From d1bcf9ec1a278b5bfe2bd3765ba14b7630ed3b86 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Sun, 21 May 2023 16:01:21 +0200
Subject: [PATCH] Nextcloud: WIP: Optional create hiddenservice

---
 defaults/main.yml                           |  2 ++
 tasks/apache.yml                            |  5 ++---
 tasks/main.yml                              | 10 ++++++++++
 tasks/php.yml                               | 17 -----------------
 templates/{ => apache2}/apache_site.conf.j2 |  2 +-
 templates/apache2/custom.conf.j2            | 17 +++++++++++++++++
 templates/apache_alias.j2                   |  5 -----
 7 files changed, 32 insertions(+), 26 deletions(-)
 rename templates/{ => apache2}/apache_site.conf.j2 (93%)
 create mode 100644 templates/apache2/custom.conf.j2
 delete mode 100644 templates/apache_alias.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index cbb136d..8a9fe37 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,4 +1,6 @@
 ---
+apache_custom_conf_path: /etc/apache2/conf-available
+
 nextcloud_admin_user: systemausfall.org
 nextcloud_admin_pw: "{{ lookup('password', '/tmp/{{ instance.name }}_admin_pwd length=42 chars=ascii_letters,digits') }}"
 nextcloud_db_password: "{{ lookup('password', '/tmp/{{ instance.name }}_db_pwd length=42 chars=ascii_letters,digits') }}"
diff --git a/tasks/apache.yml b/tasks/apache.yml
index bb77ae4..c6ca024 100644
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
@@ -8,7 +8,6 @@
 
 - name: "apache: {{ instance.alias }}: Alias einrichten"
   template:
-    src: apache_alias.j2
-    dest: "/etc/apache2/conf-available/{{ instance.name }}.alias.conf"
+    src: apache2/custom.conf.j2
+    dest: "{{ apache_custom_conf_path }}/{{ instance.name }}.conf"
   notify: reload apache
-  when: instance.alias is defined
diff --git a/tasks/main.yml b/tasks/main.yml
index 6d32627..4278c09 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,6 +14,16 @@
 - import_tasks: php.yml
   tags: php
 
+- name: Configure hiddenservices
+  ansible.builtin.import_role:
+    name: configure-hiddenservice
+  tags: hiddenservice
+  delegate_to: "{{ onion_host }}"
+  when: item.config.hiddenservice is defined and item.config.hiddenservice
+
+- import_tasks: user.yml
+  tags: user
+
 - import_tasks: apache.yml
   tags: apache
 
diff --git a/tasks/php.yml b/tasks/php.yml
index 98d5502..58186b4 100644
--- a/tasks/php.yml
+++ b/tasks/php.yml
@@ -11,23 +11,6 @@
     - stop php-fpm-service
     - start php-fpm-socket
 
-#- name: "php | Erstelle PHPPFM-override-Verzeichnis"
-#  ansible.builtin.file:
-#    path: "/etc/systemd/system/php-fpm@{{ instance.user }}.service.d"
-#    state: directory
-#    mode: 0755
-
-#- name: "php | Kopiere PHPFPM-override-Datei"
-#  ansible.builtin.template:
-#    src: systemd/php-fpm-override.conf
-#    dest: "/etc/systemd/system/php-fpm@{{ instance.user }}.service.d/override.conf"
-#    mode: 0644
-#  notify:
-#    - stop php-fpm-socket
-#    - stop php-fpm-service
-#    - Systemd daemon-reload
-#    - start php-fpm-socket
-
 - name: "php | {{ instance.name }} | Erstelle Log-Datei"
   file:
     path: "{{ php_fpm_log_dir }}/{{ instance.user }}.log"
diff --git a/templates/apache_site.conf.j2 b/templates/apache2/apache_site.conf.j2
similarity index 93%
rename from templates/apache_site.conf.j2
rename to templates/apache2/apache_site.conf.j2
index edce610..30cfc39 100644
--- a/templates/apache_site.conf.j2
+++ b/templates/apache2/apache_site.conf.j2
@@ -3,7 +3,7 @@
         ServerName $domain
         DocumentRoot /data/nextcloud/$domain/
         Include /etc/apache2/conf-available/sao-cache.conf
-        IncludeOptional /etc/apache2/conf-available/$domain.alias.conf
+        IncludeOptional {{ apache_custom_conf_path }}/$domain.conf
         ErrorLog /var/log/apache2/$domain.error
         ProxyTimeout 900
 
diff --git a/templates/apache2/custom.conf.j2 b/templates/apache2/custom.conf.j2
new file mode 100644
index 0000000..6689880
--- /dev/null
+++ b/templates/apache2/custom.conf.j2
@@ -0,0 +1,17 @@
+# {{ ansible_managed }}
+
+{% if instance.alias is defined %}
+{% for alias in instance.alias %}
+ServerAlias {{ alias }}
+{% endfor %}
+{% endif %}
+
+{% if item.config.hiddenservice is defined and item.config.hiddenservice %}
+ServerAlias {{ hiddenservice_address.stdout }}
+
+<IfModule mod_headers.c>
+    <If "%{SERVER_NAME} == '{{ item.name }}'">
+        Header set Onion-Location "http://{{ hiddenservice_address.stdout }}"
+    </If>
+</IfModule>
+{% endif %}
diff --git a/templates/apache_alias.j2 b/templates/apache_alias.j2
deleted file mode 100644
index de29cb8..0000000
--- a/templates/apache_alias.j2
+++ /dev/null
@@ -1,5 +0,0 @@
-{% if instance.alias is defined %}
-{% for alias in instance.alias %}
-ServerAlias {{ alias }}
-{% endfor %}
-{% endif %}