ansible-roles/apache/tasks/main.yml

- name: Ensure packages are installed
  apt:
    name: '{{ item }}'
    state: present
  with_items:
    - apache2-mpm-itk
    - apachetop
    - libapache2-mod-evasive
    - libwww-perl

- name: Ensure basic modules are enabled
  apache2_module:
    name: '{{ item }}'
    state: present
  with_items:
    - rewrite
    - expires
    - headers
    - rewrite
    - cgi

- name: Copy Apache config files
  copy:
    src: "{{ item.file }}"
    dest: "/etc/apache2/conf-available/{{ item.file }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
    - { file: z_evolinux.conf, mode: 0644 }
    - { file: zzz_evolinux.conf, mode: 0640 }

- name: Ensure Apache default config is enabled
  command: a2enconf z_evolinux.conf zzz_evolinux.conf
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"

- name: Init ipaddr_whitelist.conf file
  copy:
    src: ipaddr_whitelist.conf
    dest: /etc/apache2/ipaddr_whitelist.conf
    owner: root
    group: root
    mode: 0640
    force: no

- name: Add IP addresses to private IP whitelist if defined
  lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Allow from {{ item }}"
    state: present
  with_items: "{{ apache_ipaddr_whitelist }}"

- name: Add a mark in envvars for umask
  blockinfile:
    dest: /etc/apache2/envvars
    block: |
      ## Set umask for writing by Apache user.
      ## Set rights on files and directories written by Apache

- name : Ensure umask is set in envvars (default is umask 007)
  lineinfile:
    dest: /etc/apache2/envvars
    regexp: "^umask"
    line: "umask 007"