diff --git a/site-modules/profile/manifests/annex_web.pp b/site-modules/profile/manifests/annex_web.pp --- a/site-modules/profile/manifests/annex_web.pp +++ b/site-modules/profile/manifests/annex_web.pp @@ -6,7 +6,9 @@ $annex_vhost_name = lookup('annex::vhost::name') $annex_vhost_docroot = lookup('annex::vhost::docroot') $annex_vhost_basic_auth_file = "${annex_basepath}/http_auth" + $annex_vhost_provenance_basic_auth_file = "${annex_basepath}/http_auth_provenance" $annex_vhost_basic_auth_content = lookup('annex::vhost::basic_auth_content') + $annex_vhost_provenance_basic_auth_content = lookup('annex::vhost::provenance::basic_auth_content') $annex_vhost_ssl_protocol = lookup('annex::vhost::ssl_protocol') $annex_vhost_ssl_honorcipherorder = lookup('annex::vhost::ssl_honorcipherorder') $annex_vhost_ssl_cipher = lookup('annex::vhost::ssl_cipher') @@ -49,7 +51,17 @@ 'path' => '.*/\.git/?$', 'provider' => 'directorymatch', 'require' => 'all denied', - }], + }, + { # 'basic' provenance-index authentication + 'path' => "$annex_vhost_docroot/provenance-index", + 'auth_type' => 'basic', + 'auth_name' => 'SWH - Password Required', + 'auth_user_file' => $annex_vhost_provenance_basic_auth_file, + 'auth_require' => 'valid-user', + 'index_options' => 'FancyIndexing', + 'readme_name' => 'readme.txt', + }, + ], require => [ File[$ssl_cert], File[$ssl_chain], @@ -71,6 +83,14 @@ content => '$annex_vhost_basic_auth_content', } + file {$annex_vhost_provenance_basic_auth_file: + ensure => present, + owner => 'root', + group => 'www-data', + mode => '0640', + content => "$annex_vhost_provenance_basic_auth_content", + } + $icinga_checks_file = '/etc/icinga2/conf.d/exported-checks.conf'