---
- name: SCAN in DOCKER [subfinder + dnsx + httpx + nuclei]
  hosts: ovh01
  become: true
  gather_facts: true
  vars: 
    fqdn: arion.space
    ansible_user: stephane
    user: staffadmin
    token: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              36663034636138333863626233623737363834333134333235656132333933356237396132383266
              3266326438656130623337653464633062343433623333620a386561353637613263323837313230
              66666633373066363862343766646431396632653332333830323136343230336464333635343136
              3732643432306338640a666334373636653164646135633966333339323935363433663130313235
              36613831356265373964623464356263333666366539663131396535613633346138613665383864
              6331393663346638663832313035653765303938376230363936
    cloud_upload: true
    ansible_password: stephane 
    ansible_become_password: stephane
    username: jingohalert
    password: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              66346630333538386564396632636161316239326530653037666465616165393135666532643264
              3037363865363531636635306535663736353734333733340a363639636638396662616538343335
              65366439343135636634393832636436353764303066653530346232323164376265313039373630
              3863613961373430340a303866363962353262623030373061616134303366336237346631383539
              3130
    PDCP_API_KEY: !vault |
              $ANSIBLE_VAULT;1.2;AES256;prod
              33346636623263376335323265323163643534613835643363386630316666663336333435323438
              3135313264626663663436346239306264666563303463380a643366633161326634316662313465
              31646466666531656565356565383932356162323030346330356563323266396361376339313437
              6637633235633635330a353539333366346331303134373433346462343736316437306136633361
              37346537373861313361656338616438646533666639623533323433353365363836656532323938
              3139363338653666656339303763333837313731383739363164
  tasks:
  - community.docker.docker_image_pull:
      name: "{{ item }}"
    loop:
      - projectdiscovery/subfinder
      - projectdiscovery/httpx
      - projectdiscovery/dnsx
      - projectdiscovery/nuclei

  - ansible.builtin.git:
      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
      dest: "$HOME/scan"
      single_branch: yes
      force: true
    become_user: root

  - name: Remove all before
    ansible.builtin.file:
      path: $HOME/scan/{{ fqdn }}
      state: absent

  - name: Create a directory if it does not exist
    ansible.builtin.file:
      path: "{{ item.path }}"
      state: "{{ item.state |default('touch') }}"
    loop: 
      - path: $HOME/scan/{{ fqdn }}
        state: directory
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__nuclei.json
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt
      # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__httpx__full.txt
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt
      # - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt
      - path: $HOME/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt
    become_user: root

  - name: subfinder
    community.docker.docker_container:
      image: projectdiscovery/subfinder
      name: subfinder
      command: "-d {{ fqdn }} -silent -o /{{ fqdn }}__subfinder.txt"
      recreate: true
      auto_remove: true
      volumes:
        - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
    become_user: root

  - name: dnsx
    community.docker.docker_container:
      image: projectdiscovery/dnsx
      name: "{{ item.name }}"
      command: "{{ item.command }}"
      recreate: true
      auto_remove: true
      volumes: "{{ item.volumes }}"
    become_user: root
    loop:
      - command: -silent -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx.txt
        name: dnsx
        volumes:
          - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
      # - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -o /{{ fqdn }}__dnsx__full.txt
      #   volumes:
      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx__full.txt:/{{ fqdn }}__dnsx__full.txt:rw
      - command: -silent -a -cname -asn -resp -l /{{ fqdn }}__subfinder.txt -j -o /{{ fqdn }}__dnsx.json
        name: dnsx-json
        volumes:
          - /root/scan/{{ fqdn }}/{{ fqdn }}__subfinder.txt:/{{ fqdn }}__subfinder.txt:rw
          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json:/{{ fqdn }}__dnsx.json:rw
    loop_control:
      #* seconds
      pause: 30


  # - name: httpx
  #   community.docker.docker_container:
  #     image: projectdiscovery/httpx
  #     name: httpx
  #     command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
  #     recreate: true
  #     auto_remove: true
  #     volumes:
  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
  #   become_user: root

  # - name: httpx
  #   community.docker.docker_container:
  #     image: projectdiscovery/httpx
  #     name: httpx
  #     command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
  #     recreate: true
  #     auto_remove: true
  #     volumes:
  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
  #   become_user: root

  # - name: httpx
  #   community.docker.docker_container:
  #     image: projectdiscovery/httpx
  #     name: httpx
  #     command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
  #     recreate: true
  #     auto_remove: true
  #     volumes:
  #         - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
  #   become_user: root

  - name: httpx
    community.docker.docker_container:
      image: projectdiscovery/httpx
      name: "{{ item.name }}"
      command: "{{ item.command }}"
      recreate: true
      auto_remove: true
      volumes: "{{ item.volumes }}"
    become_user: root
    loop:
      - command: -silent -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.txt
        name: httpx
        volumes:
          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
          - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.txt:/{{ fqdn }}__httpx.txt:rw
      - command: -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -o {{ fqdn }}__httpx.json -j
        name: httpx_json
        volumes:
          - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
          - /root/scan/{{ fqdn }}/{{ fqdn }}__httpx.json:/{{ fqdn }}__httpx.json:rw
      # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
      #   name: httpx_dashboard
      #   volumes:
      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
      # - command: "PDCP_API_KEY={{ PDCP_API_KEY }} -silent -sc -title -td -method -bp -server -ip -location -cname -asn -probe -l /{{ fqdn }}__dnsx.txt -dashboard"
      #   name: httpx_dashboard_2
      #   volumes:
      #     - /root/scan/{{ fqdn }}/{{ fqdn }}__dnsx.txt:/{{ fqdn }}__dnsx.txt:rw
    loop_control:
      #* seconds
      pause: 60

  - ansible.builtin.pause:
      seconds: 60

  - ansible.builtin.shell: |
      git config user.email "stephane.gratiasquiquandon@gmail.com"
      git config user.name "staffadmin"
      git add .
      git commit -m "Push scan {{ fqdn }} with access token"
      git push https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
    args:
      chdir: "$HOME/scan"
    run_once: true
    become_user: root
    register: push_git

  # - debug:
  #     msg: "{{ push_git.changed }}"

  # - debug:
  #     msg: "{{ push_git.changed }}"
  #   when: push_git.changed is true 


  - ansible.builtin.git:
      repo: https://{{ user }}:{{ token }}@gitea.jingoh.fr/staffadmin/scan.git
      dest: "$HOME/scan"
      single_branch: yes
      force: true
    delegate_to: scaleway
    become_user: stephane

  - copy: 
      src: "{{ item }}"
      dest: /opt/dockerapps/appdata/ivre/ivre-share/{{ item.split('/')[-1] }}
      remote_src: true
    loop: 
      - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__dnsx.json
      - /home/{{ ansible_user }}/scan/{{ fqdn }}/{{ fqdn }}__httpx.json
    delegate_to: scaleway

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - scan2db
        - "-c"
        - "{{ fqdn }}"
        - "-s"
        - "{{ ansible_play_hosts }}"
        - "-r"
        - /ivre-share/{{ fqdn }}__dnsx.json
    delegate_to: scaleway

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - scan2db
        - "-c"
        - "{{ fqdn }}"
        - "-s"
        - "{{ ansible_play_hosts }}"
        - "-r"
        - "/ivre-share/{{ fqdn }}__httpx.json"
    delegate_to: scaleway

  - name: Run a simple command (argv)
    community.docker.docker_container_exec:
      container: ivreclient
      argv:
        - ivre
        - db2view
        - all
    delegate_to: scaleway

  - name: NTFY when docker compose changed
    uri:
      url: "https://alert.jingoh.fr/scaleway"
      method: POST
      user: "{{ username }}"
      password: "{{ password }}"
      headers:
        Title: "SCAN {{ fqdn }}"
        ta: "globe_with_meridians"
      body: "scan finished !"
      status_code: 200
    tags: test1
    delegate_to: localhost