make it work on debian, restore certificate management

2024-05-08 17:27:37 +02:00
parent 31e9283fc0
commit a0ad2a9301
6 changed files with 33 additions and 8 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -2,7 +2,7 @@
 # handlers file for apache_vhost
 - name: restart apache
  service:
-    name: httpd
+    name: "{{ apache_service }}"
    state: restarted

 - name: restart zabbix_agentd
--- a/tasks/certbot.yml
+++ b/tasks/certbot.yml
@@ -3,7 +3,7 @@
  package:
    name:
     - certbot
-     - mod_ssl
+     - "{{ apache_ssl_packages }}"

    state: present

@@ -12,7 +12,7 @@
    apache_use_ssl: false
  template:
    src: vhost.conf.jj
-    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
    mode: 0644
  notify: restart apache
  register: result
@@ -20,7 +20,7 @@
 # cant use meta / flush handlers in conditionnals
 - name: if needed, we restart apache
  service:
-    name: httpd
+    name: "{{ apache_service }}"
    state: restarted
  when: result.changed

@@ -41,7 +41,7 @@
 - name: deploy ssl config file
  template:
    src: ssl.conf
-    dest: /etc/httpd/conf.d
+    dest: "{{ apache_config_dir }}"
  notify: restart apache

 - name: create cronjob for renewal
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,12 +1,13 @@
 ---
 # tasks file for apache_vhost

+- include_vars: "{{ ansible_os_family }}.yml"

 - name: create dedicated user
  user:
    name: "{{ apache_user }}"
    groups:
-    - apache
+    - "{{ apache_group }}"
    home: "{{ apache_base_dir }}"
    shell: /bin/bash
  when: apache_user_password is not defined and apache_user != 'apache'
@@ -26,7 +27,7 @@
    path: "{{ item }}"
    state: directory
    owner: "{{ apache_user }}"
-    group: apache
+    group: "{{ apache_group }}"
    mode: 0750
  loop:
    - "{{ apache_base_dir }}"
@@ -39,6 +40,13 @@
  include_tasks: dns.yml
  when: apache_use_dns

+- name: remove default site
+  ansible.builtin.file:
+    path: /etc/apache2/sites-enabled/000-default.conf
+    state: absent
+  notify: restart apache
+  when: ansible_os_family| lower == 'debian'
+
 - name: create certificate
  include_tasks: certbot.yml
  when: apache_use_ssl
@@ -46,7 +54,7 @@
 - name: vhost config file
  template:
    src: vhost.conf.jj
-    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
    mode: 0644
  notify: restart apache

--- a/templates/ssl.conf
+++ b/templates/ssl.conf
@@ -1,4 +1,6 @@
+{% if ansible_os_family | lower =='redhat' %}
 Listen 443 https
+{% endif %}
 SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
 SSLSessionCacheTimeout  300
 SSLCryptoDevice builtin
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -0,0 +1,7 @@
+#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml
+apache_config_dir: /etc/apache2/sites-enabled/
+apache_packages:
+- apache2
+apache_ssl_packages: openssl
+apache_service: apache2
+apache_group: www-data
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -0,0 +1,8 @@
+
+#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml
+apache_config_dir: /etc/httpd/conf.d/
+apache_packages:
+- httpd
+apache_service: httpd
+apache_ssl_packages: mod_ssl
+apache_group: apache