only run if apache service is active

handlers/main.yml

@@ -0,0 +1,7 @@
+---
+- name: restart_apache
+  systemd_service:
+    name: "{{ apache_service }}"
+    state: reloaded
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:

tasks/main.yml

@@ -1,4 +1,19 @@
 ---
+- name: service facts
+  service_facts:
+- name: service name is apache2
+  set_fact:
+    apache_service: "apache2"
+  when:
+    - "services['apache2.service'] is defined"
+    - "services['apache2.service'].state == 'running'"
+- name: service name is httpd
+  set_fact:
+    apache_service: "httpd"
+  when:
+    - "services['httpd.service'] is defined"
+    - "services['httpd.service'].state == 'running'"
+
 - name: include debian/ubuntu specific
   include_tasks: debian.yml
   when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
@@ -7,27 +22,33 @@
   include_tasks: redhat.yml
   when: ansible_distribution == "RedHat"
 
-
-- name: security.conf ServerTokens, debian11-99 ubuntu20-99 redhat
-  lineinfile:
-    dest: /etc/apache2/conf-available/security.conf
-    regexp: "^ServerTokens"
-    line: "ServerTokens Prod"
+- name: hardening apache
   when:
-    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
-      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
-      ansible_distribution == "RedHat"
+    - apache_service is defined
+  block:
+
+    - name: security.conf ServerTokens, debian11-99 ubuntu20-99 redhat
+      lineinfile:
+        dest: /etc/apache2/conf-available/security.conf
+        regexp: "^ServerTokens"
+        line: "ServerTokens Prod"
+      when: 
+        - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
+          (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
+          ansible_distribution == "RedHat"
+      notify: restart_apache
 
 
-- name: security.conf ServerSignature, debian11-99 ubuntu20-99 redhat
-  lineinfile:
-    dest: /etc/apache2/conf-available/security.conf
-    regexp: "^ServerSignature"
-    line: "ServerSignature Off"
-  when: 
-    - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
-      (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
-      ansible_distribution == "RedHat"
+    - name: security.conf ServerSignature, debian11-99 ubuntu20-99 redhat
+      lineinfile:
+        dest: /etc/apache2/conf-available/security.conf
+        regexp: "^ServerSignature"
+        line: "ServerSignature Off"
+      when: 
+        - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
+          (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
+          ansible_distribution == "RedHat"
+      notify: restart_apache
 
 
 # vim: set tabstop=2 shiftwidth=2 expandtab smarttab: