forked from evolix/ansible-roles
142 lines
3 KiB
YAML
142 lines
3 KiB
YAML
- name: packages are installed
|
|
apt:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- apache2-mpm-itk
|
|
- apachetop
|
|
- libapache2-mod-evasive
|
|
- libwww-perl
|
|
tags:
|
|
- apache
|
|
|
|
- name: basic modules are enabled
|
|
apache2_module:
|
|
name: '{{ item }}'
|
|
state: present
|
|
with_items:
|
|
- rewrite
|
|
- expires
|
|
- headers
|
|
- rewrite
|
|
- cgi
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache defaults config file
|
|
copy:
|
|
src: evolinux-defaults.conf
|
|
dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: yes
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy Apache custom config file
|
|
copy:
|
|
src: evolinux-custom.conf
|
|
dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
force: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: Ensure Apache config files are enabled
|
|
command: "a2enconf {{ item }}"
|
|
register: command_result
|
|
changed_when: "'Enabling' in command_result.stderr"
|
|
with_items:
|
|
- z-evolinux-defaults.conf
|
|
- zzz-evolinux-custom.conf
|
|
tags:
|
|
- apache
|
|
|
|
- name: Init private_ipaddr_whitelist.conf file
|
|
copy:
|
|
src: private_ipaddr_whitelist.conf
|
|
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
force: no
|
|
tags:
|
|
- apache
|
|
|
|
- name: add IP addresses to private IP whitelist
|
|
lineinfile:
|
|
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
|
line: "Allow from {{ item }}"
|
|
state: present
|
|
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: remove IP addresses from private IP whitelist
|
|
lineinfile:
|
|
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
|
line: "Allow from {{ item }}"
|
|
state: absent
|
|
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: Copy private_htpasswd
|
|
copy:
|
|
src: private_htpasswd
|
|
dest: /etc/apache2/private_htpasswd
|
|
owner: root
|
|
group: root
|
|
mode: "0640"
|
|
force: no
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: add user:pwd to private htpasswd
|
|
lineinfile:
|
|
dest: /etc/apache2/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: present
|
|
with_items: "{{ apache_private_htpasswd_present }}"
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: remove user:pwd from private htpasswd
|
|
lineinfile:
|
|
dest: /etc/apache2/private_htpasswd
|
|
line: "{{ item }}"
|
|
state: absent
|
|
with_items: "{{ apache_private_htpasswd_absent }}"
|
|
notify: reload apache
|
|
tags:
|
|
- apache
|
|
|
|
- name: is umask already present?
|
|
command: "grep -E '^umask ' /etc/apache2/envvars"
|
|
failed_when: False
|
|
changed_when: False
|
|
register: envvar_grep_umask
|
|
check_mode: no
|
|
|
|
tags:
|
|
- apache
|
|
|
|
- name: Add a mark in envvars for umask
|
|
blockinfile:
|
|
dest: /etc/apache2/envvars
|
|
marker: "## {mark} ANSIBLE MANAGED BLOCK"
|
|
block: |
|
|
## Set umask for writing by Apache user.
|
|
## Set rights on files and directories written by Apache
|
|
umask 007
|
|
when: envvar_grep_umask.rc != 0
|
|
tags:
|
|
- apache
|