Set up webdav server.

3 files changed, 108 insertions, 0 deletions

diff --git a/manifests/site.pp b/manifests/site.pp
index 00cf9c1..593ee36 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -20,6 +20,13 @@ node 'gandalf.adrift.space' {
   class { 'profiles::transmission':
     nginx_server => 'gandalf',
   }
+
+  profiles::webdav_server { '/dav':
+    file_path    => '/var/www/webdav',
+    users        => [['hugo', pass('adrift.space/gandalf/dav/hugo')]],
+    nginx_server => 'gandalf'
+  }
+
 }
 
 node 'hornquist.se' {
diff --git a/modules/pass/lib/puppet/functions/pass.rb b/modules/pass/lib/puppet/functions/pass.rb
new file mode 100644
index 0000000..176e7e9
--- /dev/null
+++ b/modules/pass/lib/puppet/functions/pass.rb
@@ -0,0 +1,21 @@
+# require 'open3'
+
+Puppet::Functions.create_function(:pass) do
+  dispatch :method do
+    param 'String', :path
+    optional_param 'String', :salt
+  end
+
+  def method(path, salt = path)
+    # Salt was an attempt to not regenerate the entry every run.
+    # This however failed, since the command is still run, and puppet
+    # doesn't diff betwen runs
+    # -salt #{salt}
+    #
+    # TODO fetch passwords in some slightly more portable way
+    `openssl passwd -apr1 $(sudo -Hu hugo pass #{path})`
+    # Open3.popen3("sudo -Hu hugo pass #{path}") do |stdin, stdout, stderr, thread|
+    #   stdout.read.chomp
+    # end
+  end
+end
diff --git a/modules/profiles/manifests/webdav_server.pp b/modules/profiles/manifests/webdav_server.pp
new file mode 100644
index 0000000..2cd54c1
--- /dev/null
+++ b/modules/profiles/manifests/webdav_server.pp
@@ -0,0 +1,80 @@
+define profiles::webdav_server (
+  String $nginx_server,
+  String $file_path,
+  String $location = $name,
+  String $passwd_file = "${file_path}/.htpasswd",
+  String $owner  = 'http',
+  String $group = 'share',
+  Array[Array[String,2,2]] $users = [],
+  Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'],
+  Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'],
+  Hash[String,String] $dav_access = {
+    'user'  => 'rw',
+    'group' => 'rw',
+  }
+) {
+
+  # TODO install this module somehow
+  # AUR: nginx-mainline-mod-dav-ext
+
+  require ::nginx
+
+  $modname = 'ngx_http_dav_ext_module'
+  file { "/etc/nginx/modules-enabled/${modname}.conf":
+    ensure  => file,
+    content => @("EOF")
+    load_module /usr/lib/nginx/modules/${modname}.so;
+    | EOF
+  }
+
+  file {
+    default:
+      owner   => $owner,
+      group   => $group,
+      ;
+    $file_path:
+      ensure  => 'directory',
+      mode    => '0770',
+      recurse => 'false',
+      ;
+    $passwd_file:
+      ensure  => 'file',
+      mode    => '0660',
+      ;
+  }
+
+  # add entries to the htpasswd file through
+  # $ echo "${user}:$(openssl passwd -apr1 $password)" >> .htpasswd
+
+
+  $users.each |$pair| {
+    $user = $pair[0]
+    $passwd = $pair[1]
+    file_line { "Add ${user} to dav passwd file":
+      ensure => present,
+      path   => $passwd_file,
+      line   => "${user}:${passwd}",
+      match  => "^${user}:"
+    }
+  }
+
+  nginx::resource::location { $location:
+    server         => $nginx_server,
+    location_alias => $file_path,
+    ssl            => true,
+    ssl_only       => true,
+
+    auth_basic           => 'Enter password for dav access',
+    auth_basic_user_file => $passwd_file,
+
+    location_cfg_append       => {
+      'dav_methods'           => $dav_methods.join(' '),
+      'dav_ext_methods'       => $dav_ext_methods.join(' '),
+      'dav_access'            => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '),
+      'client_body_temp_path' => "${file_path}/tmp",
+      'create_full_put_path'  => 'on',
+      'autoindex'             => 'on',
+      'allow'                 => 'all',
+    }
+  }
+}