add parameters to modify default chocolatey server config and update …

…readme
chocolatey-community · Oct 4, 2016 · d37290f · d37290f
1 parent 68351ba
commit d37290f
Show file tree

Hide file tree

Showing 5 changed files with 143 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -92,6 +92,15 @@ class {'chocolatey_server':
 }
 ~~~
 
+### Set a different apikey and allow packages to be overwritten
+
+~~~puppet
+class { 'chocolatey_server':
+  apikey                 => 'Sup3rS3cret',
+  allow_package_override => true,
+}
+~~~
+
 ### Use a alternate package folder and port without disabling default website
 
 ~~~puppet
@@ -126,6 +135,14 @@ Host your own Chocolatey package repository
 
 #### Parameters
 
+##### `allow_package_override`
+Controls whether or not packages can be overwritten if a package with the same
+id and version already exist. Defaults to 'false'.
+
+##### `apikey`
+Set the apikey for chocolatey server used to push packages. Defaults to
+'chocolateyrocks'.
+
 ##### `chocolatey_server_app_pool_name`
 Set apppool name used by the chocolatey.server website. Defaults to
 'chocolatey.server'.
@@ -153,6 +170,10 @@ The permissions should be passed as an array of identity and permissions.
 ##### `port`
 The port for the server website. Defaults to '80'.
 
+##### `require_apikey`
+Controls whether or not an apikey is required to push packages to the chocolatey
+server. Defaults to 'true'.
+
 ##### `server_package_source`
 The Chocolatey source that contains the `chocolatey.server` package.
 Defaults to 'https://chocolatey.org/api/v2/'.

diff --git a/examples/init.pp b/examples/init.pp
@@ -1,6 +1,7 @@
-# setting up a chocolatey server on port 8080 with an alternate packages folder
-# without disabling the default web site
+# setting up a chocolatey server with a new apikey on port 8080 with an
+# alternate packages folder without disabling the default web site
 class { 'chocolatey_server':
+  apikey                  => 'changeme',
   disable_default_website => false,
   packages_folder         => 'C:\Chocolatey',
   port                    => '8080',

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -32,11 +32,14 @@
 #   means. e.g. environment variable ChocolateyBinRoot.  Defaults to
 #   'C:\tools\chocolatey.server'
 class chocolatey_server (
+  $allow_package_override = $::chocolatey_server::params::allow_package_override,
+  $apikey = $::chocolatey_server::params::apikey,
   $chocolatey_server_app_pool_name = $::chocolatey_server::params::chocolatey_server_app_pool_name,
   $disable_default_website = $::chocolatey_server::params::disable_default_website,
   $packages_folder = $::chocolatey_server::params::packages_folder,
   $packages_folder_permissions = $::chocolatey_server::params::packages_folder_permissions,
   $port = $::chocolatey_server::params::service_port,
+  $require_apikey = $::chocolatey_server::params::require_apikey,
   $server_package_source = $::chocolatey_server::params::server_package_source,
   $server_install_location = $::chocolatey_server::params::server_install_location,
 ) inherits ::chocolatey_server::params {
@@ -100,6 +103,16 @@
     require                    => Iis::Manage_app_pool["${_chocolatey_server_app_pool_name}"],
   }
 
+  # configure chocolatey server settings
+  file { "${_chocolatey_server_location}/web.config":
+    ensure  => file,
+    content => epp('chocolatey_server/web.config.epp', {
+      'allowOverrideExistingPackageOnPush' => $allow_package_override,
+      'apiKey'                             => $apikey,
+      'requireApiKey'                      => $require_apikey,
+    }),
+  }
+
   # only set permissions if an alternate package folder is undefined
   unless $packages_folder {
     # ensure app_data folder is created

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -5,13 +5,16 @@
 class chocolatey_server::params {
   case $::osfamily {
     'windows': {
+      $allow_package_override = false
+      $apikey = 'chocolateyrocks'
       $chocolatey_server_app_pool_name = 'chocolatey.server'
       $disable_default_website = true
       $packages_folder = undef
       $packages_folder_permissions = [
         { identity => "IIS APPPOOL\\${chocolatey_server_app_pool_name}", rights => ['modify'] },
         { identity => 'IIS_IUSRS', rights => ['modify'] }
       ]
+      $require_apikey = true
       $service_port = '80'
       $server_package_source = 'https://chocolatey.org/api/v2/'
       $server_install_location = 'C:\tools\chocolatey.server'

diff --git a/templates/web.config.epp b/templates/web.config.epp
@@ -0,0 +1,103 @@
+<%- | Boolean $allowOverrideExistingPackageOnPush, String $apiKey, Boolean $requireApiKey | -%>
+<?xml version="1.0"?>
+<!--
+  For more information on how to configure your ASP.NET application, please visit
+  http://go.microsoft.com/fwlink/?LinkId=169433
+  -->
+<configuration>
+  <configSections>
+    <sectionGroup name="elmah">
+      <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah"/>
+      <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah"/>
+      <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah"/>
+      <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah"/>
+    </sectionGroup>
+  </configSections>
+  <system.web>
+    <compilation debug="false" targetFramework="4.0"/>
+    <httpModules>
+      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
+      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah"/>
+      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah"/>
+    </httpModules>
+    <httpRuntime maxRequestLength="31457280"/>
+  </system.web>
+  <system.webServer>
+    <validation validateIntegratedModeConfiguration="false"/>
+    <modules runAllManagedModulesForAllRequests="true">
+      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler"/>
+      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler"/>
+      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler"/>
+    </modules>
+    <staticContent>
+      <mimeMap fileExtension=".nupkg" mimeType="application/zip"/>
+    </staticContent>
+  </system.webServer>
+  <elmah>
+    <!--
+        See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for
+        more information on remote access and securing ELMAH.
+    -->
+    <security allowRemoteAccess="false"/>
+    <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data/Logs"/>
+  </elmah>
+  <location path="elmah.axd" inheritInChildApplications="false">
+    <system.web>
+      <httpHandlers>
+        <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah"/>
+      </httpHandlers>
+      <!--
+        See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for
+        more information on using ASP.NET authorization securing ELMAH.
+
+      <authorization>
+        <allow roles="admin" />
+        <deny users="*" />
+      </authorization>
+      -->
+    </system.web>
+    <system.webServer>
+      <handlers>
+        <add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode"/>
+      </handlers>
+    </system.webServer>
+  </location>
+  <appSettings>
+    <!--
+            Determines if an Api Key is required to push\delete packages from the server.
+    -->
+    <add key="requireApiKey" value="<%= $requireApiKey %>"/>
+    <!--
+            Set the value here to allow people to push/delete packages from the server.
+            NOTE: This is a shared key (password) for all users.
+    -->
+    <add key="apiKey" value="<%= $apiKey %>"/>
+    <!--
+            Change the path to the packages folder. Default is ~/Packages.
+            This can be a virtual or physical path.
+        -->
+    <add key="packagesPath" value="~/App_Data/Packages"/>
+    <!--
+            Set allowOverrideExistingPackageOnPush to false if attempts to upload a package that already exists
+            (same id and same version) should fail.
+    -->
+    <add key="allowOverrideExistingPackageOnPush" value="<%= $allowOverrideExistingPackageOnPush %>"/>
+    <!--
+            Set enableDelisting to true to enable delist instead of delete as a result of a "nuget delete" command.
+            - delete: package is deleted from the repository's local filesystem.
+            - delist:
+              - "nuget delete": the "hidden" file attribute of the corresponding nupkg on the repository local filesystem is turned on instead of deleting the file.
+              - "nuget list" skips delisted packages, i.e. those that have the hidden attribute set on their nupkg.
+              - "nuget install packageid -version version" command will succeed for both listed and delisted packages.
+                 e.g. delisted packages can still be downloaded by clients that explicitly specify their version.
+    -->
+    <add key="enableDelisting" value="true"/>
+    <!--
+      Set enableFrameworkFiltering to true to enable filtering packages by their supported frameworks during search.
+    -->
+    <add key="enableFrameworkFiltering" value="false"/>
+  </appSettings>
+  <system.serviceModel>
+    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
+  </system.serviceModel>
+</configuration>