corrected adding of admin user, permissions, missing module

tasks/main.yml

@@ -16,12 +16,18 @@
     createhome: yes
     home: /opt/keycloak
 
+- name: check if keycloak-dir exists
+  stat:
+    path: /opt/keycloak/keycloak-13.0.1
+  register: keycloak_exists
+
 - name: Extract keycloak-13.0.1.tar.gz to /opt/keycloak
   unarchive:
     src: keycloak-13.0.1.tar.gz
     dest: /opt/keycloak
     owner: keycloak
     group: keycloak
+  when: not keycloak_exists.stat.exists or redeploy is defined
 
 - name: link /opt/keycloak/keycloak-13.0.1 to /opt/keycloak/current
   file:
@@ -29,21 +35,6 @@
     src: /opt/keycloak/keycloak-13.0.1
     dest: /opt/keycloak/current
 
-- name: set permissions correct
-  file:
-    dest: /opt/keycloak
-    owner: keycloak
-    group: keycloak
-    recurse: yes
-
-- name: set permissions correct 2
-  file:
-    dest: /opt/keycloak/current/standalone/deployments
-    owner: keycloak
-    group: keycloak
-    mode: "0644"
-    recurse: yes
-
 - name: generate /etc/systemd/system/keycloak.service
   template:
     src: keycloak.service.j2
@@ -58,9 +49,6 @@
   template:
     src: standalone.xml.j2
     dest: /opt/keycloak/current/standalone/configuration/standalone.xml
-    owner: keycloak
-    group: keycloak
-    mode: "0644"
   notify:
     - restart keycloak
 
@@ -70,6 +58,14 @@
     enabled: yes
     masked: no
 
+- name: set permissions correct
+  file:
+    dest: /opt/keycloak
+    owner: keycloak
+    group: keycloak
+    mode: "0770"
+    recurse: yes
+
 - name: Flush handlers
   meta: flush_handlers
 
@@ -84,19 +80,41 @@
 - name: Flush handlers
   meta: flush_handlers
 
+- name: check if /opt/keycloak/current/adminuseradded.txt exists
+  stat:
+    path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json 
+  register: adminuseradded_exists
+
 - name: check if /opt/keycloak/current/standalone/configuration/keycloak-add-user.json exists
   stat:
     path: /opt/keycloak/current/standalone/configuration/keycloak-add-user.json 
-  register: file_exists
+  when: not adminuseradded_exists.stat.exists
+  register: keycloak_add_user_exists
 
 - name: check if user exists
   shell: "grep username /opt/keycloak/current/standalone/configuration/keycloak-add-user.json | grep admin"
   register: userexists
-  when: file_exists.stat.exists
+  when: not adminuseradded_exists.stat.exists and keycloak_add_user_exists.stat.exists
 
 - name: create initial admin user
-  command: /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master
+  command: sudo -u keycloak /opt/keycloak/current/bin/add-user-keycloak.sh -u admin -p {{ keycloak_initial_admin_password }} -r master
-  when: file_exists.stat.exists and userexists.stdout == ""
+  when: not keycloak_add_user_exists.stat.exists or userexists.stdout == ""
+  notify:
+    restart keycloak
+
+- name: create initial admin user
+  command: sudo -u keycloak touch /opt/keycloak/current/adminuseradded.txt
+  when: not keycloak_add_user_exists.stat.exists or userexists.stdout == ""
+  notify:
+    restart keycloak
+
+- name: set permissions correct again
+  file:
+    dest: /opt/keycloak
+    owner: keycloak
+    group: keycloak
+    mode: "0770"
+    recurse: yes
 
 - name: enable apache module proxy
   command: a2enmod proxy
@@ -140,6 +158,13 @@
   notify:
     restart apache2
 
+- name: enable apache module rewrite
+  command: a2enmod rewrite
+  args:
+    creates: /etc/apache2/mods-enabled/rewrite.load
+  notify:
+    restart apache2
+
 - name: install acme.sh
   include_role:
     name: acme.sh
@@ -166,6 +191,8 @@
     owner: root
     group: root
     mode: "0644"
+  notify:
+    - reload apache2
 
 - name: generate /etc/apache2/sites-available/{{ inventory_hostname }}-ssl.conf
   template:
@@ -174,6 +201,8 @@
     owner: root
     group: root
     mode: "0644"
+  notify:
+    - reload apache2
 
 - name: activate /etc/apache2/sites-available/{{ inventory_hostname }}.conf
   file: