From 08da6c3a9d3753d0962c09037e4bc3fa1039c3b6 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Sun, 11 Aug 2024 04:01:35 +0200
Subject: [PATCH] feat: add global ssl config

---
 galaxy.yml                                    |  2 +-
 roles/apache2/tasks/config.yml                | 19 +++++++++++++++++++
 .../conf-available/99-sslconfig.conf.j2       |  6 ++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 roles/apache2/templates/etc/apache2/conf-available/99-sslconfig.conf.j2

diff --git a/galaxy.yml b/galaxy.yml
index 1aa4b07..08b9eb0 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -8,7 +8,7 @@ namespace: s3lph
 name: webserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 0.2.2
+version: 0.2.3
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
diff --git a/roles/apache2/tasks/config.yml b/roles/apache2/tasks/config.yml
index 6b333cb..f6f8b42 100644
--- a/roles/apache2/tasks/config.yml
+++ b/roles/apache2/tasks/config.yml
@@ -59,3 +59,22 @@
     group: root
   loop: "{{ apache2_sites.keys() }}"
   notify: Reload apache2
+
+- name: Render Apache2 global config
+  ansible.builtin.template:
+    src: etc/apache2/conf-available/99-sslconfig.conf.j2
+    dest: /etc/apache2/conf-available/99-sslconfig.conf
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload apache2
+
+- name: Enable Apache2 global config
+  ansible.builtin.file:
+    path: "/etc/apache2/conf-enabled/99-sslconfig.conf"
+    state: link
+    src: "../conf-available/99-sslconfig.conf"
+    owner: root
+    group: root
+  notify: Reload apache2
+
diff --git a/roles/apache2/templates/etc/apache2/conf-available/99-sslconfig.conf.j2 b/roles/apache2/templates/etc/apache2/conf-available/99-sslconfig.conf.j2
new file mode 100644
index 0000000..1c72fe3
--- /dev/null
+++ b/roles/apache2/templates/etc/apache2/conf-available/99-sslconfig.conf.j2
@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+
+SSLProtocol         {{ apache2_tls_protocols }}
+SSLCipherSuite      {{ apache2_tls_ciphersuite }}
+SSLHonorCipherOrder {{ apache2_tls_honor_cipher_order | ternary('on', 'off') }}
+SSLSessionTickets   {{ apache2_tls_session_tickets | ternary('on', 'off') }}