From 4328f2cdec84e1ca2ce87bf7410c1fb04fa716d8 Mon Sep 17 00:00:00 2001
From: Gregory Colpart <gcolpart+git@evolix.fr>
Date: Tue, 11 Oct 2016 03:58:51 +0200
Subject: [PATCH] Add Apache role

---
 apache/README.md                   |  7 +++++++
 apache/files/ipaddr_whitelist.conf |  1 +
 apache/files/z_evolix.conf         | 14 ++++++++++++++
 apache/tasks/main.yml              | 26 ++++++++++++++++++++++++++
 4 files changed, 48 insertions(+)
 create mode 100644 apache/README.md
 create mode 100644 apache/files/ipaddr_whitelist.conf
 create mode 100644 apache/files/z_evolix.conf
 create mode 100644 apache/tasks/main.yml

diff --git a/apache/README.md b/apache/README.md
new file mode 100644
index 00000000..0b0d03bb
--- /dev/null
+++ b/apache/README.md
@@ -0,0 +1,7 @@
+# apache
+
+Install Apache
+
+## Tasks
+
+Everything is in the `tasks/main.yml` file for now.
diff --git a/apache/files/ipaddr_whitelist.conf b/apache/files/ipaddr_whitelist.conf
new file mode 100644
index 00000000..828a1671
--- /dev/null
+++ b/apache/files/ipaddr_whitelist.conf
@@ -0,0 +1 @@
+#Allow from 192.0.2.42
diff --git a/apache/files/z_evolix.conf b/apache/files/z_evolix.conf
new file mode 100644
index 00000000..d70bdd96
--- /dev/null
+++ b/apache/files/z_evolix.conf
@@ -0,0 +1,14 @@
+ServerTokens Prod
+Timeout 10
+KeepAliveTimeout 2
+MaxKeepAliveRequests 10
+MaxClients 250
+ServerLimit 250
+StartServers 50
+MinSpareServers 20
+MaxSpareServers 30
+MaxRequestsPerChild 0
+<Directory /home/>
+    AllowOverride None
+    Require all granted
+</Directory>
diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml
new file mode 100644
index 00000000..392f5aa6
--- /dev/null
+++ b/apache/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: ensure packages are installed
+  apt:
+    name: '{{ item }}'
+    state: installed
+  with_items:
+    - apache2-mpm-itk
+    - apachetop
+    - libapache2-mod-evasive
+    - libwww-perl
+
+- name: ensure basic modules are enabled
+  command: a2enmod rewrite expires headers rewrite cgi
+  changed_when: false
+
+- name : copy Apache default config
+  copy: src=z_evolix.conf  dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
+
+- name: ensure Apache default config is enabled
+  command: a2enconf z_evolix.conf
+  changed_when: false
+
+- name: init ipaddr_whitelist.conf file
+  copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no
+
+- name : ensure umask is in envvars
+  lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 077"