fixed after testing

2021-11-07 21:18:22 +01:00 · 2021-11-07 21:18:22 +01:00 · c8294d02f4
parent a1e59e986f
commit c8294d02f4
5 changed files with 23 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -79,7 +79,7 @@ apache:
    mySuperCustom: 'headerContent'

  modules:
-    present: ['evasive']
+    present: ['evasive', 'ssl', 'headers', 'rewrite']

  guys_statics:
    mode: 'serve'
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -186,3 +186,4 @@ apache_config_graylist: [
    'SSLEngine', 'SSLCertificateKeyFile', 'SSLCertificateFile', 'SSLCertificateChainFile', 'ErrorLog', 'CustomLog', 'ServerAdmin',
    'ServerAlias', 'ServerName', 'Redirect'
 ]
+force_removal: false
--- a/tasks/debian/main.yml
+++ b/tasks/debian/main.yml
@ -38,11 +38,10 @@
 - name: Apache | Debian | Disabling apache modules
  community.general.apache2_module:
    state: absent
-    name: "{{ item }}"
+    name: "{{ APACHE_CONFIG.modules.absent }}"
    force: True
    ignore_configcheck: True
  register: apache_mods_disable_raw
-  loop: "{{ APACHE_CONFIG.modules.absent }}"
  tags: [base]

 # todo: configure module settings
--- a/tasks/debian/rm_site.yml
+++ b/tasks/debian/rm_site.yml
@ -1,12 +1,20 @@
 ---

 # ports will be left configured since I found no clean way to manage them statefully
-# also: the web-root will be left as-is

- name: "Apache | Debian | Config | Site '{{ name }}' | Removing/Disabling site"
+- name: "Apache | Debian | Remove Site '{{ name }}' | Ask user"
+  ansible.builtin.pause:
+    prompt: "Do you really want to remove the apache site '{{ name }}' and all of its data?"
+  register: removal_prompt
+  when: not force_removal
+
+- name: "Apache | Debian | Remove Site '{{ name }}' | Removing site"
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
+  when: >
+    force_removal or
+    removal_prompt.user_input == 'yes'
  loop:
    - "/etc/apache2/sites-enabled/site_{{ name }}.conf"
    - "/etc/apache2/sites-available/site_{{ name }}.conf"
@ -14,3 +22,12 @@
    - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt"
    - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.chain.crt"
    - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.fullchain.crt"
+
+- name: "Apache | Debian | Remove Site '{{ name }}' | Removing document root"
+  ansible.builtin.file:
+    path: "{{ site.serve.path }}"
+    state: absent
+  when: >
+    site.mode == 'serve' and
+    (force_removal or
+    removal_prompt.user_input == 'yes')
--- a/templates/etc/apache2/sites-available/site.conf.j2
+++ b/templates/etc/apache2/sites-available/site.conf.j2
@ -141,11 +141,11 @@
 {%   if site.security.disable_ssi_cgi %}
    Options -FollowSymLinks -ExecCGI -Includes
    AllowOverride None
-    Require all granted
 {%   endif %}
 {%   if site.security.disable_root_index %}
    Options -Indexes
 {%   endif %}
+    Require all granted
  </Directory>