Activer les onions pour les pages perso

roles/common/files/onion.conf.j2

@@ -0,0 +1,3 @@
+HiddenServiceDir /var/lib/tor/{{ item.name }}
+HiddenServiceVersion 3
+HiddenServicePort 80 127.0.0.1:80

roles/common/tasks/main.yml

@@ -26,4 +26,6 @@
     src: ../files/letsencrypt_cli.ini
     dest: /etc/letsencrypt/cli.ini
 
+- include: tor.yml
+
 - include: users.yml

roles/common/tasks/setup_user.yml

@@ -19,3 +19,8 @@
     user: "{{ item.name }}"
     state: present
     key: "{{ item.key }}"
+
+- name: Génerer un onion pour l'utilisateurice
+  template:
+    src: ../files/onion.conf.j2
+    dest: "/etc/tor/onions/{{ item.name }}.conf"

roles/common/tasks/tor.yml

@@ -0,0 +1,14 @@
+- name: Tor charge les onions depuis /etc/tor/onions/
+  lineinfile:
+    path: /etc/tor/torrc
+    line: "%include /etc/tor/onions"
+    state: present
+  notify: reload tor
+
+- name: On crée le dossier pour les onions
+  file:
+    path: /etc/tor/onions
+    state: directory
+    owner: debian-tor
+    group: debian-tor
+    mode: '0740'

roles/common/tasks/users.yml

@@ -1,2 +1,12 @@
 - include_tasks: setup_user.yml
   loop: "{{ users }}"
+
+- name: Redémarrer le démon tor pour générer les onions
+  service:
+    name: tor
+    state: restarted
+
+- name: Attendre que les onion perso soient générés
+  wait_for:
+    path: "/var/lib/tor/{{ item.name }}/hostname"
+  loop: "{{ users }}"

roles/webserver/files/onion.conf.j2

@@ -0,0 +1,12 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ web_onion.stdout }};
+    root /home/{{ item.name }}/public_html;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

roles/webserver/tasks/nginx.yml

@@ -22,20 +22,12 @@
     dest: /etc/nginx/conf.d/ssl.conf
   notify: reload nginx
 
-- name: Prepare symlink for user sites
-  file:
-    src: /etc/nginx/sites-available/users-site.conf
-    dest: /etc/nginx/sites-enabled/users-site.conf
-    force: yes
-    follow: no
-    state: link
+- name: Déployer les pages perso
+  include: pages_perso.yml
 
-- name: Deploy config for user sites on subdomains
-  template:
-    src: ../files/users.conf.j2
-    dest: /etc/nginx/sites-available/users-site.conf
-
-- name: Add public_html to /etc/skel
-  file:
-    path: /etc/skel/public_html
-    state: directory
+- name: Configurer nginx pour les noms de domaine longs
+  lineinfile:
+    path: /etc/nginx/nginx.conf
+    line: "server_names_hash_bucket_size 128;"
+    insertafter: "^http {"
+  notify: reload nginx

roles/webserver/tasks/onions_perso.yml

@@ -0,0 +1,15 @@
+- name: Récupérer le hostname en onion
+  command: "cat /var/lib/tor/{{ item.name }}/hostname"
+  register: web_onion
+
+- name: Configurer l'onion pour les pages perso de l'utilisateurice
+  template:
+    src: ../files/onion.conf.j2
+    dest: "/etc/nginx/sites-available/{{ item.name }}.onion.conf"
+  notify: reload nginx
+
+- name: Activer la configuration nginx
+  file:
+    src: "/etc/nginx/sites-available/{{ item.name }}.onion.conf"
+    dest: "/etc/nginx/sites-enabled/{{ item.name }}.onion.conf"
+    state: link

roles/webserver/tasks/pages_perso.yml

@@ -0,0 +1,21 @@
+- name: Créer les liens symboliques pour la config des sites
+  file:
+    src: /etc/nginx/sites-available/users-site.conf
+    dest: /etc/nginx/sites-enabled/users-site.conf
+    force: yes
+    follow: no
+    state: link
+
+- name: Configurer les pages perso pour nginx
+  template:
+    src: ../files/users.conf.j2
+    dest: /etc/nginx/sites-available/users-site.conf
+
+- name: Ajouter un dossier public_html dans le squelette
+  file:
+    path: /etc/skel/public_html
+    state: directory
+
+- name: Configurer les pages perso en onion
+  include: onions_perso.yml
+  loop: "{{ users }}"