From 706235bc526ed3228dd7307dc737f9415ab4b841 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Tue, 27 Jul 2021 22:00:14 +0200
Subject: Set up webdav server.

---
 modules/profiles/manifests/webdav_server.pp | 80 +++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 modules/profiles/manifests/webdav_server.pp

(limited to 'modules/profiles')

diff --git a/modules/profiles/manifests/webdav_server.pp b/modules/profiles/manifests/webdav_server.pp
new file mode 100644
index 0000000..2cd54c1
--- /dev/null
+++ b/modules/profiles/manifests/webdav_server.pp
@@ -0,0 +1,80 @@
+define profiles::webdav_server (
+  String $nginx_server,
+  String $file_path,
+  String $location = $name,
+  String $passwd_file = "${file_path}/.htpasswd",
+  String $owner  = 'http',
+  String $group = 'share',
+  Array[Array[String,2,2]] $users = [],
+  Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'],
+  Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'],
+  Hash[String,String] $dav_access = {
+    'user'  => 'rw',
+    'group' => 'rw',
+  }
+) {
+
+  # TODO install this module somehow
+  # AUR: nginx-mainline-mod-dav-ext
+
+  require ::nginx
+
+  $modname = 'ngx_http_dav_ext_module'
+  file { "/etc/nginx/modules-enabled/${modname}.conf":
+    ensure  => file,
+    content => @("EOF")
+    load_module /usr/lib/nginx/modules/${modname}.so;
+    | EOF
+  }
+
+  file {
+    default:
+      owner   => $owner,
+      group   => $group,
+      ;
+    $file_path:
+      ensure  => 'directory',
+      mode    => '0770',
+      recurse => 'false',
+      ;
+    $passwd_file:
+      ensure  => 'file',
+      mode    => '0660',
+      ;
+  }
+
+  # add entries to the htpasswd file through
+  # $ echo "${user}:$(openssl passwd -apr1 $password)" >> .htpasswd
+
+
+  $users.each |$pair| {
+    $user = $pair[0]
+    $passwd = $pair[1]
+    file_line { "Add ${user} to dav passwd file":
+      ensure => present,
+      path   => $passwd_file,
+      line   => "${user}:${passwd}",
+      match  => "^${user}:"
+    }
+  }
+
+  nginx::resource::location { $location:
+    server         => $nginx_server,
+    location_alias => $file_path,
+    ssl            => true,
+    ssl_only       => true,
+
+    auth_basic           => 'Enter password for dav access',
+    auth_basic_user_file => $passwd_file,
+
+    location_cfg_append       => {
+      'dav_methods'           => $dav_methods.join(' '),
+      'dav_ext_methods'       => $dav_ext_methods.join(' '),
+      'dav_access'            => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '),
+      'client_body_temp_path' => "${file_path}/tmp",
+      'create_full_put_path'  => 'on',
+      'autoindex'             => 'on',
+      'allow'                 => 'all',
+    }
+  }
+}
-- 
cgit v1.2.3