only run if apache service is active

handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart_apache
+  systemd_service:
+    name: "{{ apache_service }}"
+    state: reloaded
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:

tasks/main.yml

@@ -1,4 +1,19 @@
 ---
+- name: service facts
+  service_facts:
+- name: service name is apache2
+  set_fact:
+    apache_service: "apache2"
+  when:
+    - "services['apache2.service'] is defined"
+    - "services['apache2.service'].state == 'running'"
+- name: service name is httpd
+  set_fact:
+    apache_service: "httpd"
+  when:
+    - "services['httpd.service'] is defined"
+    - "services['httpd.service'].state == 'running'"
+
 - name: include debian/ubuntu specific
   include_tasks: debian.yml
   when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
@@ -7,6 +22,10 @@
   include_tasks: redhat.yml
   when: ansible_distribution == "RedHat"
 
+- name: hardening apache
+  when:
+    - apache_service is defined
+  block:
 
     - name: security.conf ServerTokens, debian11-99 ubuntu20-99 redhat
       lineinfile:
@@ -17,6 +36,7 @@
         - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
           (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
           ansible_distribution == "RedHat"
+      notify: restart_apache
 
 
     - name: security.conf ServerSignature, debian11-99 ubuntu20-99 redhat
@@ -28,6 +48,7 @@
         - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
           (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
           ansible_distribution == "RedHat"
+      notify: restart_apache
 
 
 # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: