aboutsummaryrefslogtreecommitdiff
path: root/roles/apache/tasks
diff options
context:
space:
mode:
authorGravatar Jonas Gunz <himself@jonasgunz.de> 2021-09-02 01:02:31 +0200
committerGravatar Jonas Gunz <himself@jonasgunz.de> 2021-09-02 01:02:31 +0200
commit2e3a53d879ef17f2e4afcce9e6b7f121ab25c571 (patch)
tree6f75bcb2af9dcc5c975ffa0d3438023ad8abf8ca /roles/apache/tasks
parenta024ad57e94976f7541bdd352e2d0a364c2aa5fb (diff)
downloadansible_collection-2e3a53d879ef17f2e4afcce9e6b7f121ab25c571.tar.gz
add apache role
Diffstat (limited to 'roles/apache/tasks')
-rw-r--r--roles/apache/tasks/main.yml152
1 files changed, 152 insertions, 0 deletions
diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml
new file mode 100644
index 0000000..9e7e904
--- /dev/null
+++ b/roles/apache/tasks/main.yml
@@ -0,0 +1,152 @@
+---
+- name: Install SURY.ORG package signing key
+ get_url:
+ url: https://packages.sury.org/php/apt.gpg
+ dest: /etc/apt/trusted.gpg.d/sury.gpg
+ become: yes
+
+- name: Install SURY.ORG php package repository
+ copy:
+ dest: /etc/apt/sources.list.d/sury.list
+ content: 'deb https://packages.sury.org/php/ {{ ansible_facts.distribution_release }} main'
+ become: yes
+
+- name: Install general packages
+ apt:
+ name: '{{ ["apache2", "libapache2-mpm-itk"] + php_versions }}'
+ update_cache: yes
+ become: yes
+
+- name: Install extensions
+ apt:
+ name: '{{ php_versions | product(php_extensions) | map("join", "-") }}'
+ become: yes
+
+# ignore errors bc apache2_module checks fails for errors in config (why???)
+- name: Enable apache2 modules
+ community.general.apache2_module:
+ name: '{{ item }}'
+ state: present
+ loop: '{{ apache_mods }}'
+ ignore_errors: yes
+ become: yes
+ notify: Restart apache
+
+- name: Check for changed cert
+ command: /bin/true
+ when:
+ - cert_changed
+ notify:
+ - Restart apache
+
+- name: Check for php module
+ find:
+ paths: '/etc/apache2/mods-enabled/'
+ patterns: 'php*'
+ file_type: any
+ become: yes
+ register: a2_mod_php
+
+- name: Disable apache2 mod php
+ file:
+ path: '{{ item.path }}'
+ follow: no
+ state: absent
+ become: yes
+ loop: '{{ a2_mod_php.files }}'
+ notify: Restart apache
+
+- name: Install SSL config
+ template:
+ src: ssl.conf.j2
+ dest: /etc/apache2/ssl.conf
+ become: yes
+ notify: Restart apache
+
+- name: Remove default-ssl
+ file:
+ path: '/etc/apache2/{{ item }}/default-ssl.conf'
+ follow: no
+ state: absent
+ become: yes
+ loop:
+ - sites-available
+ - sites-enabled
+ notify: Reload apache
+
+- name: Install default sites
+ copy:
+ src: '{{ item }}'
+ dest: '/etc/apache2/sites-available/{{ item }}'
+ become: yes
+ loop:
+ - 000-default-ssl.conf
+ - 000-default.conf
+ notify: Reload apache
+
+- name: Install vhost configs
+ template:
+ src: vhost.conf.j2
+ dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
+ with_dict: '{{ apache_vhosts }}'
+ become: yes
+ notify: Reload apache
+
+- name: Install noPHP vhost configs
+ template:
+ src: vhost_nophp.conf.j2
+ dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
+ with_dict: '{{ apache_nophp_vhosts }}'
+ become: yes
+ notify: Reload apache
+
+- name: Install proxy configs
+ template:
+ src: proxy.conf.j2
+ dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
+ with_dict: '{{ apache_rproxies }}'
+ become: yes
+ notify: Reload apache
+
+- name: Create site users
+ user:
+ name: 'www-{{ item }}'
+ shell: /usr/sbin/nologin
+ system: yes
+ home: '/var/www/{{ item }}'
+ become: yes
+ with_items: '{{ apache_vhosts.keys() | list }}'
+
+- name: chmod site dirs
+ file:
+ path: '/var/www/{{ item }}'
+ mode: '750'
+ become: yes
+ with_items: '{{ apache_vhosts.keys() | list }}'
+
+- name: Create noPHP site dirs
+ file:
+ path: '/var/www/{{ item }}'
+ mode: '750'
+ owner: www-data
+ group: www-data
+ state: directory
+ become: yes
+ with_items: '{{ apache_nophp_vhosts.keys() | list }}'
+
+- name: Create FPM Pools
+ template:
+ src: fpm-pool.conf.j2
+ dest: '/etc/php/{{ item.value.php_version }}/fpm/pool.d/www-{{ item.key }}.conf'
+ become: yes
+ with_dict: '{{ apache_vhosts }}'
+ notify: Restart fpm
+
+- name: Enable sites
+ file:
+ path: '/etc/apache2/sites-enabled/{{ item }}.conf'
+ state: link
+ src: '../sites-available/{{ item }}.conf'
+ become: yes
+ notify: Reload apache
+ with_items: '{{ apache_vhosts.keys() | list + apache_rproxies.keys() | list + apache_nophp_vhosts.keys() | list + ["000-default", "000-default-ssl"] }}'