2017-03-21 17:35:42 +01:00
|
|
|
---
|
2017-03-29 17:45:57 +02:00
|
|
|
|
|
|
|
- name: Include apache role
|
|
|
|
include_role:
|
2017-07-03 18:22:24 +02:00
|
|
|
name: "apache"
|
2017-03-29 17:45:57 +02:00
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Add elements to user account template
|
2017-03-21 17:35:42 +01:00
|
|
|
file:
|
|
|
|
path: "/etc/skel/{{ item.path }}"
|
|
|
|
state: "{{ item.state }}"
|
|
|
|
mode: "{{ item.mode }}"
|
|
|
|
with_items:
|
2017-03-21 18:21:30 +01:00
|
|
|
- { path: log, mode: "0750", state: directory }
|
|
|
|
- { path: awstats, mode: "0750", state: directory }
|
|
|
|
- { path: www, mode: "0750", state: directory }
|
2017-07-03 18:22:24 +02:00
|
|
|
|
|
|
|
- name: Copy apache empty log files if missing
|
|
|
|
copy:
|
|
|
|
src: "log/{{ item }}"
|
|
|
|
dest: "/etc/skel/log/{{ item }}"
|
|
|
|
mode: "0644"
|
|
|
|
force: no
|
|
|
|
with_items:
|
|
|
|
- access.log
|
|
|
|
- error.log
|
|
|
|
|
|
|
|
- name: Install userlogrotate
|
|
|
|
copy:
|
|
|
|
src: userlogrotate
|
|
|
|
dest: /etc/cron.weekly/userlogrotate
|
|
|
|
mode: "0755"
|
2017-03-21 17:35:42 +01:00
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Force DIR_MODE to 0750 in /etc/adduser.conf
|
2017-03-21 17:35:42 +01:00
|
|
|
lineinfile:
|
|
|
|
dest: /etc/adduser.conf
|
|
|
|
regexp: '^DIR_MODE='
|
|
|
|
line: 'DIR_MODE=0750'
|
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Check if Apache envvars have a PATH
|
2017-03-21 17:35:42 +01:00
|
|
|
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
|
|
|
failed_when: False
|
|
|
|
changed_when: False
|
|
|
|
register: envvar_grep_path
|
2017-06-09 09:15:58 +02:00
|
|
|
check_mode: no
|
2017-03-21 17:35:42 +01:00
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Add a PATH envvar for Apache
|
2017-03-21 17:35:42 +01:00
|
|
|
blockinfile:
|
|
|
|
dest: /etc/apache2/envvars
|
|
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
|
|
|
block: |
|
|
|
|
# Used for Evoadmin-web
|
|
|
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
when: envvar_grep_path.rc != 0
|
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Additional packages are installed
|
2017-03-21 17:35:42 +01:00
|
|
|
apt:
|
|
|
|
name: '{{ item }}'
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- apache2-mpm-itk
|
2017-03-21 18:21:30 +01:00
|
|
|
- libapache2-mod-evasive
|
2017-03-21 17:35:42 +01:00
|
|
|
- libapache2-mod-security2
|
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Copy Apache settings for modules
|
2017-03-21 17:35:42 +01:00
|
|
|
copy:
|
|
|
|
src: "{{ item }}"
|
|
|
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
force: no
|
|
|
|
with_items:
|
|
|
|
- evolinux-itk.conf
|
|
|
|
- evolinux-evasive.conf
|
|
|
|
- evolinux-modsec.conf
|
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Ensure Apache modules configs are enabled
|
2017-03-21 17:35:42 +01:00
|
|
|
command: "a2enconf {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
|
|
with_items:
|
|
|
|
- evolinux-itk
|
|
|
|
- evolinux-evasive
|
|
|
|
- evolinux-modsec
|
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Check if log2mail is installed
|
2017-03-21 17:35:42 +01:00
|
|
|
command: "apt list --installed log2mail"
|
|
|
|
register: command_result
|
|
|
|
changed_when: False
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
var: command_result
|
2017-03-29 17:45:57 +02:00
|
|
|
verbosity: 1
|
2017-03-21 17:35:42 +01:00
|
|
|
|
2017-03-21 18:21:30 +01:00
|
|
|
- name: Add log2mail config for Apache segfaults
|
2017-03-21 17:35:42 +01:00
|
|
|
template:
|
|
|
|
src: log2mail-apache.j2
|
|
|
|
dest: "/etc/log2mail/config/apache"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
force: no
|
|
|
|
when: "'log2mail' in command_result.stdout"
|
2017-03-29 17:45:57 +02:00
|
|
|
|
|
|
|
- name: Install PHP5 packages
|
|
|
|
apt:
|
|
|
|
name: '{{ item }}'
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- libapache2-mod-php5
|
|
|
|
- php5
|
|
|
|
- php5-gd
|
|
|
|
- php5-imap
|
|
|
|
- php5-ldap
|
|
|
|
- php5-mcrypt
|
|
|
|
- php5-mysql
|
|
|
|
- php5-pgsql
|
|
|
|
- php-gettext
|
|
|
|
- php5-curl
|
|
|
|
- libssh2-php
|
|
|
|
tags:
|
|
|
|
- apache
|
|
|
|
|
2017-07-03 18:22:24 +02:00
|
|
|
- name: Set variables for php config files
|
|
|
|
set_fact:
|
|
|
|
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
|
|
|
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
|
|
|
|
|
|
|
- name: Set default values for PHP
|
2017-03-29 17:45:57 +02:00
|
|
|
ini_file:
|
2017-07-03 18:22:24 +02:00
|
|
|
dest: "{{ php5_apache5_defaults_file }}"
|
2017-03-29 17:45:57 +02:00
|
|
|
section: PHP
|
|
|
|
option: "{{ item.option }}"
|
|
|
|
value: "{{ item.value }}"
|
|
|
|
mode: "0644"
|
|
|
|
create: yes
|
|
|
|
with_items:
|
|
|
|
- { option: "short_open_tag", value: "Off" }
|
|
|
|
- { option: "expose_php", value: "Off" }
|
|
|
|
- { option: "display_errors", value: "Off" }
|
|
|
|
- { option: "log_errors", value: "On" }
|
|
|
|
- { option: "allow_url_fopen", value: "Off" }
|
|
|
|
notify: reload apache
|
|
|
|
|
2017-07-03 18:22:24 +02:00
|
|
|
- name: Disable PHP exec function without evoadmin
|
|
|
|
ini_file:
|
|
|
|
dest: "{{ php5_apache5_defaults_file }}"
|
|
|
|
section: PHP
|
|
|
|
option: disable_functions
|
|
|
|
value: "exec,shell-exec,system,passthru,putenv,popen"
|
|
|
|
when: not packweb_install_evoadmin
|
|
|
|
|
|
|
|
- name: Don't disable PHP exec function with evoadmin
|
|
|
|
ini_file:
|
|
|
|
dest: "{{ php5_apache5_defaults_file }}"
|
|
|
|
section: PHP
|
|
|
|
option: disable_functions
|
|
|
|
value: "shell-exec,system,passthru,putenv,popen"
|
|
|
|
when: packweb_install_evoadmin
|
|
|
|
|
2017-03-29 17:45:57 +02:00
|
|
|
- name: Custom php.ini
|
|
|
|
copy:
|
2017-07-03 18:22:24 +02:00
|
|
|
dest: "{{ php5_apache5_custom_file }}"
|
2017-03-29 17:45:57 +02:00
|
|
|
content: |
|
|
|
|
# Put customized values here.
|
|
|
|
force: no
|
|
|
|
|
|
|
|
- name: Install phpmyadmin
|
|
|
|
apt:
|
|
|
|
name: phpmyadmin
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Check if phpmyadmin default configuration is present
|
|
|
|
stat:
|
|
|
|
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
|
|
|
register: pma_default_config
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
var: pma_default_config
|
|
|
|
verbosity: 1
|
|
|
|
|
|
|
|
- name: Disable phpmyadmin default configuration
|
|
|
|
command: "a2disconf phpmyadmin"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'Disabling' in command_result.stderr"
|
|
|
|
when: pma_default_config.stat.exists
|
|
|
|
|
|
|
|
- name: Change group to www-data for /etc/phpmyadmin/
|
|
|
|
file:
|
|
|
|
dest: /etc/phpmyadmin/
|
|
|
|
group: www-data
|
|
|
|
|
|
|
|
- name: Install awstats
|
|
|
|
apt:
|
|
|
|
name: awstats
|
|
|
|
state: present
|
|
|
|
|
|
|
|
- name: Configure awstats
|
|
|
|
blockinfile:
|
|
|
|
dest: /etc/awstats/awstats.conf.local
|
|
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
|
|
|
block: |
|
|
|
|
LogFile="/var/log/apache2/access.log"
|
|
|
|
SiteDomain="{{ ansible_hostname }}"
|
|
|
|
DirData="/var/lib/awstats"
|
|
|
|
ShowHostsStats=0
|
|
|
|
ShowOriginStats=0
|
|
|
|
ShowPagesStats=0
|
|
|
|
ShowKeyphrasesStats=0
|
|
|
|
ShowKeywordsStats=0
|
|
|
|
ShowHTTPErrorsStats=0
|
|
|
|
LogFormat=1
|
|
|
|
AllowFullYearView=3
|
|
|
|
ErrorMessages="An error occured. Contact your Administrator"
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- name: Create conf-available/awstats-icon.conf file
|
|
|
|
copy:
|
|
|
|
dest: /etc/apache2/conf-available/awstats-icon.conf
|
|
|
|
content: |
|
|
|
|
Alias /awstats-icon/ /usr/share/awstats/icon/
|
|
|
|
<Directory /usr/share/awstats/icon/>
|
2017-07-03 18:22:24 +02:00
|
|
|
Require all granted
|
2017-03-29 17:45:57 +02:00
|
|
|
</Directory>
|
|
|
|
force: no
|
|
|
|
mode: "0644"
|
|
|
|
|
|
|
|
- name: Enable apache awstats-icon configuration
|
|
|
|
command: "a2enconf awstats-icon"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
|
|
notify: reload apache
|
|
|
|
|
|
|
|
- name: Create awstats cron
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/cron.d/awstats
|
|
|
|
create: yes
|
|
|
|
regexp: '-config=awstats'
|
|
|
|
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
|
|
|
|
|
|
|
- name: Remove read permission on some folders (/, /etc, ...)
|
|
|
|
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
|
|
|
with_items:
|
|
|
|
- /
|
|
|
|
- /etc
|
|
|
|
- /usr
|
|
|
|
- /usr/bin
|
|
|
|
- /var
|
|
|
|
- /var/log
|
|
|
|
- /home
|
|
|
|
- /bin
|
|
|
|
- /sbin
|
|
|
|
- /lib
|
|
|
|
- /usr/lib
|
|
|
|
- /usr/include
|
|
|
|
- /usr/bin
|
|
|
|
- /usr/sbin
|
|
|
|
- /usr/share
|
|
|
|
- /usr/share/doc
|
|
|
|
- /etc/default
|
|
|
|
|
|
|
|
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
|
|
|
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
|
|
|
with_items:
|
|
|
|
- /var/log/apt
|
|
|
|
- /var/lib/dpkg
|
|
|
|
- /var/log/munin
|
|
|
|
- /var/backups
|
|
|
|
- /var/cache/apt
|
|
|
|
- /etc/init.d
|
|
|
|
- /etc/apt
|
|
|
|
- /etc/apache2
|
|
|
|
- /etc/network
|
|
|
|
- /etc/phpmyadmin
|
|
|
|
- /var/log/installer
|
|
|
|
|
|
|
|
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
|
|
|
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
|
|
|
with_items:
|
|
|
|
- /bin/ping
|
|
|
|
- /bin/ping6
|
|
|
|
- /usr/bin/fping
|
|
|
|
- /usr/bin/fping6
|
|
|
|
- /usr/bin/mtr
|
|
|
|
|
|
|
|
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
|
|
|
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
|
|
|
register: command_result
|
|
|
|
changed_when: "'changed' in command_result.stdout"
|
|
|
|
failed_when: False
|
|
|
|
with_items:
|
|
|
|
- /var/log/evolix.log
|
|
|
|
- /etc/warnquota.conf
|
|
|
|
|
|
|
|
- name: Remove some log files (/var/log/mail.err, ...)
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: absent
|
|
|
|
with_items:
|
|
|
|
- /var/log/debug
|
|
|
|
- /var/log/mail.err
|
|
|
|
- /var/log/mail.warn
|
2017-07-03 18:22:24 +02:00
|
|
|
|
|
|
|
- name: Install Evoadmin
|
|
|
|
include_role:
|
|
|
|
name: evoadmin
|
|
|
|
when: packweb_install_evoadmin
|
|
|
|
|
|
|
|
- name: Install web-add script
|
|
|
|
include: web-add.yml
|
|
|
|
when: not packweb_install_evoadmin
|