# Install Apache, www logrotate script and cron job.
#
class apache::common {

    if $apache_datadir {
        file { "${apache_datadir}":
            ensure => directory,
            mode   => 0755,
            owner  => root,
            group  => root,
        }

        file { "/srv/www":
            ensure  => link,
            target  => "${apache_datadir}",
            require => File["${apache_datadir}"],
        }
    } else {
        file { "/srv/www":
            ensure => directory,
            mode   => 0755,
            owner  => root,
            group  => root,
        }
    }

    file { "/srv/www/log":
        ensure  => directory,
        mode    => 0755,
        owner   => root,
        group   => root,
        require => File["/srv/www"],
    }

    package { "httpd":
        ensure => installed,
    }

    file { "/usr/local/sbin/www-logrotate.sh":
        ensure => present,
        source => "puppet:///apache/www-logrotate.sh",
        mode   => 0755,
        owner  => root,
        group  => root,
    }

    cron { "www-logrotate":
        ensure  => present,
        command => "/usr/local/sbin/www-logrotate.sh",
        user    => "root",
        hour    => "0",
        minute  => "0",
        weekday => "1",
        require => File["/usr/local/sbin/www-logrotate.sh"],
    }

}


# Configure HTTP server.
#
# === Global variables
#
#   $httpd_user:
#       User httpd runs as. Defaults to apache.
#   $httpd_group:
#       Group httpd runs as. Defaults to apache.
#
class apache::server inherits apache::common {

    if ! $httpd_user {
        $httpd_user = "apache"
    }
    if ! $httpd_group {
        $httpd_group = "apache"
    }

    file { [ "/etc/httpd/conf.http.d",
             "/etc/httpd/site.http.d",
             "/srv/www/http",
             "/srv/www/http/${fqdn}",
             "/srv/www/log/http",
             "/srv/www/log/http/${fqdn}", ]:
        ensure  => directory,
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["httpd"],
        before  => File["/etc/httpd/conf/httpd.conf"],
    }

    File["/etc/httpd/conf.http.d", "/etc/httpd/site.http.d"] {
        purge   => true,
        force   => true,
        recurse => true,
        source  => "puppet:///custom/empty",
    }

    file { "/etc/httpd/conf/httpd.conf":
        ensure  => present,
        content => template("apache/httpd.conf.erb"),
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["httpd"],
        notify  => Service["httpd"],
    }

    service { "httpd":
        ensure  => running,
        enable  => true,
        require => [ Package["httpd"],
                     File["/etc/httpd/conf/httpd.conf"], ],
    }

}


# Configure HTTP virtual host.
#
# === Parameters
#
#   $name:
#       FQDN of virtual host.
#   $aliases:
#       Optional ServerAlias for this virtual host.
#   $root:
#       Path to document root. Defaults to /srv/www/http/$fqdn
#   $config:
#       Path to custom configuration file. Defaults to a basic template.
#   $redirect:
#       Add redirect to given URL.
#
# === Sample usage
#
# apache::site { "default":
#     redirect => "http://www.example.com/",
# }
# apache::site { "www.example.com":
#     root   => "/roles/prteam/public/public_access",
#     config => "puppet:///path/to/www.example.com.conf",
# }
#
define apache::site($aliases="", $root="", $config="", $redirect="") {

    if $name == "default" {
        $site_fqdn = $fqdn
        $site_conf = "/etc/httpd/site.http.d/00-${site_fqdn}.conf"
    } else {
        $site_fqdn = $name
        $site_conf = "/etc/httpd/site.http.d/10-${site_fqdn}.conf"

        if !$redirect {
            if $root {
                file { "/srv/www/http/${site_fqdn}":
                    ensure => link,
                    target => $root,
                    before => File["${site_conf}"],
                }
            } else {
                file { "/srv/www/http/${site_fqdn}":
                    ensure => directory,
                    mode   => 0755,
                    owner  => root,
                    group  => root,
                    before => File["${site_conf}"],
                }
            }

            file { "/srv/www/log/http/${site_fqdn}":
                ensure => directory,
                mode   => 0755,
                owner  => root,
                group  => root,
                before => File["${site_conf}"],
            }
        }
    }

    file { "${site_conf}":
        ensure => present,
        mode   => 0644,
        owner  => root,
        group  => root,
        notify => Service["httpd"],
    }

    if $config {
        File["${site_conf}"] {
            source => $config,
        }
    }
    if $redirect {
        File["${site_conf}"] {
            content => "<VirtualHost *:80>\n  ServerName ${site_fqdn}\n  Redirect permanent / ${redirect}\n</VirtualHost>\n",
        }
    }
    if !$config and !$redirect {
        File["${site_conf}"] {
            content => template("apache/site.http.conf.erb"),
        }
    }

}


# Configure HTTPS server.
#
# === Global variables
#
#   $httpsd_user:
#       User httpsd runs as. Defaults to httpsd.
#   $httpsd_group:
#       Group httpsd runs as. Defaults to httpsd.
#
class apache::sslserver inherits apache::common {

    if ! $httpsd_user {
        $httpsd_user = "httpsd"
    }
    if ! $httpsd_group {
        $httpsd_group = "httpsd"
    }

    package { "mod_ssl":
        ensure => installed
    }

    file { [ "/etc/httpd/conf.https.d",
             "/etc/httpd/site.https.d",
             "/srv/www/https",
             "/srv/www/https/${fqdn}",
             "/srv/www/log/https",
             "/srv/www/log/https/${fqdn}", ]:
        ensure  => directory,
        mode    => 0644,
        owner   => root,
        group   => root,
        require => Package["httpd"],
        before  => File["/etc/httpd/conf/httpsd.conf"],
    }

    File["/etc/httpd/conf.https.d", "/etc/httpd/site.https.d"] {
        purge   => true,
        force   => true,
        recurse => true,
        source  => "puppet:///custom/empty",
    }

    file { "/etc/httpd/conf/httpsd.conf":
        ensure  => present,
        mode    => 0644,
        owner   => root,
        group   => root,
        content => template("apache/httpsd.conf.erb"),
        require => Package["httpd"],
        notify  => Service["httpsd"],
    }

    file { "/etc/init.d/httpsd":
        ensure => present,
        source => "puppet:///apache/httpsd",
        mode   => 0755,
        owner  => root,
        group  => root,
    }

    file { "/usr/sbin/httpsd":
        ensure  => link,
        target  => "/usr/sbin/httpd",
        seluser => "system_u",
        selrole => "object_r",
        seltype => "httpd_exec_t",
        require => Package["httpd"],
    }

    service { "httpsd":
        ensure  => running,
        enable  => true,
        require => [ Package["httpd"],
                     Package["mod_ssl"],
                     File["/etc/httpd/conf/httpsd.conf"],
                     File["/etc/init.d/httpsd"],
                     File["/usr/sbin/httpsd"], ],
    }

}


# Configure HTTPS virtual host.
#
# === Parameters
#
#   $name:
#       FQDN of virtual host.
#   $root:
#       Path to document root. Defaults to /srv/www/https/$fqdn
#   $config:
#       Path to custom configuration file. Defaults to a basic template.
#   $ssl_cert:
#       Path to SSL certificate. Defaults to puppet client certificate.
#   $ssl_key:
#       Path to SSL private key. Defaults to puppet client certificate.
#   $ssl_chain:
#       Path to SSL certificate chain. Defaults to none.
#
# === Sample usage
#
# apache::site { "www.example.com":
#     root     => "/roles/prteam/public/secure_access",
#     config   => "puppet:///path/to/www.example.com.conf",
#     ssl_cert => "puppet:///path/to/www.example.com.crt",
#     ssl_key  => "puppet:///path/to/www.example.com.key",
# }
#
define apache::sslsite($root="", $config="", $ssl_cert="", $ssl_key="", $ssl_chain="") {

    if $name == "default" {
        $site_fqdn = $fqdn
    } else {
        $site_fqdn = $name

        if $root {
            file { "/srv/www/https/${site_fqdn}":
                ensure => link,
                target => $root,
            }
        } else {
            file { "/srv/www/https/${site_fqdn}":
                ensure => directory,
                mode   => 0755,
                owner  => root,
                group  => root,
            }
        }

        file { "/srv/www/log/https/${site_fqdn}":
            ensure => directory,
            mode   => 0755,
            owner  => root,
            group  => root,
        }
    }

    if $ssl_cert {
        $real_ssl_cert = $ssl_cert
    } else {
        $real_ssl_cert = "${puppet_ssldir}/certs/${fqdn}.pem"
    }

    file { "/etc/pki/tls/certs/${site_fqdn}.crt":
        ensure => present,
        source => $real_ssl_cert,
        mode   => 0644,
        owner  => root,
        group  => root,
        notify => Service["httpsd"],
    }

    if $ssl_key {
        $real_ssl_key = $ssl_key
    } else {
        $real_ssl_key = "${puppet_ssldir}/private_keys/${fqdn}.pem"
    }

    file { "/etc/pki/tls/private/${site_fqdn}.key":
        ensure => present,
        source => $real_ssl_key,
        mode   => 0600,
        owner  => root,
        group  => root,
        notify => Service["httpsd"],
    }

    if $ssl_chain {
        file { "/etc/pki/tls/certs/${site_fqdn}.chain.crt":
            ensure => present,
            source => $ssl_chain,
            mode   => 0644,
            owner  => root,
            group  => root,
            notify => Service["httpsd"],
        }
    }

    file { "/etc/httpd/site.https.d/${site_fqdn}.conf":
        ensure  => present,
        mode    => 0644,
        owner   => root,
        group   => root,
        notify  => Service["httpsd"],
        require => [ File["/etc/pki/tls/certs/${site_fqdn}.crt"],
                     File["/etc/pki/tls/private/${site_fqdn}.key"], ],
    }

    if $config {
        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
            source => $config,
        }
    } else {
        File["/etc/httpd/site.https.d/${site_fqdn}.conf"] {
            content => template("apache/site.https.conf.erb"),
        }
    }

}


# Install extra configuration file.
#
# === Parameters
#
#   $name:
#       Config file name.
#   $source:
#       Config file source. Defaults to /etc/httpd/conf.d/$name
#       if neither $source nor $content is defined.
#   $content:
#       Config file content. See also $source.
#   $require:
#       Dependencies for the config file.
#   $http:
#       Set to false to disable config on http server.
#   $https:
#       Set to false to disable config on https server.
#
# === Sample usage
#
#apache::configfile { "auth_kerb.conf":
#    content => template("apache/auth_kerb.conf.erb"),
#    require => Package["mod_auth_kerb"],
#    http    => false,
#}
#
define apache::configfile($source="", $content="", $http=true, $https=true) {

    if defined(Service["httpd"]) {
        file { "/etc/httpd/conf.http.d/${name}":
            ensure  => $http ? {
                true    => present,
                default => absent,
            },
            mode   => 0644,
            owner  => root,
            group  => root,
            notify => Service["httpd"],
        }
        if $source {
            File["/etc/httpd/conf.http.d/${name}"] {
                source => $source,
            }
        }
        if $content {
            File["/etc/httpd/conf.http.d/${name}"] {
                content => $content,
            }
        }
        if ! $source and ! $content {
            File["/etc/httpd/conf.http.d/${name}"] {
                source => "/etc/httpd/conf.d/${name}",
            }
        }
        if $require {
            File["/etc/httpd/conf.http.d/${name}"] {
                require => $require,
            }
        }
    }

    if defined(Service["httpsd"]) {
        file { "/etc/httpd/conf.https.d/${name}":
            ensure  => $https ? {
                true    => present,
                default => absent,
            },
            mode   => 0644,
            owner  => root,
            group  => root,
            notify => Service["httpsd"],
        }
        if $source {
            File["/etc/httpd/conf.https.d/${name}"] {
                source => $source,
            }
        }
        if $content {
            File["/etc/httpd/conf.https.d/${name}"] {
                content => $content,
            }
        }
        if ! $source and ! $content {
            File["/etc/httpd/conf.https.d/${name}"] {
                source => "/etc/httpd/conf.d/${name}",
            }
        }
        if $require {
            File["/etc/httpd/conf.https.d/${name}"] {
                require => $require,
            }
        }
    }

}


# Install mod_auth_kerb.
#
class apache::mod::auth_kerb {

    package { "mod_auth_kerb":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "auth_kerb.conf":
        content => template("apache/auth_kerb.conf.erb"),
        require => Package["mod_auth_kerb"],
        http    => false,
    }

}


# Install mod_fcgid.
#
class apache::mod::fcgid {

    package { "mod_fcgid":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "fcgid.conf":
        require => Package["mod_fcgid"],
    }

}


# Install mod_perl.
#
class apache::mod::perl {

    package { "mod_perl":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "perl.conf":
        require => Package["mod_perl"],
    }

}


# Install PHP.
#
class apache::mod::php {

    package { "php":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "php.conf":
        require => Package["php"],
    }

}


# Install mod_python.
#
class apache::mod::python {

    package { "mod_python":
        ensure => installed,
        require => Package["httpd"],
    }

    apache::configfile { "python.conf":
        require => Package["mod_python"],
    }

}


# Install mod_wsgi.
#
class apache::mod::wsgi {

    package { "mod_wsgi":
        ensure  => installed,
        require => Package["httpd"],
    }

    apache::configfile { "wsgi.conf":
        require => Package["mod_wsgi"],
    }

}