---
- import_playbook: "include/deploy-kvm-guest.yml myhosts=static"

- name: configure instance
  hosts: static
  user: root
  gather_facts: true

  vars_files:
    - "{{ ansible_private }}/vars.yml"

  roles:
    - base
    - role: keytab
      principals:
        - "host/{{ inventory_hostname }}@FOO.SH"
        - "nfs/{{ inventory_hostname }}@FOO.SH"
    - nfs_client
    - sssd
    - autofs
    - apache

  tasks:
    - name: allow apache to access nfs mounts from selinux
      seboolean:
        name: httpd_use_nfs
        state: true
        persistent: true
    - name: share role and home directories to apache
      copy:
        dest: /etc/httpd/conf.local.d/public_html.conf
        content: |
          UserDir enabled
          UserDir public_html
          <Directory "/home/*/public_html">
            Options SymLinksIfOwnerMatch IncludesNoExec Indexes MultiViews
            AllowOverride AuthConfig FileInfo Indexes Limit
            Require all granted
          </Directory>

          AliasMatch ^/roles/([a-z]*)/(.*) /roles/$1/public/public_html/$2
          <Directory "/roles/*/public/public_html">
            Options FollowSymLinks IncludesNoExec Indexes MultiViews
            AllowOverride AuthConfig FileInfo Indexes Limit
            Require all granted
          </Directory>
        mode: 0644
        owner: root
        group: "{{ ansible_wheel }}"
      notify: restart apache