- name: packages are installed
  apt:
    name: '{{ item }}'
    state: present
  with_items:
  - apache2
  - apache2-mpm-prefork
  - apachetop
  - libwww-perl
  tags:
  - apache

- name: manually disable mpm_event
  command: a2dismod mpm_event
  register: cmd_disable_event
  changed_when: "'Module mpm_event already disabled' not in cmd_disable_event.stdout"

- name: manually enable mpm_prefork
  command: a2enmod mpm_prefork
  register: cmd_disable_prefork
  changed_when: "'Module mpm_prefork already enabled' not in cmd_disable_prefork.stdout"

# With Ansible 2.2 the module check the config for conflicts
# With 2.3 it can be disabled.
# https://docs.ansible.com/ansible/apache2_module_module.html
# - name: mpm_event modules is disabled
#   apache2_module:
#     name: '{{ item }}'
#     state: absent
#   with_items:
#   - mpm_event
#   tags:
#   - apache

- name: basic modules are enabled
  apache2_module:
    name: '{{ item }}'
    state: present
  with_items:
  - rewrite
  - expires
  - headers
  - cgi
  - ssl
  tags:
  - apache

- name: Copy Apache defaults config file
  copy:
    src: evolinux-defaults.conf
    dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
    owner: root
    group: root
    mode: "0644"
    force: yes
  tags:
  - apache

- name: Copy Apache custom config file
  copy:
    src: evolinux-custom.conf
    dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
    owner: root
    group: root
    mode: "0644"
    force: no
  tags:
  - apache

- name: Copy Apache SSL (strong security) config file
  copy:
    src: evolinux-ssl.conf
    dest: "/etc/apache2/conf-available/evolinux-ssl.conf"
    owner: root
    group: root
    mode: "0644"
    force: no
  tags:
  - apache

- name: Ensure Apache config files are enabled
  command: "a2enconf {{ item }}"
  register: command_result
  changed_when: "'Enabling' in command_result.stderr"
  with_items:
  - z-evolinux-defaults.conf
  - zzz-evolinux-custom.conf
  - evolinux-ssl.conf
  tags:
  - apache

- name: Init private_ipaddr_whitelist.conf file
  copy:
    src: private_ipaddr_whitelist.conf
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    owner: root
    group: root
    mode: "0640"
    force: no
  tags:
  - apache

- name: add IP addresses to private IP whitelist
  lineinfile:
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: present
  with_items: "{{ apache_private_ipaddr_whitelist_present }}"
  notify: reload apache
  tags:
  - apache

- name: remove IP addresses from private IP whitelist
  lineinfile:
    dest: /etc/apache2/private_ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: absent
  with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
  notify: reload apache
  tags:
  - apache

- name: include private IP whitelist for server-status
  lineinfile:
    dest: /etc/apache2/mods-available/status.conf
    line: "        include /etc/apache2/private_ipaddr_whitelist.conf"
    insertafter: 'SetHandler server-status'
    state: present

- name: Copy private_htpasswd
  copy:
    src: private_htpasswd
    dest: /etc/apache2/private_htpasswd
    owner: root
    group: root
    mode: "0640"
    force: no
  notify: reload apache
  tags:
  - apache

- name: add user:pwd to private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: present
  with_items: "{{ apache_private_htpasswd_present }}"
  notify: reload apache
  tags:
  - apache

- name: remove user:pwd from private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: absent
  with_items: "{{ apache_private_htpasswd_absent }}"
  notify: reload apache
  tags:
  - apache

- name: default vhost is installed
  template:
    src: evolinux-default.conf.j2
    dest: /etc/apache2/sites-available/000-evolinux-default.conf
    mode: "0640"
    # force: yes
  notify: reload apache
  tags:
  - apache

- name: default vhost is enabled
  file:
    src: /etc/apache2/sites-available/000-evolinux-default.conf
    dest: /etc/apache2/sites-enabled/000-default.conf
    state: link
    force: yes
  notify: reload apache
  when: apache_evolinux_default_enabled
  tags:
  - apache

- block:
  - name: generate random string for phpmyadmin suffix
    command: "apg -a 1 -M N -n 1"
    changed_when: False
    register: _random_phpmyadmin_suffix

  - name: overwrite apache_phpmyadmin_suffix
    set_fact:
      apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
  when: apache_phpmyadmin_suffix == ""

- name: replace phpmyadmin suffix in default site index
  replace:
    dest: /var/www/index.html
    regexp: '__PHPMYADMIN_SUFFIX__'
    replace: "{{ apache_phpmyadmin_suffix }}"

# - block:
#   - name: generate random string for serverstatus suffix
#     command: "apg -a 1 -M N -n 1"
#     changed_when: False
#     register: _random_serverstatus_suffix
#
#   - name: overwrite apache_serverstatus_suffix
#     set_fact:
#       apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}"
#   when: apache_serverstatus_suffix == ""
#
# - name: replace server-status suffix in default site index
#   replace:
#     dest: /var/www/index.html
#     regexp: '__SERVERSTATUS_SUFFIX__'
#     replace: "{{ apache_serverstatus_suffix }}"

- name: is umask already present?
  command: "grep -E '^umask ' /etc/apache2/envvars"
  failed_when: False
  changed_when: False
  register: envvar_grep_umask
  check_mode: no
  tags:
  - apache

- name: Add a mark in envvars for umask
  blockinfile:
    dest: /etc/apache2/envvars
    marker: "## {mark} ANSIBLE MANAGED BLOCK"
    block: |
      ## Set umask for writing by Apache user.
      ## Set rights on files and directories written by Apache
      umask 007
  when: envvar_grep_umask.rc != 0
  tags:
  - apache