--- - name: install apache ansible.builtin.package: name: "{{ item }}" state: installed with_items: - httpd - mod_ssl - name: disable plain http and default included configs ansible.builtin.lineinfile: path: /etc/httpd/conf/httpd.conf line: "#{{ item }}" regexp: "^#?{{ item|replace('*', '\\*') }}" with_items: - "Listen 80" - "IncludeOptional conf.d/*.conf" notify: restart apache - name: set server admin address ansible.builtin.lineinfile: path: /etc/httpd/conf/httpd.conf line: "ServerAdmin webmaster@{{ mail_domain }}" regexp: "#?ServerAdmin .*" notify: restart apache - name: include local configs ansible.builtin.lineinfile: path: /etc/httpd/conf/httpd.conf line: "IncludeOptional conf.local.d/*.conf" notify: restart apache - name: fix selinux contexts from data directory community.general.sefcontext: path: /srv/web(/.*)? setype: httpd_sys_content_t when: ansible_selinux_python_present - name: create data and config directories ansible.builtin.file: state: directory path: "{{ item }}" mode: 0755 owner: root group: "{{ ansible_wheel }}" seuser: _default setype: _default with_items: - /srv/web - "/srv/web/{{ inventory_hostname }}" - "/etc/httpd/conf.local.d" - name: create ssl config ansible.builtin.template: src: ssl.conf.j2 dest: /etc/httpd/conf.local.d/ssl.conf mode: 0644 owner: root group: "{{ ansible_wheel }}" notify: restart apache - name: create site config ansible.builtin.template: src: site.conf.j2 dest: "/etc/httpd/conf.local.d/{{ inventory_hostname }}.conf" mode: 0644 owner: root group: "{{ ansible_wheel }}" notify: restart apache - name: fix log directory permissions ansible.builtin.file: path: /var/log/httpd state: directory mode: 0755 owner: root group: "{{ ansible_wheel }}" - name: import sftpuser role ansible.builtin.import_role: name: sftpuser vars: chroot: "/var/log/httpd" user: logsync publickeys: "{{ logsync_publickeys }}" - name: enable apache ansible.builtin.service: name: httpd state: started enabled: true