--- - name: Apache | Showing debug info - user provided config ansible.builtin.debug: var: apache when: debug | bool - name: Apache | Showing debug info - running config ansible.builtin.debug: var: APACHE_CONFIG when: debug | bool - name: Apache | Install apache ansible.builtin.apt: name: "{{ APACHE_HC.packages }}" state: present update_cache: true tags: [base] - name: Apache | Creating service user ansible.builtin.user: name: "{{ APACHE_CONFIG.user }}" shell: '/usr/sbin/nologin' comment: 'Apache Service User' tags: [base] - name: Apache | Setting service user ansible.builtin.lineinfile: state: present path: '/etc/apache2/envvars' regexp: "{{ item.reg }}" line: "{{ item.line }}" register: apache_user_update_raw loop: - {reg: '^export APACHE_RUN_USER=', line: "export APACHE_RUN_USER={{ APACHE_CONFIG.user }}"} - {reg: '^export APACHE_RUN_GROUP=', line: "export APACHE_RUN_GROUP={{ APACHE_CONFIG.group }}"} tags: [base, config] # NOTE: a2enmod/a2dismod command saves time in comparison to the community 'apache2_module' module - name: Apache | Enabling apache modules ansible.builtin.command: "a2enmod {{ APACHE_CONFIG.modules.present | enmod_list(APACHE_CONFIG.modules.absent) }}" register: apache_mods_enable_raw changed_when: "'restart apache2' in apache_mods_enable_raw.stdout" when: APACHE_CONFIG.modules.present | ensure_list | length > 0 tags: [base] - name: Apache | Disabling apache modules ansible.builtin.command: "a2dismod -f {{ APACHE_CONFIG.modules.absent | mod_list }}" register: apache_mods_disable_raw changed_when: "'restart apache2' in apache_mods_disable_raw.stdout" when: APACHE_CONFIG.modules.absent | ensure_list | length > 0 tags: [base] # todo: configure module settings - name: Apache | Adding main settings ansible.builtin.lineinfile: state: present path: '/etc/apache2/apache2.conf' regexp: "{{ item.key }}\\s" line: "{{ item.key }} {{ item.value }}" validate: "apachectl -t -f %s" register: apache_settings_raw with_dict: "{{ APACHE_CONFIG.settings }}" tags: [config, base] - name: Apache | Restarting apache ansible.builtin.systemd: name: 'apache2.service' state: restarted when: > apache_user_update_raw.changed or apache_mods_enable_raw.changed or apache_mods_disable_raw.changed or apache_settings_raw.changed tags: [base, config] # is an additional site-loop since certificates can be pre-/absent - name: Apache | Getting certificates using LetsEncrypt ansible.builtin.include_role: name: oxlorg.certs when: site.ssl.mode == 'letsencrypt' vars: site: "{{ defaults_site | combine(site_item.value, recursive=true) }}" name: "{{ site_item.key | safe_key }}" certs: mode: 'le_certbot' path: "{{ APACHE_CONFIG.ssl.path }}" owner_key: "{{ APACHE_CONFIG.user }}" group_key: "{{ APACHE_CONFIG.group }}" owner_cert: "{{ APACHE_CONFIG.user }}" group_cert: "{{ APACHE_CONFIG.group }}" letsencrypt: certs: "{{ site | prepare_letsencrypt(name) }}" path: "{{ APACHE_CONFIG.letsencrypt.path }}" email: "{{ APACHE_CONFIG.letsencrypt.email }}" renew_timer: "{{ APACHE_CONFIG.letsencrypt.renew_timer }}" verbosity: "{{ APACHE_CONFIG.letsencrypt.verbosity }}" service: 'apache' renew: "{{ APACHE_CONFIG.letsencrypt.renew }}" loop_control: loop_var: site_item with_dict: "{{ APACHE_CONFIG.sites }}" no_log: true tags: [certs, sites] args: apply: tags: [certs, sites] - name: Apache | Disabling default apache sites ansible.builtin.file: state: absent dest: "/etc/apache2/sites-enabled/{{ item }}" loop: - '000-default.conf' - 'default-ssl.conf' tags: [config, base] - name: Apache | Removing status page ansible.builtin.include_tasks: rm_status.yml when: APACHE_CONFIG.status_page.state != 'present' args: apply: tags: [config, sites, base] tags: [config, sites, base] - name: Apache | Removing site ansible.builtin.include_tasks: rm_site.yml when: site.state != 'present' vars: site: "{{ defaults_site | combine(site_item.value, recursive=true) }}" name: "{{ site_item.key | safe_key }}" path: "{{ site.serve.path }}" loop_control: loop_var: site_item with_dict: "{{ APACHE_CONFIG.sites }}" no_log: true tags: [config, sites, certs] args: apply: tags: [config, sites, certs] - name: Apache | Reloading apache ansible.builtin.systemd: name: 'apache2.service' state: reloaded changed_when: false tags: [base, config, sites, certs] - name: Apache | Adding status page ansible.builtin.include_tasks: add_status.yml when: APACHE_CONFIG.status_page.state == 'present' tags: [config, sites, base] - name: Apache | Adding site ansible.builtin.include_tasks: add_site.yml when: site.state == 'present' vars: site: "{{ defaults_site | combine(site_item.value, recursive=true) }}" name: "{{ site_item.value.name | default(site_item.key, true) | safe_key }}" path: "{{ site.serve.path }}" loop_control: loop_var: site_item with_dict: "{{ APACHE_CONFIG.sites }}" no_log: true tags: [config, sites, certs] args: apply: tags: [config, sites, certs] - name: Apache | Starting/Enabling apache ansible.builtin.systemd: name: 'apache2.service' enabled: yes state: started tags: [base] - name: Apache | Reloading apache ansible.builtin.systemd: name: 'apache2.service' enabled: yes state: reloaded changed_when: false tags: [base, config, sites, certs]