ansible-roles/apache/tasks/auth.yml

---

- name: Init ipaddr_whitelist.conf file
  copy:
    src: ipaddr_whitelist.conf
    dest: /etc/apache2/ipaddr_whitelist.conf
    owner: root
    group: root
    mode: "0640"
    force: no
  tags:
    - apache

- name: Load IP whitelist task
  include: ip_whitelist.yml

- name: Is status.conf present?
  stat:
    path: /etc/apache2/mods-available/status.conf
  register: _status_conf

- name: Include private IP whitelist for server-status
  lineinfile:
    dest: /etc/apache2/mods-available/status.conf
    line: "        include /etc/apache2/ipaddr_whitelist.conf"
    insertafter: 'SetHandler server-status'
    state: present
  tags:
    - apache
  when: _status_conf.stat.exists or not ansible_check_mode

- name: Copy private_htpasswd
  copy:
    src: private_htpasswd
    dest: /etc/apache2/private_htpasswd
    owner: root
    group: root
    mode: "0640"
    force: no
  notify: reload apache
  tags:
    - apache

- name: Is private_htpasswd present?
  stat:
    path: /etc/apache2/private_htpasswd
  register: _private_htpasswd

- name: add user:pwd to private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: present
  loop: "{{ apache_private_htpasswd_present }}"
  notify: reload apache
  tags:
    - apache
  when: _private_htpasswd.stat.exists or not ansible_check_mode

- name: remove user:pwd from private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: absent
  loop: "{{ apache_private_htpasswd_absent }}"
  notify: reload apache
  tags:
    - apache
  when: _private_htpasswd.stat.exists or not ansible_check_mode