summaryrefslogtreecommitdiff
path: root/roles/web
diff options
context:
space:
mode:
Diffstat (limited to 'roles/web')
-rw-r--r--roles/web/handlers/main.yaml22
-rw-r--r--roles/web/tasks/.setup_sites.yaml.swpbin0 -> 12288 bytes
-rw-r--r--roles/web/tasks/build_hugo_sites.yaml66
-rw-r--r--roles/web/tasks/copy_certs.yaml28
-rw-r--r--roles/web/tasks/main.yaml78
-rw-r--r--roles/web/tasks/setup_auth.yaml12
-rw-r--r--roles/web/tasks/setup_httpd.yaml8
-rw-r--r--roles/web/tasks/template_vars.yaml41
-rw-r--r--roles/web/templates/httpd.conf.j219
9 files changed, 274 insertions, 0 deletions
diff --git a/roles/web/handlers/main.yaml b/roles/web/handlers/main.yaml
new file mode 100644
index 00000000..85096548
--- /dev/null
+++ b/roles/web/handlers/main.yaml
@@ -0,0 +1,22 @@
+---
+- name: restart_httpd
+ ansible.builtin.service:
+ name: httpd
+ state: restarted
+ enabled: true
+
+- name: notification_restart
+ ansible.builtin.debug:
+ msg: "Restart your box once reactance run is complete"
+
+- name: show_links
+ ansible.builtin.debug:
+ msg: "{{ }}"
+- name: show_htpasswd_passwords
+ ansible.builtin.debug:
+ msg: "{{ htpasswd_passwords | format_userpass_output(ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0])) }}"
+
+- name: cleanup_temp_dir
+ ansible.builtin.file:
+ path: /var/reactance/.temp
+ state: absent
diff --git a/roles/web/tasks/.setup_sites.yaml.swp b/roles/web/tasks/.setup_sites.yaml.swp
new file mode 100644
index 00000000..0534a7f0
--- /dev/null
+++ b/roles/web/tasks/.setup_sites.yaml.swp
Binary files differ
diff --git a/roles/web/tasks/build_hugo_sites.yaml b/roles/web/tasks/build_hugo_sites.yaml
new file mode 100644
index 00000000..f3852133
--- /dev/null
+++ b/roles/web/tasks/build_hugo_sites.yaml
@@ -0,0 +1,66 @@
+---
+- name: "make build directory"
+ delegate_to: localhost
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: directory
+ loop:
+ - "{{ inventory_dir }}/.hugo_sites_build"
+ - "{{ inventory_dir }}/.built_sites"
+
+- name: "copy specific folders to hugo_tmp for each user"
+ delegate_to: localhost
+ ansible.builtin.shell: "rsync -avz {{ inventory_dir }}/web/ {{ inventory_dir }}/.hugo_sites_build/{{ item }} {{ '--exclude=anyconnect.md' if 'ocserv' not in user_pass_dict[item] }} {{'--exclude=openconnect.md' if 'ocserv' not in user_pass_dict[item] }} {{'--exclude=nekobox.md' if ['trojan','vmess','vless']|intersect(user_pass_dict[item]) == {} }} {{'--exclude=nekoray.md' if ['trojan','vmess','vless']|intersect(user_pass_dict[item]) == {} }} {{'--exclude=nekossh.md' if 'sshvpn' not in user_pass_dict[item] }}"
+ loop: "{{ user_pass_dict.keys() }}"
+
+- name: "template out hugo.toml"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/hugo.toml.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/hugo.toml"
+ loop: "{{ user_pass_dict.keys() }}"
+
+- name: "template out vars"
+ ansible.builtin.include_tasks: template_vars.yaml
+ loop:
+ - content.en
+ - content.fa
+ loop_control:
+ loop_var: content_dir
+
+- name: "copy hugo_build.sh to temp dir"
+ delegate_to: localhost
+ ansible.builtin.copy:
+ src: "{{ inventory_dir }}/utils/hugo_build.sh"
+ dest: ".hugo_sites_build/hugo_build.sh"
+
+- name: "build hugo sites"
+ delegate_to: localhost
+ ansible.builtin.shell: "sh {{ inventory_dir }}/.hugo_sites_build/hugo_build.sh"
+
+- name: "copy sites"
+ ansible.posix.synchronize:
+ src: "{{ inventory_dir }}/.built_sites/" # this will only copy contents
+ dest: /var/www/reactance
+
+- name: "copy images"
+ ansible.posix.synchronize:
+ src: "{{ inventory_dir }}/web/static/images/"
+ dest: /var/www/reactance/images
+
+- name: "charge dir permissions"
+ ansible.builtin.file:
+ dest: /var/www/reactance
+ owner: www
+ group: daemon
+ mode: 0755
+ recurse: yes
+
+- name: "remove build directory"
+ delegate_to: localhost
+ ansible.builtin.file:
+ path: "{{ item }}"
+ state: absent
+ loop:
+ - "{{ inventory_dir }}/.hugo_sites_build"
+ - "{{ inventory_dir }}/.built_sites"
diff --git a/roles/web/tasks/copy_certs.yaml b/roles/web/tasks/copy_certs.yaml
new file mode 100644
index 00000000..ad670ff3
--- /dev/null
+++ b/roles/web/tasks/copy_certs.yaml
@@ -0,0 +1,28 @@
+---
+- name: "copy ocserv cert"
+ ansible.builtin.copy:
+ remote_src: true
+ src: "/var/reactance/ocserv/certs/{{ item }}-cert.pem"
+ dest: "/var/www/reactance/{{ item }}/{{ item }}-User-Certificate.pem"
+ owner: www
+ group: daemon
+ loop: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json).keys()}}"
+
+- name: "copy ocserv key"
+ ansible.builtin.copy:
+ remote_src: true
+ src: "/var/reactance/ocserv/certs/{{ item }}-key.pem"
+ dest: "/var/www/reactance/{{ item }}/{{ item }}-User-Key.pem"
+ owner: www
+ group: daemon
+ loop: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json).keys()}}"
+
+- name: "copy ocserv p12 cert"
+ ansible.builtin.copy:
+ remote_src: true
+ src: "/var/reactance/ocserv/certs/{{ item }}.p12"
+ dest: "/var/www/reactance/{{ item }}/{{ item }}-Certificate-Android.p12"
+ owner: www
+ group: daemon
+ loop: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json).keys()}}"
+
diff --git a/roles/web/tasks/main.yaml b/roles/web/tasks/main.yaml
new file mode 100644
index 00000000..e541df09
--- /dev/null
+++ b/roles/web/tasks/main.yaml
@@ -0,0 +1,78 @@
+---
+
+- name: "check if files exist"
+ ansible.builtin.stat:
+ path: "{{ item }}"
+ register: check_pass_stats
+ loop:
+ - /var/reactance/.temp/ocserv_user_pass_dict
+ - /var/reactance/.temp/xray_user_pass_dict
+ - /var/reactance/.temp/sshvpn_user_pass_dict
+
+- name: "slurp ocserv creds"
+ ansible.builtin.slurp:
+ src: /var/reactance/.temp/ocserv_user_pass_dict
+ register: ocserv_user_pass_dict_contents
+ when: check_pass_stats.results[0].stat.exists
+
+- name: "slurp xray creds"
+ ansible.builtin.slurp:
+ src: /var/reactance/.temp/xray_user_pass_dict
+ register: xray_user_pass_dict_contents
+ when: check_pass_stats.results[1].stat.exists
+
+- name: "slurp sshvpn creds"
+ ansible.builtin.slurp:
+ src: /var/reactance/.temp/sshvpn_user_pass_dict
+ register: sshvpn_user_pass_dict_contents
+ when: check_pass_stats.results[2].stat.exists
+
+- name: "combine dicts"
+ ansible.builtin.set_fact:
+ user_pass_dict: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json)|combine(xray_user_pass_dict_contents.content|default('e30K')|b64decode|from_json, sshvpn_user_pass_dict_contents.content|default('e30K')|b64decode|from_json, recursive=true, list_merge='append') }}"
+ notify:
+ - cleanup_temp_dir
+
+- name: "get salamander public key"
+ ansible.builtin.slurp:
+ path: "/var/reactance/xray/xray_public_key"
+ register: xray_pub_key_b64e
+ when: check_pass_stats.results[1].stat.exists
+
+- name: "register salamander public key"
+ ansible.builtin.set_fact:
+ xray_public_key: "{{ xray_pub_key_b64e.content|b64decode }}"
+ when: check_pass_stats.results[1].stat.exists
+
+- name: "build and copy sites"
+ ansible.builtin.include_tasks: build_hugo_sites.yaml
+
+- name: "copy certificates and keys"
+ ansible.builtin.include_tasks: copy_certs.yaml
+
+- name: "setup httpd"
+ ansible.builtin.include_tasks: setup_httpd.yaml
+
+- name: "setup htpasswd auth"
+ ansible.builtin.include_tasks: setup_auth.yaml
+
+- name: "store web expiration date"
+ ansible.builtin.set_fact:
+ web_exp_dict: "{{ web_exp_dict|default({}) | combine({item: ansible_facts.date_time.epoch|int + 86400 }) }}"
+ loop: "{{ user_pass_dict.keys() }}"
+
+- name: "check if web_expiration.json exists"
+ ansible.builtin.stat:
+ path: /var/reactance/.web_expiration.json
+ register: web_exp_stat
+
+- name: "slurp previous web_expiration.json contents"
+ ansible.builtin.slurp:
+ path: /var/reactance/.web_expiration.json
+ when: web_exp_stat.stat.exists
+ register: web_exp_e64
+
+- name: "write it to file"
+ ansible.builtin.copy:
+ content: "{{ web_exp_dict|default({})|combine(web_exp_e64.content|default('e30K')|b64decode|from_json) | to_json }}"
+ dest: /var/reactance/.web_expiration.json
diff --git a/roles/web/tasks/setup_auth.yaml b/roles/web/tasks/setup_auth.yaml
new file mode 100644
index 00000000..edcd83ef
--- /dev/null
+++ b/roles/web/tasks/setup_auth.yaml
@@ -0,0 +1,12 @@
+---
+- name: "generate arbitrary passwords for htpasswd"
+ ansible.builtin.set_fact:
+ htpasswd_passwords: "{{ htpasswd_passwords|default({}) | combine({ item: lookup('community.general.random_string', length=14, base64=true) }) }}"
+ loop: "{{ user_pass_dict.keys() }}"
+
+- name: "generate htpasswd"
+ ansible.builtin.shell: " echo {{item}}:{{htpasswd_passwords[item]}} | htpasswd -I /var/www/reactance/{{ item }}/.htpasswd && chown www /var/www/reactance/{{ item }}/.htpasswd && chmod 700 /var/www/reactance/{{ item }}/.htpasswd"
+ loop: "{{ user_pass_dict.keys() }}"
+ notify:
+ - show_htpasswd_passwords
+ - restart_httpd
diff --git a/roles/web/tasks/setup_httpd.yaml b/roles/web/tasks/setup_httpd.yaml
new file mode 100644
index 00000000..2bb9e880
--- /dev/null
+++ b/roles/web/tasks/setup_httpd.yaml
@@ -0,0 +1,8 @@
+---
+- name: "template out httpd.conf"
+ ansible.builtin.template:
+ src: httpd.conf.j2
+ dest: /etc/httpd.conf
+ notify:
+ - restart_httpd
+
diff --git a/roles/web/tasks/template_vars.yaml b/roles/web/tasks/template_vars.yaml
new file mode 100644
index 00000000..ba4423b4
--- /dev/null
+++ b/roles/web/tasks/template_vars.yaml
@@ -0,0 +1,41 @@
+---
+- name: "template out anyconnect.md"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/anyconnect.md.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/anyconnect.md"
+ loop: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json).keys()}}"
+
+- name: "template out openconnect.md"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/windows/openconnect.md.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/windows/openconnect.md"
+ loop: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json).keys() }}"
+
+- name: "template out nekobox.md"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/nekobox.md.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/nekobox.md"
+ loop: "{{ users.keys() }}"
+ vars:
+ users: "{{ xray_user_pass_dict_contents.content|default('e30K')|b64decode|from_json}}"
+
+- name: "template out nekoray.md"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/windows/nekoray.md.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/windows/nekoray.md"
+ loop: "{{ users.keys() }}"
+ vars:
+ users: "{{ xray_user_pass_dict_contents.content|default('e30K')|b64decode|from_json}}"
+
+- name: "template out nekossh.md"
+ delegate_to: localhost
+ ansible.builtin.template:
+ src: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/nekossh.md.j2"
+ dest: "{{ inventory_dir }}/.hugo_sites_build/{{ item }}/{{ content_dir }}/docs/android/nekossh.md"
+ loop: "{{ users.keys() }}"
+ vars:
+ users: "{{ sshvpn_user_pass_dict_contents.content|default('e30K')|b64decode|from_json}}"
diff --git a/roles/web/templates/httpd.conf.j2 b/roles/web/templates/httpd.conf.j2
new file mode 100644
index 00000000..ab26722c
--- /dev/null
+++ b/roles/web/templates/httpd.conf.j2
@@ -0,0 +1,19 @@
+server "default" {
+ listen on * port 80
+ location "/" {
+ block drop
+ }
+ location "/images/*" {
+ root "/reactance/images"
+ request strip 1
+ }
+
+{% for uname in user_pass_dict.keys() %}
+ location "/{{ uname }}/*" {
+ root "/reactance/{{ uname }}"
+ request strip 1
+ directory auto index
+ authenticate with "/reactance/{{ uname }}/.htpasswd"
+ }
+{% endfor %}
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-27 22:29:43 +0000