2021-04-26 00:07:37 +02:00
|
|
|
---
|
|
|
|
|
2024-08-11 03:39:26 +02:00
|
|
|
- name: Enable Apache2 modules
|
2021-04-26 00:07:37 +02:00
|
|
|
community.general.apache2_module:
|
|
|
|
name: "{{ item }}"
|
|
|
|
loop: "{{ apache2_modules }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
notify: Restart Apache2
|
2021-04-26 00:07:37 +02:00
|
|
|
|
2024-08-11 03:39:26 +02:00
|
|
|
- name: Flush handlers
|
|
|
|
ansible.builtin.meta: flush_handlers
|
2021-04-26 00:07:37 +02:00
|
|
|
|
2024-08-11 03:39:26 +02:00
|
|
|
- name: Check for TLS keypair existence
|
2023-01-23 22:31:15 +01:00
|
|
|
ansible.builtin.stat:
|
2024-08-11 03:39:26 +02:00
|
|
|
path: "{{ item }}"
|
|
|
|
follow: true
|
2021-04-26 00:07:37 +02:00
|
|
|
loop: |
|
|
|
|
{%- set files = [] -%}
|
2021-04-26 01:38:50 +02:00
|
|
|
{%- for name, site in apache2_sites.items() -%}
|
2021-04-26 00:07:37 +02:00
|
|
|
{%- if site.https_enabled | default(apache2_vhost_https_enabled) -%}
|
|
|
|
{%- set _x = files.append(site.tls_certfile | default(apache2_tls_certfile)) -%}
|
2021-04-26 01:16:11 +02:00
|
|
|
{%- set _x = files.append(site.tls_keyfile | default(apache2_tls_keyfile)) -%}
|
2021-06-03 02:48:12 +02:00
|
|
|
{%- endif -%}
|
2021-04-26 00:07:37 +02:00
|
|
|
{%- endfor -%}
|
|
|
|
{{- files | unique | list -}}
|
|
|
|
register: apache2_register_stat_tls_keypairs
|
2021-11-05 00:06:15 +01:00
|
|
|
|
2024-08-11 03:39:26 +02:00
|
|
|
- name: Create Apache2 document roots
|
2021-11-05 00:06:15 +01:00
|
|
|
ansible.builtin.file:
|
|
|
|
path: "{{ item.documentroot | default(apache2_vhost_documentroot) }}"
|
|
|
|
state: directory
|
2022-03-01 00:32:14 +01:00
|
|
|
owner: "{{ item.documentroot_owner | default(apache2_vhost_documentroot_owner) }}"
|
|
|
|
group: "{{ item.documentroot_group | default(apache2_vhost_documentroot_group) }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
mode: "0755"
|
2021-11-05 00:06:15 +01:00
|
|
|
loop: "{{ apache2_sites.values() }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
|
|
|
|
- name: Render Apache2 site configs
|
2023-01-23 22:31:15 +01:00
|
|
|
ansible.builtin.template:
|
2021-04-26 00:07:37 +02:00
|
|
|
src: etc/apache2/sites-available/site.conf.j2
|
|
|
|
dest: "/etc/apache2/sites-available/{{ item.key }}.conf"
|
|
|
|
owner: root
|
|
|
|
group: root
|
2024-08-11 03:39:26 +02:00
|
|
|
mode: "0644"
|
2021-04-26 00:07:37 +02:00
|
|
|
vars:
|
2024-08-11 03:39:26 +02:00
|
|
|
site_name: "{{ item.key }}"
|
2021-04-26 00:07:37 +02:00
|
|
|
site: "{{ item.value }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
certfile_name: "{{ item.value.tls_certfile | default(apache2_tls_certfile) }}"
|
|
|
|
keyfile_name: "{{ item.value.tls_certfile | default(apache2_tls_keyfile) }}"
|
|
|
|
certfile_exists: "{{ (apache2_register_stat_tls_keypairs.results | selectattr('item', 'equalto', certfile_name))[0].stat.exists }}"
|
|
|
|
keyfile_exists: "{{ (apache2_register_stat_tls_keypairs.results | selectattr('item', 'equalto', keyfile_name))[0].stat.exists }}"
|
2021-04-26 00:07:37 +02:00
|
|
|
loop: "{{ apache2_sites | dict2items }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
notify: Reload Apache2
|
2021-04-26 00:07:37 +02:00
|
|
|
|
2024-08-11 03:39:26 +02:00
|
|
|
- name: Enable Apache2 sites
|
2023-01-23 22:31:15 +01:00
|
|
|
ansible.builtin.file:
|
2021-04-26 00:07:37 +02:00
|
|
|
path: "/etc/apache2/sites-enabled/{{ item }}.conf"
|
|
|
|
state: link
|
|
|
|
src: "../sites-available/{{ item }}.conf"
|
|
|
|
owner: root
|
|
|
|
group: root
|
2021-04-26 01:38:50 +02:00
|
|
|
loop: "{{ apache2_sites.keys() }}"
|
2024-08-11 03:39:26 +02:00
|
|
|
notify: Reload apache2
|
2024-08-11 04:01:35 +02:00
|
|
|
|
|
|
|
- name: Render Apache2 global config
|
|
|
|
ansible.builtin.template:
|
|
|
|
src: etc/apache2/conf-available/99-sslconfig.conf.j2
|
|
|
|
dest: /etc/apache2/conf-available/99-sslconfig.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
notify: Reload apache2
|
|
|
|
|
|
|
|
- name: Enable Apache2 global config
|
|
|
|
ansible.builtin.file:
|
|
|
|
path: "/etc/apache2/conf-enabled/99-sslconfig.conf"
|
|
|
|
state: link
|
|
|
|
src: "../conf-available/99-sslconfig.conf"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
notify: Reload apache2
|