- name: install apache2
  ansible.builtin.package:
    name: apache2
- name: enable mod_md
  ansible.builtin.command:
    cmd: a2enmod md
    creates: /etc/apache2/mods-enabled/md.load
  notify: restart web
- name: enable mod_ssl
  ansible.builtin.command:
    cmd: a2enmod ssl
    creates: /etc/apache2/mods-enabled/ssl.load
  notify: restart web
- name: enable mod_userdir
  ansible.builtin.command:
    cmd: a2enmod userdir
    creates: /etc/apache2/mods-enabled/userdir.load
  notify: restart web
- name: enable mod_proxy_http
  ansible.builtin.command:
    cmd: a2enmod proxy_http
    creates: /etc/apache2/mods-enabled/proxy_http.load
  notify: restart web
- name: enable mod_headers
  ansible.builtin.command:
    cmd: a2enmod headers
    creates: /etc/apache2/mods-enabled/headers.load
  notify: restart web
- name: ssl site
  ansible.builtin.copy:
    dest: /etc/apache2/sites-enabled/ssl.conf
    content: |
      MDomain {{ public_hostname_punycode }}
      MDCertificateAgreement accepted

      <VirtualHost *:443>
        ServerName {{ public_hostname_punycode }}
        SSLEngine on
        ServerAdmin {{ admin_email }}

        <Location /vaultwarden/>
          ProxyPass http://127.0.0.1:8080/vaultwarden/
          ProxyPreserveHost On
          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
        </Location>
      </VirtualHost>
  notify: restart web