diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2024-12-16 20:35:26 -0500 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2024-12-16 20:35:26 -0500 |
| commit | ffccdc6b85680489a0881e1af80edb4f67361709 (patch) | |
| tree | 4c087502c74b030bd8f2bf54291691246a0c1af7 | |
| parent | 62bf72f6824885744ab4f9b33101218be5d39206 (diff) | |
| download | infrastructure-ffccdc6b85680489a0881e1af80edb4f67361709.tar.gz | |
add webdav to dav_server role
| -rw-r--r-- | files/usr/local/etc/chromium/policies/managed/policies.json.desktop | 4 | ||||
| -rw-r--r-- | files/usr/local/etc/nginx/nginx.conf.common | 3 | ||||
| -rw-r--r-- | files/usr/local/etc/nginx/vhosts.conf.dav_server | 12 | ||||
| -rw-r--r-- | files/usr/local/etc/poudriere.d/make.conf.pkg_repository | 2 | ||||
| -rw-r--r-- | files/usr/local/lib/firefox/distribution/policies.json.desktop | 4 | ||||
| -rw-r--r-- | scripts/hostclass/dav_server | 13 | ||||
| -rw-r--r-- | scripts/hostclass/desktop | 2 | ||||
| m--------- | site | 0 | ||||
| -rw-r--r-- | vars/hostclass/dav_server | 1 |
9 files changed, 38 insertions, 3 deletions
diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop index 3952212..5b92662 100644 --- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop +++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop @@ -100,6 +100,10 @@ "cimiefiiaegbelhefglklhhakcgmhkai": { "installation_mode": "normal_installed", "update_url": "https://clients2.google.com/service/update2/crx" + }, + "fnaicdffflnofjppbagibeoednhnbjhg": { + "installation_mode": "normal_installed", + "update_url": "https://clients2.google.com/service/update2/crx" } }, "3rdparty": { diff --git a/files/usr/local/etc/nginx/nginx.conf.common b/files/usr/local/etc/nginx/nginx.conf.common index 59a4c43..6ed42fa 100644 --- a/files/usr/local/etc/nginx/nginx.conf.common +++ b/files/usr/local/etc/nginx/nginx.conf.common @@ -1,6 +1,7 @@ worker_processes ${nginx_worker_processes}; worker_rlimit_nofile ${nginx_nofile}; -$([ "${nginx_gssapi:-}" = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so";') +$([ "${nginx_gssapi:-}" = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so";') +$([ "${nginx_dav_ext:-}" = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_dav_ext_module.so";') events { worker_connections ${nginx_worker_connections}; diff --git a/files/usr/local/etc/nginx/vhosts.conf.dav_server b/files/usr/local/etc/nginx/vhosts.conf.dav_server index 0c6e817..8e73d13 100644 --- a/files/usr/local/etc/nginx/vhosts.conf.dav_server +++ b/files/usr/local/etc/nginx/vhosts.conf.dav_server @@ -14,6 +14,8 @@ server { auth_gss_keytab ${davical_keytab}; auth_gss_allow_basic_fallback off; + client_max_body_size ${webdav_upload_sizelimit}; + location / { auth_gss on; satisfy any; @@ -34,6 +36,16 @@ $(printf ' deny %s;\n' $kerberized_cidrs) return 403; } + location ~ ^/webdav($|/(?<dav_path>.*)$) { + auth_gss on; + auth_gss_allow_basic_fallback on; + alias ${webdav_dir}/\$remote_user/\$dav_path; + create_full_put_path on; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + autoindex on; + } + location ~ ^/caldav\.php/\.well-known/ { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f \$document_root\$fastcgi_script_name) { diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository index 03dd651..43a6760 100644 --- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository +++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository @@ -95,7 +95,7 @@ textproc_en-hunspell_SET=US_LARGE textproc_en-hunspell_UNSET=US_STANDARD www_chromium_SET=WIDEVINE www_firefox_UNSET=PROFILE -www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP +www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_DAV_EXT www_nginx_UNSET=MAIL x11-toolkits_gtk30_UNSET=COLORD BROADWAY x11_kde5_UNSET=KDEADMIN diff --git a/files/usr/local/lib/firefox/distribution/policies.json.desktop b/files/usr/local/lib/firefox/distribution/policies.json.desktop index 850ac61..c944d02 100644 --- a/files/usr/local/lib/firefox/distribution/policies.json.desktop +++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop @@ -16,6 +16,10 @@ "plasma-browser-integration@kde.org": { "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi", "installation_mode": "normal_installed" + }, + "floccus@handmadeideas.org": { + "install_url": "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi", + "installation_mode": "normal_installed" } }, "3rdparty": { diff --git a/scripts/hostclass/dav_server b/scripts/hostclass/dav_server index fd3bdd4..9c5d9f9 100644 --- a/scripts/hostclass/dav_server +++ b/scripts/hostclass/dav_server @@ -10,6 +10,9 @@ : ${davical_awl_repo:='https://gitlab.com/davical-project/awl.git'} : ${davical_awl_branch:='master'} : ${davical_admins:=''} +: ${webdav_users:=''} +: ${webdav_user_quota:='2g'} +: ${webdav_upload_sizelimit:='104857600'} # 100 MB davical_dn="uid=${davical_username},${robots_basedn}" davical_repo_dir=/usr/local/www/davical @@ -21,6 +24,7 @@ davical_https_cacert="${nginx_conf_dir}/davical.ca.crt" davical_keytab="${keytab_dir}/davical.keytab" davical_client_keytab="${keytab_dir}/davical.client.keytab" davical_fpm_socket=/var/run/fpm-davical.sock +webdav_dir=/usr/local/www/webdav davical_psql(){ postgres_run --host="$davical_dbhost" --dbname="$davical_dbname" "$@" @@ -45,6 +49,15 @@ pkg install -y \ p5-DBI \ p5-YAML +# Create ZFS datasets for WebDAV files. +create_dataset -o "mountpoint=${webdav_dir}" "${state_dataset}/webdav" +install_directory -o root -g "$nginx_user" -m 0770 "$webdav_dir" + +for user in $webdav_users; do + create_dataset -o "refquota=${webdav_user_quota}" "${state_dataset}/webdav/${user}" + install_directory -o root -g "$nginx_user" -m 0770 "${webdav_dir}/${user}" +done + # Install davical from git. [ -d "$davical_repo_dir" ] || git clone "$davical_repo" "$davical_repo_dir" [ -d "$davical_awl_repo_dir" ] || git clone "$davical_awl_repo" "$davical_awl_repo_dir" diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index 8fdfca4..d6ca1e5 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -30,7 +30,7 @@ sysrc -v kld_list+=fusefs load_kernel_module fusefs # Install packages common to all DEs. -pkg install -y $desktop_packages +#pkg install -y $desktop_packages # Install profile script for improving experience on NFS homedirs. if [ "${enable_idm:-}" != false ]; then diff --git a/site b/site -Subproject 83ccc5dc50e40875782967b46132e73944938b0 +Subproject c493f4ed140131326c2c3db08c8dc070647db0f diff --git a/vars/hostclass/dav_server b/vars/hostclass/dav_server index 2a4b250..4620856 100644 --- a/vars/hostclass/dav_server +++ b/vars/hostclass/dav_server @@ -2,3 +2,4 @@ allowed_tcp_ports='ssh http https' nginx_gssapi=true +nginx_dav_ext=true |