roles/web/tasks/main.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

---

- name: "check if files exist"
  ansible.builtin.stat:
    path: "{{ item }}"
  register: check_pass_stats
  loop:
    - /var/reactance/.temp/ocserv_user_pass_dict
    - /var/reactance/.temp/xray_user_pass_dict
    - /var/reactance/.temp/sshvpn_user_pass_dict

- name: "slurp ocserv creds"
  ansible.builtin.slurp:
    src: /var/reactance/.temp/ocserv_user_pass_dict
  register: ocserv_user_pass_dict_contents
  when:  check_pass_stats.results[0].stat.exists

- name: "slurp xray creds"
  ansible.builtin.slurp:
    src: /var/reactance/.temp/xray_user_pass_dict
  register: xray_user_pass_dict_contents
  when:  check_pass_stats.results[1].stat.exists

- name: "slurp sshvpn creds"
  ansible.builtin.slurp:
    src: /var/reactance/.temp/sshvpn_user_pass_dict
  register: sshvpn_user_pass_dict_contents
  when:  check_pass_stats.results[2].stat.exists

- name: "combine dicts"
  ansible.builtin.set_fact:
    user_pass_dict: "{{ (ocserv_user_pass_dict_contents.content|default('e30K')|b64decode|from_json)|combine(xray_user_pass_dict_contents.content|default('e30K')|b64decode|from_json, sshvpn_user_pass_dict_contents.content|default('e30K')|b64decode|from_json, recursive=true, list_merge='append') }}"
  notify:
    - cleanup_temp_dir

- name: "get salamander public key"
  ansible.builtin.slurp:
    path: "/var/reactance/xray/xray_public_key"
  register: xray_pub_key_b64e
  when:  check_pass_stats.results[1].stat.exists

- name: "register salamander public key"
  ansible.builtin.set_fact:
    xray_public_key: "{{ xray_pub_key_b64e.content|b64decode }}"
  when:  check_pass_stats.results[1].stat.exists

- name: "build and copy sites"
  ansible.builtin.include_tasks: build_hugo_sites.yaml

- name: "copy certificates and keys"
  ansible.builtin.include_tasks: copy_certs.yaml

- name: "setup httpd"
  ansible.builtin.include_tasks: setup_httpd.yaml

- name: "setup htpasswd auth"
  ansible.builtin.include_tasks: setup_auth.yaml

- name: "store web expiration date"
  ansible.builtin.set_fact:
    web_exp_dict: "{{ web_exp_dict|default({}) | combine({item: ansible_facts.date_time.epoch|int + 86400 }) }}"
  loop: "{{ user_pass_dict.keys() }}"

- name: "check if web_expiration.json exists"
  ansible.builtin.stat:
    path: /var/reactance/.web_expiration.json
  register: web_exp_stat

- name: "slurp previous web_expiration.json contents"
  ansible.builtin.slurp:
    path: /var/reactance/.web_expiration.json
  when: web_exp_stat.stat.exists
  register: web_exp_e64

- name: "write it to file"
  ansible.builtin.copy:
    content: "{{ web_exp_dict|default({})|combine(web_exp_e64.content|default('e30K')|b64decode|from_json) | to_json }}"
    dest: /var/reactance/.web_expiration.json