#
# Puppet module for Apache
#
# This module is distributed under the GNU Affero General Public License:
# 
# Backup module for puppet
# Copyright (C) 2009 Sarava Group
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
# Using code from Debian Apache2 recipe:
#
#  http://reductivelabs.com/trac/puppet/wiki/Recipes/DebianApache2Recipe
#

class apache(
  $mods           = "/etc/apache2/mods",
  $conf_sites     = "/etc/apache2/sites",
  $conf_d         = "/etc/apache2/conf.d",
  $macros         = "/etc/apache2/conf.d/macros.conf",
  $conf           = "/etc/apache2/apache2.conf",
  $www_folder     = "/var/www/data",
  $error_folder   = "/var/www/error",
  $sites_folder   = "/var/sites",
  $error_dest     = "http://${domain}/missing.html",
  $default_folder = '/var/www/data',
  $server_name    = $hostname,
  $https_proxy    = 'no',
  $remote_addr    = false,
  $http_port      = '80',
  $https_port     = '443',
  $default_user   = 'www-data',
  $default_group  = 'www-data',
) {

  include ssl

  package { 'libapache2-mpm-itk':
    ensure => $::lsbdistcodename ? {
      wheezy  => absent,
      default => present,
    },
  }

  package { "apache":
    name    => $::lsbdistcodename ? {
      wheezy  => 'apache2-mpm-itk',
      default => 'apache2',
    },
    ensure  => installed,
    require => Package['libapache2-mpm-itk'],
  }

  file { "$conf_d":
    ensure  => directory,
    owner   => root,
    group   => root,
    mode    => 0755,
    require => Package["apache"],
  }

  # Integrated into apache2-bin
  package { "mod_macro":
    name   => "libapache2-mod-macro",
    ensure => $::lsbdistcodename ? {
      'wheezy' => present,
      default  => absent,
    },
  }

  service { "apache2":
    alias      => "apache",
    ensure     => running,
    require    => Package["apache"],
    hasstatus  => true,
    hasrestart => true,
  }

  apache::module { "macro":
    ensure  => present,
    require => Package["mod_macro"],
  }

  apache::module { "headers":
    ensure  => present,
    require => Package["apache"],
  }

  apache::module { "ssl":
    ensure  => present,
    require => Package["apache"],
  }

  apache::module { "rewrite":
    ensure  => present,
    require => Package["apache"],
  }

  # Conflicts with mpm_itk
  apache::module { "mpm_event":
    ensure => absent,
    require => Package['apache'],
  }

  apache::module { "mpm_itk":
    ensure  => $::lsbdistcodename ? {
      wheezy  => absent,
      default => present,
    },
    require => [ Package['apache', 'libapache2-mpm-itk'], Apache::Module['mpm_event'] ],
  }

  # disable compression
  # prevents BREACH attack
  # see https://superuser.com/questions/627413/how-do-i-disable-http-level-compression
  apache::module { [ "deflate", "gzip" ]:
    ensure  => absent,
    require => Package["apache"],
  }

  # apache mod_macro configuration
  file { "${macros}":
    ensure  => present,
    content => template('apache/macros.erb'),
    owner   => root,
    group   => root,
    mode    => 0644,
    require => Module["macro"],
    notify  => Service["apache"],
  }

  # apache mod_macro configuration
  file { "${conf}":
    ensure  => present,
    content => template("apache/apache2.conf.${::lsbdistcodename}.erb"),
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  # apache alias configuration
  file { "${mods}-available/alias.conf":
    ensure  => present,
    content => template('apache/alias.conf.erb'),
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  # apache autoindex configuration
  file { "${mods}-available/autoindex.conf":
    ensure  => present,
    content => template('apache/autoindex.conf.erb'),
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  file { "${www_folder}":
    ensure  => directory,
    owner   => "root",
    group   => "root",
    mode    => 0755,
  }

  # icons folder
  # http://larsjung.de/h5ai/
  # http://recursive-design.com/blog/2008/12/29/styling-apache-directory-listings-with-mod_autoindex/
  # http://code.ecchi.ca/apache-tango-icons/README.html
  file { "${www_folder}/icons":
    ensure  => directory,
    recurse => true,
    purge   => true,
    force   => true,
    owner   => "root",
    group   => "root",
    # This mode will also apply to files from the source directory
    mode    => 0644,
    # Puppet will automatically set +x for directories
    source  => [ "puppet:///modules/site_apache/htdocs/$domain/icons",
                 "puppet:///modules/apache/icons", ],
    require => File["${www_folder}"],
  }

  # Legacy configuration
  file { [ "${conf_sites}-available/default", "${conf_sites}-enabled/000-default" ]:
    ensure => absent,
    notify => Service["apache"],
  }

  # default site configuration
  file { "${conf_sites}-available/default.conf":
    ensure  => present,
    content => template('apache/default.erb'),
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  file { "${conf_sites}-enabled/000-default.conf":
    owner  => root,
    group  => root,
    ensure => "${conf_sites}-available/default.conf",
    notify => Service["apache"],
  }

  # https proxy configuration
  # see http://www.metaltoad.com/blog/running-drupal-secure-pages-behind-proxy
  file { "$conf_d/https-proxy":
    ensure => $https_proxy ? {
      ''      => absent,
      default => present,
    },
    content => $https_proxy ? {
      'force' => "SetEnv HTTPS on\n",
      default => "SetEnvIf X-Forwarded-Proto https HTTPS=on\n",
    },
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  # TODO: remove this in the future
  # remote addr rewrite
  # see http://stackoverflow.com/questions/2328225/how-to-set-remote-addr-in-apache-before-php-is-invoked
  file { "$conf_d/remote-addr":
    ensure => $remote_addr ? {
      false   => absent,
      default => present,
    },
    content => "RequestHeader set REMOTE_ADDR ${remote_addr}\n",
    owner   => root,
    group   => root,
    mode    => 0644,
    notify  => Service["apache"],
  }

  # Notify this when apache needs a reload. This is only needed when
  # sites are added or removed, since a full restart then would be
  # a waste of time. When the module-config changes, a force-reload is
  # needed.
  exec { "reload-apache2":
     command     => "/etc/init.d/apache2 reload",
     refreshonly => true,
  }

  exec { "force-reload-apache2":
    command     => "/etc/init.d/apache2 force-reload",
    refreshonly => true,
  }

  # Avoid this logrotate error:
  # /usr/sbin/apache2ctl: 87: ulimit: error setting limit (Operation not permitted)
  file { '/etc/logrotate.d/apache2':
    ensure => present,
    owner  => root,
    group  => root,
    mode   => 0644,
    source => $::virtual ? {
      'vserver' => 'puppet:///modules/apache/logrotate',
      default   => undef,
    },
  }

  class { 'apache::envvars':
    source  => $::virtual ? {
      'vserver' => "puppet:///modules/apache/envvars.vserver.${::lsbdistcodename}",
      default   => "puppet:///modules/apache/envvars.${::lsbdistcodename}",
    },
  }

  # Legacy configuration
  file { "$conf_d/macros":
    ensure => absent,
  }
}