ansible + goss

ansible/roles/ssl-apache/files/000-default.conf

@@ -0,0 +1,32 @@
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+	ServerName onfarbo43
+	ServerAdmin webmaster@localhost
+        DocumentRoot /var/www/html
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+	Redirect "/" "https://onfarbo43/"
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

ansible/roles/ssl-apache/files/default-ssl.conf

@@ -0,0 +1,24 @@
+#<IfModule mod_ssl.c>
+        <VirtualHost *:443>
+                ServerAdmin webmaster@localhost
+		ServerName onfarbo43
+
+                DocumentRoot /var/www/html
+
+                ErrorLog ${APACHE_LOG_DIR}/error.log
+                CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+                SSLEngine on
+
+                SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
+                SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
+
+                <FilesMatch "\.(cgi|shtml|phtml|php)$">
+                                SSLOptions +StdEnvVars
+                </FilesMatch>
+                <Directory /usr/lib/cgi-bin>
+                                SSLOptions +StdEnvVars
+                </Directory>
+
+        </VirtualHost>
+#</IfModule>

ansible/roles/ssl-apache/files/ports.conf

@@ -0,0 +1,16 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 80
+Listen 443 https
+
+#<IfModule ssl_module>
+#	Listen 443
+#</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 443
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

ansible/roles/ssl-apache/handlers/main.yml

@@ -0,0 +1,9 @@
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
+
+- name: reload apache2
+  service:
+    name: apache2
+    state: reloaded

ansible/roles/ssl-apache/tasks/main.yml

@@ -0,0 +1,63 @@
+- name: Installation des paquets
+  apt:
+    name: ['openssl', 'sudo']
+
+- name: Création de la clé
+  community.crypto.openssl_privatekey:
+    path: /etc/ssl/private/apache-selfsigned.key
+    mode: "640"
+    owner: root
+    group: root   
+
+- name: Création du certificat
+  community.crypto.x509_certificate:
+    path: /etc/ssl/certs/apache-selfsigned.crt
+    privatekey_path: /etc/ssl/private/apache-selfsigned.key
+    provider: selfsigned
+    mode: "644"
+    owner: root
+    group: root
+
+- name: Suppression du fichier 000-default.conf
+  file:
+    path: /etc/apache2/sites-available/000-default.conf
+    state: absent
+
+- name: Supression du fichier default-ssl.conf
+  file:
+    path: /etc/apache2/sites-available/default-ssl.conf
+    state: absent
+
+- name: Supression du fichier ports.conf
+  file:
+    path: /etc/apache2/ports.conf
+    state: absent
+    
+- name: ajout de la redirection https
+  copy:
+    src: 000-default.conf
+    dest: /etc/apache2/sites-available
+
+- name: ajout du site https
+  copy:
+    src: default-ssl.conf
+    dest: /etc/apache2/sites-available
+
+- name: ajout du port 443
+  copy:
+    src: ports.conf
+    dest: /etc/apache2
+  notify: restart apache2
+
+- name: changement de répertoire
+  shell: cd /etc/apache2/sites-available
+
+- name: a2ensite default
+  command: sudo a2ensite 000-default.conf
+
+- name: a2ensite ssl
+  command: sudo a2ensite default-ssl.conf
+
+- name: a2enmod
+  command: sudo a2enmod ssl
+  notify: reload apache2