89 lines
2.4 KiB
YAML
89 lines
2.4 KiB
YAML
---
|
|
|
|
# todo: option for security.txt
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Showing debug info - user provided config"
|
|
ansible.builtin.debug:
|
|
var: site_item.value
|
|
when:
|
|
- debug is defined
|
|
- debug
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Showing debug info - running config"
|
|
ansible.builtin.debug:
|
|
var: site
|
|
when:
|
|
- debug is defined
|
|
- debug
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Checking config"
|
|
ansible.builtin.fail:
|
|
msg: "The required site-configuration was not provided!
|
|
Needed: 'domain'"
|
|
when: site.domain is none or site.domain is undefined
|
|
tags: [config, sites, certs]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Configuring certificates"
|
|
ansible.builtin.import_tasks: add_certs.yml
|
|
when: "site.ssl.mode in ['selfsigned', 'existing', 'ca']"
|
|
tags: [sites, certs]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Configuring ipv4 listen-ports"
|
|
ansible.builtin.lineinfile:
|
|
path: '/etc/apache2/ports.conf'
|
|
line: "Listen {{ port }}"
|
|
ignore_errors: true
|
|
when:
|
|
- port != 80
|
|
- port != 443
|
|
- port != '80'
|
|
- port != '443'
|
|
loop_control:
|
|
loop_var: port
|
|
loop:
|
|
- "{{ site.port_plain }}"
|
|
- "{{ site.port_ssl }}"
|
|
tags: [config, sites]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Configuring ipv6 listen-ports"
|
|
ansible.builtin.lineinfile:
|
|
path: '/etc/apache2/ports.conf'
|
|
line: "Listen [::]:{{ port }}"
|
|
ignore_errors: true
|
|
loop_control:
|
|
loop_var: port
|
|
loop:
|
|
- "{{ site.port_plain }}"
|
|
- "{{ site.port_ssl }}"
|
|
when: APACHE_CONFIG.ipv6
|
|
tags: [config, sites]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Create root directory"
|
|
ansible.builtin.file:
|
|
path: "{{ site.serve.path }}"
|
|
state: directory
|
|
owner: "{{ APACHE_CONFIG.user }}"
|
|
group: "{{ APACHE_CONFIG.group }}"
|
|
mode: 0755
|
|
when: site.mode == 'serve'
|
|
tags: [sites]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Configuring site"
|
|
ansible.builtin.template:
|
|
src: 'templates/etc/apache2/sites-available/site.conf.j2'
|
|
dest: "/etc/apache2/sites-available/site_{{ name }}.conf"
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 0644
|
|
tags: [config, sites]
|
|
|
|
- name: "Apache | Debian | Site '{{ name }}' | Enabling site"
|
|
ansible.builtin.file:
|
|
state: link
|
|
src: "/etc/apache2/sites-available/site_{{ name }}.conf"
|
|
dest: "/etc/apache2/sites-enabled/site_{{ name }}.conf"
|
|
owner: 'root'
|
|
group: 'root'
|
|
mode: 0644
|
|
tags: [sites, config]
|