From 0273e9553a82ca4a79c212684a2636c5566af0a7 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Sat, 14 Feb 2026 21:05:02 +0100
Subject: [PATCH] OP#436 add user access

---
 manifests/params.pp              |  1 +
 manifests/server/access.pp       | 31 +++++++++++++++++++++++++++++++
 manifests/server/access_rules.pp | 25 +++++++++++++++++++++++++
 manifests/server/files.pp        |  6 +-----
 manifests/server/service.pp      |  6 +++---
 5 files changed, 61 insertions(+), 8 deletions(-)
 create mode 100644 manifests/server/access.pp
 create mode 100644 manifests/server/access_rules.pp

diff --git a/manifests/params.pp b/manifests/params.pp
index 094a907..152b037 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -41,6 +41,7 @@ class confdroid_nagios::params (
 # httpd
   Boolean $ng_use_https       = false,
 
+
 ) {
 # Default facts
   $fqdn                     = $facts['networking']['fqdn']
diff --git a/manifests/server/access.pp b/manifests/server/access.pp
new file mode 100644
index 0000000..09d702c
--- /dev/null
+++ b/manifests/server/access.pp
@@ -0,0 +1,31 @@
+## confdroid_nagios::server::access.pp
+# Module name: confdroid_nagios
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary  Class manages access configuration for the confdroid_nagios module.
+# @param [String] ng_htpasswd_user The username for the Nagios web interface.
+# @param [String] ng_htpasswd_password The encrypted password for the Nagios web interface.
+# @example
+#   confdroid_nagios::server::access { 'example':
+#     ng_htpasswd_user     => 'example_user',
+#     ng_htpasswd_password => 'example_password_encrypted',
+#   }
+###############################################################################
+define confdroid_nagios::server::access (
+  Optional[String] $ng_htpasswd_user     = undef,
+  Optional[String] $ng_htpasswd_password = undef,
+) {
+  $ng_nagios_server = $confdroid_nagios::params::ng_nagios_server
+  $ng_htpasswd_file = $confdroid_nagios::params::ng_htpasswd_file
+  $ng_htpasswd_rule = $confdroid_nagios::params::ng_htpasswd_rule
+  $ng_service       = $confdroid_nagios::params::ng_nagios_service
+
+  if $fqdn == $ng_nagios_server {
+    # create password rules
+
+    concat::fragment { $name:
+      target  => $ng_htpasswd_file,
+      content => template($ng_htpasswd_rule),
+    }
+  }
+}
+v
diff --git a/manifests/server/access_rules.pp b/manifests/server/access_rules.pp
new file mode 100644
index 0000000..e60556d
--- /dev/null
+++ b/manifests/server/access_rules.pp
@@ -0,0 +1,25 @@
+## confdroid_nagios::server::access_rules.pp
+# Module name: confdroid_nagios
+# Author: 12ww1160 (12ww1160@confdroid.com)
+# @summary  Class manages presence of /etc/nagios/passwd file.
+#############################################################################
+class confdroid_nagios::server::access_rules (
+
+) inherits confdroid_nagios::params {
+  if $fqdn == $ng_nagios_server {
+    # manage /etc/nagios/passwd file
+
+    concat { $ng_htpasswd_file:
+      ensure   => present,
+      path     => $ng_htpasswd_file,
+      owner    => 'root',
+      group    => 'apache',
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => nagios_etc_t,
+      seluser  => system_u,
+      notify   => Service[$ng_nagios_service],
+    }
+  }
+}
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index 469b095..fb33723 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -1,8 +1,4 @@
-## confdroid_nagios::server::files.pp
-# Module name: confdroid_nagios
-# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary  Class manages configuration files for the confdroid_nagios module.
-###############################################################################
+c
 class confdroid_nagios::server::files (
 
 ) inherits confdroid_nagios::params {
diff --git a/manifests/server/service.pp b/manifests/server/service.pp
index dea4f18..26b527e 100644
--- a/manifests/server/service.pp
+++ b/manifests/server/service.pp
@@ -8,8 +8,8 @@ class confdroid_nagios::server::service (
 ) inherits confdroid_nagios::params {
   require confdroid_nagios::server::files
   if $ng_nagios_server == $fqdn {
-    exec { 'restart_httpd':
-      command     => 'systemctl restart httpd',
+    exec { 'reload_httpd':
+      command     => 'systemctl reload httpd',
       path        => ['/bin', '/usr/bin', '/sbin', '/usr/sbin'],
       refreshonly => true,
     }
@@ -20,7 +20,7 @@ class confdroid_nagios::server::service (
       enable     => true,
       hasrestart => true,
       hasstatus  => true,
-      require    => Exec['restart_httpd'],
+      require    => Exec['reload_httpd'],
     }
   }
 }