source: darkpeak-services/roles/apache2/tasks/configure-apache-site.yml @ 8fab56d2

ansiblekeycloakmatrixpleroma
Last change on this file since 8fab56d2 was 8fab56d2, checked in by Mat Booth <mat.booth@…>, 19 months ago

Refs #7 - Refactor to allow each service to have its own cert

Precursor to letsencrypt

  • Property mode set to 100644
File size: 1.5 KB
Line 
1- name: Create site directories
2  file:
3    state: directory
4    path:  "{{ item.path }}"
5    group: "{{ item.group }}"
6    owner: "{{ item.owner }}"
7    mode:  "{{ item.mode }}"
8  with_items:
9    - { path: '/var/log/apache2/{{ service_name }}', group: 'adm', owner: 'www-data', mode: '0750' }
10    - { path: '{{ web_root }}', group: 'www-data', owner: 'root', mode: '0751' }
11  notify:
12    - reload apache2
13
14- name: Configure a TLS certificate for this site
15  include: ../../tls/tasks/configure-tls-cert.yml
16
17# The default vhost *must* be the first lexigraphically, so for the default service
18# we add a filename prefix of '0-' to ensure that is the case
19
20- name: Install vhost
21  template:
22    src: ../../apache2/templates/apache.vhost.conf.j2
23    dest: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
24    owner: root
25    group: root
26    mode: 0644
27  notify:
28    - reload apache2
29
30- name: Enable vhost
31  file:
32    src: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
33    dest: "/etc/apache2/sites-enabled/{{ '0-default' if service_name == 'default' else service_name }}.conf"
34    state: link
35  notify:
36    - reload apache2
37
38# This file is supplied by the calling role, and included in the apache configuration
39# by the above vhost file
40
41- name: Install custom site config
42  template:
43    src: apache.incl.conf.j2
44    dest: "/etc/apache2/includes/{{ service_name}}.incl.conf"
45    owner: root
46    group: root
47    mode: 0644
48  notify:
49    - reload apache2
50
Note: See TracBrowser for help on using the repository browser.