journalwatch: allow more TLS errors
[ansible.git] / roles / apache / tasks / main.yml
index 6fb5b54d85ad107154816c238b1aa73bf47f8d2e..8d1382c179fc857faaa5d0d36fd6acb615f6acac 100644 (file)
@@ -1,5 +1,5 @@
 - name: install apache
-  apt: name=apache2,python-netaddr state=latest
+  apt: name=apache2,python3-netaddr state=latest
 - name: enable apache
   service: name=apache2 enabled=yes
 # apache config
@@ -35,6 +35,7 @@
   - php5.conf
   - security.conf
   - defaults.conf
+  - caching.conf
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
@@ -44,6 +45,7 @@
   - ssl
   - security
   - defaults
+  - caching
   notify: apache
 - name: disable config files
   command: a2disconf {{ item }}
     content: |
       [Unit]
       After=network-online.target
-- name: sysconfig to disable DAD
+      Wants=network-online.target
+      [Service]
+      Restart=on-failure
+- name: cleanup old sysconfig
+  file: path=/etc/sysctl.d/50-no-dad.conf state=absent
+- name: sysconfig to fix IPv6 listening
   copy:
-    dest: /etc/sysctl.d/50-no-dad.conf
+    dest: /etc/sysctl.d/50-ipv6-listen.conf
     content: |
-      # Disable DAD so network-online.target works for IPv6
-      net.ipv6.conf.all.accept_dad=0
+      # Allow binding to IPv6 address before we got that address
+      net.ipv6.ip_nonlocal_bind=1