diff --git a/roles/etherpad/defaults/main.yml b/roles/etherpad/defaults/main.yml
index 177c161..61a7bc0 100644
--- a/roles/etherpad/defaults/main.yml
+++ b/roles/etherpad/defaults/main.yml
@@ -3,9 +3,9 @@
etherpad_id: 1
etherpad_root_dir: /opt/etherpad_{{ etherpad_id }}
etherpad_user: etherpad_{{ etherpad_id }}
-etherpad_version: 1.8.4
+etherpad_version: 1.8.5
etherpad_archive_url: https://github.com/ether/etherpad-lite/archive/{{ etherpad_version }}.tar.gz
-etherpad_archive_sha1: 193b7f335ca4f0fee48047914260d34b1148f407
+etherpad_archive_sha1: 975cfc046bb1159c96e6042cbc9429bb039e424c
etherpad_port: 9003
etherpad_src_ip: []
diff --git a/roles/nas/defaults/main.yml b/roles/nas/defaults/main.yml
index 8ba1b96..a19a3c4 100644
--- a/roles/nas/defaults/main.yml
+++ b/roles/nas/defaults/main.yml
@@ -72,3 +72,8 @@ nas_default_share:
public: False
force_ssl: True
webdav: False
+
+nas_ad_http_auth:
+ ldap_url: ldap://
+ bind_dn: XXX
+ bind_pass: XXX
diff --git a/roles/nas/tasks/main.yml b/roles/nas/tasks/main.yml
index d51c218..4fe1fa0 100644
--- a/roles/nas/tasks/main.yml
+++ b/roles/nas/tasks/main.yml
@@ -51,11 +51,24 @@
tags: nas
- name: Deploy httpd conf
- template: src=httpd.conf.j2 dest=/etc/httpd/ansible_conf.d/50-shares.conf mode=640
+ template: src={{ item.src }} dest={{ item.dest }} mode={{ item.mode | default(omit) }}
+ loop:
+ - src: httpd.conf.j2
+ dest: /etc/httpd/ansible_conf.d/50-shares.conf
+ mode: 640
+ - src: mod_dav.conf.j2
+ dest: /etc/httpd/ansible_conf.modules.d/30-mod_dav.conf
+ - src: mod_authnz_external.conf.j2
+ dest: /etc/httpd/ansible_conf.modules.d/30-mod_authnz_external.conf
notify:
- reload httpd
tags: nas
+- name: Allow http to use PAM auth
+ seboolean: name=httpd_mod_auth_pam state=True persistent=True
+ when: ansible_selinux.status == 'enabled'
+ tags: nas
+
- name: Deploy setfacl script
template: src=setfacl.sh.j2 dest={{ nas_root_dir }}/meta/{{ item.name }}/setfacl.sh mode=755
with_items: "{{ nas_shares }}"
diff --git a/roles/nas/templates/httpd.conf.j2 b/roles/nas/templates/httpd.conf.j2
index 7f6c17e..c9cc973 100644
--- a/roles/nas/templates/httpd.conf.j2
+++ b/roles/nas/templates/httpd.conf.j2
@@ -16,6 +16,34 @@ RewriteRule ^/{{ share.name }}(/.*|$) https://%{HTTP_HOST}/{{ share.name }}$1
{% if share.protocols.http.indexes %}
Options +Indexes
{% endif %}
+{% if share.protocols.http.webdav %}
+ Dav On
+{% endif %}
+{% if not share.protocols.http.public %}
+ AuthType Basic
+ AuthName "Authenicated zone"
+ AuthBasicProvider external
+ AuthExternal pwauth
+
+ # Read only access
+
+{% for user in share.acl.read_users %}
+ Require user {{ user }}
+{% endfor %}
+{% for group in share.acl.read_groups %}
+ Require unix-group {{ group }}
+{% endfor %}
+
+ # Write access through webdav always requires authentication
+
+{% for user in share.acl.write_users %}
+ Require user {{ user }}
+{% endfor %}
+{% for group in share.acl.write_groups %}
+ Require unix-group {{ group }}
+{% endfor %}
+
+{% endif %}
diff --git a/roles/nas/templates/mod_authnz_external.conf.j2 b/roles/nas/templates/mod_authnz_external.conf.j2
new file mode 100644
index 0000000..1410452
--- /dev/null
+++ b/roles/nas/templates/mod_authnz_external.conf.j2
@@ -0,0 +1,3 @@
+LoadModule authnz_external_module modules/mod_authnz_external.so
+AddExternalAuth pwauth /usr/sbin/pwauth
+SetExternalAuthMethod pwauth pipe
diff --git a/roles/nas/templates/mod_dav.conf.j2 b/roles/nas/templates/mod_dav.conf.j2
new file mode 100644
index 0000000..0555bec
--- /dev/null
+++ b/roles/nas/templates/mod_dav.conf.j2
@@ -0,0 +1,2 @@
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
diff --git a/roles/repo_zabbix/tasks/RedHat.yml b/roles/repo_zabbix/tasks/RedHat.yml
index 32219bc..e56f7c0 100644
--- a/roles/repo_zabbix/tasks/RedHat.yml
+++ b/roles/repo_zabbix/tasks/RedHat.yml
@@ -59,5 +59,5 @@
priority: 50
includepkgs:
- zabbix*
- state: "{{ (zabbix_major_version is version('5.0', '>=')) | ternary('present', 'absent') }}"
+ state: "{{ (zabbix_major_version is version('5.0', '>=') and ansible_distribution_major_version is version('8.0', '<')) | ternary('present', 'absent') }}"
tags: repo
diff --git a/roles/squid/files/acl/software_various.domains b/roles/squid/files/acl/software_various.domains
index f5e6ba1..3104728 100644
--- a/roles/squid/files/acl/software_various.domains
+++ b/roles/squid/files/acl/software_various.domains
@@ -74,6 +74,7 @@ archives.jenkins-ci.org
ftp-chi.osuosl.org
ftp-nyc.osuosl.org
insights.cloudbees.com
+mirror.gruenehoelle.nl
# nux dextop
li.nux.ro