feat: add global ssl config

galaxy.yml

@@ -8,7 +8,7 @@ namespace: s3lph
 name: webserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 0.2.2
+version: 0.2.3
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

roles/apache2/tasks/config.yml

@@ -59,3 +59,22 @@
     group: root
   loop: "{{ apache2_sites.keys() }}"
   notify: Reload apache2
+
+- name: Render Apache2 global config
+  ansible.builtin.template:
+    src: etc/apache2/conf-available/99-sslconfig.conf.j2
+    dest: /etc/apache2/conf-available/99-sslconfig.conf
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Reload apache2
+
+- name: Enable Apache2 global config
+  ansible.builtin.file:
+    path: "/etc/apache2/conf-enabled/99-sslconfig.conf"
+    state: link
+    src: "../conf-available/99-sslconfig.conf"
+    owner: root
+    group: root
+  notify: Reload apache2
+

roles/apache2/templates/etc/apache2/conf-available/99-sslconfig.conf.j2

@@ -0,0 +1,6 @@
+{{ ansible_managed | comment }}
+
+SSLProtocol         {{ apache2_tls_protocols }}
+SSLCipherSuite      {{ apache2_tls_ciphersuite }}
+SSLHonorCipherOrder {{ apache2_tls_honor_cipher_order | ternary('on', 'off') }}
+SSLSessionTickets   {{ apache2_tls_session_tickets | ternary('on', 'off') }}