Add froxlor support

2024-03-01 00:03:40 +01:00 · 2024-03-01 00:03:40 +01:00 · bbaf313bc2
parent 453c8d6b7a
commit bbaf313bc2
5 changed files with 291 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1 +1,20 @@
 nginx_disable_ssl: false
+
+lxc_item_redirect:
+  listen: 80
+  redirect: "https://$host$request_uri" 
+  server_name: 
+    - "{{ loop_domain }}" 
+  remove_error_pages: True
+  disable_referer: False
+  letsencrypt: true
+
+lxc_item_proxy:
+  listen: 443
+  ssl: true
+  server_name: 
+    - "{{ loop_domain }}" 
+  remove_error_pages: True
+  disable_referer: False
+  letsencrypt: true
+  proxy: "http://[2a01:e0a:21a:17a7::1]:80"
--- a/tasks/froxlor_configure_vhost.yml
+++ b/tasks/froxlor_configure_vhost.yml
@ -0,0 +1,94 @@
+---
+- debug: 
+    var: loop_domain
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- name: Set var
+  ansible.builtin.set_fact:
+    item: "{{ lxc_item_redirect }}"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+
+- name: "Add redirect Vhost"
+  template:
+    src: "vhosts/redirect.j2"
+    dest: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-80.conf"
+  notify:
+    - Reload Nginx
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- name: "Enable redirect vhost"
+  file:
+    src: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-80.conf"
+    dest: "/etc/nginx/sites-enabled/froxlor_{{ loop_domain }}-80.conf"
+    state: link
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+  notify:
+    - Reload Nginx
+
+
+- name: "Create certificate"
+  shell: "certbot certonly --non-interactive  --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt -d {{ loop_domain }} --expand --key-type ecdsa --elliptic-curve secp384r1;"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- name: Set var
+  ansible.builtin.set_fact:
+    item: "{{ lxc_item_proxy }}"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- name: "Add proxy vhost"
+  template:
+    src: "vhosts/proxy.j2"
+    dest: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-443.conf"
+  notify:
+    - Reload Nginx
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- name: "Enable proxy vhost"
+  file:
+    src: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-443.conf"
+    dest: "/etc/nginx/sites-enabled/froxlor_{{ loop_domain }}-443.conf"
+    state: link
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+  notify:
+    - Reload Nginx
--- a/tasks/froxlor_delete_vhost.yml
+++ b/tasks/froxlor_delete_vhost.yml
@ -0,0 +1,61 @@
+---
+- name: "Remove symlink proxy"
+  file:
+    state: absent
+    path: "/etc/nginx/sites-enabled/froxlor_{{ loop_domain }}-443.conf"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+  notify:
+    - Reload Nginx
+
+- name: "Remove symlink redirect"
+  file:
+    state: absent
+    path: "/etc/nginx/sites-enabled/froxlor_{{ loop_domain }}-80.conf"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+  notify:
+    - Reload Nginx
+
+- name: "Remove website proxy conf"
+  file:
+    state: absent
+    path: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-443.conf"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+
+- name: "Remove website redirect conf"
+  file:
+    state: absent
+    path: "/etc/nginx/sites-available/froxlor_{{ loop_domain }}-80.conf"
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+
+- name: "Revoke Let's Encrypt cert"
+  shell: "certbot revoke --delete-after-revoke --cert-path /etc/letsencrypt/live/{{ loop_domain }}/cert.pem"
+  ignore_errors: yes
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+  notify:
+    - Reload Nginx
+
--- a/tasks/froxlor_vhost.yml
+++ b/tasks/froxlor_vhost.yml
@ -0,0 +1,110 @@
+---
+- name: Check if froxlor_domain.json exist
+  stat:
+    path: /etc/nginx/froxlor_domain.json
+  register: stat_result
+  when:
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- name: Make file if not exist
+  ansible.builtin.copy:
+    content: "[]"
+    dest: /etc/nginx/froxlor_domain.json
+  when: 
+    - not stat_result.stat.exists
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- name: "Get all domains"
+  ansible.builtin.uri:
+    url: "{{ froxlor_url }}/api.php"
+    method: "POST"
+    headers:
+      Content-Type: "application/json"
+      Authorization: "Basic {{ froxlor_token }}"
+    body: '{"command":"SubDomains.listing"}'
+    status_code: 200
+    body_format: "json"
+  register: froxlor_domains
+  delegate_to: localhost
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- debug:
+    var: froxlor_domains["json"]["data"]
+    verbosity: 2
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- name: Get know domain
+  set_fact:
+    know_froxlor_domain: "{{ lookup('file','/etc/nginx/froxlor_domain.json') | from_json }}"
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- name: Create a domain list
+  set_fact:
+    domains: []
+  delegate_to: localhost
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- name: Append domain in domain list
+  set_fact:
+    domains: "{{ domains + [item['domain']] }}"
+  delegate_to: localhost
+  loop: "{{ froxlor_domains['json']['data']['list'] }}" 
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
+
+- include_tasks: froxlor_configure_vhost.yml
+  loop: "{{ domains }}" 
+  loop_control:
+    loop_var: loop_domain
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - not loop_domain in know_froxlor_domain
+
+- include_tasks: froxlor_delete_vhost.yml
+  loop: "{{ know_froxlor_domain }}" 
+  loop_control:
+    loop_var: loop_domain
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+    - loop_domain not in domains
+
+- name: Copy using inline content
+  ansible.builtin.copy:
+    content: "{{ domains }}"
+    dest: /etc/nginx/froxlor_domain.json
+  when: 
+    - use_froxlor is defined
+    - use_froxlor == True
+  tags:
+    - froxlor
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -28,6 +28,13 @@
    - zabbix
  when: zabbix_webcheck is defined and zabbix_webcheck == True

+- include_tasks: froxlor_vhost.yml
+  tags:
+    - froxlor
+  when: 
+    - use_froxlor is defined
+    - use_froxlor
+
 - include_tasks: remove-vhost.yml
  tags:
    - resign