dest: /etc/apache2/log-anon
src: files/log-anon
mode: +x
+ notify: apache
- name: install shared config files
- copy:
+ template:
dest: /etc/apache2/conf-available/{{ item }}
- src: files/{{ item }}
+ src: templates/{{ item }}
loop:
- ssl.conf
- acme-challenge.conf
- php5.conf
- security.conf
+ - defaults.conf
notify: apache
- name: enable config files
command: a2enconf {{ item }}
loop:
- ssl
- security
+ - defaults
notify: apache
- name: disable config files
command: a2disconf {{ item }}
removes: /etc/apache2/conf-enabled/{{ item }}.conf
loop:
- other-vhosts-access-log
+ - serve-cgi-bin
notify: apache
- name: install default site
template:
dest: /etc/apache2/sites-available/000-default.conf
src: templates/000-default.conf
notify: apache
+# IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup
+- name: tweak apache systemd unit (create dir)
+ file: path=/etc/systemd/system/apache2.service.d state=directory
+- name: tweak apache systemd unit
+ copy:
+ dest: /etc/systemd/system/apache2.service.d/override.conf
+ content: |
+ [Unit]
+ After=network-online.target
+ Wants=network-online.target
+ [Service]
+ Restart=on-failure
+- name: sysconfig to disable DAD
+ copy:
+ dest: /etc/sysctl.d/50-no-dad.conf
+ content: |
+ # Disable DAD so network-online.target works for IPv6
+ net.ipv6.conf.all.accept_dad=0
projects / ansible.git / blobdiff