diff --git a/tasks/debian/add_certs.yml b/tasks/debian/add_certs.yml index aa9acc7..3a65c81 100644 --- a/tasks/debian/add_certs.yml +++ b/tasks/debian/add_certs.yml @@ -1,6 +1,6 @@ --- -- name: "Apache | Debian | Site '{{ name }}' | Certs | Creating certificates" +- name: "Apache | Site '{{ name }}' | Certs | Creating certificates" ansible.builtin.include_role: name: ansibleguy.infra_certs vars: @@ -38,7 +38,7 @@ apply: tags: [certs, sites] -- name: "Apache | Debian | Site '{{ name }}' | Certs | Trying to copy cert pub" +- name: "Apache | Site '{{ name }}' | Certs | Trying to copy cert pub" ansible.builtin.copy: dest: "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt" src: "files/certs/{{ name }}.crt" @@ -49,7 +49,7 @@ register: copy_cert_pub when: site.ssl.mode == 'existing' -- name: "Apache | Debian | Site '{{ name }}' | Certs | Trying to copy cert pk" +- name: "Apache | Site '{{ name }}' | Certs | Trying to copy cert pk" ansible.builtin.copy: dest: "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.key" src: "files/certs/{{ name }}.key" diff --git a/tasks/debian/add_site.yml b/tasks/debian/add_site.yml index 4c52afc..d131ff2 100644 --- a/tasks/debian/add_site.yml +++ b/tasks/debian/add_site.yml @@ -2,29 +2,29 @@ # todo: option for security.txt -- name: "Apache | Debian | Site '{{ name }}' | Showing debug info - user provided config" +- name: "Apache | Site '{{ name }}' | Showing debug info - user provided config" ansible.builtin.debug: var: site_item.value when: debug | bool -- name: "Apache | Debian | Site '{{ name }}' | Showing debug info - running config" +- name: "Apache | Site '{{ name }}' | Showing debug info - running config" ansible.builtin.debug: var: site when: debug | bool -- name: "Apache | Debian | Site '{{ name }}' | Checking config" +- name: "Apache | Site '{{ name }}' | Checking config" ansible.builtin.fail: msg: "The required site-configuration was not provided! Needed: 'domain'" when: site.domain is none or site.domain is undefined tags: [config, sites, certs] -- name: "Apache | Debian | Site '{{ name }}' | Configuring certificates" +- name: "Apache | Site '{{ name }}' | Configuring certificates" ansible.builtin.import_tasks: add_certs.yml when: "site.ssl.mode in ['selfsigned', 'existing', 'ca']" tags: [sites, certs] -- name: "Apache | Debian | Site '{{ name }}' | Configuring ipv4 listen-ports" +- name: "Apache | Site '{{ name }}' | Configuring ipv4 listen-ports" ansible.builtin.lineinfile: path: '/etc/apache2/ports.conf' line: "Listen {{ port }}" @@ -41,7 +41,7 @@ - "{{ site.port_ssl }}" tags: [config, sites] -- name: "Apache | Debian | Site '{{ name }}' | Configuring ipv6 listen-ports" +- name: "Apache | Site '{{ name }}' | Configuring ipv6 listen-ports" ansible.builtin.lineinfile: path: '/etc/apache2/ports.conf' line: "Listen [::]:{{ port }}" @@ -54,7 +54,7 @@ when: APACHE_CONFIG.ipv6 tags: [config, sites] -- name: "Apache | Debian | Site '{{ name }}' | Create root directory" +- name: "Apache | Site '{{ name }}' | Create root directory" ansible.builtin.file: path: "{{ site.serve.path }}" state: directory @@ -64,7 +64,7 @@ when: site.mode == 'serve' tags: [sites] -- name: "Apache | Debian | Site '{{ name }}' | Configuring site" +- name: "Apache | Site '{{ name }}' | Configuring site" ansible.builtin.template: src: 'templates/etc/apache2/sites-available/site.conf.j2' dest: "/etc/apache2/sites-available/site_{{ name }}.conf" @@ -73,7 +73,7 @@ mode: 0644 tags: [config, sites] -- name: "Apache | Debian | Site '{{ name }}' | Enabling site" +- name: "Apache | Site '{{ name }}' | Enabling site" ansible.builtin.file: state: link src: "/etc/apache2/sites-available/site_{{ name }}.conf" diff --git a/tasks/debian/add_status.yml b/tasks/debian/add_status.yml index f157772..59f316c 100644 --- a/tasks/debian/add_status.yml +++ b/tasks/debian/add_status.yml @@ -1,13 +1,13 @@ --- -- name: Apache | Debian | Status page | Configuring listen-port +- name: Apache | Status page | Configuring listen-port ansible.builtin.lineinfile: path: '/etc/apache2/ports.conf' line: "Listen {{ APACHE_CONFIG.status_page.port }}" ignore_errors: true tags: [config, sites, base] -- name: Apache | Debian | Status page | Configuring site +- name: Apache | Status page | Configuring site ansible.builtin.template: src: 'templates/etc/apache2/sites-available/status.conf.j2' dest: '/etc/apache2/sites-available/status.conf' @@ -16,7 +16,7 @@ mode: 0640 tags: [config, sites, base] -- name: Apache | Debian | Status page | Enabling site +- name: Apache | Status page | Enabling site ansible.builtin.file: state: link src: '/etc/apache2/sites-available/status.conf' diff --git a/tasks/debian/main.yml b/tasks/debian/main.yml index c167eee..a8672f8 100644 --- a/tasks/debian/main.yml +++ b/tasks/debian/main.yml @@ -1,30 +1,30 @@ --- -- name: Apache | Debian | Showing debug info - user provided config +- name: Apache | Showing debug info - user provided config ansible.builtin.debug: var: apache when: debug | bool -- name: Apache | Debian | Showing debug info - running config +- name: Apache | Showing debug info - running config ansible.builtin.debug: var: APACHE_CONFIG when: debug | bool -- name: Apache | Debian | Install apache +- name: Apache | Install apache ansible.builtin.apt: name: "{{ APACHE_HC.packages }}" state: present update_cache: true tags: [base] -- name: Apache | Debian | Creating service user +- name: Apache | Creating service user ansible.builtin.user: name: "{{ APACHE_CONFIG.user }}" shell: '/usr/sbin/nologin' comment: 'Apache Service User' tags: [base] -- name: Apache | Debian | Setting service user +- name: Apache | Setting service user ansible.builtin.lineinfile: state: present path: '/etc/apache2/envvars' @@ -37,14 +37,14 @@ tags: [base, config] # NOTE: a2enmod/a2dismod command saves time in comparison to the community 'apache2_module' module -- name: Apache | Debian | Enabling apache modules +- name: Apache | Enabling apache modules ansible.builtin.command: "a2enmod {{ APACHE_CONFIG.modules.present | enmod_list(APACHE_CONFIG.modules.absent) }}" register: apache_mods_enable_raw changed_when: "'restart apache2' in apache_mods_enable_raw.stdout" when: APACHE_CONFIG.modules.present | ensure_list | length > 0 tags: [base] -- name: Apache | Debian | Disabling apache modules +- name: Apache | Disabling apache modules ansible.builtin.command: "a2dismod -f {{ APACHE_CONFIG.modules.absent | mod_list }}" register: apache_mods_disable_raw changed_when: "'restart apache2' in apache_mods_disable_raw.stdout" @@ -53,7 +53,7 @@ # todo: configure module settings -- name: Apache | Debian | Adding main settings +- name: Apache | Adding main settings ansible.builtin.lineinfile: state: present path: '/etc/apache2/apache2.conf' @@ -64,7 +64,7 @@ with_dict: "{{ APACHE_CONFIG.settings }}" tags: [config, base] -- name: Apache | Debian | Restarting apache +- name: Apache | Restarting apache ansible.builtin.systemd: name: 'apache2.service' state: restarted @@ -76,7 +76,7 @@ tags: [base, config] # is an additional site-loop since certificates can be pre-/absent -- name: Apache | Debian | Getting certificates using LetsEncrypt +- name: Apache | Getting certificates using LetsEncrypt ansible.builtin.include_role: name: ansibleguy.infra_certs when: site.ssl.mode == 'letsencrypt' @@ -107,7 +107,7 @@ apply: tags: [certs, sites] -- name: Apache | Debian | Disabling default apache sites +- name: Apache | Disabling default apache sites ansible.builtin.file: state: absent dest: "/etc/apache2/sites-enabled/{{ item }}" @@ -116,7 +116,7 @@ - 'default-ssl.conf' tags: [config, base] -- name: Apache | Debian | Removing status page +- name: Apache | Removing status page ansible.builtin.include_tasks: rm_status.yml when: APACHE_CONFIG.status_page.state != 'present' args: @@ -124,7 +124,7 @@ tags: [config, sites, base] tags: [config, sites, base] -- name: Apache | Debian | Removing site +- name: Apache | Removing site ansible.builtin.include_tasks: rm_site.yml when: site.state != 'present' vars: @@ -140,19 +140,19 @@ apply: tags: [config, sites, certs] -- name: Apache | Debian | Reloading apache +- name: Apache | Reloading apache ansible.builtin.systemd: name: 'apache2.service' state: reloaded changed_when: false tags: [base, config, sites, certs] -- name: Apache | Debian | Adding status page +- name: Apache | Adding status page ansible.builtin.include_tasks: add_status.yml when: APACHE_CONFIG.status_page.state == 'present' tags: [config, sites, base] -- name: Apache | Debian | Adding site +- name: Apache | Adding site ansible.builtin.include_tasks: add_site.yml when: site.state == 'present' vars: @@ -168,14 +168,14 @@ apply: tags: [config, sites, certs] -- name: Apache | Debian | Starting/Enabling apache +- name: Apache | Starting/Enabling apache ansible.builtin.systemd: name: 'apache2.service' enabled: yes state: started tags: [base] -- name: Apache | Debian | Reloading apache +- name: Apache | Reloading apache ansible.builtin.systemd: name: 'apache2.service' enabled: yes diff --git a/tasks/debian/rm_site.yml b/tasks/debian/rm_site.yml index 4029e7d..2139e54 100644 --- a/tasks/debian/rm_site.yml +++ b/tasks/debian/rm_site.yml @@ -2,13 +2,13 @@ # ports will be left configured since I found no clean way to manage them statefully -- name: "Apache | Debian | Remove Site '{{ name }}' | Ask user" +- name: "Apache | Remove Site '{{ name }}' | Ask user" ansible.builtin.pause: prompt: "Do you really want to remove the apache site '{{ name }}' and all of its data?" register: removal_prompt when: not force_removal -- name: "Apache | Debian | Remove Site '{{ name }}' | Removing site" +- name: "Apache | Remove Site '{{ name }}' | Removing site" ansible.builtin.file: path: "{{ item }}" state: absent @@ -23,7 +23,7 @@ - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.chain.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.fullchain.crt" -- name: "Apache | Debian | Remove Site '{{ name }}' | Removing document root" +- name: "Apache | Remove Site '{{ name }}' | Removing document root" ansible.builtin.file: path: "{{ site.serve.path }}" state: absent diff --git a/tasks/debian/rm_status.yml b/tasks/debian/rm_status.yml index 8f894ed..3fb433e 100644 --- a/tasks/debian/rm_status.yml +++ b/tasks/debian/rm_status.yml @@ -1,6 +1,6 @@ --- -- name: Apache | Debian | Removing status page +- name: Apache | Removing status page ansible.builtin.file: path: "{{ item }}" state: absent