---

- name: Enable needed modules
  become: true
  community.general.apache2_module:
    name: "{{ item }}"
    state: present
  with_items:
    - proxy
    - proxy_http
    - rewrite
    - ssl
  notify: Reload apache2 service

- name: Copy vHost conf
  become: true
  ansible.builtin.template:
    src: apache2/vhost.conf.j2
    dest: /etc/apache2/sites-available/{{ forgejo_domain }}.conf
    mode: 0644
  notify: Reload apache2 service

- name: Activate vHost
  become: true
  ansible.builtin.command: "a2ensite {{ forgejo_domain }}.conf"
  register: result
  changed_when: "'already enabled' not in result.stdout"
  notify: Reload apache2 service

- name: Allow incoming https
  become: true
  ansible.builtin.copy:
    src: nftables/input.d/https.conf
    dest: /etc/nftables/input.d/https.conf
    mode: 0640
  notify: Reload nftables service