---
-
    name: Ensure letsencrypt directory exists
    file:
        path: /etc/letsencrypt
        state: directory
        mode: "0700"

-
    name: Deploy SSL certificates
    unarchive:
        src: "{{ letsencrypt_archive }}"
        dest: /etc/letsencrypt/
    when: letsencrypt_archive is defined
    notify: reload apache

-
    name: Ensure SSL private keys are readable by containers
    shell: find /etc/letsencrypt -name 'privkey*.pem' -exec chmod 644 {} +
    changed_when: false
    when: letsencrypt_archive is defined

-
    name: Install Apache
    apt:
        name: "{{ apache_package }}"
        state: present
        update_cache: yes

-
    name: Enable Apache modules
    community.general.apache2_module:
        name: "{{ item }}"
        state: present
    loop:
        - proxy
        - proxy_http
        - proxy_wstunnel
        - ssl
        - rewrite
        - headers
        - auth_basic
        - autoindex
    notify: reload apache

-
    name: Disable default site
    command: "{{ apache_disable_site_cmd }} 000-default"
    args:
        removes: "{{ apache_sites_enabled }}/000-default.conf"
    notify: reload apache

-
    name: Ensure tiararodney.com document root exists
    file:
        path: /var/www/tiararodney.com
        state: directory
        mode: "0755"

-
    name: Deploy tiararodney.com vhost
    template:
        src: 000-default-redirect.conf.j2
        dest: "{{ apache_sites_available }}/000-default-redirect.conf"
    notify: reload apache

-
    name: Enable tiararodney.com redirect vhost
    command: "{{ apache_enable_site_cmd }} 000-default-redirect"
    args:
        creates: "{{ apache_sites_enabled }}/000-default-redirect.conf"
    notify: reload apache

-
    name: Ensure Apache is started and enabled
    service:
        name: "{{ apache_service }}"
        state: started
        enabled: yes

-
    name: Ensure Apache is reloaded with current config
    meta: flush_handlers