1 files changed, 60 insertions, 0 deletions

diff --git a/roles/sabredav/vars/main.yml b/roles/sabredav/vars/main.yml
new file mode 100644
index 0000000..6463d37
--- /dev/null
+++ b/roles/sabredav/vars/main.yml
@@ -0,0 +1,60 @@
+sabredav_packages:
+  - php
+  - php-json
+  - php-ldap
+  - php-mbstring
+  - php-opcache
+  - php-pdo
+  - php-pgsql
+  - php-pecl-zip
+  - php-xml
+  - python3-psycopg2
+  - git
+
+sabredav_composer_url: https://getcomposer.org/installer
+
+sabredav_git_repo: https://github.com/sacredheartsc/sabredav-freeipa
+
+sabredav_home: /var/www/sabredav
+sabredav_keytab: /var/lib/gssproxy/clients/{{ sabredav_user }}.keytab
+
+sabredav_writable_dirs:
+  - webdav
+  - tmpdata
+
+sabredav_php_environment:
+  GSS_USE_PROXY: 'yes'
+
+sabredav_php_flags:
+  output_buffering: no
+  always_populate_raw_post_data: no
+  mbstring.func_overload: no
+
+sabredav_archive_shell: >-
+  TIMESTAMP=$(date +%Y%m%d%H%M%S);
+  tar czf "webdav-${TIMESTAMP}.tar.gz"
+  --transform "s|^\.|webdav-${TIMESTAMP}|"
+  -C "{{ sabredav_home }}/webdav" .
+
+sabredav_apache_config: |
+  Redirect /.well-known/caldav  /server.php
+  Redirect /.well-known/carddav /server.php
+
+  RewriteEngine On
+  RewriteCond %{REQUEST_URI} !^/\.well-known/
+  RewriteRule .* /server.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
+
+  <Location />
+    AuthName "FreeIPA Single Sign-On"
+    <If "{% for cidr in sabredav_kerberized_cidrs %}-R '{{ cidr }}'{% if not loop.last %} || {% endif %}{% endfor %}">
+      AuthType GSSAPI
+      GssapiLocalName On
+      {{ apache_gssapi_session_config }}
+    </If>
+    <Else>
+      AuthType Basic
+      AuthBasicProvider ldap
+    </Else>
+    {{ apache_ldap_config }}
+    Require ldap-attribute memberof=cn={{ sabredav_access_group }},{{ freeipa_group_basedn }}
+  </Location>