X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/a80f4a048f27bdcfe5708d52b86564bb2c8f6713..a24a43d8bb66245c758777522a4083d8c8ea7e7b:/roles/apache/tasks/main.yml

diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
index 12f9580..1280595 100644
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@@ -1,8 +1,8 @@
 - name: install apache
-  apt: name=apache2 state=latest
+  apt: name=apache2,python-netaddr state=latest
 - name: enable apache
   service: name=apache2 enabled=yes
-# config
+# apache config
 - name: enable modules
   apache2_module:
     state: present
@@ -19,16 +19,22 @@
   loop:
   - access_compat
   notify: apache
-- name: install shared config files
+- name: install log anonymization script
   copy:
+    dest: /etc/apache2/log-anon
+    src: files/log-anon
+    mode: +x
+  notify: apache
+- name: install shared config files
+  template:
     dest: /etc/apache2/conf-available/{{ item }}
-    src: files/{{ item }}
+    src: templates/{{ item }}
   loop:
   - ssl.conf
   - acme-challenge.conf
   - php5.conf
   - security.conf
-  - other-vhosts-access-log.conf
+  - defaults.conf
   notify: apache
 - name: enable config files
   command: a2enconf {{ item }}
@@ -36,8 +42,25 @@
     creates: /etc/apache2/conf-enabled/{{ item }}.conf
   loop:
   - ssl
+  - security
+  - defaults
+  notify: apache
+- name: disable config files
+  command: a2disconf {{ item }}
+  args:
+    removes: /etc/apache2/conf-enabled/{{ item }}.conf
+  loop:
+  - other-vhosts-access-log
+  - serve-cgi-bin
+  notify: apache
 - name: install default site
   template:
     dest: /etc/apache2/sites-available/000-default.conf
     src: templates/000-default.conf
   notify: apache
+# work-arounds and hacks
+- name: cronjob to fix apache startup
+  cron:
+    name: "apache2-start-fix"
+    minute: "*/5"
+    job: "if systemctl is-failed apache2 >/dev/null; then echo 'restarting apache'; systemctl restart apache2; fi"