Revert "Add “when: not ansible_check_mode” to allow more --check"
gitea/ansible-roles/pipeline/head This commit looks good Details

This reverts commit fafff25c20.
This reverts commit e64471c5a8084f95a8e6f955d3fa918c55b8e846.
pull/165/head
Jérémy Lecour 2 months ago committed by Jérémy Lecour
parent 91b40ce72f
commit 1728eaee68

@ -3,16 +3,13 @@
service:
name: apache2
state: restarted
when: not ansible_check_mode
- name: reload apache
service:
name: apache2
state: reloaded
when: not ansible_check_mode
- name: restart munin-node
service:
name: munin-node
state: restarted
when: not ansible_check_mode

@ -22,7 +22,6 @@
state: present
tags:
- apache
when: not ansible_check_mode
- name: Copy private_htpasswd
copy:
@ -45,7 +44,6 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode
- name: remove user:pwd from private htpasswd
lineinfile:
@ -56,4 +54,3 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode

@ -10,7 +10,6 @@
tags:
- apache
- ips
when: not ansible_check_mode
- name: remove IP addresses from private IP whitelist
lineinfile:

@ -6,7 +6,6 @@
state: present
tags:
- apache
when: not ansible_check_mode
- name: Add log2mail config for Apache segfaults
template:

@ -53,7 +53,6 @@
notify: reload apache
tags:
- apache
when: not ansible_check_mode
- name: basic modules are enabled
apache2_module:
@ -62,11 +61,10 @@
loop:
- cgi
notify: reload apache
when:
- apache_mpm == "prefork" or apache_mpm == "itk"
- not ansible_check_mode
when: apache_mpm == "prefork" or apache_mpm == "itk"
tags:
- apache
when: not ansible_check_mode
- name: Copy Apache defaults config file
@ -133,11 +131,10 @@
state: link
force: yes
notify: reload apache
when:
- apache_evolinux_default_enabled | bool
- not ansible_check_mode
when: apache_evolinux_default_enabled | bool
tags:
- apache
when: not ansible_check_mode
- include: server_status.yml
tags:
@ -160,11 +157,10 @@
## Set umask for writing by Apache user.
## Set rights on files and directories written by Apache
umask 007
when:
- envvar_grep_umask.rc != 0
- not ansible_check_mode
when: envvar_grep_umask.rc != 0
tags:
- apache
when: not ansible_check_mode
- include_role:
name: evolix/remount-usr
@ -197,7 +193,6 @@
replace: "{{ apache_logrotate_frequency }}"
tags:
- apache
when: not ansible_check_mode
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
replace:
@ -206,7 +201,6 @@
replace: '\1 {{ apache_logrotate_rotate }}'
tags:
- apache
when: not ansible_check_mode
- include: log2mail.yml
when: apache_log2mail_include

@ -23,7 +23,6 @@
tags:
- apache
- munin
when: not ansible_check_mode
- name: "Install fcgi packages for Munin graphs"
apt:
@ -44,7 +43,6 @@
tags:
- apache
- munin
when: not ansible_check_mode
- name: "Apache has access to /var/log/munin/"
file:
@ -53,4 +51,3 @@
tags:
- apache
- munin
when: not ansible_check_mode

@ -26,12 +26,10 @@
changed_when: False
check_mode: no
register: new_apache_serverstatus_suffix
when: not ansible_check_mode
- name: overwrite apache_serverstatus_suffix
set_fact:
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
when: not ansible_check_mode
- debug:
var: apache_serverstatus_suffix
@ -42,14 +40,12 @@
dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}"
when: not ansible_check_mode
- name: add server-status suffix in default site index if missing
replace:
dest: /var/www/index.html
regexp: '"/server-status-?"'
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
when: not ansible_check_mode
- name: add server-status suffix in default VHost
replace:
@ -57,14 +53,12 @@
regexp: '<Location /server-status-?>'
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
notify: reload apache
when: not ansible_check_mode
- name: Munin configuration has a section for apache
lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]"
create: no
when: not ansible_check_mode
- name: apache-status URL is configured for Munin
lineinfile:
@ -74,4 +68,3 @@
insertafter: "[apache_*]"
create: no
notify: restart munin-node
when: not ansible_check_mode

@ -8,7 +8,6 @@
- etc-git
when:
- ansible_distribution == "Debian"
- not ansible_check_mode
- name: Install and configure utilities
include: utils.yml
@ -19,6 +18,4 @@
include: repositories.yml
tags:
- etc-git
when:
- etc_git_config_repositories | bool
- not ansible_check_mode
when: etc_git_config_repositories | bool

@ -34,4 +34,4 @@
- _usr_share_scripts.stat.isdir
- ansible_distribution_major_version is version('10', '>=')
tags:
- etc-git
- etc-git

@ -22,7 +22,6 @@
value: "root@{{ ansible_fqdn | default('localhost') }}"
tags:
- etc-git
when: not ansible_check_mode
- name: "{{ repository_path }}/.git is restricted to root"
file:
@ -50,7 +49,6 @@
loop: "{{ gitignore_items | default([]) }}"
tags:
- etc-git
when: not ansible_check_mode
- name: "does {{ repository_path }}/ have any commit?"
command: "git log"
@ -72,4 +70,4 @@
register: git_commit
when: git_log.rc != 0 or (git_init is defined and git_init is changed)
tags:
- etc-git
- etc-git

@ -1,17 +1,14 @@
- name: newaliases
command: newaliases
when: not ansible_check_mode
- name: Test Apache conf
command: apache2ctl -t
notify: "Reload Apache conf"
when: not ansible_check_mode
- name: reload apache2
service:
name: apache2
state: reloaded
when: not ansible_check_mode
- name: apt update
apt:
@ -21,10 +18,8 @@
service:
name: squid3
state: reloaded
when: not ansible_check_mode
- name: reload squid
service:
name: squid
state: reloaded
when: not ansible_check_mode

@ -10,8 +10,6 @@
- debug:
var: evocheck_run.stdout_lines
when:
- not ansible_check_mode
- evocheck_run.stdout | length > 0
when: evocheck_run.stdout | length > 0
tags:
- evocheck-exec

@ -38,7 +38,6 @@
owner: root
group: ssl-cert
mode: "0640"
when: not ansible_check_mode
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ ansible_fqdn }}.csr -signkey /etc/ssl/private/{{ ansible_fqdn }}.key -out /etc/ssl/certs/{{ ansible_fqdn }}.crt

@ -43,9 +43,7 @@
state: present
tags:
- packages
when:
- ansible_virtualization_role == "host"
- not ansible_check_mode
when: ansible_virtualization_role == "host"
## RAID
# Dell and others: MegaRAID SAS
@ -110,7 +108,6 @@
name: ssacli
tags:
- packages
when: not ansible_check_mode
when:
- "'Hewlett-Packard Company Smart Array' in raidmodel.stdout"
- "'Adaptec Smart Storage PQI' in raidmodel.stdout"
@ -137,7 +134,6 @@
state: present
tags:
- packages
when: not ansible_check_mode
- name: cciss-vol-statusd init script is present (HP gen <10)
template:
@ -250,7 +246,6 @@
allow_unauthenticated: yes
tags:
- packages
when: not ansible_check_mode
- name: Configure packages for DELL/LSI hardware
template:
@ -268,7 +263,6 @@
tags:
- packages
- config
when: not ansible_check_mode
when:
- "'MegaRAID' in raidmodel.stdout"
- evolinux_packages_hardware_raid | bool

@ -16,7 +16,6 @@
daemon-reload: yes
state: started
enabled: yes
when: not ansible_check_mode
- name: log2mail config is present
blockinfile:
@ -33,5 +32,4 @@
notify: restart log2mail
tags:
- log2mail
when: not ansible_check_mode

@ -89,9 +89,7 @@
apt:
name: serveur-base
allow_unauthenticated: yes
when:
- evolinux_packages_serveur_base | bool
- not ansible_check_mode
when: evolinux_packages_serveur_base | bool
- name: Install/Update packages for Stretch and later
apt:

@ -20,7 +20,6 @@
notify: reload postfix
tags:
- postfix
when: not ansible_check_mode
- name: configure postfix mynetworks
lineinfile:
@ -31,7 +30,6 @@
notify: reload postfix
tags:
- postfix
when: not ansible_check_mode
- name: fetch users list
shell: "set -o pipefail && getent passwd | cut -d':' -f 1 | grep -v root"
@ -50,9 +48,7 @@
line: "{{ item }}: root"
loop: "{{ non_root_users_list.stdout_lines }}"
notify: newaliases
when:
- evolinux_postfix_users_alias_root | bool
- not ansible_check_mode
when: evolinux_postfix_users_alias_root | bool
tags:
- postfix
@ -69,9 +65,7 @@
- error
- bounce
notify: newaliases
when:
- evolinux_postfix_mailer_alias_root | bool
- not ansible_check_mode
when: evolinux_postfix_mailer_alias_root | bool
tags:
- postfix
@ -81,9 +75,7 @@
regexp: "^root:"
line: "root: {{ postfix_alias_email or general_alert_email | mandatory }}"
notify: newaliases
when:
- evolinux_postfix_root_alias | bool
- not ansible_check_mode
when: evolinux_postfix_root_alias | bool
tags:
- postfix

@ -160,9 +160,7 @@
dest: '/home/{{ user.name }}/.profile'
insertafter: EOF
line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
when:
- grep_profile_evomaintenance.rc != 0
- not ansible_check_mode
when: grep_profile_evomaintenance.rc != 0
# SSH keys
@ -194,6 +192,5 @@
when:
- user.ssh_keys is defined
- user.ssh_keys | length > 0
- not ansible_check_mode
- meta: flush_handlers

@ -3,16 +3,13 @@
service:
name: haproxy
state: reloaded
when: not ansible_check_mode
- name: restart haproxy
service:
name: haproxy
state: restarted
when: not ansible_check_mode
- name: restart munin-node
service:
name: munin-node
state: restarted
when: not ansible_check_mode

@ -123,7 +123,6 @@
tags:
- haproxy
- logrotate
when: not ansible_check_mode
- name: Rotate logs with nodelaycompress
lineinfile:
@ -134,7 +133,6 @@
tags:
- haproxy
- logrotate
when: not ansible_check_mode
- name: Set net.ipv4.ip_nonlocal_bind
sysctl:

@ -10,7 +10,6 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
template:

@ -10,7 +10,6 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo"
lineinfile:

@ -10,7 +10,6 @@
dest: "/var/lib/lxc/{{ lxc_php_version }}/rootfs/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
when: not ansible_check_mode
- name: "{{ lxc_php_version }} - Add sury repo"
lineinfile:

@ -4,7 +4,6 @@
changed_when: false
check_mode: no
register: container_exists
when: not ansible_check_mode
- name: "Create container {{ name }}"
lxc_container:
@ -13,26 +12,20 @@
template: debian
state: stopped
template_options: "--arch amd64 --release {{ release }}"
when:
- container_exists.stdout_lines | length == 0
- not ansible_check_mode
when: container_exists.stdout_lines | length == 0
- name: "Disable network configuration inside container {{ name }}"
replace:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/networking"
regexp: "^#CONFIGURE_INTERFACES=yes"
replace: CONFIGURE_INTERFACES=no
when:
- lxc_network_type == "none"
- not ansible_check_mode
when: lxc_network_type == "none"
- name: "Disable interface shut down on halt inside container {{ name }} (Jessie container)"
lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/default/halt"
line: "NETDOWN=no"
when:
- lxc_network_type == "none" and release == "jessie"
- not ansible_check_mode
when: lxc_network_type == "none" and release == "jessie"
- name: "Make the container {{ name }} poweroff on SIGPWR sent by lxc-stop (Jessie container)"
file:
@ -51,16 +44,13 @@
lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/hosts"
line: "127.0.0.1 {{ name }}"
when: not ansible_check_mode
- name: "Fix permission on /dev for container {{ name }}"
lineinfile:
name: "/var/lib/lxc/{{ name }}/rootfs/etc/rc.local"
line: "chmod 755 /dev"
insertbefore: "^exit 0$"
when:
- release == 'jessie'
- not ansible_check_mode
when: release == 'jessie'
- name: "Ensure that {{ name }} container is running"
lxc_container:

@ -48,7 +48,6 @@
changed_when: false
check_mode: no
register: check_fs_options
when: not ansible_check_mode
- name: Check if options are correct
assert:
@ -57,7 +56,6 @@
- "'noexec' not in check_fs_options.stdout"
- "'nosuid' not in check_fs_options.stdout"
msg: "LXC directory is in a filesystem with incompatible options"
when: not ansible_check_mode
- name: Create containers
include: create-container.yml

@ -30,7 +30,6 @@
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR IPS"
insertbefore: '^# Main interface'
create: no
when: not ansible_check_mode
- name: End marker for IP addresses
lineinfile:
@ -38,7 +37,6 @@
create: no
line: "# END ANSIBLE MANAGED BLOCK FOR IPS"
insertafter: '^PRIVILEGIEDIPS='
when: not ansible_check_mode
- name: Verify that at least 1 trusted IP is provided
assert:
@ -86,7 +84,6 @@
PRIVILEGIEDIPS='{{ minifirewall_privilegied_ips | join(' ') }}'
create: no
register: minifirewall_config_ips
when: not ansible_check_mode
- name: Begin marker for ports
lineinfile:
@ -94,7 +91,6 @@
line: "# BEGIN ANSIBLE MANAGED BLOCK FOR PORTS"
insertbefore: '^# Protected services'
create: no
when: not ansible_check_mode
- name: End marker for ports
lineinfile:
@ -102,7 +98,6 @@
line: "# END ANSIBLE MANAGED BLOCK FOR PORTS"
insertafter: '^SERVICESUDP3='
create: no
when: not ansible_check_mode
- name: Configure ports
blockinfile:
@ -127,7 +122,6 @@
SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}'
create: no
register: minifirewall_config_ports
when: not ansible_check_mode
- name: Configure DNSSERVEURS
lineinfile:
@ -199,9 +193,7 @@
line: "PROXY='{{ minifirewall_proxy }}'"
regexp: "PROXY=('|\").*('|\")"
create: no
when:
- minifirewall_proxy is not none
- not ansible_check_mode
when: minifirewall_proxy is not none
- name: Configure PROXYPORT
lineinfile:
@ -209,9 +201,7 @@
line: "PROXYPORT='{{ minifirewall_proxyport }}'"
regexp: "PROXYPORT=('|\").*('|\")"
create: no
when:
- minifirewall_proxyport is not none
- not ansible_check_mode
when: minifirewall_proxyport is not none
# Warning: keep double quotes for the value,
# since we often reference a shell variable that needs to be interpolated
@ -221,9 +211,7 @@
line: "PROXYBYPASS=\"{{ minifirewall_proxybypass | join(' ') }}\""
regexp: "PROXYBYPASS=('|\").*('|\")"
create: no
when:
- minifirewall_proxyport is not none
- not ansible_check_mode
when: minifirewall_proxybypass is not none
- name: Configure BACKUPSERVERS
lineinfile:
@ -231,9 +219,7 @@
line: "BACKUPSERVERS='{{ minifirewall_backupservers | join(' ') }}'"
regexp: "BACKUPSERVERS=('|\").*('|\")"
create: no
when:
- minifirewall_backupservers is not none
- not ansible_check_mode
when: minifirewall_backupservers is not none
- name: Configure SYSCTL_ICMP_ECHO_IGNORE_BROADCASTS
lineinfile:

@ -4,14 +4,12 @@
service:
name: munin-node
state: restarted
when: not ansible_check_mode
- name: restart munin_node
service:
name: munin_node
state: restarted
when: not ansible_check_mode
- name: systemd daemon-reload
systemd:
daemon_reload: yes
daemon_reload: yes

@ -32,9 +32,7 @@
removes: /var/lib/munin/localdomain
notify: restart munin-node
when:
- not ansible_hostname == "localdomain"
- not ansible_check_mode
when: not ansible_hostname == "localdomain"
tags:
- munin
@ -81,7 +79,6 @@
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable sensors_ plugin on dedicated hardware
file:
@ -95,7 +92,6 @@
notify: restart munin-node
tags:
- munin
when: not ansible_check_mode
- name: Enable ipmi_ plugin on dedicated hardware
file:
@ -109,7 +105,6 @@
- temp
- power
- volts
when: not ansible_check_mode
- name: adjustments for grsec kernel
blockinfile:

@ -43,4 +43,3 @@
- mysql_custom_datadir | length > 0
- mysql_custom_datadir != mysql_current_real_datadir_test.stdout
- not mysql_custom_datadir_test.stat.exists
- not ansible_check_mode

@ -43,4 +43,3 @@
- mysql_custom_logdir | length > 0
- mysql_custom_logdir != mysql_current_real_logdir_test.stdout
- not mysql_custom_logdir_test.stat.exists
- not ansible_check_mode

@ -42,7 +42,6 @@
tags:
- mysql
- services
when: not ansible_check_mode
- name: apg package is installed
apt:

@ -28,7 +28,6 @@
tags:
- mysql
- services
when: not ansible_check_mode
- name: apg package is installed
apt:
@ -58,4 +57,4 @@
tags:
- mysql
- packages
when: ansible_python_version is version('3', '>=')
when: ansible_python_version is version('3', '>=')

@ -155,9 +155,7 @@
src: "{{ _mysql_scripts_dir }}/mysql-optimize.sh"
dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh
state: link
when:
- mysql_cron_optimize | bool
- not ansible_check_mode
when: mysql_cron_optimize | bool
tags:
- mysql
@ -250,4 +248,4 @@
mode: "0755"
force: no
tags:
- mysql
- mysql

@ -4,10 +4,8 @@
service:
name: nagios-nrpe-server
state: restarted
when: not ansible_check_mode
- name: restart nrpe
service:
name: nrpe
state: restarted
when: not ansible_check_mode

@ -21,4 +21,3 @@
notify: restart ntp
tags:
- ntp
when: not ansible_check_mode

@ -14,9 +14,7 @@
block: |
# Used for Evoadmin-web
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
when:
- envvar_grep_path.rc != 0
- not ansible_check_mode
when: envvar_grep_path.rc != 0
- name: Additional packages are installed
apt:
@ -36,7 +34,6 @@
- negotiation
- alias
- log_forensic
when: not ansible_check_mode
- name: Copy Apache settings for modules
copy:
@ -63,4 +60,3 @@
loop:
- evolinux-evasive
- evolinux-modsec
when: not ansible_check_mode

@ -22,7 +22,6 @@
AllowFullYearView=3
ErrorMessages="An error occured. Contact your Administrator"
mode: "0644"
when: not ansible_check_mode
- name: Create conf-available/awstats-icon.conf file
copy:
@ -40,7 +39,6 @@
register: command_result
changed_when: "'Enabling' in command_result.stderr"
notify: reload apache
when: not ansible_check_mode
- name: Create awstats cron
lineinfile:
@ -48,7 +46,6 @@
create: yes
regexp: '-config=awstats'
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
when: not ansible_check_mode
- name: Comment default awstat cron's tasks
lineinfile:
@ -57,4 +54,3 @@
line: '#\1'
backrefs: yes
state: present
when: not ansible_check_mode

@ -26,7 +26,6 @@
dest: /var/www/index.html
line: ' <li><a href="/info.php">Infos PHP</a></li>'
regexp: "Infos PHP"
when: not ansible_check_mode
- name: install opcache.php
copy:
@ -39,7 +38,6 @@
dest: /var/www/index.html
line: ' <li><a href="/opcache.php">Infos OpCache PHP</a></li>'
regexp: "Infos OpCache PHP"
when: not ansible_check_mode
- name: Add elements to user account template
file:
@ -66,7 +64,6 @@
loop:
- access.log
- error.log
when: not ansible_check_mode
- name: "Install userlogrotate (jessie)"
copy:

@ -5,7 +5,6 @@
state: present
name: proxy_fcgi
notify: restart apache2
when: not ansible_check_mode
- include_role:
name: remount-usr

@ -65,12 +65,10 @@
changed_when: False
check_mode: no
register: new_packweb_phpmyadmin_suffix
when: not ansible_check_mode
- name: overwrite packweb_phpmyadmin_suffix
set_fact:
packweb_phpmyadmin_suffix: "{{ new_packweb_phpmyadmin_suffix.stdout }}"
when: not ansible_check_mode
- debug:
var: packweb_phpmyadmin_suffix
@ -88,18 +86,15 @@
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
when: not ansible_check_mode
- name: enable phpmyadmin link in default site index
replace:
dest: /var/www/index.html
regexp: '<!-- <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li> -->'
replace: ' <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>'
when: not ansible_check_mode
- name: replace phpmyadmin suffix in default site index
replace:
dest: /var/www/index.html
regexp: '__PHPMYADMIN_SUFFIX__'
replace: "{{ packweb_phpmyadmin_suffix }}"
when: not ansible_check_mode

@ -4,28 +4,23 @@
service:
name: php5-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.0-fpm
service:
name: php7.0-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.3-fpm
service:
name: php7.3-fpm
state: restarted
when: not ansible_check_mode
- name: restart php7.4-fpm
service:
name: php7.4-fpm
state: restarted
when: not ansible_check_mode
- name: restart php8.1-fpm
service:
name: php8.1-fpm
state: restarted
when: not ansible_check_mode

@ -25,7 +25,6 @@
file:
dest: "{{ php_cli_custom_ini_file }}"
mode: "0644"
when: not ansible_check_mode
- name: "Set custom values for PHP to enable Symfony"
ini_file:
@ -36,6 +35,4 @@
mode: "0644"
loop:
- { option: "date.timezone", value: "Europe/Paris" }
when:
- php_symfony_requirements | bool
- not ansible_check_mode
when: php_symfony_requirements | bool

@ -79,14 +79,12 @@
with_items:
- /etc/php
- /etc/php/{{ php_version }}
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 12)"
file:
dest: /etc/php/{{ php_version }}/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable
@ -95,9 +93,7 @@
file:
dest: /etc/php/{{ php_version }}/fpm
mode: "0755"
when:
- php_fpm_enable
- not ansible_check_mode
when: php_fpm_enable
- include: config_apache.yml
when: php_apache_enable
@ -106,9 +102,7 @@
file:
dest: /etc/php/{{ php_version }}/apache2
mode: "0755"
when:
- php_apache_enable
- not ansible_check_mode
when: php_apache_enable
- include: sury_post.yml
when: php_sury_enable

@ -68,14 +68,12 @@
with_items:
- /etc/php
- /etc/php/7.4
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 11)"
file:
dest: /etc/php/7.4/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable
@ -84,9 +82,7 @@
file:
dest: /etc/php/7.4/fpm
mode: "0755"
when:
- php_fpm_enable
- not ansible_check_mode
when: php_fpm_enable
- include: config_apache.yml
when: php_apache_enable
@ -95,9 +91,7 @@
file:
dest: /etc/php/7.4/apache2
mode: "0755"
when:
- php_apache_enable
- not ansible_check_mode
when: php_apache_enable
- include: sury_post.yml
when: php_sury_enable

@ -68,14 +68,12 @@
loop:
- /etc/php
- /etc/php/7.3
when: not ansible_check_mode
- include: config_cli.yml
- name: "Enforce permissions on PHP cli directory (Debian 10)"
file:
dest: /etc/php/7.3/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -84,9 +82,7 @@
file:
dest: /etc/php/7.3/fpm
mode: "0755"
when:
- php_fpm_enable | bool
- not ansible_check_mode
when: php_fpm_enable | bool
- include: config_apache.yml
when: php_apache_enable | bool
@ -95,9 +91,7 @@
file:
dest: /etc/php/7.3/apache2
mode: "0755"
when:
- php_apache_enable | bool
- not ansible_check_mode
when: php_apache_enable | bool
- include: sury_post.yml
when: php_sury_enable | bool

@ -56,7 +56,6 @@
file:
dest: /etc/php5
mode: "0755"
when: not ansible_check_mode
- include: config_cli.yml
@ -64,7 +63,6 @@
file:
dest: /etc/php5/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -73,9 +71,7 @@
file:
dest: /etc/php5/fpm
mode: "0755"
when:
- php_fpm_enable | bool
- not ansible_check_mode
when: php_fpm_enable | bool
- include: config_apache.yml
when: php_apache_enable | bool
@ -84,6 +80,4 @@
file:
dest: /etc/php5/apache2
mode: "0755"
when:
- php_apache_enable | bool
- not ansible_check_mode
when: php_apache_enable | bool

@ -68,7 +68,6 @@
loop:
- /etc/php
- /etc/php/7.0
when: not ansible_check_mode
- include: config_cli.yml
@ -76,7 +75,6 @@
file:
dest: /etc/php/7.0/cli
mode: "0755"
when: not ansible_check_mode
- include: config_fpm.yml
when: php_fpm_enable | bool
@ -85,9 +83,7 @@
file:
dest: /etc/php/7.0/fpm
mode: "0755"
when:
- php_fpm_enable | bool
- not ansible_check_mode
when: php_fpm_enable | bool
- include: config_apache.yml
when: php_apache_enable | bool
@ -96,9 +92,7 @@
file:
dest: /etc/php/7.0/apache2
mode: "0755"
when:
- php_apache_enable | bool
- not ansible_check_mode
when: php_apache_enable | bool
- include: sury_post.yml
when: php_sury_enable | bool

@ -14,7 +14,6 @@
file:
dest: /etc/php/7.4/cli
mode: "0755"
when: not ansible_check_mode
- name: Symlink Evolix Apache config files from 7.4 to 7.0
file:
@ -31,9 +30,7 @@
file:
dest: /etc/php/7.4/apache2
mode: "0755"
when:
- php_apache_enable | bool
- not ansible_check_mode
when: php_apache_enable | bool
- name: Symlink Evolix FPM config files from 7.4 to 7.0
file:
@ -52,6 +49,4 @@
file:
dest: /etc/php/7.4/fpm
mode: "0755"
when:
- php_fpm_enable | bool
- not ansible_check_mode
when: php_fpm_enable | bool

@ -3,4 +3,3 @@
service:
name: proftpd
state: restarted
when: not ansible_check_mode

@ -70,7 +70,6 @@
notify: restart proftpd
tags:
- proftpd
when: not ansible_check_mode
- name: Put empty vpasswd file if missing
copy:
@ -93,7 +92,6 @@
notify: restart proftpd
tags:
- proftpd
when: not ansible_check_mode
- include: accounts.yml
when: proftpd_accounts | length > 0

@ -3,38 +3,31 @@
service:
name: munin-node
state: restarted
when: not ansible_check_mode
- name: restart squid