Update to 2020-09-10 12:00

roles/etherpad/defaults/main.yml

@@ -3,9 +3,9 @@
 etherpad_id: 1
 etherpad_root_dir: /opt/etherpad_{{ etherpad_id }}
 etherpad_user: etherpad_{{ etherpad_id }}
-etherpad_version: 1.8.4
+etherpad_version: 1.8.5
 etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz
-etherpad_archive_sha1: 193b7f335ca4f0fee48047914260d34b1148f407
+etherpad_archive_sha1: 975cfc046bb1159c96e6042cbc9429bb039e424c
 etherpad_port: 9003
 etherpad_src_ip: []
 

roles/nas/defaults/main.yml

@@ -72,3 +72,8 @@ nas_default_share:
       public: False
       force_ssl: True
       webdav: False
+
+nas_ad_http_auth:
+  ldap_url: ldap://
+  bind_dn: XXX
+  bind_pass: XXX

roles/nas/tasks/main.yml

@@ -51,11 +51,24 @@
   tags: nas
 
 - name: Deploy httpd conf
-  template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/50-shares.conf mode=640
+  template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode | default(omit) }}
+  loop:
+    - src: httpd.conf.j2
+      dest: /etc/httpd/ansible_conf.d/50-shares.conf
+      mode: 640
+    - src: mod_dav.conf.j2
+      dest: /etc/httpd/ansible_conf.modules.d/30-mod_dav.conf
+    - src: mod_authnz_external.conf.j2
+      dest: /etc/httpd/ansible_conf.modules.d/30-mod_authnz_external.conf
   notify:
     - reload httpd
   tags: nas
 
+- name: Allow http to use PAM auth
+  seboolean: name=httpd_mod_auth_pam state=True persistent=True
+  when: ansible_selinux.status == 'enabled'
+  tags: nas
+
 - name: Deploy setfacl script
   template: src=setfacl.sh.j2 dest={{ nas_root_dir }}/meta/{{ item.name }}/setfacl.sh mode=755
   with_items: "{{ nas_shares }}"

roles/nas/templates/httpd.conf.j2

@@ -16,6 +16,34 @@ RewriteRule ^/{{ share.name }}(/.*|$) https://%{HTTP_HOST}/{{ share.name }}$1
 {% if share.protocols.http.indexes %}
   Options +Indexes
 {% endif %}
+{% if share.protocols.http.webdav %}
+  Dav On
+{% endif %}
+{% if not share.protocols.http.public %}
+  AuthType Basic
+  AuthName "Authenicated zone"
+  AuthBasicProvider external
+  AuthExternal pwauth
+  
+  # Read only access
+  <Limit GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
+{% for user in share.acl.read_users %}
+    Require user {{ user }}
+{% endfor %}
+{% for group in share.acl.read_groups %}
+    Require unix-group {{ group }}
+{% endfor %}
+  </Limit>
+  # Write access through webdav always requires authentication
+  <LimitExcept GET PROPFIND OPTIONS LOCK UNLOCK REPORT>
+{% for user in share.acl.write_users %}
+    Require user {{ user }}
+{% endfor %}
+{% for group in share.acl.write_groups %}
+    Require unix-group {{ group }}
+{% endfor %}
+  </LimitExcept>
+{% endif %}
 </Directory>
 
 

roles/nas/templates/mod_authnz_external.conf.j2

@@ -0,0 +1,3 @@
+LoadModule authnz_external_module modules/mod_authnz_external.so
+AddExternalAuth pwauth /usr/sbin/pwauth
+SetExternalAuthMethod pwauth pipe

roles/nas/templates/mod_dav.conf.j2

@@ -0,0 +1,2 @@
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so

roles/repo_zabbix/tasks/RedHat.yml

@@ -59,5 +59,5 @@
     priority: 50
     includepkgs:
       - zabbix*
-    state: "{{ (zabbix_major_version is version('5.0', '>=')) | ternary('present', 'absent') }}"
+    state: "{{ (zabbix_major_version is version('5.0', '>=') and ansible_distribution_major_version is version('8.0', '<')) | ternary('present', 'absent') }}"
   tags: repo

roles/squid/files/acl/software_various.domains

@@ -74,6 +74,7 @@ archives.jenkins-ci.org
 ftp-chi.osuosl.org
 ftp-nyc.osuosl.org
 insights.cloudbees.com
+mirror.gruenehoelle.nl
 
 # nux dextop
 li.nux.ro