From a0ad2a93015c5c48b8b7b7fc0000d37cdd2d813e Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Wed, 8 May 2024 17:27:37 +0200 Subject: [PATCH] make it work on debian, restore certificate management --- handlers/main.yml | 2 +- tasks/certbot.yml | 8 ++++---- tasks/main.yml | 14 +++++++++++--- templates/ssl.conf | 2 ++ vars/Debian.yml | 7 +++++++ vars/RedHat.yml | 8 ++++++++ 6 files changed, 33 insertions(+), 8 deletions(-) create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml diff --git a/handlers/main.yml b/handlers/main.yml index 350f942..0e13838 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -2,7 +2,7 @@ # handlers file for apache_vhost - name: restart apache service: - name: httpd + name: "{{ apache_service }}" state: restarted - name: restart zabbix_agentd diff --git a/tasks/certbot.yml b/tasks/certbot.yml index b9020d6..19ca7a9 100644 --- a/tasks/certbot.yml +++ b/tasks/certbot.yml @@ -3,7 +3,7 @@ package: name: - certbot - - mod_ssl + - "{{ apache_ssl_packages }}" state: present @@ -12,7 +12,7 @@ apache_use_ssl: false template: src: vhost.conf.jj - dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf + dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf" mode: 0644 notify: restart apache register: result @@ -20,7 +20,7 @@ # cant use meta / flush handlers in conditionnals - name: if needed, we restart apache service: - name: httpd + name: "{{ apache_service }}" state: restarted when: result.changed @@ -41,7 +41,7 @@ - name: deploy ssl config file template: src: ssl.conf - dest: /etc/httpd/conf.d + dest: "{{ apache_config_dir }}" notify: restart apache - name: create cronjob for renewal diff --git a/tasks/main.yml b/tasks/main.yml index 197d861..9900402 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,12 +1,13 @@ --- # tasks file for apache_vhost +- include_vars: "{{ ansible_os_family }}.yml" - name: create dedicated user user: name: "{{ apache_user }}" groups: - - apache + - "{{ apache_group }}" home: "{{ apache_base_dir }}" shell: /bin/bash when: apache_user_password is not defined and apache_user != 'apache' @@ -26,7 +27,7 @@ path: "{{ item }}" state: directory owner: "{{ apache_user }}" - group: apache + group: "{{ apache_group }}" mode: 0750 loop: - "{{ apache_base_dir }}" @@ -39,6 +40,13 @@ include_tasks: dns.yml when: apache_use_dns +- name: remove default site + ansible.builtin.file: + path: /etc/apache2/sites-enabled/000-default.conf + state: absent + notify: restart apache + when: ansible_os_family| lower == 'debian' + - name: create certificate include_tasks: certbot.yml when: apache_use_ssl @@ -46,7 +54,7 @@ - name: vhost config file template: src: vhost.conf.jj - dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf + dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf" mode: 0644 notify: restart apache diff --git a/templates/ssl.conf b/templates/ssl.conf index 7eec1bb..d47bcbd 100644 --- a/templates/ssl.conf +++ b/templates/ssl.conf @@ -1,4 +1,6 @@ +{% if ansible_os_family | lower =='redhat' %} Listen 443 https +{% endif %} SSLSessionCache shmcb:/run/httpd/sslcache(512000) SSLSessionCacheTimeout 300 SSLCryptoDevice builtin diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..e4e00a2 --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,7 @@ +#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml +apache_config_dir: /etc/apache2/sites-enabled/ +apache_packages: +- apache2 +apache_ssl_packages: openssl +apache_service: apache2 +apache_group: www-data diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..93a7abb --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,8 @@ + +#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml +apache_config_dir: /etc/httpd/conf.d/ +apache_packages: +- httpd +apache_service: httpd +apache_ssl_packages: mod_ssl +apache_group: apache