- name: ensure packages are installed
  apt:
    name: '{{ item }}'
    state: installed
  with_items:
    - apache2-mpm-itk
    - apachetop
    - libapache2-mod-evasive
    - libwww-perl

- name: ensure basic modules are enabled
  command: a2enmod rewrite expires headers rewrite cgi
  changed_when: false

- name : copy Apache default config
  copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644

- name : copy Apache override config
  copy: src=zzz_evolix.conf  dest=/etc/apache2/conf-available/zzz_evolix.conf owner=root group=root mode=0640 force=no

- name: ensure Apache default config is enabled
  command: a2enconf z_evolix.conf zzz_evolix.conf
  changed_when: false

- name: init ipaddr_whitelist.conf file
  copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no

- name: add IP addresses to private IP whitelist
  lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Allow from {{ item }}"
    state: present
  with_items: "{{ apache_ipaddr_whitelist }}"

- name: add a mark in envvars for umask
  blockinfile:
    dest: /etc/apache2/envvars
    block: |
      ## Set umask for writing by Apache user.
      ## Set rights on files and directories written by Apache

- name : ensure umask is set in envvars (default is umask 007)
  lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 007"