From c8294d02f486168150764fca3f0032c7bf98b80f Mon Sep 17 00:00:00 2001 From: AnsibleGuy Date: Sun, 7 Nov 2021 21:18:22 +0100 Subject: [PATCH] fixed after testing --- README.md | 2 +- defaults/main.yml | 1 + tasks/debian/main.yml | 3 +-- tasks/debian/rm_site.yml | 21 +++++++++++++++++-- .../etc/apache2/sites-available/site.conf.j2 | 2 +- 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 68de867..7dd3667 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ apache: mySuperCustom: 'headerContent' modules: - present: ['evasive'] + present: ['evasive', 'ssl', 'headers', 'rewrite'] guys_statics: mode: 'serve' diff --git a/defaults/main.yml b/defaults/main.yml index a756b5c..776dced 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -186,3 +186,4 @@ apache_config_graylist: [ 'SSLEngine', 'SSLCertificateKeyFile', 'SSLCertificateFile', 'SSLCertificateChainFile', 'ErrorLog', 'CustomLog', 'ServerAdmin', 'ServerAlias', 'ServerName', 'Redirect' ] +force_removal: false diff --git a/tasks/debian/main.yml b/tasks/debian/main.yml index e21ab88..0bb9cec 100644 --- a/tasks/debian/main.yml +++ b/tasks/debian/main.yml @@ -38,11 +38,10 @@ - name: Apache | Debian | Disabling apache modules community.general.apache2_module: state: absent - name: "{{ item }}" + name: "{{ APACHE_CONFIG.modules.absent }}" force: True ignore_configcheck: True register: apache_mods_disable_raw - loop: "{{ APACHE_CONFIG.modules.absent }}" tags: [base] # todo: configure module settings diff --git a/tasks/debian/rm_site.yml b/tasks/debian/rm_site.yml index 87d9883..4029e7d 100644 --- a/tasks/debian/rm_site.yml +++ b/tasks/debian/rm_site.yml @@ -1,12 +1,20 @@ --- # ports will be left configured since I found no clean way to manage them statefully -# also: the web-root will be left as-is -- name: "Apache | Debian | Config | Site '{{ name }}' | Removing/Disabling site" +- name: "Apache | Debian | Remove Site '{{ name }}' | Ask user" + ansible.builtin.pause: + prompt: "Do you really want to remove the apache site '{{ name }}' and all of its data?" + register: removal_prompt + when: not force_removal + +- name: "Apache | Debian | Remove Site '{{ name }}' | Removing site" ansible.builtin.file: path: "{{ item }}" state: absent + when: > + force_removal or + removal_prompt.user_input == 'yes' loop: - "/etc/apache2/sites-enabled/site_{{ name }}.conf" - "/etc/apache2/sites-available/site_{{ name }}.conf" @@ -14,3 +22,12 @@ - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.chain.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.fullchain.crt" + +- name: "Apache | Debian | Remove Site '{{ name }}' | Removing document root" + ansible.builtin.file: + path: "{{ site.serve.path }}" + state: absent + when: > + site.mode == 'serve' and + (force_removal or + removal_prompt.user_input == 'yes') diff --git a/templates/etc/apache2/sites-available/site.conf.j2 b/templates/etc/apache2/sites-available/site.conf.j2 index fa8e6c3..24b939f 100644 --- a/templates/etc/apache2/sites-available/site.conf.j2 +++ b/templates/etc/apache2/sites-available/site.conf.j2 @@ -141,11 +141,11 @@ {% if site.security.disable_ssi_cgi %} Options -FollowSymLinks -ExecCGI -Includes AllowOverride None - Require all granted {% endif %} {% if site.security.disable_root_index %} Options -Indexes {% endif %} + Require all granted