infrastructure/roles/web/tasks/main.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

- name: install apache2
  ansible.builtin.package:
    name: apache2
- name: enable mod_md
  ansible.builtin.command:
    cmd: a2enmod md
    creates: /etc/apache2/mods-enabled/md.load
  notify: restart web
- name: enable mod_ssl
  ansible.builtin.command:
    cmd: a2enmod ssl
    creates: /etc/apache2/mods-enabled/ssl.load
  notify: restart web
- name: enable mod_userdir
  ansible.builtin.command:
    cmd: a2enmod userdir
    creates: /etc/apache2/mods-enabled/userdir.load
  notify: restart web
- name: enable mod_proxy_http
  ansible.builtin.command:
    cmd: a2enmod proxy_http
    creates: /etc/apache2/mods-enabled/proxy_http.load
  notify: restart web
- name: enable mod_headers
  ansible.builtin.command:
    cmd: a2enmod headers
    creates: /etc/apache2/mods-enabled/headers.load
  notify: restart web
- name: ssl site
  ansible.builtin.copy:
    dest: /etc/apache2/sites-enabled/ssl.conf
    content: |
      MDomain {{ public_hostname_punycode }}
      MDCertificateAgreement accepted

      <VirtualHost *:443>
        ServerName {{ public_hostname_punycode }}
        SSLEngine on
        ServerAdmin {{ admin_email }}

        <Location /vaultwarden/>
          ProxyPass http://127.0.0.1:8080/vaultwarden/
          ProxyPreserveHost On
          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
        </Location>

        RedirectMatch "^/$" "/gitweb/?p=infrastructure.git;a=blob;f=README.md;hb=refs/heads/main"
      </VirtualHost>
  notify: restart web