add opt out for ssl

2023-09-24 09:49:05 +03:00 · 2023-09-24 09:49:05 +03:00 · d268d44421
commit d268d44421
parent 751a0aebec
3 changed files with 13 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,4 +1,8 @@
 ---
+ssl: true
+ssl_port: 443
+web_port: 80
+apache_modules: []
 vhosts: []
  # - vhostname: default.host.example.org
  #   weight: 25
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -2,12 +2,13 @@
 - name: Allow HTTP traffic
  ufw:
    rule: allow
-    port: 80
+    port: "{{ web_port }}"

 - name: Allow HTTPS traffic
  ufw:
    rule: allow
-    port: 443
+    port: "{{ ssl_port | default(443) }}"
+  when: ssl

 - name: Ensure MPM Worker module is disabled
  shell: a2dismod mpm_worker
@ -60,7 +61,7 @@
    state: present
    force: True
    name: "{{ item }}"
-  with_items: "{{ apache_modules }}"
+  loop: "{{ apache_modules }}"
  register: enabled_mods
  when: apache_modules is defined

@ -99,6 +100,3 @@
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache
-# notfound.php
-# error500.php
-# error503.php
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -10,15 +10,19 @@
    path: "/etc/letsencrypt/archive/{{ item.vhostname }}"
  register: certificate_folder
  loop: "{{ vhosts }}"
+  when: ssl

 - name: Initialize need_certificate
  set_fact:
    need_certificate: false
+  when: ssl

 - name: Evaluate if need certificate
  set_fact:
    need_certificate: true
-  when: not item.stat.exists
+  when:
+    - not item.stat.exists
+    - ssl
  loop: "{{ certificate_folder.results }}"

 - name: Ensure certificate is created if needed