---
# tasks file for ensure_apache
- name: 'include variables'
  when:
    - ansible_system == 'Linux'
  include_vars:
    file: '{{ lookup("first_found", findme ) }}'
    name: 'ensure_apache'
  vars:
    findme:
      files:
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_distribution }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_distribution }}-default.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-{{ ansible_architecture }}.yml'
        - '{{ ansible_os_family }}-{{ ansible_distribution_major_version }}-default.yml'
        - '{{ ansible_os_family }}-default.yml'
        - 'default.yml'
      paths:
        - '../vars/'
      errors: 'ignore'
- name: 'package discovery'
  when:
    - ansible_system == 'Linux'
    - packages is not defined
  ansible.builtin.package_facts:
- name: 'service discovery'
  when:
    - ansible_system == 'Linux'
    - services is not defined
  ansible.builtin.service_facts:
- name: 'ensure sysctl'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.sysctl_list is defined
    - ensure_apache.sysctl_list is iterable
  ansible.posix.sysctl:
    name: '{{ item.name }}'
    reload: '{{ item.reload | default(omit) }}'
    state: '{{ item.state }}'
    sysctl_file: '{{ item.sysctl_file | default(omit) }}'
    sysctl_set: '{{ item.sysctl_set | default(omit) }}'
    value: '{{ item.value | default(omit) }}'
  loop: '{{ ensure_apache.sysctl_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.value }}'
- name: 'ensure packages'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.package_list is defined
    - ensure_apache.package_list is iterable
    - packages[item.name] is not defined
  ansible.builtin.package:
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.package_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
- name: 'ensure seboolean'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.seboolean_list is defined
    - ensure_apache.seboolean_list is iterable
  ansible.posix.seboolean:
    name: '{{ item.name }}'
    persistent: '{{ item.persistent }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.seboolean_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
- name: 'ensure configurations'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.template_list is defined
    - ensure_apache.template_list is iterable
  ansible.builtin.template:
    backup: 'no'
    dest: '{{ item.dest }}'
    group: '{{ item.group | default(omit) }}'
    mode: '{{ item.mode | default(omit) }}'
    owner: '{{ item.owner | default(omit) }}'
    selevel: '{{ iteml.selevel | default(omit) }}'
    serole: '{{ item.serole | default(omit) }}'
    setype: '{{ item.setype | default(omit) }}'
    seuser: '{{ item.seuser | default(omit) }}'
    src: '{{ item.src }}'
  loop: '{{ ensure_apache.template_list }}'
  loop_control:
    label: '{{ item.dest }} will be ensured'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
    - 'ensure_apache.service_reload'
    - 'ensure_apache.services'
- name: 'ensure firewall'
  when:
    - ansible_system == 'Linux'
    - packages["firewalld"] is defined
    - packages["python3-firewall"] is defined
    - ensure_apache is defined
    - ensure_apache.firewall_list is defined
    - ensure_apache.firewall_list is iterable
  ansible.posix.firewalld:
    permanent: '{{ item.permanent }}'
    service: '{{ item.service }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.firewall_list }}'
  loop_control:
    label: '{{ item.service }} will be {{ item.state }}'
- name: 'base mod_md store'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - http_vhost is defined
    - http_vhost is iterable
  ansible.builtin.file:
    group: 'apache'
    owner: 'root'
    mode: '0770'
    path: '/etc/httpd/md'
    state: 'directory'
    setype: 'httpd_var_lib_t'
- name: 'ensure vhost document roots'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - http_vhost is defined
    - http_vhost is iterable
    - item.fqdn is defined
  ansible.builtin.file:
    path: '/srv/http/{{ item.fqdn }}'
    state: 'directory'
    setype: 'httpd_sys_content_t'
  loop: '{{ http_vhost }}'
  loop_control:
    label: '/srv/http/{{ item.fqdn }} will be ensured'
- name: 'ensure website content from git repos'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - http_vhost is defined
    - http_vhost is iterable
    - item.fqdn is defined
    - item.repo is defined
  ansible.builtin.git:
    dest: '/srv/http/{{ item.fqdn }}'
    repo: '{{ item.repo }}'
  loop: '{{ http_vhost }}'
  loop_control:
    label: '/srv/http/{{ item.fqdn }} will be populated...'
- name: 'ensure services'
  when:
    - ansible_system == 'Linux'
    - ensure_apache is defined
    - ensure_apache.service_list is defined
    - ensure_apache.service_list is iterable
  ansible.builtin.service:
    enabled: '{{ item.enabled }}'
    name: '{{ item.name }}'
    state: '{{ item.state }}'
  loop: '{{ ensure_apache.service_list }}'
  loop_control:
    label: '{{ item.name }} will be {{ item.state }}'
  notify:
    - 'ensure_apache.package_facts'
    - 'ensure_apache.service_facts'
- name: 'flush handlers'
  meta: 'flush_handlers'