---
- name: check if apt.conf uses a proxy
  shell: grep -Po '(?<=^Acquire::http::Proxy ")[^"]*' /etc/apt/apt.conf
  register: proxy_grep
  failed_when: false
  changed_when: false

- name: set proxy variable
  set_fact:
    proxy: "{{ proxy_grep.stdout }}"
  when: proxy_grep.stdout != ""

- name: /var/www bind mount in fstab
  lineinfile:
    dest: /etc/fstab
    line: '/data/www       /var/www        none    bind    0       0'
  register: fstab_www

- name: mount /var/www
  shell: 'mkdir -p /var/www && mv /var/www /data && mkdir -p /var/www && mount /var/www'
  when: fstab_www.changed

- name: www subdirs
  file:
    dest: "/var/www/{{ item }}"
    state: directory
  with_items:
    - def
    - def/public

- name: www index.html
  shell: "test -e /var/www/def/public/index.html || hostname > /var/www/def/public/index.html"

- name: install packages, jessie
  tags: apt
  apt:
    name:
      - apache2
      - libapache2-mod-php5
      - mysql-client
      - php5-cli
      - php5-curl
      - php5-gd
      - php5-json
      - php5-ldap
      - php5-mysqlnd
    state: present
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: install packages, stretch-buster
  tags: apt
  apt:
    name:
      - apache2
      - libapache2-mod-php
      - mariadb-client
      - php-cli
      - php-bcmath
      - php-curl
      - php-gd
      - php-json
      - php-ldap
      - php-mbstring
      - php-mysql
      - php-soap
      - php-xml
      - php-zip
    state: present
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() == 9 or ansible_distribution_major_version|int() == 10

- name: sury repo pgp key, bullseye+
  tags: apt
  shell: "curl {{ (proxy is defined) | ternary('--proxy '+ proxy|default(''), '')}} -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg"
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() >= 11

- name: sury repo in sources list, bullseye
  tags: apt
  lineinfile:
    dest: /etc/apt/sources.list.d/php-sury.list
    line: 'deb https://packages.sury.org/php/ bullseye main'
    create: yes
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() >= 11

- name: apt update, bullseye
  tags: apt
  apt:
    update_cache: yes
  when: 
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() >= 11

- name: install packages, bullseye
  tags: apt
  apt:
    name:
      - apache2
      - mariadb-client
      - php7.4-cli
      - php7.4-fpm
      - php7.4-bcmath
      - php7.4-curl
      - php7.4-gd
      - php7.4-json
      - php7.4-ldap
      - php7.4-mbstring
      - php7.4-mysql
      - php7.4-opcache
      - php7.4-readline
      - php7.4-soap
      - php7.4-xml
      - php7.4-zip
    state: present
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: conf-available
  copy:
    src: "{{ item }}"
    dest: /etc/apache2/conf-available
  with_items:
    - other-vhosts-access-log.conf
    - charset.conf
    - log-detailed.conf

- name: enable confs / modules, -buster
  shell: "a2enconf charset log-detailed && a2enmod rewrite"
  when: 
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() < 11

- name: enable confs / modules, bullseye+
  shell: "a2enconf charset log-detailed && a2enmod rewrite headers proxy_fcgi"
  when: 
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: virtualhost config, -buster
  copy:
    src: 000-default_modphp.conf
    dest: /etc/apache2/sites-available/000-default.conf
  when: 
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version|int() < 11

- name: virtualhost config, bullseye
  copy:
    src: 000-default_fpm7.4.conf
    dest: /etc/apache2/sites-available/000-default.conf
  when: 
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: php config, jessie
  copy:
    src: hws.php.ini.modphp
    dest: /etc/php5
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: php config symlinks, jessie
  file:
    state: link
    src: /etc/php5/hws.php.ini
    path: "/etc/php5/{{ item }}/conf.d/hws.php.ini"
  with_items:
    - apache2
    - cli
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "8"

- name: php config, stretch
  copy:
    src: hws.php.ini.modphp
    dest: /etc/php/7.0/hws.php.ini
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "9"

- name: php config, buster
  copy:
    src: hws.php.ini.modphp
    dest: /etc/php/7.3/hws.php.ini
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "10"

- name: php config, bullseye
  copy:
    src: hws.php.ini.fpm
    dest: /etc/php/7.4/hws.php.ini
  when:
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)

- name: php config symlinks, stretch
  file:
    state: link
    src: /etc/php/7.0/hws.php.ini
    path: "/etc/php/7.0/{{ item }}/conf.d/hws.php.ini"
  with_items:
    - apache2
    - cli
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "9"

- name: php config symlinks, buster
  file:
    state: link
    src: /etc/php/7.3/hws.php.ini
    path: "/etc/php/7.3/{{ item }}/conf.d/hws.php.ini"
  with_items:
    - apache2
    - cli
  when:
    - ansible_distribution == "Debian"
    - ansible_distribution_major_version == "10"

#- name: php config symlinks, bullseye
#  file:
#    state: link
#    src: /etc/php/7.4/hws.php.ini
#    path: "/etc/php/7.4/{{ item }}/conf.d/hws.php.ini"
#  with_items:
#    - fpm
#    - cli
#  when:
#    - ansible_distribution == "Debian"
#    - ansible_distribution_major_version == "11"


- name: php logrotate config
  copy:
    src: logrotate.conf
    dest: /etc/logrotate.d/php

- name: security.conf ServerTokens, bullseye+
  tags: apt
  lineinfile:
    dest: /etc/apache2/conf-available/security.conf
    regexp: "^ServerTokens"
    line: "ServerTokens Prod"
  when: 
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)


- name: security.conf ServerSignature, bullseye+
  tags: apt
  lineinfile:
    dest: /etc/apache2/conf-available/security.conf
    regexp: "^ServerSignature"
    line: "ServerSignature Off"
  when: 
    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)


# vim: set tabstop=2 shiftwidth=2 expandtab smarttab: