- name: packages are installed
  apt:
    name: '{{ item }}'
    state: present
  with_items:
  - apache2-mpm-itk
  - apachetop
  - libapache2-mod-evasive
  - libwww-perl
  tags:
  - apache

- name: basic modules are enabled
  apache2_module:
    name: '{{ item }}'
    state: present
  with_items:
  - rewrite
  - expires
  - headers
  - rewrite
  - cgi
  tags:
  - apache

- name: Copy Apache defaults config file
  copy:
    src: evolinux-defaults.conf
    dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
    owner: root
    group: root
    mode: "0644"
    force: yes
  tags:
  - apache

- name: Copy Apache custom config file
  copy:
    src: evolinux-custom.conf
    dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
    owner: root
    group: root
    mode: "0644"
    force: no
  tags:
  - apache

- name: Ensure Apache config files are enabled
  command: "a2enconf {{ item }}"
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"
  with_items:
  - z-evolinux-defaults.conf
  - zzz-evolinux-custom.conf
  tags:
  - apache

- name: Init private_ipaddr_whitelist.conf file
  copy:
    src: private_ipaddr_whitelist.conf
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    owner: root
    group: root
    mode: "0640"
    force: no
  tags:
  - apache

- name: add IP addresses to private IP whitelist
  lineinfile:
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    line: "Allow from {{ item }}"
    state: present
  with_items: "{{ apache_private_ipaddr_whitelist_present }}"
  notify: reload apache
  tags:
  - apache

- name: remove IP addresses from private IP whitelist
  lineinfile:
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    line: "Allow from {{ item }}"
    state: absent
  with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
  notify: reload apache
  tags:
  - apache

- name: Copy private_htpasswd
  copy:
    src: private_htpasswd
    dest: /etc/apache2/private_htpasswd
    owner: root
    group: root
    mode: "0640"
    force: no
  notify: reload apache
  tags:
  - apache

- name: add user:pwd to private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: present
  with_items: "{{ apache_private_htpasswd_present }}"
  notify: reload apache
  tags:
  - apache

- name: remove user:pwd from private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: absent
  with_items: "{{ apache_private_htpasswd_absent }}"
  notify: reload apache
  tags:
  - apache

- name: is umask already present?
  command: "grep -E '^umask ' /etc/apache2/envvars"
  failed_when: False
  changed_when: False
  register: envvar_grep_umask
  check_mode: no
  
  tags:
  - apache

- name: Add a mark in envvars for umask
  blockinfile:
    dest: /etc/apache2/envvars
    marker: "## {mark} ANSIBLE MANAGED BLOCK"
    block: |
      ## Set umask for writing by Apache user.
      ## Set rights on files and directories written by Apache
      umask 007
  when: envvar_grep_umask.rc != 0
  tags:
  - apache