# setup a reposync webserver
class profiles::reposync::webserver (
  String  $www_root = '/data/repos/snap',
  String  $nginx_vhost = 'repos.main.unkin.net',
  Integer $nginx_port = 80,
  Boolean $favicon = true,
) {

  class { 'nginx': }

  # create the nginx vhost
  nginx::resource::server { $nginx_vhost:
    listen_port          => $nginx_port,
    server_name          => [$nginx_vhost],
    use_default_location => true,
    access_log           => "/var/log/nginx/${nginx_vhost}_access.log",
    error_log            => "/var/log/nginx/${nginx_vhost}_error.log",
    www_root             => $www_root,
    autoindex            => 'on',
  }

  if $favicon {
    file { "${www_root}/favicon.ico":
      ensure => 'file',
      owner  => 'root',
      group  => 'root',
      mode   => '0644',
      source => 'puppet:///modules/profiles/reposync/favicon.ico',
    }
  }

  # export cnames for webserver
  profiles::dns::record { "${::facts['networking']['fqdn']}_repos.main.unkin.net_CNAME":
    value  => $::facts['networking']['hostname'],
    type   => 'CNAME',
    record => 'repos.main.unkin.net.',
    zone   => $::facts['networking']['domain'],
    order  => 10,
  }

  if $::facts['os']['selinux']['config_mode'] == 'enforcing' {

    # set httpd_sys_content_t to all files under the www_root
    selinux::fcontext { $www_root:
      ensure   => 'present',
      seltype  => 'httpd_sys_content_t',
      pathspec => "${www_root}(/.*)?",
    }

    # make sure we can connect to port 80
    selboolean { 'httpd_can_network_connect':
      persistent => true,
      value      => 'on',
    }

    exec { "restorecon_${www_root}":
      path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
      command     => "restorecon -Rv ${www_root}",
      refreshonly => true,
      subscribe   => Selinux::Fcontext[$www_root],
    }
  }
}