Issue #34: Add ability to 'disable' Apache mods on Ubuntu/Debian.

README.md

@@ -55,8 +55,9 @@ The SSL protocols and cipher suites that are used/allowed when clients make secu
     apache_mods_enabled:
       - rewrite.load
       - ssl.load
+    apache_mods_disabled: []
 
-(Debian/Ubuntu ONLY) Which Apache mods to enable (these will be symlinked into the apporopriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
+(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
 
     apache_packages:
       - [platform-specific]

defaults/main.yml

@@ -25,6 +25,8 @@ apache_vhosts_ssl: []
 apache_ssl_protocol: "All -SSLv2 -SSLv3"
 apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
 
+# Only used on Debian/Ubuntu.
 apache_mods_enabled:
   - rewrite.load
   - ssl.load
+apache_mods_disabled: []

tasks/configure-Debian.yml

@@ -16,6 +16,13 @@
   with_items: apache_mods_enabled
   notify: restart apache
 
+- name: Disable Apache mods.
+  file:
+    path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
+    state: absent
+  with_items: apache_mods_disabled
+  notify: restart apache
+
 - name: Add apache vhosts configuration.
   template:
     src: "vhosts-{{ apache_vhosts_version }}.conf.j2"