3 files changed, 223 insertions, 10 deletions
diff --git a/modules/role/manifests/backup.pp b/modules/role/manifests/backup.pp
index b35c542..51b689d 100644
--- a/modules/role/manifests/backup.pp
+++ b/modules/role/manifests/backup.pp
@@ -17,6 +17,14 @@ class role::backup (
  include "role::backup::postgresql"
+  ensure_packages(["python", "python-pip"])
+  package { "pylog2rotate":
+    source   => "git+https://github.com/avian2/pylog2rotate",
+    ensure   => present,
+    provider => "pip3",
+    require  => Package["python-pip"],
+  }
  ensure_packages(["rsync"])
  ssh_keygen { $user:
diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp
index e635611..ee62a00 100644
--- a/modules/role/manifests/backup/postgresql.pp
+++ b/modules/role/manifests/backup/postgresql.pp
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup {
  $ldap_server = lookup("base_installation::ldap_server")
  $ldap_base   = lookup("base_installation::ldap_base")
  $ldap_dn     = lookup("base_installation::ldap_dn")
-  $ldap_attribute = "uid"
+  $pgbouncer_ldap_attribute = "uid"
  $pg_slot = regsubst($ldap_cn, '-', "_", "G")
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup {
        ],
      }
-      file { "/etc/pam_ldap.d":
-        ensure => directory,
-        mode   => "0755",
-        owner  => "root",
-        group  => "root",
-      } ->
      file { "/etc/pam_ldap.d/pgbouncer.conf":
        ensure  => "present",
        mode    => "0600",
        owner   => $pg_user,
        group   => "root",
        content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
+        require => File["/etc/pam_ldap.d"],
      } ->
      file { "/etc/pam.d/pgbouncer":
        ensure => "present",
@@ -94,17 +89,107 @@ class role::backup::postgresql inherits role::backup {
    }
  }
-  $pg_backup_hosts.each |$pg_backup_host, $pg_infos| {
+  $ldap_attribute = "cn"
+  file { "/etc/pam_ldap.d":
+    ensure => directory,
+    mode   => "0755",
+    owner  => "root",
+    group  => "root",
+  } ->
+  file { "/etc/pam_ldap.d/postgresql.conf":
+    ensure  => "present",
+    mode    => "0600",
+    owner   => $pg_user,
+    group   => "root",
+    content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
+  } ->
+  file { "/etc/pam.d/postgresql":
+    ensure => "present",
+    mode   => "0644",
+    owner  => "root",
+    group  => "root",
+    source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
+  }
+  $pg_backup_hosts.each |$backup_host_cn, $pg_infos| {
+    $host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
+    if empty($host) {
+      $pg_backup_host = $backup_host_cn
+    } elsif has_key($host["vars"], "host") {
+      $pg_backup_host = $host["vars"]["host"][0]
+    } else {
+      $pg_backup_host = $host["vars"]["real_hostname"][0]
+    }
    $pg_path = "$mountpoint/$pg_backup_host/postgresql"
    $pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
    $pg_host = "$pg_backup_host"
    $pg_port = $pg_infos["dbport"]
+    if has_key($host["vars"], "postgresql_backup_port") {
+      $pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
+      file { "$pg_path/certs":
+        ensure => directory,
+        mode   => "0700",
+        owner  => $pg_user,
+        group  => $pg_group,
+      } ->
+      ssl::self_signed_certificate { $backup_host_cn:
+        common_name  => $backup_host_cn,
+        country      => "FR",
+        days         => "3650",
+        organization => "Immae",
+        owner        => $pg_user,
+        group        => $pg_group,
+        directory    => "$pg_path/certs",
+        before       => File["$pg_path/postgresql.conf"],
+      }
+      $ssl_key  = "$pg_path/certs/$backup_host_cn.key"
+      $ssl_cert = "$pg_path/certs/$backup_host_cn.crt"
+    } else {
+      $pg_listen_port = undef
+      $ssl_key = undef
+      $ssl_cert = undef
+    }
+    unless empty($host) {
+      $host["ipHostNumber"].each |$ip| {
+        $infos = split($ip, "/")
+        $ipaddress = $infos[0]
+        if (length($infos) == 1 and $ipaddress =~ /:/) {
+          $mask = "128"
+        } elsif (length($infos) == 1) {
+          $mask = "32"
+        } else {
+          $mask = $infos[1]
+        }
+        postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
+          type        => 'hostssl',
+          database    => 'replication',
+          user        => $backup_host_cn,
+          address     => "$ipaddress/$mask",
+          auth_method => 'pam',
+          order       => "06-01",
+          target      => "$pg_path/pg_hba.conf",
+          postgresql_version => "10",
+        }
+      }
+    }
    if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
+      if empty($pg_listen_port) {
+        $pg_listen_port_key = ""
+      } else {
+        $pg_listen_port_key = "port=$pg_listen_port"
+      }
      concat::fragment { "pgbouncer_$pg_backup_host":
        target  => "/etc/pgbouncer/pgbouncer.ini",
        order   => 02,
-        content => "${pg_infos[pgbouncer_dbname]} = host=$mountpoint/$pg_backup_host/postgresql user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
+        content => "${pg_infos[pgbouncer_dbname]} = host=$mountpoint/$pg_backup_host/postgresql $pg_listen_port_key user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
      }
      postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
@@ -153,12 +238,19 @@ class role::backup::postgresql inherits role::backup {
          description => "Backup the database",
        },
        {
-          command     => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql | sort -r | sed -e '1,16d')",
+          command     => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql | grep -v 'T22:' | sort -r | sed -e '1,12d')",
          user        => $pg_user,
          hour        => 3,
          minute      => 0,
          description => "Cleanup the database backups",
        },
+        {
+          command     => "cd $pg_backup_path ; /usr/bin/rm -f $(ls -1 *T22*.sql | log2rotate --skip 7 --fuzz 7 --delete --format='%Y-%m-%dT%H:%M:%S+02:00.sql')",
+          user        => $pg_user,
+          hour        => 3,
+          minute      => 1,
+          description => "Cleanup the database backups exponentially",
+        },
      ]
    }
@@ -277,6 +369,11 @@ class role::backup::postgresql inherits role::backup {
        Concat["$pg_path/pg_hba.conf"],
        Concat["$pg_path/recovery.conf"],
        File["$pg_path/postgresql.conf"],
+      ],
+      subscribe => [
+        Concat["$pg_path/pg_hba.conf"],
+        Concat["$pg_path/recovery.conf"],
+        File["$pg_path/postgresql.conf"],
      ]
    }
  }
diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp
new file mode 100644
index 0000000..109da96
--- /dev/null
+++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,108 @@
+class role::etherpad (
+) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  $web_host    = lookup("base_installation::real_hostname")
+  $web_listen  = "0.0.0.0"
+  $web_port    = 18000
+  $pg_db       = "etherpad-lite"
+  $pg_user     = "etherpad-lite"
+  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+  $ldap_server = lookup("base_installation::ldap_server")
+  $ldap_base   = lookup("base_installation::ldap_base")
+  $ldap_dn     = lookup("base_installation::ldap_dn")
+  $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
+  $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
+  $ldap_password = generate_password(24, $password_seed, "ldap")
+  include "base_installation"
+  include "profile::tools"
+  include "profile::postgresql"
+  include "profile::apache"
+  ensure_packages(["npm"])
+  ensure_packages(["abiword"])
+  ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
+  ensure_packages(["tidy"])
+  aur::package { "etherpad-lite": }
+  -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
+    diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
+  }
+  -> file { "/etc/etherpad-lite/settings.json":
+    ensure  => present,
+    owner   => "etherpad-lite",
+    group   => "etherpad-lite",
+    notify  => Service["etherpad-lite"],
+    content => template("role/etherpad/settings.json.erb"),
+  }
+  $modules = [
+    "ep_aa_file_menu_toolbar",
+    "ep_adminpads",
+    "ep_align",
+    "ep_bookmark",
+    "ep_clear_formatting",
+    "ep_colors",
+    "ep_copy_paste_select_all",
+    "ep_cursortrace",
+    "ep_embedmedia",
+    "ep_font_family",
+    "ep_font_size",
+    "ep_headings2",
+    "ep_ldapauth",
+    "ep_line_height",
+    "ep_markdown",
+    "ep_previewimages",
+    "ep_ruler",
+    "ep_scrollto",
+    "ep_set_title_on_pad",
+    "ep_subscript_and_superscript",
+    "ep_timesliderdiff"
+    ]
+  $modules.each |$module| {
+    exec { "npm_install_$module":
+      command     => "/usr/bin/npm install $module",
+      unless      => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
+      cwd         => "/usr/share/etherpad-lite/",
+      environment => "HOME=/root",
+      require     => Aur::Package["etherpad-lite"],
+      before      => Service["etherpad-lite"],
+      notify      => Service["etherpad-lite"],
+    }
+    ->
+    file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
+      ensure => present,
+      mode   => "0644",
+      before => Service["etherpad-lite"],
+    }
+  }
+  service { "etherpad-lite":
+    enable    => true,
+    ensure    => "running",
+    require   => Aur::Package["etherpad-lite"],
+    subscribe => Aur::Package["etherpad-lite"],
+  }
+  profile::postgresql_master { "postgresql master for etherpad":
+    letsencrypt_host => $web_host,
+    backup_hosts     => ["backup-1"],
+  }
+  postgresql::server::db { $pg_db:
+    user     =>  $pg_user,
+    password =>  postgresql_password($pg_user, $pg_password),
+  }
+  postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
+    type        => 'local',
+    database    => $pg_db,
+    user        => $pg_user,
+    auth_method => 'ident',
+    order       => "05-01",
+  }
+}

diff --git a/modules/role/manifests/backup.pp b/modules/role/manifests/backup.pp index b35c542..51b689d 100644 --- a/modules/role/manifests/backup.pp +++ b/modules/role/manifests/backup.pp
@@ -17,6 +17,14 @@ class role::backup (
17		17
18	include "role::backup::postgresql"	18	include "role::backup::postgresql"
19		19
		20	ensure_packages(["python", "python-pip"])
		21	package { "pylog2rotate":
		22	source => "git+https://github.com/avian2/pylog2rotate",
		23	ensure => present,
		24	provider => "pip3",
		25	require => Package["python-pip"],
		26	}
		27
20	ensure_packages(["rsync"])	28	ensure_packages(["rsync"])
21		29
22	ssh_keygen { $user:	30	ssh_keygen { $user:


diff --git a/modules/role/manifests/backup/postgresql.pp b/modules/role/manifests/backup/postgresql.pp index e635611..ee62a00 100644 --- a/modules/role/manifests/backup/postgresql.pp +++ b/modules/role/manifests/backup/postgresql.pp
@@ -13,7 +13,7 @@ class role::backup::postgresql inherits role::backup {
13	$ldap_server = lookup("base_installation::ldap_server")	13	$ldap_server = lookup("base_installation::ldap_server")
14	$ldap_base = lookup("base_installation::ldap_base")	14	$ldap_base = lookup("base_installation::ldap_base")
15	$ldap_dn = lookup("base_installation::ldap_dn")	15	$ldap_dn = lookup("base_installation::ldap_dn")
16	$ldap_attribute = "uid"	16	$pgbouncer_ldap_attribute = "uid"
17		17
18	$pg_slot = regsubst($ldap_cn, '-', "_", "G")	18	$pg_slot = regsubst($ldap_cn, '-', "_", "G")
19		19
@@ -71,18 +71,13 @@ class role::backup::postgresql inherits role::backup {
71	],	71	],
72	}	72	}
73		73
74	file { "/etc/pam_ldap.d":
75	ensure => directory,
76	mode => "0755",
77	owner => "root",
78	group => "root",
79	} ->
80	file { "/etc/pam_ldap.d/pgbouncer.conf":	74	file { "/etc/pam_ldap.d/pgbouncer.conf":
81	ensure => "present",	75	ensure => "present",
82	mode => "0600",	76	mode => "0600",
83	owner => $pg_user,	77	owner => $pg_user,
84	group => "root",	78	group => "root",
85	content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),	79	content => template("role/backup/pam_ldap_pgbouncer.conf.erb"),
		80	require => File["/etc/pam_ldap.d"],
86	} ->	81	} ->
87	file { "/etc/pam.d/pgbouncer":	82	file { "/etc/pam.d/pgbouncer":
88	ensure => "present",	83	ensure => "present",
@@ -94,17 +89,107 @@ class role::backup::postgresql inherits role::backup {
94	}	89	}
95	}	90	}
96		91
97	$pg_backup_hosts.each \|$pg_backup_host, $pg_infos\| {	92	$ldap_attribute = "cn"
		93
		94	file { "/etc/pam_ldap.d":
		95	ensure => directory,
		96	mode => "0755",
		97	owner => "root",
		98	group => "root",
		99	} ->
		100	file { "/etc/pam_ldap.d/postgresql.conf":
		101	ensure => "present",
		102	mode => "0600",
		103	owner => $pg_user,
		104	group => "root",
		105	content => template("profile/postgresql_master/pam_ldap_postgresql.conf.erb"),
		106	} ->
		107	file { "/etc/pam.d/postgresql":
		108	ensure => "present",
		109	mode => "0644",
		110	owner => "root",
		111	group => "root",
		112	source => "puppet:///modules/profile/postgresql_master/pam_postgresql"
		113	}
		114
		115	$pg_backup_hosts.each \|$backup_host_cn, $pg_infos\| {
		116	$host = find_host($facts["ldapvar"]["other"], $backup_host_cn)
		117	if empty($host) {
		118	$pg_backup_host = $backup_host_cn
		119	} elsif has_key($host["vars"], "host") {
		120	$pg_backup_host = $host["vars"]["host"][0]
		121	} else {
		122	$pg_backup_host = $host["vars"]["real_hostname"][0]
		123	}
		124
98	$pg_path = "$mountpoint/$pg_backup_host/postgresql"	125	$pg_path = "$mountpoint/$pg_backup_host/postgresql"
99	$pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"	126	$pg_backup_path = "$mountpoint/$pg_backup_host/postgresql_backup"
100	$pg_host = "$pg_backup_host"	127	$pg_host = "$pg_backup_host"
101	$pg_port = $pg_infos["dbport"]	128	$pg_port = $pg_infos["dbport"]
102		129
		130	if has_key($host["vars"], "postgresql_backup_port") {
		131	$pg_listen_port = $host["vars"]["postgresql_backup_port"][0]
		132	file { "$pg_path/certs":
		133	ensure => directory,
		134	mode => "0700",
		135	owner => $pg_user,
		136	group => $pg_group,
		137	} ->
		138	ssl::self_signed_certificate { $backup_host_cn:
		139	common_name => $backup_host_cn,
		140	country => "FR",
		141	days => "3650",
		142	organization => "Immae",
		143	owner => $pg_user,
		144	group => $pg_group,
		145	directory => "$pg_path/certs",
		146	before => File["$pg_path/postgresql.conf"],
		147	}
		148	$ssl_key = "$pg_path/certs/$backup_host_cn.key"
		149	$ssl_cert = "$pg_path/certs/$backup_host_cn.crt"
		150	} else {
		151	$pg_listen_port = undef
		152	$ssl_key = undef
		153	$ssl_cert = undef
		154	}
		155
		156
		157	unless empty($host) {
		158	$host["ipHostNumber"].each \|$ip\| {
		159	$infos = split($ip, "/")
		160	$ipaddress = $infos[0]
		161	if (length($infos) == 1 and $ipaddress =~ /:/) {
		162	$mask = "128"
		163	} elsif (length($infos) == 1) {
		164	$mask = "32"
		165	} else {
		166	$mask = $infos[1]
		167	}
		168
		169	postgresql::server::pg_hba_rule { "allow TCP access for initial replication from $ipaddress/$mask":
		170	type => 'hostssl',
		171	database => 'replication',
		172	user => $backup_host_cn,
		173	address => "$ipaddress/$mask",
		174	auth_method => 'pam',
		175	order => "06-01",
		176	target => "$pg_path/pg_hba.conf",
		177	postgresql_version => "10",
		178	}
		179	}
		180	}
		181
103	if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {	182	if !empty($ldap_filter) and ($pg_infos["pgbouncer"]) {
		183	if empty($pg_listen_port) {
		184	$pg_listen_port_key = ""
		185	} else {
		186	$pg_listen_port_key = "port=$pg_listen_port"
		187	}
		188
104	concat::fragment { "pgbouncer_$pg_backup_host":	189	concat::fragment { "pgbouncer_$pg_backup_host":
105	target => "/etc/pgbouncer/pgbouncer.ini",	190	target => "/etc/pgbouncer/pgbouncer.ini",
106	order => 02,	191	order => 02,
107	content => "${pg_infos[pgbouncer_dbname]} = host=$mountpoint/$pg_backup_host/postgresql user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",	192	content => "${pg_infos[pgbouncer_dbname]} = host=$mountpoint/$pg_backup_host/postgresql $pg_listen_port_key user=${pg_infos[dbuser]} dbname=${pg_infos[dbname]}",
108	}	193	}
109		194
110	postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":	195	postgresql::server::pg_hba_rule { "$pg_backup_host - local access as ${pg_infos[dbuser]} user":
@@ -153,12 +238,19 @@ class role::backup::postgresql inherits role::backup {
153	description => "Backup the database",	238	description => "Backup the database",
154	},	239	},
155	{	240	{
156	command => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql \| sort -r \| sed -e '1,16d')",	241	command => "/usr/bin/rm -f $(ls -1 $pg_backup_path/*.sql \| grep -v 'T22:' \| sort -r \| sed -e '1,12d')",
157	user => $pg_user,	242	user => $pg_user,
158	hour => 3,	243	hour => 3,
159	minute => 0,	244	minute => 0,
160	description => "Cleanup the database backups",	245	description => "Cleanup the database backups",
161	},	246	},
		247	{
		248	command => "cd $pg_backup_path ; /usr/bin/rm -f $(ls -1 T22.sql \| log2rotate --skip 7 --fuzz 7 --delete --format='%Y-%m-%dT%H:%M:%S+02:00.sql')",
		249	user => $pg_user,
		250	hour => 3,
		251	minute => 1,
		252	description => "Cleanup the database backups exponentially",
		253	},
162	]	254	]
163	}	255	}
164		256
@@ -277,6 +369,11 @@ class role::backup::postgresql inherits role::backup {
277	Concat["$pg_path/pg_hba.conf"],	369	Concat["$pg_path/pg_hba.conf"],
278	Concat["$pg_path/recovery.conf"],	370	Concat["$pg_path/recovery.conf"],
279	File["$pg_path/postgresql.conf"],	371	File["$pg_path/postgresql.conf"],
		372	],
		373	subscribe => [
		374	Concat["$pg_path/pg_hba.conf"],
		375	Concat["$pg_path/recovery.conf"],
		376	File["$pg_path/postgresql.conf"],
280	]	377	]
281	}	378	}
282	}	379	}


diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp new file mode 100644 index 0000000..109da96 --- /dev/null +++ b/modules/role/manifests/etherpad.pp
@@ -0,0 +1,108 @@
		1	class role::etherpad (
		2	) {
		3	$password_seed = lookup("base_installation::puppet_pass_seed")
		4	$web_host = lookup("base_installation::real_hostname")
		5	$web_listen = "0.0.0.0"
		6	$web_port = 18000
		7	$pg_db = "etherpad-lite"
		8	$pg_user = "etherpad-lite"
		9	$pg_password = generate_password(24, $password_seed, "postgres_etherpad")
		10
		11	$ldap_server = lookup("base_installation::ldap_server")
		12	$ldap_base = lookup("base_installation::ldap_base")
		13	$ldap_dn = lookup("base_installation::ldap_dn")
		14	$ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
		15	$ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
		16	$ldap_password = generate_password(24, $password_seed, "ldap")
		17
		18
		19	include "base_installation"
		20
		21	include "profile::tools"
		22	include "profile::postgresql"
		23	include "profile::apache"
		24
		25	ensure_packages(["npm"])
		26	ensure_packages(["abiword"])
		27	ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
		28	ensure_packages(["tidy"])
		29	aur::package { "etherpad-lite": }
		30	-> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
		31	diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
		32	}
		33	-> file { "/etc/etherpad-lite/settings.json":
		34	ensure => present,
		35	owner => "etherpad-lite",
		36	group => "etherpad-lite",
		37	notify => Service["etherpad-lite"],
		38	content => template("role/etherpad/settings.json.erb"),
		39	}
		40
		41	$modules = [
		42	"ep_aa_file_menu_toolbar",
		43	"ep_adminpads",
		44	"ep_align",
		45	"ep_bookmark",
		46	"ep_clear_formatting",
		47	"ep_colors",
		48	"ep_copy_paste_select_all",
		49	"ep_cursortrace",
		50	"ep_embedmedia",
		51	"ep_font_family",
		52	"ep_font_size",
		53	"ep_headings2",
		54	"ep_ldapauth",
		55	"ep_line_height",
		56	"ep_markdown",
		57	"ep_previewimages",
		58	"ep_ruler",
		59	"ep_scrollto",
		60	"ep_set_title_on_pad",
		61	"ep_subscript_and_superscript",
		62	"ep_timesliderdiff"
		63	]
		64
		65	$modules.each \|$module\| {
		66	exec { "npm_install_$module":
		67	command => "/usr/bin/npm install $module",
		68	unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
		69	cwd => "/usr/share/etherpad-lite/",
		70	environment => "HOME=/root",
		71	require => Aur::Package["etherpad-lite"],
		72	before => Service["etherpad-lite"],
		73	notify => Service["etherpad-lite"],
		74	}
		75	->
		76	file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
		77	ensure => present,
		78	mode => "0644",
		79	before => Service["etherpad-lite"],
		80	}
		81	}
		82
		83	service { "etherpad-lite":
		84	enable => true,
		85	ensure => "running",
		86	require => Aur::Package["etherpad-lite"],
		87	subscribe => Aur::Package["etherpad-lite"],
		88	}
		89
		90	profile::postgresql_master { "postgresql master for etherpad":
		91	letsencrypt_host => $web_host,
		92	backup_hosts => ["backup-1"],
		93	}
		94
		95	postgresql::server::db { $pg_db:
		96	user => $pg_user,
		97	password => postgresql_password($pg_user, $pg_password),
		98	}
		99
		100	postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
		101	type => 'local',
		102	database => $pg_db,
		103	user => $pg_user,
		104	auth_method => 'ident',
		105	order => "05-01",
		106	}
		107
		108	}