---
- name: Install tools 
  hosts: ovh01
  become: true
  gather_facts: true
  vars: 
    fqdn: orbital23.com
    ansible_user: stephane
    user: staffadmin
    token: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              35343365393734313034383961616333633265623037303436653739613935366666373237366562
              3663316563663439363333396530376139663731346637390a366335333732303134316364363130
              30313631343534643866383336623837363433303032376264373139306464313866313034663636
              3961303030373531380a343061326437343066663665613833623533376437326630326432363566
              37653135666331633532653436656461396131623736353962643632316135633562346631313036
              6137356332636431643830666461333862613835336631333037
  #TODO target in list
  # 163.172.0.0/24
  # 163.172.80.0/28 
    target_network: 163.172.16.0/20
    # 163.172.0.0/20
    # 163.172.16.0/20
    # 163.172.31.0/20
    # 163.172.48.0/20
    # 163.172.63.254/20
    ansible_password: stephane 
    ansible_become_password: stephane
    username: jingohalert
    password: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              66346630333538386564396632636161316239326530653037666465616165393135666532643264
              3037363865363531636635306535663736353734333733340a363639636638396662616538343335
              65366439343135636634393832636436353764303066653530346232323164376265313039373630
              3863613961373430340a303866363962353262623030373061616134303366336237346631383539
              3130
  tasks:
  - community.docker.docker_image_pull:
      name: "{{ item }}"
    loop:
      - projectdiscovery/subfinder
      - projectdiscovery/httpx
      - projectdiscovery/nuclei

  - ansible.builtin.git:
      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
      dest: "$HOME/scan"
      single_branch: yes
      force: true
    become_user: root

  - name: PREPARE SCAN {{ fqdn }}
    shell: "{{ item }}"
    become_user: root
    ignore_errors: true
    loop:
      - mkdir $HOME/scan/{{ fqdn }}
      - touch $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json

  - name: RUN HTTPX SCAN {{ fqdn }}
    shell: "{{ item }}"
    become_user: root
    ignore_errors: true
    loop:
      - docker run --rm projectdiscovery/subfinder -d {{ fqdn }} -silent > $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt projectdiscovery/httpx -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -j -l {{ fqdn }}__subfinder.txt > $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json

  - name: RUN NUCLEI SCAN {{ fqdn }}
    shell: "{{ item }}"
    become_user: root
    ignore_errors: true
    loop:
      - docker run -v --rm $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt -v $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json:/{{ fqdn }}__nuclei.json projectdiscovery/nuclei -l {{ fqdn }}__httpx.txt -j -o {{ fqdn }}__nuclei.json

  - ansible.builtin.shell: |
      git config user.email "stephane.gratiasquiquandon@gmail.com"
      git config user.name "staffadmin"
      git add .
      git commit -m "Push scan {{ fqdn }} with access token"
      git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
    args:
      chdir: "$HOME/scan"
    run_once: true
    become_user: root
    register: push_git

  # - debug:
  #     msg: "{{ push_git.changed }}"

  # - debug:
  #     msg: "{{ push_git.changed }}"
  #   when: push_git.changed is true 


  - ansible.builtin.git:
      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
      dest: "$HOME/scan"
      single_branch: yes
      force: true
    delegate_to: scaleway
    become_user: stephane
    when: push_git.changed is true 

  - copy: 
      src: "{{ item }}"
      dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }}
      remote_src: true
    loop: 
      - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
      - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
    delegate_to: scaleway
    when: push_git.changed is true 

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - scan2db
        - "-c"
        - "{{ fqdn }}"
        - "-s"
        - "{{ ansible_play_hosts }}"
        - "-r"
        - /ivre-share/{{ fqdn }}__nuclei.json
    delegate_to: scaleway
    when: push_git.changed is true 

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - scan2db
        - "-c"
        - "{{ fqdn }}"
        - "-s"
        - "{{ ansible_play_hosts }}"
        - "-r"
        - "/ivre-share/{{ fqdn }}__httpx.json"
    delegate_to: scaleway
    when: push_git.changed is true 

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - db2view
        - all
    delegate_to: scaleway
    when: push_git.changed is true 

  - name: NTFY when docker compose changed
    uri:
      url: "https://alert.jingoh.fr/scaleway"
      method: POST
      user: "{{ username }}"
      password: "{{ password }}"
      headers:
        Title: "SCAN {{ fqdn }}"
        ta: "globe_with_meridians"
      body: "scan finished !"
      status_code: 200
    tags: test1
    delegate_to: localhost
    when: push_git.changed is true