---
# tasks file for apache_vhost

- include_vars: "{{ ansible_os_family}}.yml"
  tags: always

- name: create dedicated user
  user:
    name: "{{ apache_user }}"
    groups:
    - "{{ apache_group }}"
    home: "{{ apache_base_dir }}"
    shell: /bin/bash
  when: apache_user_password is not defined and apache_user != 'apache'
  tags: apache_user

- name: create dedicated user - ssh
  user:
    name: "{{ apache_user }}"
    groups:
    - apache
    - ssh_users
    home: "{{ apache_base_dir }}"
    shell: /bin/bash
  when: apache_user_password is defined
  tags: apache_user

- name: create directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ apache_user }}"
    group: "{{ apache_group }}"
    mode: 0750
  loop:
    - "{{ apache_base_dir }}"
    - "{{ apache_base_dir }}/logs"
    - "{{ apache_base_dir }}/www"
    - "{{ apache_base_dir }}/session"
    - "{{ apache_base_dir }}/wsdlcache"

- name: enable some modules
  when: ansible_os_family == 'Debian'
  tags: modules
  community.general.apache2_module:
    state: present
    name: "{{ item }}"
  loop: "{{ apache_modules_list }}"

- name: dns setup
  include_tasks: dns.yml
  when: apache_use_dns

- name: remove default site
  ansible.builtin.file:
    path: /etc/apache2/sites-enabled/000-default.conf
    state: absent
  notify: restart apache
  when: ansible_os_family| lower == 'debian'

- name: create certificate
  include_tasks: certbot.yml
  when: apache_use_ssl

- name: vhost config file
  template:
    src: vhost.conf.jj
    dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
    mode: 0644
  notify: restart apache

- name: logrotate config file
  template:
    src: logrotate.conf.jj
    dest: "/etc/logrotate.d/vhost_{{ apache_server_name }}.conf"
    mode: 0644

- name: goaccess
  import_tasks: goaccess.yml
  when: apache_use_stats
  tags: stats