---
- name: Make sure the ticketkey is deployed
  ansible.builtin.copy: src=/root/ticketkey_{{env}}.tkey dest=/etc/httpd/ticketkey_{{env}}.tkey
        owner=root group=root mode=0600
  notify:
  - Reload proxyhttpd

- name: Copy in the main httpd.conf file for proxy nodes
  ansible.builtin.template: >
    src=httpd.conf.j2 dest=/etc/httpd/conf/httpd.conf
    owner=root group=root mode=0644
  notify:
  - Reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Make sure certain files are gone
  ansible.builtin.file: dest=/etc/httpd/conf.d/{{item}} state=absent
  with_items:
  - welcome.conf
  tags:
  - httpd
  - httpd/proxy

- name: Copy over some basic configs into /etc/httpd/conf.d/
  ansible.builtin.template: >
    src={{item}} dest=/etc/httpd/conf.d/{{item}}
    owner=root group=root mode=0644
  with_items:
  - forwarded.conf
  - 02-ticketkey.conf
  - 03-reqtimeout.conf
  notify:
  - Reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Remove the keepalives configuration
  ansible.builtin.file: path=/etc/httpd/conf.d/01-keepalives.conf state=absent
  notify:
  - Reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Set the apache mpm to use event MPM
  ansible.builtin.copy: src=00-mpm.conf dest=/etc/httpd/conf.modules.d/00-mpm.conf
  notify:
  - Reload proxyhttpd
  tags:
  - httpd
  - httpd/proxy

- name: Install libsemanage
  ansible.builtin.package:
    state: present
    name:
    - libsemanage-python
  tags:
  - httpd
  - httpd/proxy
  - selinux
  when: (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int < 8) or (ansible_distribution_major_version|int < 30 and ansible_distribution == 'Fedora')

- name: Install libsemanage in a python3 manner
  ansible.builtin.package:
    state: present
    name:
    - python3-libsemanage
  tags:
  - httpd
  - httpd/proxy
  - selinux
  when: (ansible_distribution_major_version|int >= 30 and ansible_distribution == 'Fedora') or (ansible_distribution == 'RedHat' and ansible_distribution_major_version|int >= 8)

- name: Turn on certain selinux booleans we need for our proxy layer
  seboolean: name={{ item }} state=true persistent=true
  with_items:
  # We need this for httpd to be able to reverseproxy to other machines.
  - httpd_can_network_connect
  tags:
  - httpd
  - httpd/proxy
  - selinux

- name: Create pki/httpd
  ansible.builtin.file: path=/etc/pki/httpd state=directory
        owner=root group=root mode=0600
  tags:
  - httpd
  - httpd/proxy

- name: Disable systemd-oomd we do not need or want it
  service: name=systemd-oomd state=stopped enabled=no
  tags:
  - httpd
  - httpd/proxy
  - disablesystemdoomd

- name: Create systemd drop in dir for httpd
  ansible.builtin.file: path=/etc/systemd/system/httpd.service.d/ state=directory
  tags:
  - httpd
  - httpd/proxy
  - httpdoverride

- name: Create systemd drop in dir for httpd
  ansible.builtin.copy: src=httpdoverride.conf dest=/etc/systemd/system/httpd.service.d/httpdoverride.conf
  tags:
  - httpd
  - httpd/proxy
  - httpdoverride
  notify:
  - Reload systemd