185 lines
5.5 KiB
YAML
185 lines
5.5 KiB
YAML
---
|
|
|
|
- name: Apache | Showing debug info - user provided config
|
|
ansible.builtin.debug:
|
|
var: apache
|
|
when: debug | bool
|
|
|
|
- name: Apache | Showing debug info - running config
|
|
ansible.builtin.debug:
|
|
var: APACHE_CONFIG
|
|
when: debug | bool
|
|
|
|
- name: Apache | Install apache
|
|
ansible.builtin.apt:
|
|
name: "{{ APACHE_HC.packages }}"
|
|
state: present
|
|
update_cache: true
|
|
tags: [base]
|
|
|
|
- name: Apache | Creating service user
|
|
ansible.builtin.user:
|
|
name: "{{ APACHE_CONFIG.user }}"
|
|
shell: '/usr/sbin/nologin'
|
|
comment: 'Apache Service User'
|
|
tags: [base]
|
|
|
|
- name: Apache | Setting service user
|
|
ansible.builtin.lineinfile:
|
|
state: present
|
|
path: '/etc/apache2/envvars'
|
|
regexp: "{{ item.reg }}"
|
|
line: "{{ item.line }}"
|
|
register: apache_user_update_raw
|
|
loop:
|
|
- {reg: '^export APACHE_RUN_USER=', line: "export APACHE_RUN_USER={{ APACHE_CONFIG.user }}"}
|
|
- {reg: '^export APACHE_RUN_GROUP=', line: "export APACHE_RUN_GROUP={{ APACHE_CONFIG.group }}"}
|
|
tags: [base, config]
|
|
|
|
# NOTE: a2enmod/a2dismod command saves time in comparison to the community 'apache2_module' module
|
|
- name: Apache | Enabling apache modules
|
|
ansible.builtin.command: "a2enmod {{ APACHE_CONFIG.modules.present | enmod_list(APACHE_CONFIG.modules.absent) }}"
|
|
register: apache_mods_enable_raw
|
|
changed_when: "'restart apache2' in apache_mods_enable_raw.stdout"
|
|
when: APACHE_CONFIG.modules.present | ensure_list | length > 0
|
|
tags: [base]
|
|
|
|
- name: Apache | Disabling apache modules
|
|
ansible.builtin.command: "a2dismod -f {{ APACHE_CONFIG.modules.absent | mod_list }}"
|
|
register: apache_mods_disable_raw
|
|
changed_when: "'restart apache2' in apache_mods_disable_raw.stdout"
|
|
when: APACHE_CONFIG.modules.absent | ensure_list | length > 0
|
|
tags: [base]
|
|
|
|
# todo: configure module settings
|
|
|
|
- name: Apache | Adding main settings
|
|
ansible.builtin.lineinfile:
|
|
state: present
|
|
path: '/etc/apache2/apache2.conf'
|
|
regexp: "{{ item.key }}\\s"
|
|
line: "{{ item.key }} {{ item.value }}"
|
|
validate: "apachectl -t -f %s"
|
|
register: apache_settings_raw
|
|
with_dict: "{{ APACHE_CONFIG.settings }}"
|
|
tags: [config, base]
|
|
|
|
- name: Apache | Restarting apache
|
|
ansible.builtin.systemd:
|
|
name: 'apache2.service'
|
|
state: restarted
|
|
when: >
|
|
apache_user_update_raw.changed or
|
|
apache_mods_enable_raw.changed or
|
|
apache_mods_disable_raw.changed or
|
|
apache_settings_raw.changed
|
|
tags: [base, config]
|
|
|
|
# is an additional site-loop since certificates can be pre-/absent
|
|
- name: Apache | Getting certificates using LetsEncrypt
|
|
ansible.builtin.include_role:
|
|
name: ansibleguy.infra_certs
|
|
when: site.ssl.mode == 'letsencrypt'
|
|
vars:
|
|
site: "{{ defaults_site | combine(site_item.value, recursive=true) }}"
|
|
name: "{{ site_item.key | safe_key }}"
|
|
certs:
|
|
mode: 'le_certbot'
|
|
path: "{{ APACHE_CONFIG.ssl.path }}"
|
|
owner_key: "{{ APACHE_CONFIG.user }}"
|
|
group_key: "{{ APACHE_CONFIG.group }}"
|
|
owner_cert: "{{ APACHE_CONFIG.user }}"
|
|
group_cert: "{{ APACHE_CONFIG.group }}"
|
|
letsencrypt:
|
|
certs: "{{ site | prepare_letsencrypt(name) }}"
|
|
path: "{{ APACHE_CONFIG.letsencrypt.path }}"
|
|
email: "{{ APACHE_CONFIG.letsencrypt.email }}"
|
|
renew_timer: "{{ APACHE_CONFIG.letsencrypt.renew_timer }}"
|
|
verbosity: "{{ APACHE_CONFIG.letsencrypt.verbosity }}"
|
|
service: 'apache'
|
|
renew: "{{ APACHE_CONFIG.letsencrypt.renew }}"
|
|
loop_control:
|
|
loop_var: site_item
|
|
with_dict: "{{ APACHE_CONFIG.sites }}"
|
|
no_log: true
|
|
tags: [certs, sites]
|
|
args:
|
|
apply:
|
|
tags: [certs, sites]
|
|
|
|
- name: Apache | Disabling default apache sites
|
|
ansible.builtin.file:
|
|
state: absent
|
|
dest: "/etc/apache2/sites-enabled/{{ item }}"
|
|
loop:
|
|
- '000-default.conf'
|
|
- 'default-ssl.conf'
|
|
tags: [config, base]
|
|
|
|
- name: Apache | Removing status page
|
|
ansible.builtin.include_tasks: rm_status.yml
|
|
when: APACHE_CONFIG.status_page.state != 'present'
|
|
args:
|
|
apply:
|
|
tags: [config, sites, base]
|
|
tags: [config, sites, base]
|
|
|
|
- name: Apache | Removing site
|
|
ansible.builtin.include_tasks: rm_site.yml
|
|
when: site.state != 'present'
|
|
vars:
|
|
site: "{{ defaults_site | combine(site_item.value, recursive=true) }}"
|
|
name: "{{ site_item.key | safe_key }}"
|
|
path: "{{ site.serve.path }}"
|
|
loop_control:
|
|
loop_var: site_item
|
|
with_dict: "{{ APACHE_CONFIG.sites }}"
|
|
no_log: true
|
|
tags: [config, sites, certs]
|
|
args:
|
|
apply:
|
|
tags: [config, sites, certs]
|
|
|
|
- name: Apache | Reloading apache
|
|
ansible.builtin.systemd:
|
|
name: 'apache2.service'
|
|
state: reloaded
|
|
changed_when: false
|
|
tags: [base, config, sites, certs]
|
|
|
|
- name: Apache | Adding status page
|
|
ansible.builtin.include_tasks: add_status.yml
|
|
when: APACHE_CONFIG.status_page.state == 'present'
|
|
tags: [config, sites, base]
|
|
|
|
- name: Apache | Adding site
|
|
ansible.builtin.include_tasks: add_site.yml
|
|
when: site.state == 'present'
|
|
vars:
|
|
site: "{{ defaults_site | combine(site_item.value, recursive=true) }}"
|
|
name: "{{ site_item.value.name | default(site_item.key) }}"
|
|
path: "{{ site.serve.path }}"
|
|
loop_control:
|
|
loop_var: site_item
|
|
with_dict: "{{ APACHE_CONFIG.sites }}"
|
|
no_log: true
|
|
tags: [config, sites, certs]
|
|
args:
|
|
apply:
|
|
tags: [config, sites, certs]
|
|
|
|
- name: Apache | Starting/Enabling apache
|
|
ansible.builtin.systemd:
|
|
name: 'apache2.service'
|
|
enabled: yes
|
|
state: started
|
|
tags: [base]
|
|
|
|
- name: Apache | Reloading apache
|
|
ansible.builtin.systemd:
|
|
name: 'apache2.service'
|
|
enabled: yes
|
|
state: reloaded
|
|
changed_when: false
|
|
tags: [base, config, sites, certs]
|