1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# @summary Configures a webdav server under nginx
#
# Configures a WebDAV server under a pre-configured nginx instance.
#
# Currently doesn't manage the package, but instead depends on
# nginx-minline-mod-dav-ext being installed.
#
# Also manages basic authentication for those pages.
#
# @param $nginx_server
# Name of the nginx server resource to create location under.
# @param $file_path
# Local path used as webdav root
# @param $location
# Prefix to web-path which will be exported as WebDAV
# @param $passwd_file
# Path to the user/password file for basic authentication
# @param $owner
# Owner of created files
# @param $group
# Group of created file
# @param $users
# List of [user, password] pairs.
# Refer to the
# [Nginx documentation](https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html)
# for the format of the password field.
# @param $dav_methods
# Dav methods which should be supported, are are implemented by
# nginxcore.
# @param $dav_ext_methods
# Extended dav methods which should be supported, as is implemented
# by the dav_ext module.
# @param $dav_access
# Default access rules for the dav methods.
# @param ensure
# Set to absent to remove configuration
define webdav_server (
String $nginx_server,
String $file_path,
String $location = $name,
String $passwd_file = "${file_path}/.htpasswd",
String $owner = 'http',
String $group = 'share',
Array[Array[String,2,2]] $users = [],
Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'],
Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'],
Hash[String,String] $dav_access = {
'user' => 'rw',
'group' => 'rw',
},
Enum['present', 'absent'] $ensure = 'present',
) {
# ensure_packages(['nginx-mainline-mod-dav-ext'])
require ::nginx
$modname = 'ngx_http_dav_ext_module'
# This assumes that the directory exists, and that
# nginx::include_modules_enabled => true
$fname = "/etc/nginx/modules-enabled/${modname}.conf"
if $ensure == 'present' {
file { $fname:
ensure => file,
content => @("EOF")
load_module /usr/lib/nginx/modules/${modname}.so;
| EOF
}
} else {
file { $fname:
ensure => absent,
}
}
$lines = $users.map |$pair| { $pair.join(':') }.join("\n")
if $ensure == 'present' {
file {
default:
owner => $owner,
group => $group,
;
$file_path:
ensure => 'directory',
mode => '0770',
recurse => 'false',
;
$passwd_file:
ensure => 'file',
mode => '0660',
content => @("EOF")
# File managed by puppet
${lines}
| EOF
;
}
} else {
file { [$file_path, $passwd_file]:
ensure => absent,
}
}
nginx::resource::location { $location:
ensure => $ensure,
server => $nginx_server,
location_alias => $file_path,
ssl => true,
ssl_only => true,
auth_basic => 'Enter password for dav access',
auth_basic_user_file => $passwd_file,
location_cfg_append => {
'dav_methods' => $dav_methods.join(' '),
'dav_ext_methods' => $dav_ext_methods.join(' '),
'dav_access' => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '),
'client_body_temp_path' => "${file_path}/tmp",
'create_full_put_path' => 'on',
'autoindex' => 'on',
'allow' => 'all',
}
}
}
|
