ansible-roles/packweb-apache/tasks/apache.yml

---

- name: Check if Apache envvars have a PATH
  command: "grep -E '^export PATH ' /etc/apache2/envvars"
  failed_when: False
  changed_when: False
  register: envvar_grep_path
  check_mode: no

- name: Add a PATH envvar for Apache
  blockinfile:
    dest: /etc/apache2/envvars
    marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
    block: |
      # Used for Evoadmin-web
      export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin      
  when:
    - envvar_grep_path.rc != 0
    - not ansible_check_mode

- name: Additional packages are installed
  apt:
    name:
      - libapache2-mod-security2
      - modsecurity-crs
      - apg
    state: present

- name: Additional modules are enabled
  apache2_module:
    name: '{{ item }}'
    state: present
  loop:
    - ssl
    - include
    - negotiation
    - alias
    - log_forensic
  when: not ansible_check_mode

- name: Copy Apache settings for modules
  copy:
    src: "evolinux-modsec.conf"
    dest: "/etc/apache2/conf-available/evolinux-modsec.conf"
    owner: root
    group: root
    mode: "0644"
    force: no

- name: Copy Apache settings for modules
  template:
    src: "evolinux-evasive.conf.j2"
    dest: "/etc/apache2/conf-available/evolinux-evasive.conf"
    owner: root
    group: root
    mode: "0644"
    force: no

- name: Ensure Apache modules configs are enabled
  command: "a2enconf {{ item }}"
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"
  loop:
    - evolinux-evasive
    - evolinux-modsec
  when: not ansible_check_mode