# Copyright 2018-2023 Chris Croome
#
# This file is part of the Webarchitects Apache Ansible role.
#
# The Webarchitects Apache Ansible role is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
#
# The Webarchitects Apache Ansible role is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along with the Webarchitects Apache Ansible role. If not, see <https://www.gnu.org/licenses/>.
---
- name: Install and configure Apache
  block:

    - name: Verify variables that start with apache_
      ansible.builtin.include_tasks: verify.yml
      when:
        - apache_verify is defined
        - apache_verify | bool

    - name: Include apt role local fact tasks
      ansible.builtin.include_role:
        name: apt
        tasks_from: local_facts.yml
      when: >-
        ( ansible_local.dpkg.arch is not defined ) or
        ( ansible_local.gpg.version is not defined ) or
        ( ansible_local.bash.path is not defined )

    - name: Packages present and absent
      block:

        - name: Apache packages absent
          ansible.builtin.apt:
            pkg: "{{ apache_packages_absent }}"
            state: absent
            update_cache: false
          when:
            - apache_packages_absent is defined
            - apache_packages_absent != []
            - ansible_local.dpkg.installed is defined
            - apache_packages_absent | ansible.builtin.intersect(ansible_local.dpkg.installed) != []

        - name: Apache present from buster-backports
          ansible.builtin.apt:
            pkg:
              - apache2
            state: latest
            install_recommends: true
            default_release: buster-backports
            update_cache: true
          when:
            - apache_packages_present is defined
            - ( "apache2" in apache_pkgs_present )
            - ansible_distribution_release == "buster"

        - name: Apache packages present
          ansible.builtin.apt:
            pkg: "{{ apache_packages_present }}"
            state: present
            install_recommends: true
            update_cache: false
          when:
            - apache_packages_present is defined
            - apache_packages_present != []
            - ansible_local.dpkg.installed is defined
            - apache_packages_present | ansible.builtin.difference(ansible_local.dpkg.installed) != []

      when: >-
        ( ( apache_pkgs_absent is defined ) and ( apache_pkgs_absent != [] ) or
        ( ( apache_pkgs_present is defined ) and ( apache_pkgs_present != [] )

    - name: Include local facts tasks
      ansible.builtin.include_tasks: local_facts.yml
      when: ansible_local.a2query is not defined

    - name: Include Apache checks
      ansible.builtin.include_tasks: checks.yml

    - name: Apache DocumentRoot present
      ansible.builtin.file:
        path: "{{ apache_document_root }}"
        state: directory
        mode: "0755"
        owner: root
        group: root

    - name: Include MPM switching tasks
      ansible.builtin.include_tasks: mpm.yml
      when: ansible_local.a2query.mpm not in apache_mods_enabled

    - name: Apache DH parameters file present
      community.crypto.openssl_dhparam:
        path: "{{ apache_dhparam_path }}"
        size: "{{ apache_dhparam_size }}"

    - name: Include suEXEC tasks
      ansible.builtin.include_tasks: suexec.yml
      when:
        - apache_suexec is defined
        - apache_suexec | bool

    - name: Install specific version of mod_md
      ansible.builtin.include_tasks: md.yml
      when:
        - ( "md" in apache_mods_enabled )
        - apache_md_version is defined
        - apache_md_version != "default"

    - name: Apache config available
      ansible.builtin.include_tasks: config.yml

    - name: Apache envars in place
      ansible.builtin.template:
        src: templates/envvars.j2
        dest: /etc/apache2/envvars
        mode: "0755"
        owner: root
        group: root

    - name: Apache modules disabled and enabled
      ansible.builtin.include_tasks: a2mod.yml
      when: ( apache_mods_disabled is defined ) or ( apache_mods_enabled is defined )

    - name: Apache conf disabled and enabled
      ansible.builtin.include_tasks: a2conf.yml
      when: ( apache_sites_disabled is defined ) or ( apache_conf_enabled is defined )

    - name: Apache sites disabled and enabled
      ansible.builtin.include_tasks: a2site.yml
      when: ( apache_sites_disabled is defined ) or ( apache_sites_enabled is defined )

    - name: Apache enabled for systemd servers
      ansible.builtin.systemd:
        name: apache2
        enabled: true
      when: ansible_distribution_release != "stretch"

    - name: Apache configtest
      ansible.builtin.command: apache2ctl configtest
      register: apache_configtest
      failed_when: apache_configtest.rc is not regex('^0|1$')
      check_mode: false

    - name: Print the apache2ctl configtest standard error
      ansible.builtin.debug:
        msg: "{{ apache_configtest.stderr }}"
        verbosity: 1

    - name: Fail if Apache configtest is not OK
      ansible.builtin.fail:
        msg: "{{ apache_configtest.stdout_lines }}"
      when: ( "Syntax OK" not in apache_configtest.stderr ) or ( apache_configtest.rc == 1 )

    - name: Apache restarted
      ansible.builtin.service:
        name: apache2
        state: restarted
      when: ( "Syntax OK" in apache_configtest.stderr ) or ( apache_configtest.rc == 0 )

  tags:
    - apache
...