauth", | ||
31 | "ep_line_height", | ||
32 | "ep_markdown", | ||
33 | "ep_previewimages", | ||
34 | "ep_ruler", | ||
35 | "ep_scrollto", | ||
36 | "ep_set_title_on_pad", | ||
37 | "ep_subscript_and_superscript", | ||
38 | "ep_timesliderdiff" | ||
39 | ] | ||
40 | |||
41 | $modules.each |$module| { | ||
42 | exec { "npm_install_$module": | ||
43 | command => "/usr/bin/npm install $module", | ||
44 | unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module", | ||
45 | cwd => "/usr/share/etherpad-lite/", | ||
46 | environment => "HOME=/root", | ||
47 | require => Aur::Package["etherpad-lite"], | ||
48 | before => Service["etherpad-lite"], | ||
49 | notify => Service["etherpad-lite"], | ||
50 | } | ||
51 | -> | ||
52 | file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized": | ||
53 | ensure => present, | ||
54 | mode => "0644", | ||
55 | before => Service["etherpad-lite"], | ||
56 | } | ||
57 | } | ||
58 | |||
59 | service { "etherpad-lite": | ||
60 | enable => true, | ||
61 | ensure => "running", | ||
62 | require => Aur::Package["etherpad-lite"], | ||
63 | subscribe => Aur::Package["etherpad-lite"], | ||
64 | } | ||
65 | |||
66 | $web_host = "outils-1.v.immae.eu" | ||
67 | $pg_db = "etherpad-lite" | ||
68 | $pg_user = "etherpad-lite" | ||
69 | $pg_password = generate_password(24, $password_seed, "postgres_etherpad") | ||
70 | |||
71 | file { "/var/lib/postgres/data/certs": | ||
72 | ensure => directory, | ||
73 | mode => "0700", | ||
74 | owner => $::profile::postgresql::pg_user, | ||
75 | group => $::profile::postgresql::pg_user, | ||
76 | require => File["/var/lib/postgres"], | ||
77 | } | ||
78 | |||
79 | file { "/var/lib/postgres/data/certs/cert.pem": | ||
80 | source => "file:///etc/letsencrypt/live/$web_host/cert.pem", | ||
81 | mode => "0600", | ||
82 | links => "follow", | ||
83 | owner => $::profile::postgresql::pg_user, | ||
84 | group => $::profile::postgresql::pg_user, | ||
85 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | ||
86 | } | ||
87 | |||
88 | file { "/var/lib/postgres/data/certs/privkey.pem": | ||
89 | source => "file:///etc/letsencrypt/live/$web_host/privkey.pem", | ||
90 | mode => "0600", | ||
91 | links => "follow", | ||
92 | owner => $::profile::postgresql::pg_user, | ||
93 | group => $::profile::postgresql::pg_user, | ||
94 | require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]] | ||
95 | } | ||
96 | |||
97 | postgresql::server::config_entry { "wal_level": | ||
98 | value => "logical", | ||
99 | } | ||
100 | |||
101 | postgresql::server::config_entry { "ssl": | ||
102 | value => "on", | ||
103 | require => Letsencrypt::Certonly[$web_host], | ||
104 | } | ||
105 | |||
106 | postgresql::server::config_entry { "ssl_cert_file": | ||
107 | value => "/var/lib/postgres/data/certs/cert.pem", | ||
108 | require => Letsencrypt::Certonly[$web_host], | ||
109 | } | ||
110 | |||
111 | postgresql::server::config_entry { "ssl_key_file": | ||
112 | value => "/var/lib/postgres/data/certs/privkey.pem", | ||
113 | require => Letsencrypt::Certonly[$web_host], | ||
114 | } | ||
115 | |||
116 | postgresql::server::db { $pg_db: | ||
117 | user => $pg_user, | ||
118 | password => postgresql_password($pg_user, $pg_password), | ||
119 | } | ||
120 | |||
121 | postgresql::server::pg_hba_rule { "allow local access to $pg_user user": | ||
122 | type => 'local', | ||
123 | database => $pg_db, | ||
124 | user => $pg_user, | ||
125 | auth_method => 'ident', | ||
126 | order => "05-01", | ||
127 | } | ||
128 | |||
129 | } | ||