Nextcloud: WIP: Optional create hiddenservice

2023-05-21 16:01:21 +02:00 · 2023-05-21 16:01:21 +02:00 · d1bcf9ec1a
commit d1bcf9ec1a
parent 31fd563b47
7 changed files with 32 additions and 26 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,6 @@
 ---
+apache_custom_conf_path: /etc/apache2/conf-available
+
 nextcloud_admin_user: systemausfall.org
 nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ instance.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
 nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@ -8,7 +8,6 @@

 - name: "apache: {{ instance.alias }}: Alias einrichten"
  template:
-    src: apache_alias.j2
-    dest: "/etc/apache2/conf-available/{{ instance.name }}.alias.conf"
+    src: apache2/custom.conf.j2
+    dest: "{{ apache_custom_conf_path }}/{{ instance.name }}.conf"
  notify: reload apache
-  when: instance.alias is defined
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -14,6 +14,16 @@
 - import_tasks: php.yml
  tags: php

+- name: Configure hiddenservices
+  ansible.builtin.import_role:
+    name: configure-hiddenservice
+  tags: hiddenservice
+  delegate_to: "{{ onion_host }}"
+  when: item.config.hiddenservice is defined and item.config.hiddenservice
+
+- import_tasks: user.yml
+  tags: user
+
 - import_tasks: apache.yml
  tags: apache

--- a/tasks/php.yml
+++ b/tasks/php.yml
@ -11,23 +11,6 @@
    - stop php-fpm-service
    - start php-fpm-socket

-#- name: "php | Erstelle PHPPFM-override-Verzeichnis"
-#  ansible.builtin.file:
-#    path: "/etc/systemd/system/php-fpm@{{ instance.user }}.service.d"
-#    state: directory
-#    mode: 0755
-
-#- name: "php | Kopiere PHPFPM-override-Datei"
-#  ansible.builtin.template:
-#    src: systemd/php-fpm-override.conf
-#    dest: "/etc/systemd/system/php-fpm@{{ instance.user }}.service.d/override.conf"
-#    mode: 0644
-#  notify:
-#    - stop php-fpm-socket
-#    - stop php-fpm-service
-#    - Systemd daemon-reload
-#    - start php-fpm-socket
-
 - name: "php | {{ instance.name }} | Erstelle Log-Datei"
  file:
    path: "{{ php_fpm_log_dir }}/{{ instance.user }}.log"
--- a/templates/apache2/apache_site.conf.j2
+++ b/templates/apache2/apache_site.conf.j2
@ -3,7 +3,7 @@
        ServerName $domain
        DocumentRoot /data/nextcloud/$domain/
        Include /etc/apache2/conf-available/sao-cache.conf
-        IncludeOptional /etc/apache2/conf-available/$domain.alias.conf
+        IncludeOptional {{ apache_custom_conf_path }}/$domain.conf
        ErrorLog /var/log/apache2/$domain.error
        ProxyTimeout 900

--- a/templates/apache2/custom.conf.j2
+++ b/templates/apache2/custom.conf.j2
@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+{% if instance.alias is defined %}
+{% for alias in instance.alias %}
+ServerAlias {{ alias }}
+{% endfor %}
+{% endif %}
+
+{% if item.config.hiddenservice is defined and item.config.hiddenservice %}
+ServerAlias {{ hiddenservice_address.stdout }}
+
+<IfModule mod_headers.c>
+    <If "%{SERVER_NAME} == '{{ item.name }}'">
+        Header set Onion-Location "http://{{ hiddenservice_address.stdout }}"
+    </If>
+</IfModule>
+{% endif %}
--- a/templates/apache_alias.j2
+++ b/templates/apache_alias.j2
@ -1,5 +0,0 @@
-{% if instance.alias is defined %}
-{% for alias in instance.alias %}
-ServerAlias {{ alias }}
-{% endfor %}
-{% endif %}