--- - name: Include apache role include_role: name: "{{ roles }}/apache" - name: Add elements to user account template file: path: "/etc/skel/{{ item.path }}" state: "{{ item.state }}" mode: "{{ item.mode }}" with_items: - { path: log, mode: "0750", state: directory } - { path: awstats, mode: "0750", state: directory } - { path: www, mode: "0750", state: directory } - { path: log/access.log, mode: "0644", state: touch } - { path: log/error.log, mode: "0644", state: touch } - name: Force DIR_MODE to 0750 in /etc/adduser.conf lineinfile: dest: /etc/adduser.conf regexp: '^DIR_MODE=' line: 'DIR_MODE=0750' - name: Check if Apache envvars have a PATH command: "grep -E '^export PATH ' /etc/apache2/envvars" failed_when: False changed_when: False register: envvar_grep_path #check_mode: no (for migration to Ansible 2.2) always_run: yes - name: Add a PATH envvar for Apache blockinfile: dest: /etc/apache2/envvars marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH" block: | # Used for Evoadmin-web export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin when: envvar_grep_path.rc != 0 - name: Additional packages are installed apt: name: '{{ item }}' state: present with_items: - apache2-mpm-itk - libapache2-mod-evasive - libapache2-mod-security2 - name: Copy Apache settings for modules copy: src: "{{ item }}" dest: "/etc/apache2/conf-available/{{ item }}" owner: root group: root mode: "0644" force: no with_items: - evolinux-itk.conf - evolinux-evasive.conf - evolinux-modsec.conf - name: Ensure Apache modules configs are enabled command: "a2enconf {{ item }}" register: command_result changed_when: "'Enabling' in command_result.stderr" with_items: - evolinux-itk - evolinux-evasive - evolinux-modsec - name: Check if log2mail is installed command: "apt list --installed log2mail" register: command_result changed_when: False - debug: var: command_result verbosity: 1 - name: Add log2mail config for Apache segfaults template: src: log2mail-apache.j2 dest: "/etc/log2mail/config/apache" owner: root group: root mode: "0644" force: no when: "'log2mail' in command_result.stdout" - name: Install PHP5 packages apt: name: '{{ item }}' state: present with_items: - libapache2-mod-php5 - php5 - php5-gd - php5-imap - php5-ldap - php5-mcrypt - php5-mysql - php5-pgsql - php-gettext - php5-curl - libssh2-php tags: - apache - name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini ini_file: dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini section: PHP option: "{{ item.option }}" value: "{{ item.value }}" mode: "0644" create: yes with_items: - { option: "short_open_tag", value: "Off" } - { option: "disable_functions", value: "exec, shell-exec, system, passthru, putenv, popen" } - { option: "expose_php", value: "Off" } - { option: "display_errors", value: "Off" } - { option: "log_errors", value: "On" } - { option: "allow_url_fopen", value: "Off" } notify: reload apache - name: Custom php.ini copy: dest: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini content: | # Put customized values here. force: no - name: Install phpmyadmin apt: name: phpmyadmin state: present - name: Check if phpmyadmin default configuration is present stat: path: /etc/apache2/conf-enabled/phpmyadmin.conf register: pma_default_config - debug: var: pma_default_config verbosity: 1 - name: Disable phpmyadmin default configuration command: "a2disconf phpmyadmin" register: command_result changed_when: "'Disabling' in command_result.stderr" when: pma_default_config.stat.exists - name: Change group to www-data for /etc/phpmyadmin/ file: dest: /etc/phpmyadmin/ group: www-data - name: Install awstats apt: name: awstats state: present - name: Configure awstats blockinfile: dest: /etc/awstats/awstats.conf.local marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB" block: | LogFile="/var/log/apache2/access.log" SiteDomain="{{ ansible_hostname }}" DirData="/var/lib/awstats" ShowHostsStats=0 ShowOriginStats=0 ShowPagesStats=0 ShowKeyphrasesStats=0 ShowKeywordsStats=0 ShowHTTPErrorsStats=0 LogFormat=1 AllowFullYearView=3 ErrorMessages="An error occured. Contact your Administrator" mode: "0644" - name: Create conf-available/awstats-icon.conf file copy: dest: /etc/apache2/conf-available/awstats-icon.conf content: | Alias /awstats-icon/ /usr/share/awstats/icon/ Require All Granted force: no mode: "0644" - name: Enable apache awstats-icon configuration command: "a2enconf awstats-icon" register: command_result changed_when: "'Enabling' in command_result.stderr" notify: reload apache - name: Create awstats cron lineinfile: dest: /etc/cron.d/awstats create: yes regexp: '-config=awstats' line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null" - name: Remove read permission on some folders (/, /etc, ...) shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}" register: command_result changed_when: "'changed' in command_result.stdout" failed_when: False with_items: - / - /etc - /usr - /usr/bin - /var - /var/log - /home - /bin - /sbin - /lib - /usr/lib - /usr/include - /usr/bin - /usr/sbin - /usr/share - /usr/share/doc - /etc/default - name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...) shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}" register: command_result changed_when: "'changed' in command_result.stdout" failed_when: False with_items: - /var/log/apt - /var/lib/dpkg - /var/log/munin - /var/backups - /var/cache/apt - /etc/init.d - /etc/apt - /etc/apache2 - /etc/network - /etc/phpmyadmin - /var/log/installer - name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...) shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}" register: command_result changed_when: "'changed' in command_result.stdout" failed_when: False with_items: - /bin/ping - /bin/ping6 - /usr/bin/fping - /usr/bin/fping6 - /usr/bin/mtr - name: Set 640 permission on some files (/var/log/evolix.log, ...) shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}" register: command_result changed_when: "'changed' in command_result.stdout" failed_when: False with_items: - /var/log/evolix.log - /etc/warnquota.conf - name: Remove some log files (/var/log/mail.err, ...) file: path: "{{ item }}" state: absent with_items: - /var/log/debug - /var/log/mail.err - /var/log/mail.warn