- name: install apache apt: name=apache2,python3-netaddr state=latest - name: enable apache service: name=apache2 enabled=yes # apache config - name: enable modules apache2_module: state: present name: "{{ item }}" loop: - headers - ssl - macro notify: apache - name: disable modules apache2_module: state: absent name: "{{ item }}" loop: - access_compat notify: apache - name: install log anonymization script copy: dest: /etc/apache2/log-anon src: files/log-anon mode: +x notify: apache - name: install shared config files template: dest: /etc/apache2/conf-available/{{ item }} src: templates/{{ item }} loop: - ssl.conf - acme-challenge.conf - php5.conf - security.conf - defaults.conf - caching.conf notify: apache - name: enable config files command: a2enconf {{ item }} args: creates: /etc/apache2/conf-enabled/{{ item }}.conf loop: - ssl - security - defaults - caching notify: apache - name: disable config files command: a2disconf {{ item }} args: removes: /etc/apache2/conf-enabled/{{ item }}.conf loop: - other-vhosts-access-log - serve-cgi-bin notify: apache - name: install default site template: dest: /etc/apache2/sites-available/000-default.conf src: templates/000-default.conf notify: apache # IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup - name: tweak apache systemd unit (create dir) file: path=/etc/systemd/system/apache2.service.d state=directory - name: tweak apache systemd unit copy: dest: /etc/systemd/system/apache2.service.d/override.conf content: | [Unit] After=network-online.target Wants=network-online.target [Service] Restart=on-failure - name: cleanup old sysconfig file: path=/etc/sysctl.d/50-no-dad.conf state=absent - name: sysconfig to fix IPv6 listening copy: dest: /etc/sysctl.d/50-ipv6-listen.conf content: | # Allow binding to IPv6 address before we got that address net.ipv6.ip_nonlocal_bind=1