make letsencrypt optional for apache/postfix
[ansible.git] / roles / apache / tasks / main.yml
index 9b6c82e12fd99deede7ed5c6bbd7145209bea315..c195ea935d346f2b8232048bb4732b54cf02ede8 100644 (file)
@@ -1,8 +1,8 @@
 - name: install apache
 - name: install apache
-  apt: name=apache2 state=latest
+  apt: name=apache2,python-netaddr state=latest
 - name: enable apache
   service: name=apache2 enabled=yes
 - name: enable apache
   service: name=apache2 enabled=yes
-# config
+# apache config
 - name: enable modules
   apache2_module:
     state: present
 - name: enable modules
   apache2_module:
     state: present
   - ssl
   - macro
   notify: apache
   - ssl
   - macro
   notify: apache
-- name: install shared config files
+- name: disable modules
+  apache2_module:
+    state: absent
+    name: "{{ item }}"
+  loop:
+  - access_compat
+  notify: apache
+- name: install log anonymization script
   copy:
   copy:
+    dest: /etc/apache2/log-anon
+    src: files/log-anon
+    mode: +x
+  notify: apache
+- name: install shared config files
+  template:
     dest: /etc/apache2/conf-available/{{ item }}
     dest: /etc/apache2/conf-available/{{ item }}
-    src: files/{{ item }}
+    src: templates/{{ item }}
   loop:
   - ssl.conf
   - acme-challenge.conf
   - php5.conf
   - security.conf
   loop:
   - ssl.conf
   - acme-challenge.conf
   - php5.conf
   - security.conf
-  - other-vhosts-access-log.conf
+  - defaults.conf
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
     creates: /etc/apache2/conf-enabled/{{ item }}.conf
   loop:
   - ssl
     creates: /etc/apache2/conf-enabled/{{ item }}.conf
   loop:
   - ssl
+  - security
+  - defaults
+  notify: apache
+- name: disable config files
+  command: a2disconf {{ item }}
+  args:
+    removes: /etc/apache2/conf-enabled/{{ item }}.conf
+  loop:
+  - other-vhosts-access-log
+  - serve-cgi-bin
+  notify: apache
 - name: install default site
   template:
     dest: /etc/apache2/sites-available/000-default.conf
 - name: install default site
   template:
     dest: /etc/apache2/sites-available/000-default.conf