---
- name: Allow HTTP traffic
  ufw:
    rule: allow
    port: 80

- name: Allow HTTPS traffic
  ufw:
    rule: allow
    port: 443

- name: Enable Apache2 modules
  community.general.apache2_module:
    state: present
    name: "{{ item }}"
  loop:
    - rewrite
    - ssl
    - mpm_prefork

- name: Disable MPM Apache2 modules
  community.general.apache2_module:
    state: absent
    name: "{{ item }}"
  loop:
    - mpm_worker
    - mpm_event

- name: Stop Apache
  service:
    name: apache2
    state: stopped

- name: Ensure SSL certificate exists
  shell: "certbot certonly --agree-tos --email certs@susurrando.com -n --standalone -d {{ item.vhostname }}"
  args:
    creates: "/etc/letsencrypt/archive/{{ item.vhostname }}"
  when:
    - "'ssl' in item"
    - item['ssl']
  with_items: "{{ vhosts }}"

- name: Ensure default vhost root exists
  file:
    path: /var/www/html
    state: directory
    owner: www-data
    group: www-data
    mode: 0775

- name: Ensure default vhost is configured with SSL redirection
  copy:
    dest: /etc/apache2/conf-available/default_host.conf
    src: files/default_host.conf
    backup: yes
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure default vhost is enabled with SSL redirection
  file:
    dest: /etc/apache2/conf-enabled/default_host.conf
    src: /etc/apache2/conf-available/default_host.conf
    state: link
    mode: 0644
  notify:
    - Restart Apache

- name: Start Apache
  service:
    name: apache2
    state: started

- name: Ensure Apache modules are enabled
  community.general.apache2_module:
    state: present
    force: True
    name: "{{ item }}"
  with_items: "{{ apache_modules }}"
  when: apache_modules is defined

- name: Ensure vhost docroot exists
  file:
    path: "{{ item.docroot | default('/var/www/{{ item.vhostname }}') }}"
    state: directory
    owner: www-data
    group: www-data
    mode: 0775
  loop: "{{ vhosts }}"

- name: Ensure vhosts are configured
  template:
    src: templates/vhost.conf.j2
    dest: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    owner: root
    group: root
    mode: '0644'
    backup: yes
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache

- name: Ensure vhost is enabled
  file:
    src: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    dest: "/etc/apache2/sites-enabled/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    state: link
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache
# notfound.php
# error500.php
# error503.php