updated apache role to function with ansibleguy.infra_django_apache

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+patreon: ansibleguy

defaults/main.yml

@@ -60,7 +60,7 @@ default_apache:
     # 'Header set Permissions-Policy': '"none"'
     # 'Header set Content-Security-Policy': '"default-src https:; font-src https:; img-src https:; script-src https:; style-src https:;"'
 
-  ssl:
+  ssl:  # see: https://github.com/ansibleguy/infra_certs
     path: '/etc/apache2/ssl'
     ca:
       file:  # can be used if you want to use an existing ca
@@ -85,6 +85,9 @@ default_apache:
     email:
     renew: false  # if a renewal should be started by the role; the renewal service will auto-renew the certificates otherwise
 
+  security:
+    restricted_methods: ['GET', 'POST', 'HEAD']
+
 APACHE_CONFIG: "{{ default_apache | combine(apache, recursive=true) }}"
 
 # site-specific config
@@ -94,6 +97,7 @@ default_site_config:
   admin: 'apache@template.ansibleguy.net'
   port_plain: 80
   port_ssl: 443
+  domain:
   aliases: []
   ip:
 
@@ -114,7 +118,7 @@ default_site_config:
   serve:
     path: '/var/www/html'
 
-  ssl:
+  ssl:  # see: https://github.com/ansibleguy/infra_certs
     mode: 'selfsigned'  # existing/selfsigned/ca/letsencrypt
     # existing:
     #   We expect the certs to be placed in the role's 'files' directory named like the site
@@ -182,4 +186,3 @@ apache_config_graylist: [
     'SSLEngine', 'SSLCertificateKeyFile', 'SSLCertificateFile', 'SSLCertificateChainFile', 'ErrorLog', 'CustomLog', 'ServerAdmin',
     'ServerAlias', 'ServerName', 'Redirect'
 ]
-apache_restricted_methods: ['GET', 'POST', 'HEAD']

tasks/debian/add_site.yml

@@ -4,7 +4,7 @@
   ansible.builtin.fail:
     msg: "The required site-configuration was not provided!
     Needed: 'domain'"
-  when: site.domain is undefined
+  when: site.domain is none or site.domain is undefined
   tags: [config, sites, certs]
 
 - name: "Apache | Debian | Site '{{ name }}' | Configuring certificates"

tasks/debian/main.yml

@@ -113,6 +113,7 @@
   vars:
     site: "{{ default_site_config | combine(site_item.value, recursive=true) }}"
     name: "{{ site_item.key | safe_key }}"
+    path: "{{ site.serve.path }}"
   loop_control:
     loop_var: site_item
   with_dict: "{{ APACHE_CONFIG.sites }}"
@@ -131,9 +132,11 @@
   vars:
     site: "{{ default_site_config | combine(site_item.value, recursive=true) }}"
     name: "{{ site_item.key | safe_key }}"
+    path: "{{ site.serve.path }}"
   loop_control:
     loop_var: site_item
   with_dict: "{{ APACHE_CONFIG.sites }}"
+  no_log: true
   tags: [config, sites, certs]
 
 - name: Apache | Debian | Starting/Enabling apache

templates/etc/apache2/sites-available/site.conf.j2

@@ -113,11 +113,11 @@
 {% if site.security.restrict_methods %}
   <IfModule mod_rewrite.c>
     RewriteEngine On
-    RewriteCond %{REQUEST_METHOD} ^(?!{% for method in apache_restricted_methods %}{{ method }}{% if not loop.last %}|{% endif %}{% endfor %})
+    RewriteCond %{REQUEST_METHOD} ^(?!{% for method in APACHE_CONFIG.security.restricted_methods %}{{ method }}{% if not loop.last %}|{% endif %}{% endfor %})
     RewriteRule .* - [F]
   </IfModule>
   <Directory />
-    <LimitExcept {% for method in apache_restricted_methods %}{{ method }} {% endfor %}>
+    <LimitExcept {% for method in APACHE_CONFIG.security.restricted_methods %}{{ method }} {% endfor %}>
       deny from all
     </LimitExcept>
   </Directory>