---
- name: Ensure UFW is enabled and accepting HTTPS traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '443'

- name: Ensure UFW is enabled and accepting HTTP traffic
  ufw:
    state: enabled
    policy: deny
    rule: allow
    to_port: '80'


- name: Ensure the document root exists for node exporter
  file:
    path: "/var/www/node-metrics-{{ ansible_fqdn }}/"
    state: directory
    owner: www-data

- name: Ensure the document root exists postfixnode exporter
  file:
    path: "/var/www/postfix-metrics-{{ ansible_fqdn }}/"
    state: directory
    owner: www-data

# Add DNS entries in OVH

- name: Check if certificates exist
  stat:
    path: "/etc/letsencrypt/live/node-metrics-{{ ansible_fqdn }}/fullchain.pem"
  register: node_certificate

- name: Check if postfix certificates exist
  stat:
    path: "/etc/letsencrypt/live/postfix-metrics-{{ ansible_fqdn }}/fullchain.pem"
  register: postfix_certificate

- name: Request certificates for node and postfix
  include_tasks: configure_prometheus_exporters_certificates.yml
  when: not node_certificate.stat.exists or not postfix_certificate.stat.exists

- name: Enable the Apache2 SSL module
  community.general.apache2_module:
    state: present
    name: ssl

- name: Enable the Apache2 rewrite module
  community.general.apache2_module:
    state: present
    name: rewrite

- name: Enable the Apache2 authnz_external module
  community.general.apache2_module:
    state: present
    name: authnz_external

- name: Enable the Apache2 proxy module
  community.general.apache2_module:
    state: present
    name: proxy

- name: Enable the Apache2 proxy_http module
  community.general.apache2_module:
    state: present
    name: proxy_http

- name: Enable the Apache2 proxy_wstunnel module
  community.general.apache2_module:
    state: present
    name: proxy_wstunnel

- name: Enable the Apache2 authnz_external module
  community.general.apache2_module:
    state: present
    name: authnz_external

- name: Ensure virtual hosts configuration is deployed
  template:
    src: templates/apache2.conf.j2
    dest: /etc/apache2/sites-available/25-metrics-exporters.conf
    backup: yes

- name: Ensure virtual hosts configuration is enabled
  file:
    dest: /etc/apache2/sites-enabled/25-metrics-exporters.conf
    src: /etc/apache2/sites-available/25-metrics-exporters.conf
    state: link

- name: Start Apache2 after request certificate
  service:
    name: apache2
    state: started