- name: Gather Facts
  setup:

- name: Privoxy installed
  apt: name=privoxy state=latest

- name: Privoxy configured
  template: src="{{ item.src }}" dest="{{ item.dest }}"
  with_items:
    - { src: privoxy_config.j2, dest: /etc/privoxy/config }
    - { src: default.filter.j2, dest: /etc/privoxy/default.filter }
  notify:
    - restart privoxy

- name: Privoxy profile for apparmor configured
  template: src=usr.sbin.privoxy.j2 dest=/etc/apparmor.d/usr.sbin.privoxy owner=root group=root mode=0600
  notify:
    - restart privoxy

- name: Enforce the privoxy AppArmor policy
  shell: aa-enforce usr.sbin.privoxy
  tags: ['apparmor']

- name: Ensure that the privoxy service directory exist
  file: path=/etc/systemd/system/privoxy.service.d/ state=directory mode=0755  owner=root group=root

- name: Setup the cgroup limitations for the privoxy daemon
  template: src=privoxy_100-CustomLimitations.conf.j2 dest=/etc/systemd/system/privoxy.service.d/100-CustomLimitations.conf
  notify:
    - daemon-reload
    - restart privoxy

- meta: flush_handlers

- name: Privoxy enabled and started
  service: name=privoxy state=started enabled=yes

# PageSpeed

- name: Apache installed
  apt: name=apache2 state=latest

- name: PageSpeed installed for x86_64
  apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
  when: ansible_architecture == "x86_64"

- name: PageSpeed installed for i386
  apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_i386.deb
  when: ansible_architecture != "x86_64"

- name: PageSpeed configured
  template: src=pagespeed.conf.j2 dest=/etc/apache2/mods-available/pagespeed.conf
  notify:
    - restart apache2

- name: Modules enabled
  apache2_module: state=present name="{{ item }}"
  with_items:
    - proxy_http
    - pagespeed
    - cache
    - proxy_connect
    - proxy_html
    - rewrite
  notify:
    - restart apache2

- name: VirtualHost configured for the PageSpeed module
  template: src=000-default.conf.j2 dest=/etc/apache2/sites-enabled/000-default.conf
  notify:
    - restart apache2

- name: Apache ports configured
  template: src=ports.conf.j2 dest=/etc/apache2/ports.conf
  notify:
    - restart apache2

- name: Ensure that the apache2 service directory exist
  file: path=/etc/systemd/system/apache2.service.d/ state=directory mode=0755  owner=root group=root

- name: Setup the cgroup limitations for the apache2 daemon
  template: src=apache2_100-CustomLimitations.conf.j2 dest=/etc/systemd/system/apache2.service.d/100-CustomLimitations.conf
  notify:
    - daemon-reload
    - restart apache2

- meta: flush_handlers

- name: Set facts for mobileconfigs
  set_fact:
    proxy_enabled: true

- name: Register p12 PayloadContent
  shell: >
    cat /{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}.p12 | base64
  register:  PayloadContent
  with_items: "{{ users }}"

- name: Register CA PayloadContent
  shell: >
    cat /{{ easyrsa_dir }}/easyrsa3/pki/ca.crt | base64
  register:  PayloadContentCA

- name: Build the mobileconfigs
  template: src=roles/vpn/templates/mobileconfig.j2 dest=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item.0 }}_proxy.mobileconfig mode=0600
  with_together:
    - "{{ users }}"
    - "{{ PayloadContent.results }}"
  no_log: True

- name: Fetch users mobileconfig
  fetch: src=/{{ easyrsa_dir }}/easyrsa3//pki/private/{{ item }}_proxy.mobileconfig dest=configs/{{ IP_subject_alt_name }}_{{ item }}_proxy.mobileconfig flat=yes
  with_items: "{{ users }}"