#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2024 by someone <someone@somenet.org>
#
---
- name: install php
  apt:
    pkg:
    - bzip2
    - php8.2
    - php8.2-cli
    - php8.2-fpm
    state: present
    policy_rc_d: 101
  when: vhost_type|lower() in ["php", "custom+php"]
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: install custom php modules
  apt:
    pkg: "{{vhost_php_custom}}"
    state: present
    policy_rc_d: 101
  when: vhost_type|lower() in ["php", "custom+php"] and vhost_php_custom != []
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: copy php-fpm-www.conf
  copy:
    src: "{{item}}"
    dest: "/etc/php/8.2/fpm/pool.d/www.conf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm-www.conf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm-www.conf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm-www.conf"
    - "default/php-fpm-www.conf"
  when: vhost_type|lower() in ["php", "custom+php"]
  notify: restart php-fpm.service


- name: copy php-fpm.service to /etc/systemd/system/
  copy:
    src: "{{item}}"
    dest: "/etc/systemd/system/php-fpm.service"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/php-fpm.service"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/php-fpm.service"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/php-fpm.service"
    - "default/php-fpm.service"
  when: vhost_type|lower() in ["php", "custom+php"]


- name: enable and start phpsessionclean.timer
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: phpsessionclean.timer
  when: vhost_type|lower() in ["php", "custom+php"]


- name: enable and start php-fpm.service
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: php-fpm.service
  when: vhost_type|lower() in ["php", "custom+php"]


- name: request letsencrypt cert for "{{vhost_name}}"
  include_role:
    name: util/letsencrypt-cert
  vars:
    letsencrypt_cert_domain: "{{vhost_name}}"
    letsencrypt_cert_domain_alias: "{{vhost_aliases}}"
  when: vhost_https_on|bool or vhost_https_force_letsencrypt|bool


- name: set up webroot-dir for "{{vhost_name}}"
  file:
    path: "/var/www/{{vhost_name}}"
    state: directory
    mode: 0750
    owner: "www-data"
    group: "www-data"


- name: get or update content via git for "{{vhost_name}}"
  git:
    repo: "{{vhost_git_repo}}"
    dest: "/var/www/{{vhost_name}}/"
    accept_hostkey: "yes"
    clone: "yes"
    force: "yes"
    recursive: "yes"
    track_submodules: "yes"
    update: "yes"
    version: "{{vhost_git_version}}"
  when: vhost_git_repo != ""
  tags: "nginx-vhost-content-update"


- name: deploy some custom files
  copy:
    src:  "{{item.src}}"
    dest: "/var/www/{{vhost_name}}/"
    mode: 0640
    owner: "www-data"
    group: "www-data"
  with_filetree:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-deploy-files/"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-deploy-files/"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-deploy-files/"
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/deploy-files/"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/deploy-files/"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/deploy-files/"
    - "default/deploy-files/"
  when: item.state == "file"
  tags: "nginx-vhost-content-update"


- name: "fix webroot-dir permissions for {{vhost_name}}"
  file:
    path: "/var/www/{{vhost_name}}"
    state: directory
    recurse: yes
    mode: "u=rwX,g=rX,o-rwx"
    owner: "www-data"
    group: "www-data"
  when: vhost_fix_perms|bool
  tags: "nginx-vhost-content-update"


- name: "include vhost_custom and vhost_custom_pre_server for {{vhost_name}}"
  include_vars:
    file: "{{item}}"
    name: vhost_custom
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vars_vhost_custom.yml"
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_vhost_custom.yml"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_vhost_custom.yml"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_vhost_custom.yml"
    - "default/vars_vhost_custom.yml"
  when: vhost_custom.vhost_custom == "" and vhost_custom.vhost_custom_pre_server == ""


- name: generate vhost config for "{{vhost_name}}"
  template:
    src: "{{item}}"
    dest: "/etc/nginx/sites-enabled/{{vhost_name}}.vhost"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-vhost.j2"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-vhost.j2"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-vhost.j2"
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vhost.j2"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vhost.j2"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vhost.j2"
    - "default/vhost.j2"
  notify: restart nginx.service


- name: generate awstats config for "{{vhost_name}}"
  template:
    src: "{{item}}"
    dest: "/etc/awstats/awstats.{{vhost_name}}.conf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{vhost_name}}-awstats.j2"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{vhost_name}}-awstats.j2"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{vhost_name}}-awstats.j2"
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/awstats.j2"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/awstats.j2"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/awstats.j2"
    - "default/awstats.j2"


- name: reset vhost_custom and vhost_custom_pre_server
  include_vars:
    file: "default/vars_vhost_custom.yml"
    name: vhost_custom
  when: vhost_custom.vhost_custom != "" or vhost_custom.vhost_custom_pre_server != ""