From 702fc92babed1b8bca2d4ba460a18c42be6d46a5 Mon Sep 17 00:00:00 2001 From: southerntofu Date: Sat, 11 Apr 2020 23:49:16 +0000 Subject: [PATCH] Activer les onions pour les pages perso --- roles/common/files/onion.conf.j2 | 3 +++ roles/common/tasks/main.yml | 2 ++ roles/common/tasks/setup_user.yml | 5 +++++ roles/common/tasks/tor.yml | 14 ++++++++++++++ roles/common/tasks/users.yml | 10 ++++++++++ roles/webserver/files/onion.conf.j2 | 12 ++++++++++++ roles/webserver/tasks/nginx.yml | 24 ++++++++---------------- roles/webserver/tasks/onions_perso.yml | 15 +++++++++++++++ roles/webserver/tasks/pages_perso.yml | 21 +++++++++++++++++++++ 9 files changed, 90 insertions(+), 16 deletions(-) create mode 100644 roles/common/files/onion.conf.j2 create mode 100644 roles/common/tasks/tor.yml create mode 100644 roles/webserver/files/onion.conf.j2 create mode 100644 roles/webserver/tasks/onions_perso.yml create mode 100644 roles/webserver/tasks/pages_perso.yml diff --git a/roles/common/files/onion.conf.j2 b/roles/common/files/onion.conf.j2 new file mode 100644 index 0000000..ddf1ca3 --- /dev/null +++ b/roles/common/files/onion.conf.j2 @@ -0,0 +1,3 @@ +HiddenServiceDir /var/lib/tor/{{ item.name }} +HiddenServiceVersion 3 +HiddenServicePort 80 127.0.0.1:80 diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 304570b..c263518 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -26,4 +26,6 @@ src: ../files/letsencrypt_cli.ini dest: /etc/letsencrypt/cli.ini +- include: tor.yml + - include: users.yml diff --git a/roles/common/tasks/setup_user.yml b/roles/common/tasks/setup_user.yml index 449a0a5..3a1efc7 100644 --- a/roles/common/tasks/setup_user.yml +++ b/roles/common/tasks/setup_user.yml @@ -19,3 +19,8 @@ user: "{{ item.name }}" state: present key: "{{ item.key }}" + +- name: Génerer un onion pour l'utilisateurice + template: + src: ../files/onion.conf.j2 + dest: "/etc/tor/onions/{{ item.name }}.conf" diff --git a/roles/common/tasks/tor.yml b/roles/common/tasks/tor.yml new file mode 100644 index 0000000..3faf445 --- /dev/null +++ b/roles/common/tasks/tor.yml @@ -0,0 +1,14 @@ +- name: Tor charge les onions depuis /etc/tor/onions/ + lineinfile: + path: /etc/tor/torrc + line: "%include /etc/tor/onions" + state: present + notify: reload tor + +- name: On crée le dossier pour les onions + file: + path: /etc/tor/onions + state: directory + owner: debian-tor + group: debian-tor + mode: '0740' diff --git a/roles/common/tasks/users.yml b/roles/common/tasks/users.yml index 635922f..cee5b7e 100644 --- a/roles/common/tasks/users.yml +++ b/roles/common/tasks/users.yml @@ -1,2 +1,12 @@ - include_tasks: setup_user.yml loop: "{{ users }}" + +- name: Redémarrer le démon tor pour générer les onions + service: + name: tor + state: restarted + +- name: Attendre que les onion perso soient générés + wait_for: + path: "/var/lib/tor/{{ item.name }}/hostname" + loop: "{{ users }}" diff --git a/roles/webserver/files/onion.conf.j2 b/roles/webserver/files/onion.conf.j2 new file mode 100644 index 0000000..eb58077 --- /dev/null +++ b/roles/webserver/files/onion.conf.j2 @@ -0,0 +1,12 @@ +server { + listen 80; + listen [::]:80; + + server_name {{ web_onion.stdout }}; + root /home/{{ item.name }}/public_html; + index index.html; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/roles/webserver/tasks/nginx.yml b/roles/webserver/tasks/nginx.yml index b75e5d5..a32a84e 100644 --- a/roles/webserver/tasks/nginx.yml +++ b/roles/webserver/tasks/nginx.yml @@ -22,20 +22,12 @@ dest: /etc/nginx/conf.d/ssl.conf notify: reload nginx -- name: Prepare symlink for user sites - file: - src: /etc/nginx/sites-available/users-site.conf - dest: /etc/nginx/sites-enabled/users-site.conf - force: yes - follow: no - state: link +- name: Déployer les pages perso + include: pages_perso.yml -- name: Deploy config for user sites on subdomains - template: - src: ../files/users.conf.j2 - dest: /etc/nginx/sites-available/users-site.conf - -- name: Add public_html to /etc/skel - file: - path: /etc/skel/public_html - state: directory +- name: Configurer nginx pour les noms de domaine longs + lineinfile: + path: /etc/nginx/nginx.conf + line: "server_names_hash_bucket_size 128;" + insertafter: "^http {" + notify: reload nginx diff --git a/roles/webserver/tasks/onions_perso.yml b/roles/webserver/tasks/onions_perso.yml new file mode 100644 index 0000000..d7c555f --- /dev/null +++ b/roles/webserver/tasks/onions_perso.yml @@ -0,0 +1,15 @@ +- name: Récupérer le hostname en onion + command: "cat /var/lib/tor/{{ item.name }}/hostname" + register: web_onion + +- name: Configurer l'onion pour les pages perso de l'utilisateurice + template: + src: ../files/onion.conf.j2 + dest: "/etc/nginx/sites-available/{{ item.name }}.onion.conf" + notify: reload nginx + +- name: Activer la configuration nginx + file: + src: "/etc/nginx/sites-available/{{ item.name }}.onion.conf" + dest: "/etc/nginx/sites-enabled/{{ item.name }}.onion.conf" + state: link diff --git a/roles/webserver/tasks/pages_perso.yml b/roles/webserver/tasks/pages_perso.yml new file mode 100644 index 0000000..5d21d42 --- /dev/null +++ b/roles/webserver/tasks/pages_perso.yml @@ -0,0 +1,21 @@ +- name: Créer les liens symboliques pour la config des sites + file: + src: /etc/nginx/sites-available/users-site.conf + dest: /etc/nginx/sites-enabled/users-site.conf + force: yes + follow: no + state: link + +- name: Configurer les pages perso pour nginx + template: + src: ../files/users.conf.j2 + dest: /etc/nginx/sites-available/users-site.conf + +- name: Ajouter un dossier public_html dans le squelette + file: + path: /etc/skel/public_html + state: directory + +- name: Configurer les pages perso en onion + include: onions_perso.yml + loop: "{{ users }}"