From fdceb0f7924c084da1834ffa30212716ef985cdb Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Sun, 10 Aug 2025 12:18:17 +0200
Subject: [PATCH] =?UTF-8?q?Implmented=20dev=20mode=20f=C3=BCr=20cloudflare?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Todo.md                                       |  3 +-
 .../tasks/01_cloudflare.yml                   | 35 +++++++++++++++++++
 roles/srv-proxy-6-6-domain/tasks/cleanup.yml  | 33 -----------------
 .../tasks/cloudflare/01_cleanup.yml           | 12 +++++++
 .../cloudflare/02_enable_cf_dev_mode.yml      | 35 +++++++++++++++++++
 roles/srv-proxy-6-6-domain/tasks/main.yml     |  7 ++--
 6 files changed, 87 insertions(+), 38 deletions(-)
 create mode 100644 roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml
 delete mode 100644 roles/srv-proxy-6-6-domain/tasks/cleanup.yml
 create mode 100644 roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml
 create mode 100644 roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml

diff --git a/Todo.md b/Todo.md
index 095f10be..dae19fe2 100644
--- a/Todo.md
+++ b/Todo.md
@@ -1,4 +1,3 @@
 # Todos
 - Implement multi language
-- Implement rbac administration interface
-- Implement [cloudflare dev cache via API](https://chatgpt.com/share/689385e2-7744-800f-aa93-a6e811a245df)
\ No newline at end of file
+- Implement rbac administration interface
\ No newline at end of file
diff --git a/roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml b/roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml
new file mode 100644
index 00000000..4c561761
--- /dev/null
+++ b/roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml
@@ -0,0 +1,35 @@
+- name: "Ensure Cloudflare Zone ID is known for {{ domain }}"
+  vars:
+    cf_api_url: "https://api.cloudflare.com/client/v4/zones"
+  ansible.builtin.uri:
+    url: "{{ cf_api_url }}?name={{ domain | to_primary_domain }}"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ certbot_dns_api_token }}"
+      Content-Type: "application/json"
+    return_content: yes
+  register: cf_zone_lookup_dev
+  when:
+    - cf_zone_id is not defined
+
+- name: "Set fact cf_zone_id (if not already set)"
+  set_fact:
+    cf_zone_id: "{{ cf_zone_lookup_dev.json.result[0].id }}"
+  when:
+    - cf_zone_id is not defined
+    - cf_zone_lookup_dev.json.result | length > 0
+
+- name: "Fail if no Cloudflare zone found for {{ domain | to_primary_domain }}"
+  ansible.builtin.fail:
+    msg: "No Cloudflare zone found for {{ domain | to_primary_domain }} — aborting!"
+  when:
+    - cf_zone_id is not defined
+    - cf_zone_lookup_dev.json.result | length == 0
+
+- name: activate cloudflare cache development mode
+  include_tasks: "cloudflare/02_enable_cf_dev_mode.yml"
+  when: (INFINITO_ENVIRONMENT | lower) == 'development' 
+  
+- name: purge cloudflare domain cache
+  include_tasks: "cloudflare/01_cleanup.yml"
+  when: mode_cleanup | bool
\ No newline at end of file
diff --git a/roles/srv-proxy-6-6-domain/tasks/cleanup.yml b/roles/srv-proxy-6-6-domain/tasks/cleanup.yml
deleted file mode 100644
index a930c9ca..00000000
--- a/roles/srv-proxy-6-6-domain/tasks/cleanup.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-- name: "Lookup Cloudflare Zone ID for {{ domain }}"
-  vars:
-    cf_api_url: "https://api.cloudflare.com/client/v4/zones"
-  ansible.builtin.uri:
-    url: "{{ cf_api_url }}?name={{ domain | to_primary_domain }}"
-    method: GET
-    headers:
-      Authorization: "Bearer {{ certbot_dns_api_token }}"
-      Content-Type: "application/json"
-    return_content: yes
-  register: cf_zone_lookup
-  when: dns_provider == "cloudflare"
-
-- name: "Set fact cf_zone_id"
-  set_fact:
-    cf_zone_id: "{{ cf_zone_lookup.json.result[0].id }}"
-  when:
-    - dns_provider == "cloudflare"
-    - cf_zone_lookup.json.result | length > 0
-
-- name: "Purge everything from Cloudflare cache for domain {{ domain }}"
-  ansible.builtin.uri:
-    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/purge_cache"
-    method: POST
-    headers:
-      Authorization: "Bearer {{ certbot_dns_api_token }}"
-      Content-Type: "application/json"
-    body:
-      purge_everything: true
-    body_format: json
-    return_content: yes
-  register: cf_purge
-  when: dns_provider == "cloudflare"
diff --git a/roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml b/roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml
new file mode 100644
index 00000000..dba2797b
--- /dev/null
+++ b/roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml
@@ -0,0 +1,12 @@
+- name: "Purge everything from Cloudflare cache for domain {{ domain }}"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/purge_cache"
+    method: POST
+    headers:
+      Authorization: "Bearer {{ certbot_dns_api_token }}"
+      Content-Type: "application/json"
+    body:
+      purge_everything: true
+    body_format: json
+    return_content: yes
+  register: cf_purge
diff --git a/roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml b/roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml
new file mode 100644
index 00000000..1805b8dd
--- /dev/null
+++ b/roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml
@@ -0,0 +1,35 @@
+# roles/srv-proxy-6-6-domain/tasks/02_enable_cf_dev_mode.yml
+---
+# Enables Cloudflare Development Mode (bypasses cache for ~3 hours).
+# Uses the same auth token as in 01_cleanup.yml: certbot_dns_api_token
+# Assumes `domain` and (optionally) `cf_zone_id` are available.
+# Safe to run repeatedly; only changes when the mode is not already "on".
+
+- name: "Read current Cloudflare development_mode setting"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/settings/development_mode"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ certbot_dns_api_token }}"
+      Content-Type: "application/json"
+    return_content: yes
+  register: cf_dev_mode_current
+
+- name: "Enable Cloudflare Development Mode"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/settings/development_mode"
+    method: PATCH
+    headers:
+      Authorization: "Bearer {{ certbot_dns_api_token }}"
+      Content-Type: "application/json"
+    body:
+      value: "on"
+    body_format: json
+    return_content: yes
+  register: cf_dev_mode_enable
+  changed_when: >
+    cf_dev_mode_current.json.result.value is defined and
+    cf_dev_mode_current.json.result.value != 'on'
+  when:
+    - cf_zone_id is defined
+    - cf_dev_mode_current.json.result.value | default('off') != 'on'
diff --git a/roles/srv-proxy-6-6-domain/tasks/main.yml b/roles/srv-proxy-6-6-domain/tasks/main.yml
index ffc3010c..12bb84d3 100644
--- a/roles/srv-proxy-6-6-domain/tasks/main.yml
+++ b/roles/srv-proxy-6-6-domain/tasks/main.yml
@@ -1,7 +1,8 @@
 # run_once_srv_proxy_6_6_domain: deactivated
-- name: Cleanup Domain
-  include_tasks: cleanup.yml
-  when: mode_cleanup | bool
+
+- block:
+  - include_tasks: "01_cloudflare.yml"
+  when: dns_provider == "cloudflare"
 
 - include_tasks: "{{ playbook_dir }}/tasks/utils/load_handlers.yml"
   vars: