1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
class role::etherpad (
) {
$password_seed = lookup("base_installation::puppet_pass_seed")
include "base_installation"
include "profile::tools"
include "profile::postgresql"
include "profile::apache"
ensure_packages(["npm"])
ensure_packages(["abiword"])
ensure_packages(["libreoffice-fresh", "libreoffice-fresh-fr", "java-runtime-common", "jre8-openjdk"])
ensure_packages(["tidy"])
aur::package { "etherpad-lite": }
$modules = [
"ep_aa_file_menu_toolbar",
"ep_adminpads",
"ep_align",
"ep_bookmark",
"ep_clear_formatting",
"ep_colors",
"ep_copy_paste_select_all",
"ep_cursortrace",
"ep_embedmedia",
"ep_font_family",
"ep_font_size",
"ep_headings2",
"ep_ldapauth",
"ep_line_height",
"ep_markdown",
"ep_previewimages",
"ep_ruler",
"ep_scrollto",
"ep_set_title_on_pad",
"ep_subscript_and_superscript",
"ep_timesliderdiff"
]
$modules.each |$module| {
exec { "npm_install_$module":
command => "/usr/bin/npm install $module",
unless => "/usr/bin/test -d /usr/share/etherpad-lite/node_modules/$module",
cwd => "/usr/share/etherpad-lite/",
environment => "HOME=/root",
require => Aur::Package["etherpad-lite"],
before => Service["etherpad-lite"],
notify => Service["etherpad-lite"],
}
->
file { "/usr/share/etherpad-lite/node_modules/$module/.ep_initialized":
ensure => present,
mode => "0644",
before => Service["etherpad-lite"],
}
}
service { "etherpad-lite":
enable => true,
ensure => "running",
require => Aur::Package["etherpad-lite"],
subscribe => Aur::Package["etherpad-lite"],
}
$web_host = "outils-1.v.immae.eu"
$pg_db = "etherpad-lite"
$pg_user = "etherpad-lite"
$pg_password = generate_password(24, $password_seed, "postgres_etherpad")
file { "/var/lib/postgres/data/certs":
ensure => directory,
mode => "0700",
owner => $::profile::postgresql::pg_user,
group => $::profile::postgresql::pg_user,
require => File["/var/lib/postgres"],
}
file { "/var/lib/postgres/data/certs/cert.pem":
source => "file:///etc/letsencrypt/live/$web_host/cert.pem",
mode => "0600",
links => "follow",
owner => $::profile::postgresql::pg_user,
group => $::profile::postgresql::pg_user,
require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
}
file { "/var/lib/postgres/data/certs/privkey.pem":
source => "file:///etc/letsencrypt/live/$web_host/privkey.pem",
mode => "0600",
links => "follow",
owner => $::profile::postgresql::pg_user,
group => $::profile::postgresql::pg_user,
require => [Letsencrypt::Certonly[$web_host], File["/var/lib/postgres/data/certs"]]
}
postgresql::server::config_entry { "wal_level":
value => "logical",
}
postgresql::server::config_entry { "ssl":
value => "on",
require => Letsencrypt::Certonly[$web_host],
}
postgresql::server::config_entry { "ssl_cert_file":
value => "/var/lib/postgres/data/certs/cert.pem",
require => Letsencrypt::Certonly[$web_host],
}
postgresql::server::config_entry { "ssl_key_file":
value => "/var/lib/postgres/data/certs/privkey.pem",
require => Letsencrypt::Certonly[$web_host],
}
postgresql::server::db { $pg_db:
user => $pg_user,
password => postgresql_password($pg_user, $pg_password),
}
postgresql::server::pg_hba_rule { "allow local access to $pg_user user":
type => 'local',
database => $pg_db,
user => $pg_user,
auth_method => 'ident',
order => "05-01",
}
}
|