- name: install apache2
  ansible.builtin.package:
    name: apache2
- name: enable mod_md
  ansible.builtin.command:
    cmd: a2enmod md
    creates: /etc/apache2/mods-enabled/md.load
  notify: restart web
- name: enable mod_ssl
  ansible.builtin.command:
    cmd: a2enmod ssl
    creates: /etc/apache2/mods-enabled/ssl.load
  notify: restart web
- name: enable mod_userdir
  ansible.builtin.command:
    cmd: a2enmod userdir
    creates: /etc/apache2/mods-enabled/userdir.load
  notify: restart web
- name: enable mod_proxy_http
  ansible.builtin.command:
    cmd: a2enmod proxy_http
    creates: /etc/apache2/mods-enabled/proxy_http.load
  notify: restart web
- name: enable mod_headers
  ansible.builtin.command:
    cmd: a2enmod headers
    creates: /etc/apache2/mods-enabled/headers.load
  notify: restart web
- name: ssl site
  ansible.builtin.copy:
    dest: /etc/apache2/sites-enabled/ssl.conf
    content: |
      {% if web_server_reachable %}
      MDomain {{ public_hostname_punycode }}
      MDCertificateAgreement accepted
      {% endif %}

      <VirtualHost *:443>
        ServerName {{ public_hostname_punycode }}
        SSLEngine on

      {% if not web_server_reachable %}
        SSLCertificateFile "/etc/ssl/certs/ssl-cert-snakeoil.pem"
        SSLCertificateKeyFile "/etc/ssl/private/ssl-cert-snakeoil.key"
      {% endif %}

        ServerAdmin {{ admin_email }}

        <Location /vaultwarden/>
          ProxyPass http://127.0.0.1:8080/vaultwarden/
          ProxyPreserveHost On
          RequestHeader set X-Real-IP %{REMOTE_ADDR}s
        </Location>

        RedirectMatch "^/$" "https://ñix.es/cgit/alex/ñix.es.git/about/"
      </VirtualHost>
  notify: restart web
- name: gemini
  ansible.builtin.copy:
    dest: /etc/apache2/conf-enabled/gemini.conf
    content: |
      AddType text/gemini .gmi
      # With the default dir module configuration disabled, DirectoryIndex index enables multiviews for indexes.
      # This means that you can have index.html and index.gmi and the client and server will negotiate which content to deliver.
      DirectoryIndex index
      LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
  notify: restart web
- name: disable dir mod
  ansible.builtin.command:
    cmd: a2dismod -f dir
    removes: /etc/apache2/mods-enabled/dir.conf
  notify: restart web