update openvpn pattern
[ansible.git] / roles / apache / tasks / main.yml
1 - name: install apache
2   apt: name=apache2,python-netaddr state=latest
3 - name: enable apache
4   service: name=apache2 enabled=yes
5 # apache config
6 - name: enable modules
7   apache2_module:
8     state: present
9     name: "{{ item }}"
10   loop:
11   - headers
12   - ssl
13   - macro
14   notify: apache
15 - name: disable modules
16   apache2_module:
17     state: absent
18     name: "{{ item }}"
19   loop:
20   - access_compat
21   notify: apache
22 - name: install log anonymization script
23   copy:
24     dest: /etc/apache2/log-anon
25     src: files/log-anon
26     mode: +x
27   notify: apache
28 - name: install shared config files
29   template:
30     dest: /etc/apache2/conf-available/{{ item }}
31     src: templates/{{ item }}
32   loop:
33   - ssl.conf
34   - acme-challenge.conf
35   - php5.conf
36   - security.conf
37   - defaults.conf
38   notify: apache
39 - name: enable config files
40   command: a2enconf {{ item }}
41   args:
42     creates: /etc/apache2/conf-enabled/{{ item }}.conf
43   loop:
44   - ssl
45   - security
46   - defaults
47   notify: apache
48 - name: disable config files
49   command: a2disconf {{ item }}
50   args:
51     removes: /etc/apache2/conf-enabled/{{ item }}.conf
52   loop:
53   - other-vhosts-access-log
54   - serve-cgi-bin
55   notify: apache
56 - name: install default site
57   template:
58     dest: /etc/apache2/sites-available/000-default.conf
59     src: templates/000-default.conf
60   notify: apache
61 # IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup
62 - name: tweak apache systemd unit (create dir)
63   file: path=/etc/systemd/system/apache2.service.d state=directory
64 - name: tweak apache systemd unit
65   copy:
66     dest: /etc/systemd/system/apache2.service.d/override.conf
67     content: |
68       [Unit]
69       After=network-online.target
70       Wants=network-online.target
71       [Service]
72       Restart=on-failure
73 - name: cleanup old sysconfig
74   file: path=/etc/sysctl.d/50-no-dad.conf state=absent
75 - name: sysconfig to fix IPv6 listening
76   copy:
77     dest: /etc/sysctl.d/50-ipv6-listen.conf
78     content: |
79       # Allow binding to IPv6 address before we got that address
80       net.ipv6.ip_nonlocal_bind=1