From f35a1b9cdf6f91e49789f364cd5faeae01132c39 Mon Sep 17 00:00:00 2001
From: Thomas Eckert <tom@it-eckert.de>
Date: Tue, 8 Oct 2019 18:32:26 +0200
Subject: [PATCH] add new type `__xymon_apache` as a helper for
 `__xymon_server`

Details in `man.rst`
---
 .../type/__xymon_apache/explorer/active-conf  | 22 ++++++
 .../__xymon_apache/explorer/active-modules    |  5 ++
 cdist/conf/type/__xymon_apache/gencode-remote | 56 +++++++++++++
 cdist/conf/type/__xymon_apache/man.rst        | 79 +++++++++++++++++++
 cdist/conf/type/__xymon_apache/manifest       | 42 ++++++++++
 .../__xymon_apache/parameter/default/state    |  1 +
 .../type/__xymon_apache/parameter/optional    |  2 +
 cdist/conf/type/__xymon_apache/singleton      |  0
 8 files changed, 207 insertions(+)
 create mode 100755 cdist/conf/type/__xymon_apache/explorer/active-conf
 create mode 100755 cdist/conf/type/__xymon_apache/explorer/active-modules
 create mode 100755 cdist/conf/type/__xymon_apache/gencode-remote
 create mode 100644 cdist/conf/type/__xymon_apache/man.rst
 create mode 100755 cdist/conf/type/__xymon_apache/manifest
 create mode 100644 cdist/conf/type/__xymon_apache/parameter/default/state
 create mode 100644 cdist/conf/type/__xymon_apache/parameter/optional
 create mode 100644 cdist/conf/type/__xymon_apache/singleton

diff --git a/cdist/conf/type/__xymon_apache/explorer/active-conf b/cdist/conf/type/__xymon_apache/explorer/active-conf
new file mode 100755
index 00000000..bd281e21
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/explorer/active-conf
@@ -0,0 +1,22 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+if [ -d /etc/apache2/mods-enabled ]; then
+	ls -1 /etc/apache2/conf-enabled/
+fi
diff --git a/cdist/conf/type/__xymon_apache/explorer/active-modules b/cdist/conf/type/__xymon_apache/explorer/active-modules
new file mode 100755
index 00000000..4c745ced
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/explorer/active-modules
@@ -0,0 +1,5 @@
+#!/bin/sh -e
+
+if [ -d /etc/apache2/mods-enabled ]; then
+	/usr/sbin/apachectl -t -D DUMP_MODULES | awk '/.*_module/ { gsub(/_module.*$/, ""); gsub(/^ /, ""); print }' 
+fi
diff --git a/cdist/conf/type/__xymon_apache/gencode-remote b/cdist/conf/type/__xymon_apache/gencode-remote
new file mode 100755
index 00000000..e7d8e344
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/gencode-remote
@@ -0,0 +1,56 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+if [ "$state" = "present"  ]; then
+	if ! grep -q ^rewrite "$__object/explorer/active-modules"; then
+		echo "a2enmod rewrite >/dev/null"
+		echo "mod:rewrite enabled" >> "$__messages_out"
+	fi
+	if ! grep -q "^cgi$" "$__object/explorer/active-modules"; then
+		echo "a2enmod cgi >/dev/null"
+		echo "mod:cgi enabled" >> "$__messages_out"
+	fi
+
+	if ! grep -q ^xymon.conf "$__object/explorer/active-conf"; then
+		echo "a2enconf xymon >/dev/null"
+		echo "conf:xymon enabled" >> "$__messages_out"
+	fi
+fi
+
+if grep -q "^mod:.* enabled" "$__messages_out"; then
+	echo "systemctl restart apache2.service"
+	echo "apache restarted" >> "$__messages_out"
+elif grep -q "^conf:xymon enabled" "$__messages_out"; then
+	echo "systemctl reload apache2.service"
+	echo "apache reloaded" >> "$__messages_out"
+fi
diff --git a/cdist/conf/type/__xymon_apache/man.rst b/cdist/conf/type/__xymon_apache/man.rst
new file mode 100644
index 00000000..8358c821
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/man.rst
@@ -0,0 +1,79 @@
+cdist-type__xymon_apache(7)
+===========================
+
+NAME
+----
+cdist-type__xymon_apache - Configure apache2-webserver for Xymon
+
+
+DESCRIPTION
+-----------
+This cdist type installs and configures apache2 to be used "exclusively" (in
+the sense that no other use is taken care of) with Xymon (the systems and
+network monitor).
+
+It depends on `__xymon_server`.
+
+
+REQUIRED PARAMETERS
+-------------------
+None.
+
+
+OPTIONAL PARAMETERS
+-------------------
+state
+   'present', 'absent', defaults to 'present'.
+
+ipacl
+   IP(-ranges) that have access to the Xymon webpages and CGIs. Apache2-style
+   syntax suitable for `Require ip ...`. Example: `192.168.1.0/24 10.0.0.0/8`
+
+
+MESSAGES
+--------
+mod:rewrite enabled
+   apache module enabled
+conf:xymon enabled
+   apache config for xymon enabled
+apache restarted
+   apache2.service was reloaded
+apache reloaded
+   apache2.service was restarted
+
+
+EXPLORERS
+---------
+active-conf
+   lists apache2 `conf-enabled`
+active-modules
+   lists active apache2-modules
+
+
+EXAMPLES
+--------
+
+.. code-block:: sh
+
+    # minmal, only localhost-access:
+    __xymon_apache
+    # allow more IPs to access the Xymon-webinterface:
+    __xymon_apache --ipacl "192.168.0.0/16 10.0.0.0/8" --state "present"
+
+
+SEE ALSO
+--------
+:strong:`cdist__xymon_server`\ (7)
+
+
+AUTHORS
+-------
+Thomas Eckert <tom--@--it-eckert.de>
+
+
+COPYING
+-------
+Copyright \(C) 2018-2019 Thomas Eckert. You can redistribute it
+and/or modify it under the terms of the GNU General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
diff --git a/cdist/conf/type/__xymon_apache/manifest b/cdist/conf/type/__xymon_apache/manifest
new file mode 100755
index 00000000..bfd0af79
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/manifest
@@ -0,0 +1,42 @@
+#!/bin/sh -e
+#
+# 2018-2019 Thomas Eckert (tom at it-eckert.de)
+#
+# This file is part of cdist.
+#
+# cdist is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# cdist is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with cdist. If not, see <http://www.gnu.org/licenses/>.
+
+state=$(cat "$__object/parameter/state")
+
+os=$(cat "$__global/explorer/os")
+case "$os" in
+	debian|ubuntu)
+		:
+	;;
+	*)
+		echo "Your operating system ($os) is currently not supported by this type (${__type##*/})." >&2
+		echo "Please contribute an implementation for it if you can." >&2
+		exit 1
+	;;
+esac
+
+__package apache2 --state "$state"
+
+## edit xymon.conf IP-ranges
+if [ -f "$__object/parameter/ipacl" ]; then
+	require="__package/xymon" __line /etc/apache2/conf-available/xymon.conf \
+		--line "        Require ip $(cat "$__object/parameter/ipacl")" \
+		--after "^[[:space:]]*Require local" \
+		--state "present"
+fi
diff --git a/cdist/conf/type/__xymon_apache/parameter/default/state b/cdist/conf/type/__xymon_apache/parameter/default/state
new file mode 100644
index 00000000..e7f6134f
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/parameter/default/state
@@ -0,0 +1 @@
+present
diff --git a/cdist/conf/type/__xymon_apache/parameter/optional b/cdist/conf/type/__xymon_apache/parameter/optional
new file mode 100644
index 00000000..d374ec41
--- /dev/null
+++ b/cdist/conf/type/__xymon_apache/parameter/optional
@@ -0,0 +1,2 @@
+state
+ipacl
diff --git a/cdist/conf/type/__xymon_apache/singleton b/cdist/conf/type/__xymon_apache/singleton
new file mode 100644
index 00000000..e69de29b