(chocolatey-communityGH-9) Add support to customize chocolatey server

Add parameters to allow modification of the default chocolatey server config such as the API key and the ability to overwrite existing packages. Update readme
ripclawffb · Oct 12, 2016 · 5a5960d · 5a5960d
1 parent c6b8b39
commit 5a5960d
Show file tree

Hide file tree

Showing 5 changed files with 144 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -94,6 +94,15 @@ class {'chocolatey_server':
 }
 ~~~
 
+### Set a different apikey and allow packages to be overwritten
+
+~~~puppet
+class { 'chocolatey_server':
+  apikey                 => 'Sup3rS3cret',
+  allow_package_override => true,
+}
+~~~
+
 ### Use a alternate package folder and port without disabling default website
 
 ~~~puppet
@@ -128,6 +137,14 @@ Host your own Chocolatey package repository
 
 #### Parameters
 
+##### `allow_package_override`
+Controls whether or not packages can be overwritten if a package with the same
+id and version already exist. Defaults to 'false'.
+
+##### `apikey`
+Set the apikey for chocolatey server used to push packages. Defaults to
+'chocolateyrocks'.
+
 ##### `chocolatey_server_app_pool_name`
 Set apppool name used by the chocolatey.server website. Defaults to
 'chocolatey.server'.
@@ -155,6 +172,10 @@ The permissions should be passed as an array of identity and permissions.
 ##### `port`
 The port for the server website. Defaults to '80'.
 
+##### `require_apikey`
+Controls whether or not an apikey is required to push packages to the chocolatey
+server. Defaults to 'true'.
+
 ##### `server_package_source`
 The Chocolatey source that contains the `chocolatey.server` package.
 Defaults to 'https://chocolatey.org/api/v2/'.

diff --git a/examples/init.pp b/examples/init.pp
@@ -1,6 +1,7 @@
-# setting up a chocolatey server on port 8080 with an alternate packages folder
-# without disabling the default web site
+# setting up a chocolatey server with a new apikey on port 8080 with an
+# alternate packages folder without disabling the default web site
 class { 'chocolatey_server':
+  apikey                  => 'changeme',
   disable_default_website => false,
   packages_folder         => 'C:\Chocolatey',
   port                    => '8080',

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -32,11 +32,14 @@
 #   means. e.g. environment variable ChocolateyBinRoot.  Defaults to
 #   'C:\tools\chocolatey.server'
 class chocolatey_server (
+  $allow_package_override = $::chocolatey_server::params::allow_package_override,
+  $apikey = $::chocolatey_server::params::apikey,
   $chocolatey_server_app_pool_name = $::chocolatey_server::params::chocolatey_server_app_pool_name,
   $disable_default_website = $::chocolatey_server::params::disable_default_website,
   $packages_folder = $::chocolatey_server::params::packages_folder,
   $packages_folder_permissions = $::chocolatey_server::params::packages_folder_permissions,
   $port = $::chocolatey_server::params::service_port,
+  $require_apikey = $::chocolatey_server::params::require_apikey,
   $server_package_source = $::chocolatey_server::params::server_package_source,
   $server_install_location = $::chocolatey_server::params::server_install_location,
 ) inherits ::chocolatey_server::params {
@@ -121,6 +124,17 @@
     require     => Package['chocolatey.server'],
   }
 
+  # configure chocolatey server settings
+  file { "${_chocolatey_server_location}/web.config":
+    ensure  => file,
+    content => epp('chocolatey_server/web.config.epp', {
+      'allowOverrideExistingPackageOnPush' => $allow_package_override,
+      'apiKey'                             => $apikey,
+      'requireApiKey'                      => $require_apikey,
+    }),
+    require => Package['chocolatey.server'],
+  }
+
   # only set permissions if an alternate package folder is undefined
   unless $packages_folder {
     # ensure app_data folder is created

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -5,13 +5,16 @@
 class chocolatey_server::params {
   case $::osfamily {
     'windows': {
+      $allow_package_override = false
+      $apikey = 'chocolateyrocks'
       $chocolatey_server_app_pool_name = 'chocolatey.server'
       $disable_default_website = true
       $packages_folder = undef
       $packages_folder_permissions = [
         { identity => "IIS APPPOOL\\${chocolatey_server_app_pool_name}", rights => ['modify'] },
         { identity => 'IIS_IUSRS', rights => ['modify'] }
       ]
+      $require_apikey = true
       $service_port = '80'
       $server_package_source = 'https://chocolatey.org/api/v2/'
       $server_install_location = 'C:\tools\chocolatey.server'

diff --git a/templates/web.config.epp b/templates/web.config.epp
@@ -0,0 +1,103 @@
+<%- | Boolean $allowOverrideExistingPackageOnPush, String $apiKey, Boolean $requireApiKey | -%>
+<?xml version="1.0"?>
+<!--
+  For more information on how to configure your ASP.NET application, please visit
+  http://go.microsoft.com/fwlink/?LinkId=169433
+  -->
+<configuration>
+  <configSections>
+    <sectionGroup name="elmah">
+      <section name="security" requirePermission="false" type="Elmah.SecuritySectionHandler, Elmah"/>
+      <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah"/>
+      <section name="errorMail" requirePermission="false" type="Elmah.ErrorMailSectionHandler, Elmah"/>
+      <section name="errorFilter" requirePermission="false" type="Elmah.ErrorFilterSectionHandler, Elmah"/>
+    </sectionGroup>
+  </configSections>
+  <system.web>
+    <compilation debug="false" targetFramework="4.0"/>
+    <httpModules>
+      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
+      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah"/>
+      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah"/>
+    </httpModules>
+    <httpRuntime maxRequestLength="31457280"/>
+  </system.web>
+  <system.webServer>
+    <validation validateIntegratedModeConfiguration="false"/>
+    <modules runAllManagedModulesForAllRequests="true">
+      <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler"/>
+      <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler"/>
+      <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler"/>
+    </modules>
+    <staticContent>
+      <mimeMap fileExtension=".nupkg" mimeType="application/zip"/>
+    </staticContent>
+  </system.webServer>
+  <elmah>
+    <!--
+        See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for
+        more information on remote access and securing ELMAH.
+    -->
+    <security allowRemoteAccess="false"/>
+    <errorLog type="Elmah.XmlFileErrorLog, Elmah" logPath="~/App_Data/Logs"/>
+  </elmah>
+  <location path="elmah.axd" inheritInChildApplications="false">
+    <system.web>
+      <httpHandlers>
+        <add verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah"/>
+      </httpHandlers>
+      <!--
+        See http://code.google.com/p/elmah/wiki/SecuringErrorLogPages for
+        more information on using ASP.NET authorization securing ELMAH.
+
+      <authorization>
+        <allow roles="admin" />
+        <deny users="*" />
+      </authorization>
+      -->
+    </system.web>
+    <system.webServer>
+      <handlers>
+        <add name="ELMAH" verb="POST,GET,HEAD" path="elmah.axd" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode"/>
+      </handlers>
+    </system.webServer>
+  </location>
+  <appSettings>
+    <!--
+            Determines if an Api Key is required to push\delete packages from the server.
+    -->
+    <add key="requireApiKey" value="<%= $requireApiKey %>"/>
+    <!--
+            Set the value here to allow people to push/delete packages from the server.
+            NOTE: This is a shared key (password) for all users.
+    -->
+    <add key="apiKey" value="<%= $apiKey %>"/>
+    <!--
+            Change the path to the packages folder. Default is ~/Packages.
+            This can be a virtual or physical path.
+        -->
+    <add key="packagesPath" value="~/App_Data/Packages"/>
+    <!--
+            Set allowOverrideExistingPackageOnPush to false if attempts to upload a package that already exists
+            (same id and same version) should fail.
+    -->
+    <add key="allowOverrideExistingPackageOnPush" value="<%= $allowOverrideExistingPackageOnPush %>"/>
+    <!--
+            Set enableDelisting to true to enable delist instead of delete as a result of a "nuget delete" command.
+            - delete: package is deleted from the repository's local filesystem.
+            - delist:
+              - "nuget delete": the "hidden" file attribute of the corresponding nupkg on the repository local filesystem is turned on instead of deleting the file.
+              - "nuget list" skips delisted packages, i.e. those that have the hidden attribute set on their nupkg.
+              - "nuget install packageid -version version" command will succeed for both listed and delisted packages.
+                 e.g. delisted packages can still be downloaded by clients that explicitly specify their version.
+    -->
+    <add key="enableDelisting" value="true"/>
+    <!--
+      Set enableFrameworkFiltering to true to enable filtering packages by their supported frameworks during search.
+    -->
+    <add key="enableFrameworkFiltering" value="false"/>
+  </appSettings>
+  <system.serviceModel>
+    <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
+  </system.serviceModel>
+</configuration>