From 3974e6eb46fcb4acceef63ba13c1ddd02a22687c Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Fri, 18 Nov 2022 05:38:17 +0200
Subject: [PATCH] Add a vhost role

---
 docs/all.md                         |  2 +-
 docs/vhost.md                       | 44 ++++++++++++++++++++++++
 roles/vhost/README.md               |  1 +
 roles/vhost/meta/argument_specs.yml | 52 +++++++++++++++++++++++++++++
 roles/vhost/meta/main.yml           |  6 ++++
 roles/vhost/tasks/caddy.yml         | 25 ++++++++++++++
 roles/vhost/tasks/main.yml          |  6 ++++
 roles/vhost/vars/main.yml           |  8 +++++
 8 files changed, 143 insertions(+), 1 deletion(-)
 create mode 100644 docs/vhost.md
 create mode 100644 roles/vhost/README.md
 create mode 100644 roles/vhost/meta/argument_specs.yml
 create mode 100644 roles/vhost/meta/main.yml
 create mode 100644 roles/vhost/tasks/caddy.yml
 create mode 100644 roles/vhost/tasks/main.yml
 create mode 100644 roles/vhost/vars/main.yml

diff --git a/docs/all.md b/docs/all.md
index 4f5d53d..234e32a 100644
--- a/docs/all.md
+++ b/docs/all.md
@@ -9,6 +9,6 @@ admin_email: 'admin@domain.tld'
 These variables are used by multiple roles and have the following default values:
 
 ```
-reverse_proxy_type: caddy # Allowed values: caddy, none
+web_server: caddy # Allowed values: caddy, none
 ```
 
diff --git a/docs/vhost.md b/docs/vhost.md
new file mode 100644
index 0000000..739158f
--- /dev/null
+++ b/docs/vhost.md
@@ -0,0 +1,44 @@
+# Required variables
+These variables are required for this role to function. Example values provided
+
+```
+vhost_id: myservice # A unique identifier for this vhost. Not visible to end users.
+vhost_type: reverse_proxy # Supported values: reverse_proxy, redirect
+vhost_domains:
+  - www.domain.tld
+  - domain.tld
+```
+
+# Optional variables
+These variables have the following default values.
+
+```
+web_server: caddy # Supported values: caddy, none
+```
+
+# Variables specific to vhost type
+## reverse\_proxy
+
+Required:
+```
+proxy_target_port: 8080
+```
+
+Optional:
+```
+proxy_target_host: localhost
+proxy_target_protocol: http
+```
+
+## redirect
+
+Required:
+```
+redirect_target: https://www.domain.tld/location
+```
+
+Optional:
+```
+redirect_type: temporary # Supported values: temporary, permanent
+```
+
diff --git a/roles/vhost/README.md b/roles/vhost/README.md
new file mode 100644
index 0000000..0d1523a
--- /dev/null
+++ b/roles/vhost/README.md
@@ -0,0 +1 @@
+Sets up a vhost on web server defined by the `web_server` variable
diff --git a/roles/vhost/meta/argument_specs.yml b/roles/vhost/meta/argument_specs.yml
new file mode 100644
index 0000000..d411a79
--- /dev/null
+++ b/roles/vhost/meta/argument_specs.yml
@@ -0,0 +1,52 @@
+---
+
+argument_specs:
+  main:
+    short_description: Sets up a vhost
+    options:
+      vhost_id:
+        description: A unique identifier for this vhost. Not visible to end users.
+        type: str
+        required: true
+      vhost_type:
+        type: str
+        required: true
+        choices:
+          - reverse_proxy
+          - redirect
+      vhost_domains:
+        type: list
+        required: true
+        elements: str
+      web_server:
+        description: Defines which server software to use for vhost. This role does nothing if set to none
+        type: str
+        required: false
+        default: caddy
+        choices:
+          - caddy
+          - none
+
+      proxy_target_port:
+        description: Required and only applicable if vhost_type is reverse_proxy
+        type: int
+      proxy_target_host:
+        description: Only applicable if vhost_type is reverse_proxy
+        type: str
+        default: localhost
+      proxy_target_protocol:
+        description: Only applicable if vhost_type is reverse_proxy
+        type: str
+        default: http
+
+      redirect_target:
+        description: "Required and only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
+        type: str
+      redirect type:
+        description: Only applicable if vhost_type is reverse_proxy
+        type: str
+        default: temporary
+        choices:
+          - temporary
+          - permanent
+
diff --git a/roles/vhost/meta/main.yml b/roles/vhost/meta/main.yml
new file mode 100644
index 0000000..01f623c
--- /dev/null
+++ b/roles/vhost/meta/main.yml
@@ -0,0 +1,6 @@
+---
+
+dependencies:
+  - role: caddy
+    when: web_server == 'caddy'
+
diff --git a/roles/vhost/tasks/caddy.yml b/roles/vhost/tasks/caddy.yml
new file mode 100644
index 0000000..1a89aa4
--- /dev/null
+++ b/roles/vhost/tasks/caddy.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Add caddy vhost config
+  blockinfile:
+    path: /etc/caddy/Caddyfile
+    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}"
+    block: |
+      {{ vhost_domains | join(' ') }} {
+      {% if vhost_type == 'reverse_proxy' %}
+        reverse_proxy {{ proxy_target_protocol }}://{{ proxy_target_host }}:{{ proxy_target_port }} {
+        {% if proxy_target_protocol == 'https' and proxy_target_host == 'localhost' %}
+          transport http {
+            tls_insecure_skip_verify
+          }
+        {% endif %}
+        }
+      {% endif %}
+      {% if vhost_type == 'redirect' %}
+        redir {{ redirect_target }} {{ redirect_type }}
+      {% endif %}
+      }
+    validate: 'caddy validate --config %s --adapter caddyfile'
+    backup: true
+  notify: reload caddy
+
diff --git a/roles/vhost/tasks/main.yml b/roles/vhost/tasks/main.yml
new file mode 100644
index 0000000..58cfa3d
--- /dev/null
+++ b/roles/vhost/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+
+
+- name: "Setup {{ vhost_id }} vhost on {{ web_server }}"
+  include_tasks: "{{ web_server }}.yml"
+  when: web_server != 'none'
diff --git a/roles/vhost/vars/main.yml b/roles/vhost/vars/main.yml
new file mode 100644
index 0000000..01795d9
--- /dev/null
+++ b/roles/vhost/vars/main.yml
@@ -0,0 +1,8 @@
+---
+
+web_server: caddy
+
+proxy_target_protocol: http
+proxy_target_host: localhost
+
+redirect_type: temporary