diff options
Diffstat (limited to '')
-rw-r--r-- | manifests/xandikos.pp | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/manifests/xandikos.pp b/manifests/xandikos.pp new file mode 100644 index 0000000..e0ba8a5 --- /dev/null +++ b/manifests/xandikos.pp @@ -0,0 +1,64 @@ +class profiles::xandikos ( + String $sock, + String $server_name = "xandikos.${::fqdn}", + String $user_file = '/etc/xandikos/htpasswd', + String $user = 'xandikos', + String $group = 'www-data', +) { + ensure_packages(['xandikos']) + + user { $user: + system => true, + } + + systemd::unit_file { 'xandikos.service': + content => @("EOF") + [Unit] + Description=Xandikos CalDAV/CardDAV server + After=network.target + + [Service] + ExecStart=/usr/bin/xandikos -d /var/lib/xandikos --route-prefix=/dav --current-user-principal=/jelmer -l /run/sock + User=${user} + Group=${group} + Restart=on-failure + KillSignal=SIGQUIT + Type=simple + NotifyAccess=all + | EOF + } + + $certname = lookup('certname') + $cert_dir = $facts['letsencrypt_directory'][$certname] + + nginx::resource::server { $server_name: + ipv6_enable => true, + ipv6_listen_options => '', + ssl => true, + ssl_redirect => true, + use_default_location => false, + ssl_cert => "${cert_dir}/fullchain.pem", + ssl_key => "${cert_dir}/privkey.pem", + } + + nginx::resource::location { + default: + server => $server_name, + ssl => true, + ssl_only => true, + ; + '/.well-known/caldav': + location_cfg_append => { 'return' =>'307 $scheme://$host/users/calendars' }, + ; + '/.well-known/cardav': + location_cfg_append => { 'return' => '307 $scheme://$host/user/contacts' }, + ; + 'xandikos /': + location => '/', + proxy => "http://unix:${sock}", + auth_basic => 'Login Required', + auth_basic_user_file => $user_file, + ; + } + +} |