make it work on debian

remove certbot generation (its got its own role)

ISSUES

@@ -0,0 +1,4 @@
+too many variables
+should not take care of ssl, php etc.
+
+ditch it in favor of tco.Webhosting ?

handlers/main.yml

@@ -2,8 +2,8 @@
 # handlers file for apache_vhost
 - name: restart apache
   service:
-    name: httpd
+    name: "{{ apache_service_name }}"
-    state: restarted
+    state: reloaded
 
 - name: restart zabbix_agentd
   service:

tasks/certbot.yml

@@ -1,55 +0,0 @@
----
-- name: install certbot
-  package:
-    name:
-     - certbot
-     - mod_ssl
-
-    state: present
-
-- name: install apache config file without ssl
-  vars:
-    apache_use_ssl: false
-  template:
-    src: vhost.conf.jj
-    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
-    mode: 0644
-  notify: restart apache
-  register: result
-
-# cant use meta / flush handlers in conditionnals
-- name: if needed, we restart apache
-  service:
-    name: httpd
-    state: restarted
-  when: result.changed
-
-- name: generate certificates for domaine and subdomains
-  vars:
-    subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
-  command: certbot certonly --agree-tos --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
-  args:
-    creates: "{{ apache_ssl_chain }}"
-  when: apache_server_alias is defined
-
-- name: generate certificates
-  command: certbot certonly --agree-tos  --non-interactive -m {{ apache_ssl_root_email }} --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
-  args:
-    creates: "{{ apache_ssl_chain }}"
-  when: apache_server_alias is not defined
-
-- name: deploy ssl config file
-  template:
-    src: ssl.conf
-    dest: /etc/httpd/conf.d
-  notify: restart apache
-
-- name: create cronjob for renewal
-  cron:
-    name: certbot
-    cron_file: certbot
-    user: root
-    hour: "01"
-    minute: "00"
-    weekday: "6"
-    job: "/usr/bin/certbot renew"

tasks/main.yml

@@ -1,15 +1,18 @@
 ---
 # tasks file for apache_vhost
 
+- include_vars: "{{ ansible_os_family|lower }}.yml"
+  tags: always
 
 - name: create dedicated user
   user:
     name: "{{ apache_user }}"
     groups:
-    - apache
+    - "{{ apache_group }}"
     home: "{{ apache_base_dir }}"
     shell: /bin/bash
   when: apache_user_password is not defined and apache_user != 'apache'
+  tags: apache_user
 
 - name: create dedicated user - ssh
   user:
@@ -20,13 +23,14 @@
     home: "{{ apache_base_dir }}"
     shell: /bin/bash
   when: apache_user_password is defined
+  tags: apache_user
 
 - name: create directories
   file:
     path: "{{ item }}"
     state: directory
     owner: "{{ apache_user }}"
-    group: apache
+    group: "{{ apache_group }}"
     mode: 0750
   loop:
     - "{{ apache_base_dir }}"
@@ -39,14 +43,10 @@
   include_tasks: dns.yml
   when: apache_use_dns
 
-- name: create certificate
-  include_tasks: certbot.yml
-  when: apache_use_ssl
-
 - name: vhost config file
   template:
     src: vhost.conf.jj
-    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
     mode: 0644
   notify: restart apache
 

templates/pool.conf.jj

@@ -1,6 +1,6 @@
 [www_{{apache_server_name}}]
 user = {{ apache_user }}
-group = apache
+group = {{ apache_group }}
 listen = {{ apache_php_socket }}
 listen.owner = {{ apache_user }}
 listen.group = apache

templates/vhost.conf.jj

@@ -42,7 +42,7 @@
    </Directory>
    {%if apache_use_php %}
    <FilesMatch \.php$>
-      SetHandler  "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/"
+      SetHandler  "{{ php_listen_url }}"
    </FilesMatch>
    {% endif %}
 </VirtualHost>

vars/debian.yml

@@ -0,0 +1,4 @@
+---
+apache_group: www-data
+apache_config_dir: /etc/apache2/sites-enabled/
+apache_service_name: apache2

vars/redhat.yml

@@ -0,0 +1,4 @@
+---
+apache_group: apache
+apache_config_dir: /etc/httpd/conf.d/
+apache_service_name: httpd