From 3e6c523b2fc8289e26ac12585cb69875c88486e1 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Thu, 18 Mar 2021 11:02:29 +0000
Subject: [PATCH] Require authentication on munin web interface

---
 playbooks/munin.yml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/playbooks/munin.yml b/playbooks/munin.yml
index b72edd5..36740e2 100644
--- a/playbooks/munin.yml
+++ b/playbooks/munin.yml
@@ -28,3 +28,19 @@
       principals: HTTP/munin.foo.sh@FOO.SH
       group: apache
     - munin-master
+
+  tasks:
+    - name: require authentication for munin web
+      copy:
+        dest: /etc/httpd/conf.local.d/munin-auth.conf
+        content: |
+          <Location />
+            AuthType        GSSAPI
+            GssapiBasicAuth On
+            AuthName        "Password Required"
+            Require         valid-user
+          </Location>
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      notify: restart apache