---
- name: Allow HTTP traffic
  ufw:
    rule: allow
    port: 80

- name: Allow HTTPS traffic
  ufw:
    rule: allow
    port: 443

- name: Ensure MPM Worker module is disabled
  shell: a2dismod mpm_worker

- name: Ensure MPM Event module is disabled
  shell: a2dismod mpm_event

- name: Ensure MPM Pre-Fork module is enabled
  shell: a2enmod mpm_prefork

- name: Enable Apache2 modules
  community.general.apache2_module:
    state: present
    name: "{{ item }}"
  loop:
    - rewrite
    - ssl
    - proxy_fcgi
    - proxy


- name: Ensure default vhost root exists
  file:
    path: /var/www/html
    state: directory
    owner: www-data
    group: www-data
    mode: 0775

- name: Ensure default vhost is configured with SSL redirection
  copy:
    dest: /etc/apache2/conf-available/default_host.conf
    src: files/default_host.conf
    backup: yes
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure default vhost is enabled with SSL redirection
  file:
    dest: /etc/apache2/conf-enabled/default_host.conf
    src: /etc/apache2/conf-available/default_host.conf
    state: link
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure Apache modules are enabled
  community.general.apache2_module:
    state: present
    force: True
    name: "{{ item }}"
  with_items: "{{ apache_modules }}"
  register: enabled_mods
  when: apache_modules is defined

- name: Ensure Apache is restarted after enabling modules
  service:
    name: apache2
    state: restarted
  when: enabled_mods.changed

- name: Ensure vhost docroot exists
  file:
    path: "{{ item.docroot | default('/var/www/{{ item.vhostname }}') }}"
    state: directory
    owner: www-data
    group: www-data
    mode: 0775
  loop: "{{ vhosts }}"

- name: Ensure vhosts are configured
  template:
    src: templates/vhost.conf.j2
    dest: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    owner: root
    group: root
    mode: '0644'
    backup: yes
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache

- name: Ensure vhost is enabled
  file:
    src: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    dest: "/etc/apache2/sites-enabled/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    state: link
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache
# notfound.php
# error500.php
# error503.php