9 files changed, 67 insertions, 81 deletions
diff --git a/modules/bcd/manifests/base.pp b/modules/bcd/manifests/base.pp
new file mode 100644
index 00000000..d515f3e1
--- /dev/null
+++ b/modules/bcd/manifests/base.pp
@@ -0,0 +1,29 @@
+class bcd::base {
+    include sudo
+    include bcd
+
+    group { $bcd::login: }
+
+    user { $bcd::login:
+        home       => $bcd::home,
+        comment    => 'User for creating ISOs',
+    }
+
+    file { [$bcd::public_isos, '/var/lib/bcd']:
+        ensure => directory,
+        owner  => $bcd::login,
+        group  => $bcd::login,
+        mode   => '0755',
+    }
+
+    # svn version is used for now
+    #package { bcd: }
+
+    # needed for qemu-over ssh
+    package { 'xauth': }
+
+    $isomakers_group = 'mga-iso_makers'
+    sudo::sudoers_config { 'bcd':
+        content => template('bcd/sudoers.bcd')
+    }
+}
diff --git a/modules/bcd/manifests/init.pp b/modules/bcd/manifests/init.pp
index db55c19d..1ff57144 100644
--- a/modules/bcd/manifests/init.pp
+++ b/modules/bcd/manifests/init.pp
@@ -1,69 +1,5 @@
 class bcd {
-    class variable {
-        $bcd_login = 'bcd'
-        $bcd_home = '/home/bcd'
-	$public_isos = "$bcd_home/public_html/isos"
-	$isomakers_group = 'mga-iso_makers'
-    }
-
-    class base inherits variable {
-	include sudo
-
-        buildsystem::sshuser { $bcd_login:
-            homedir => $bcd_home,
-            comment => "User for creating ISOs",
-	}
-
-	file { $public_isos:
-	    ensure => directory,
-	    owner => $bcd_login,
-	    group => $bcd_login,
-	    mode => 755,
-	}
-
-        #package { bcd:
-	#    ensure => 'installed',
-        #}
-
-        sudo::sudoers_config { "bcd":
-	    content => template("bcd/sudoers.bcd")
-        }
-
-	file { "/var/lib/bcd":
-	    ensure => directory,
-	    owner => $bcd_login,
-	    group => $bcd_login,
-	    mode => 755,
-	}
-
-    }
-
-    class web inherits base {
-        apache::vhost_base { "bcd.$domain":
-	    location => "$bcd_home/public_html",
-	    content => template('bcd/vhost_bcd.conf'),
-	}
-	file {"htaccess":
-	    path => "$bcd_home/public_html/.htaccess",
-	    ensure => present,
-	    owner => bcd,
-	    group => bcd,
-	    mode => 755,
-	    content => template("bcd/.htaccess")
-	}
-	file {"htpasswd":
-            path => "$bcd_home/public_html/.htpasswd",
-            ensure => present,
-            owner => bcd,
-            group => bcd,
-            mode => 755,
-            content => template("bcd/.htpasswd")
-        }
-    }
-
-    class rsync inherits base {
-        class { rsyncd:
-		rsyncd_conf => 'bcd/rsyncd.conf'
-	}
-    }
+    $login = 'bcd'
+    $home = '/home/bcd'
+    $public_isos = "${home}/public_html/isos"
 }
diff --git a/modules/bcd/manifests/rsync.pp b/modules/bcd/manifests/rsync.pp
new file mode 100644
index 00000000..0a9ccc34
--- /dev/null
+++ b/modules/bcd/manifests/rsync.pp
@@ -0,0 +1,7 @@
+class bcd::rsync {
+    include bcd::base
+    $public_isos = $bcd::public_isos
+    class { 'rsyncd':
+            rsyncd_conf => 'bcd/rsyncd.conf',
+    }
+}
diff --git a/modules/bcd/manifests/web.pp b/modules/bcd/manifests/web.pp
new file mode 100644
index 00000000..d670cf5d
--- /dev/null
+++ b/modules/bcd/manifests/web.pp
@@ -0,0 +1,9 @@
+class bcd::web {
+    include bcd::base
+    $location = "${bcd::home}/public_html"
+
+    apache::vhost::base { "bcd.${::domain}":
+        location => $location,
+        content  => template('bcd/vhost_bcd.conf'),
+    }
+}
diff --git a/modules/bcd/templates/.htaccess b/modules/bcd/templates/.htaccess
deleted file mode 100644
index 63631312..00000000
--- a/modules/bcd/templates/.htaccess
+++ /dev/null
@@ -1,5 +0,0 @@
-AuthUserFile <%= bcd_home %>/public_html/.htpasswd
-AuthGroupFile /dev/null
-AuthName "Restricted acces! For a RSYNC account, please mail your 'Mageia Identity' login to dams@mageia.org"
-AuthType Basic
-require valid-user
diff --git a/modules/bcd/templates/.htpasswd b/modules/bcd/templates/.htpasswd
deleted file mode 100644
index 457a13a7..00000000
--- a/modules/bcd/templates/.htpasswd
+++ /dev/null
@@ -1,2 +0,0 @@
-valstar:42Mx5EawIqVTY
-
diff --git a/modules/bcd/templates/rsyncd.conf b/modules/bcd/templates/rsyncd.conf
index 669eaf3d..75c7d335 100644
--- a/modules/bcd/templates/rsyncd.conf
+++ b/modules/bcd/templates/rsyncd.conf
@@ -4,6 +4,9 @@ uid = nobody
 gid = nogroup
 
 [isos]
-    path = <%= public_isos %>
+    path = <%= scope.lookupvar("bcd::public_isos") %>
     comment = Mageia ISOs
     exclude = .htaccess .htpasswd
+    read only = yes
+    auth users = isoqa
+    secrets file = /etc/rsyncd.secrets
diff --git a/modules/bcd/templates/sudoers.bcd b/modules/bcd/templates/sudoers.bcd
index 5649a24f..c462bffd 100644
--- a/modules/bcd/templates/sudoers.bcd
+++ b/modules/bcd/templates/sudoers.bcd
@@ -1,8 +1,10 @@
-<%= bcd_login %> ALL=(root) NOPASSWD:/bin/mount, /bin/umount, \
+<%= scope.lookupvar('bcd::login') %> ALL=(root) NOPASSWD:/bin/mount, /bin/umount, \
 /usr/sbin/chroot, \
 /usr/sbin/urpmi, \
 /usr/sbin/urpmi.addmedia, \
 /usr/sbin/urpmi.removemedia, \
+/usr/sbin/urpmi.update, \
+/usr/bin/urpmq, \
 /bin/rm
 
-%<%= isomakers_group %> ALL=(<%= bcd_login %>) SETENV: NOPASSWD: ALL
+%<%= @isomakers_group %> ALL=(<%= scope.lookupvar('bcd::login') %>) SETENV: NOPASSWD: ALL
diff --git a/modules/bcd/templates/vhost_bcd.conf b/modules/bcd/templates/vhost_bcd.conf
index 93d5c00c..c89955e2 100644
--- a/modules/bcd/templates/vhost_bcd.conf
+++ b/modules/bcd/templates/vhost_bcd.conf
@@ -1,5 +1,12 @@
-<Directory <%= bcd_home %>/public_html>
-  AllowOverride All
-  Options FollowSymlinks
-  Options Indexes
+<Directory <%= @location %>>
+    AuthUserFile <%= scope.lookupvar('bcd::home') %>/htpasswd
+    AuthGroupFile /dev/null
+    AuthName "QA test isos, restricted access"
+    ErrorDocument 403  "For the password, please contact the QA team ( https://wiki.<%= @domain %>/en/QA_Team )"
+
+    AuthType Basic
+    require valid-user
+
+    Options FollowSymlinks
+    Options Indexes
 </Directory>