Add xandikos.

1 files changed, 64 insertions, 0 deletions

diff --git a/manifests/xandikos.pp b/manifests/xandikos.pp
new file mode 100644
index 0000000..e0ba8a5
--- /dev/null
+++ b/manifests/xandikos.pp
@@ -0,0 +1,64 @@
+class profiles::xandikos (
+  String $sock,
+  String $server_name = "xandikos.${::fqdn}",
+  String $user_file = '/etc/xandikos/htpasswd',
+  String $user = 'xandikos',
+  String $group = 'www-data',
+) {
+  ensure_packages(['xandikos'])
+
+  user { $user:
+    system => true,
+  }
+
+  systemd::unit_file { 'xandikos.service':
+    content => @("EOF")
+    [Unit]
+    Description=Xandikos CalDAV/CardDAV server
+    After=network.target
+
+    [Service]
+    ExecStart=/usr/bin/xandikos -d /var/lib/xandikos --route-prefix=/dav --current-user-principal=/jelmer -l /run/sock
+    User=${user}
+    Group=${group}
+    Restart=on-failure
+    KillSignal=SIGQUIT
+    Type=simple
+    NotifyAccess=all
+    | EOF
+  }
+
+  $certname = lookup('certname')
+  $cert_dir = $facts['letsencrypt_directory'][$certname]
+
+  nginx::resource::server { $server_name:
+    ipv6_enable          => true,
+    ipv6_listen_options  => '',
+    ssl                  => true,
+    ssl_redirect         => true,
+    use_default_location => false,
+    ssl_cert             => "${cert_dir}/fullchain.pem",
+    ssl_key              => "${cert_dir}/privkey.pem",
+  }
+
+  nginx::resource::location {
+  default:
+    server   => $server_name,
+    ssl      => true,
+    ssl_only => true,
+    ;
+  '/.well-known/caldav':
+    location_cfg_append => { 'return' =>'307 $scheme://$host/users/calendars' },
+    ;
+  '/.well-known/cardav':
+    location_cfg_append => { 'return' => '307 $scheme://$host/user/contacts' },
+    ;
+  'xandikos /':
+    location             => '/',
+    proxy                => "http://unix:${sock}",
+    auth_basic           => 'Login Required',
+    auth_basic_user_file => $user_file,
+    ;
+  }
+
+}