---
- name: Install apache
  ansible.builtin.package:
    name: "{{ item }}"
    state: installed
  with_items:
    - httpd
    - mod_ssl

- name: Disable plain http and default included configs
  ansible.builtin.lineinfile:
    path: /etc/httpd/conf/httpd.conf
    line: "#{{ item }}"
    regexp: "^#?{{ item | replace('*', '\\*') }}"
  with_items:
    - "Listen 80"
    - "IncludeOptional conf.d/*.conf"
  notify: Restart apache

- name: Set server admin address
  ansible.builtin.lineinfile:
    path: /etc/httpd/conf/httpd.conf
    line: "ServerAdmin webmaster@{{ mail_domain }}"
    regexp: "#?ServerAdmin .*"
  notify: Restart apache

- name: Include local configs
  ansible.builtin.lineinfile:
    path: /etc/httpd/conf/httpd.conf
    line: "IncludeOptional conf.local.d/*.conf"
  notify: Restart apache

- name: Fix SELinux contexts from data directory
  community.general.sefcontext:
    path: /srv/web(/.*)?
    setype: httpd_sys_content_t
  when: ansible_selinux_python_present

- name: Create data and config directories
  ansible.builtin.file:
    state: directory
    path: "{{ item }}"
    mode: "0755"
    owner: root
    group: "{{ ansible_wheel }}"
    seuser: _default
    setype: _default
  with_items:
    - /srv/web
    - "/srv/web/{{ inventory_hostname }}"
    - "/etc/httpd/conf.local.d"

- name: Create SSL config
  ansible.builtin.template:
    src: ssl.conf.j2
    dest: /etc/httpd/conf.local.d/ssl.conf
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

- name: Create site config
  ansible.builtin.template:
    src: site.conf.j2
    dest: "/etc/httpd/conf.local.d/{{ inventory_hostname }}.conf"
    mode: "0644"
    owner: root
    group: "{{ ansible_wheel }}"
  notify: Restart apache

- name: Enable apache
  ansible.builtin.service:
    name: httpd
    state: started
    enabled: true