---
- name: Install stuff
  apt:
    name:
      - apache2
    update_cache: yes

- name: install acme.sh
  include_role:
    name: acmesh

- name: create wwwroot
  file:
    path: "{{ docroot }}"
    owner: root
    group: root
    mode: '0755'
    state: directory

- name: enable apache module proxy
  command: a2enmod proxy
  args:
    creates: /etc/apache2/mods-enabled/proxy.load
  notify:
    reload apache2

- name: enable apache module proxy_html
  command: a2enmod proxy_html
  args:
    creates: /etc/apache2/mods-enabled/proxy_html.load
  notify:
    reload apache2

- name: enable apache module proxy_http
  command: a2enmod proxy_http
  args:
    creates: /etc/apache2/mods-enabled/proxy_http.load
  notify:
    reload apache2

- name: enable apache module proxy_http2
  command: a2enmod proxy_http2
  args:
    creates: /etc/apache2/mods-enabled/proxy_http2.load
  notify:
    reload apache2

- name: enable apache module ssl
  command: a2enmod ssl
  args:
    creates: /etc/apache2/mods-enabled/ssl.load
  notify:
    reload apache2

- name: enable apache module headers
  command: a2enmod headers
  args:
    creates: /etc/apache2/mods-enabled/headers.load
  notify:
    reload apache2

- name: enable apache module rewrite
  command: a2enmod rewrite
  args:
    creates: /etc/apache2/mods-enabled/rewrite.load
  notify:
    reload apache2

- name: enable apache module proxy_wstunnel
  command: a2enmod proxy_wstunnel
  args:
    creates: /etc/apache2/mods-enabled/proxy_wstunnel.load
  notify:
    reload apache2

- name: install acme.sh
  include_role:
    name: acmesh

- name: create directory for website
  file:
    path: "/usr/local/share/ca-certificates/step-ca/"
    owner: root
    group: root
    mode: '0755'
    state: directory
  when: acme_sh_server is defined

- name: copy own root ca cert
  copy:
    src: "{{ inventory_dir }}/files/root_ca.crt"
    dest: "/usr/local/share/ca-certificates/step-ca/step-ca.crt"
  when: acme_sh_server is defined

- name: run update-ca-certificates
  command: /usr/sbin/update-ca-certificates
  args:
    creates: /etc/ssl/certs/step-ca.pem

- name: set amce server url
  set_fact:
    acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 10"
  when: acme_sh_server is defined

- name: set amce server url
  set_fact:
    acmeshserver: ""
  when: not acme_sh_server is defined
  
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf
  template:
    src: apache.conf.j2
    dest: /etc/apache2/sites-available/{{ domainname }}.conf
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload apache2

- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
  template:
    src: apache-ssl.conf.j2
    dest: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload apache2

- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
  file:
    state: link
    src: /etc/apache2/sites-available/{{ domainname }}.conf
    dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
  notify:
    - reload apache2

- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
  template:
    src: includeOptional.conf.j2
    dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
    owner: root
    group: root
    mode: "0644"
  notify:
    - reload apache2

- name: Flush handlers
  meta: flush_handlers

- name: get certificates
  command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
  args:
    creates: /etc/ssl/private/{{ domainname }}.key

- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
  file:
    state: link
    src: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
    dest: /etc/apache2/sites-enabled/{{ domainname }}-ssl.conf
  notify:
    - reload apache2