From ffccdc6b85680489a0881e1af80edb4f67361709 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Mon, 16 Dec 2024 20:35:26 -0500
Subject: add webdav to dav_server role

---
 .../etc/chromium/policies/managed/policies.json.desktop     |  4 ++++
 files/usr/local/etc/nginx/nginx.conf.common                 |  3 ++-
 files/usr/local/etc/nginx/vhosts.conf.dav_server            | 12 ++++++++++++
 files/usr/local/etc/poudriere.d/make.conf.pkg_repository    |  2 +-
 .../local/lib/firefox/distribution/policies.json.desktop    |  4 ++++
 scripts/hostclass/dav_server                                | 13 +++++++++++++
 scripts/hostclass/desktop                                   |  2 +-
 site                                                        |  2 +-
 vars/hostclass/dav_server                                   |  1 +
 9 files changed, 39 insertions(+), 4 deletions(-)

diff --git a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
index 3952212..5b92662 100644
--- a/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
+++ b/files/usr/local/etc/chromium/policies/managed/policies.json.desktop
@@ -100,6 +100,10 @@
     "cimiefiiaegbelhefglklhhakcgmhkai": {
       "installation_mode": "normal_installed",
       "update_url": "https://clients2.google.com/service/update2/crx"
+    },
+    "fnaicdffflnofjppbagibeoednhnbjhg": {
+      "installation_mode": "normal_installed",
+      "update_url": "https://clients2.google.com/service/update2/crx"
     }
   },
   "3rdparty": {
diff --git a/files/usr/local/etc/nginx/nginx.conf.common b/files/usr/local/etc/nginx/nginx.conf.common
index 59a4c43..6ed42fa 100644
--- a/files/usr/local/etc/nginx/nginx.conf.common
+++ b/files/usr/local/etc/nginx/nginx.conf.common
@@ -1,6 +1,7 @@
 worker_processes      ${nginx_worker_processes};
 worker_rlimit_nofile  ${nginx_nofile};
-$([ "${nginx_gssapi:-}" = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so";')
+$([ "${nginx_gssapi:-}"  = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_auth_spnego_module.so";')
+$([ "${nginx_dav_ext:-}" = true ] && echo 'load_module "/usr/local/libexec/nginx/ngx_http_dav_ext_module.so";')
 
 events {
   worker_connections  ${nginx_worker_connections};
diff --git a/files/usr/local/etc/nginx/vhosts.conf.dav_server b/files/usr/local/etc/nginx/vhosts.conf.dav_server
index 0c6e817..8e73d13 100644
--- a/files/usr/local/etc/nginx/vhosts.conf.dav_server
+++ b/files/usr/local/etc/nginx/vhosts.conf.dav_server
@@ -14,6 +14,8 @@ server {
   auth_gss_keytab ${davical_keytab};
   auth_gss_allow_basic_fallback off;
 
+  client_max_body_size ${webdav_upload_sizelimit};
+
   location / {
     auth_gss on;
     satisfy any;
@@ -34,6 +36,16 @@ $(printf '    deny %s;\n' $kerberized_cidrs)
     return 403;
   }
 
+  location ~ ^/webdav($|/(?<dav_path>.*)$) {
+    auth_gss on;
+    auth_gss_allow_basic_fallback on;
+    alias ${webdav_dir}/\$remote_user/\$dav_path;
+    create_full_put_path on;
+    dav_methods PUT DELETE MKCOL COPY MOVE;
+    dav_ext_methods PROPFIND OPTIONS;
+    autoindex on;
+  }
+
   location ~ ^/caldav\.php/\.well-known/ {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
     if (!-f \$document_root\$fastcgi_script_name) {
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
index 03dd651..43a6760 100644
--- a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -95,7 +95,7 @@ textproc_en-hunspell_SET=US_LARGE
 textproc_en-hunspell_UNSET=US_STANDARD
 www_chromium_SET=WIDEVINE
 www_firefox_UNSET=PROFILE
-www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP
+www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP HTTP_DAV_EXT
 www_nginx_UNSET=MAIL
 x11-toolkits_gtk30_UNSET=COLORD BROADWAY
 x11_kde5_UNSET=KDEADMIN
diff --git a/files/usr/local/lib/firefox/distribution/policies.json.desktop b/files/usr/local/lib/firefox/distribution/policies.json.desktop
index 850ac61..c944d02 100644
--- a/files/usr/local/lib/firefox/distribution/policies.json.desktop
+++ b/files/usr/local/lib/firefox/distribution/policies.json.desktop
@@ -16,6 +16,10 @@
       "plasma-browser-integration@kde.org": {
         "install_url": "https://addons.mozilla.org/firefox/downloads/latest/plasma-integration/latest.xpi",
         "installation_mode": "normal_installed"
+      },
+      "floccus@handmadeideas.org": {
+        "install_url": "https://addons.mozilla.org/firefox/downloads/latest/floccus/latest.xpi",
+        "installation_mode": "normal_installed"
       }
     },
     "3rdparty": {
diff --git a/scripts/hostclass/dav_server b/scripts/hostclass/dav_server
index fd3bdd4..9c5d9f9 100644
--- a/scripts/hostclass/dav_server
+++ b/scripts/hostclass/dav_server
@@ -10,6 +10,9 @@
 : ${davical_awl_repo:='https://gitlab.com/davical-project/awl.git'}
 : ${davical_awl_branch:='master'}
 : ${davical_admins:=''}
+: ${webdav_users:=''}
+: ${webdav_user_quota:='2g'}
+: ${webdav_upload_sizelimit:='104857600'} # 100 MB
 
 davical_dn="uid=${davical_username},${robots_basedn}"
 davical_repo_dir=/usr/local/www/davical
@@ -21,6 +24,7 @@ davical_https_cacert="${nginx_conf_dir}/davical.ca.crt"
 davical_keytab="${keytab_dir}/davical.keytab"
 davical_client_keytab="${keytab_dir}/davical.client.keytab"
 davical_fpm_socket=/var/run/fpm-davical.sock
+webdav_dir=/usr/local/www/webdav
 
 davical_psql(){
   postgres_run --host="$davical_dbhost" --dbname="$davical_dbname" "$@"
@@ -45,6 +49,15 @@ pkg install -y \
   p5-DBI \
   p5-YAML
 
+# Create ZFS datasets for WebDAV files.
+create_dataset -o "mountpoint=${webdav_dir}" "${state_dataset}/webdav"
+install_directory -o root -g "$nginx_user" -m 0770 "$webdav_dir"
+
+for user in $webdav_users; do
+  create_dataset -o "refquota=${webdav_user_quota}" "${state_dataset}/webdav/${user}"
+  install_directory -o root -g "$nginx_user" -m 0770 "${webdav_dir}/${user}"
+done
+
 # Install davical from git.
 [ -d "$davical_repo_dir" ]     || git clone "$davical_repo"     "$davical_repo_dir"
 [ -d "$davical_awl_repo_dir" ] || git clone "$davical_awl_repo" "$davical_awl_repo_dir"
diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop
index 8fdfca4..d6ca1e5 100644
--- a/scripts/hostclass/desktop
+++ b/scripts/hostclass/desktop
@@ -30,7 +30,7 @@ sysrc -v kld_list+=fusefs
 load_kernel_module fusefs
 
 # Install packages common to all DEs.
-pkg install -y $desktop_packages
+#pkg install -y $desktop_packages
 
 # Install profile script for improving experience on NFS homedirs.
 if [ "${enable_idm:-}" != false ]; then
diff --git a/site b/site
index 83ccc5d..c493f4e 160000
--- a/site
+++ b/site
@@ -1 +1 @@
-Subproject commit 83ccc5dc50e40875782967b46132e73944938b0e
+Subproject commit c493f4ed140131326c2c3db08c8dc070647db0fa
diff --git a/vars/hostclass/dav_server b/vars/hostclass/dav_server
index 2a4b250..4620856 100644
--- a/vars/hostclass/dav_server
+++ b/vars/hostclass/dav_server
@@ -2,3 +2,4 @@
 
 allowed_tcp_ports='ssh http https'
 nginx_gssapi=true
+nginx_dav_ext=true
-- 
cgit v1.2.3