- name: JUST 1 SETTING TO TURN ON/OFF FOR APACHE - whereas NGINX below has 4...
  meta: noop

- name: EITHER - Create symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to enable Apache's http://box:{{ pbx_http_port }}/freepbx - if pbx_use_apache and pbx_enabled    # http://box:83/freepbx
  command: a2ensite freepbx.conf
  when: pbx_apache_installed is defined and pbx_enabled

- name: OR ELSE - Delete symlink /etc/{{ apache_service }}/sites-enabled/freepbx.conf to disable Apache's http://box:{{ pbx_http_port }}/freepbx - if not (pbx_use_apache and pbx_enabled)
  file:    # As 'a2dissite freepbx.conf' might not be installed
    path: /etc/{{ apache_service }}/sites-enabled/freepbx.conf    # apache2
    state: absent
  when: pbx_apache_installed is defined and not pbx_enabled


- name: "ENACT ABOVE SETTING FOR APACHE - 'pbx_use_apache: False' might arise later, so best ALWAYS run..."
  meta: noop

- name: EITHER - Restart & Enable '{{ apache_service }}' systemd service - if pbx_use_apache and pbx_enabled
  systemd:
    daemon_reload: yes
    name: "{{ apache_service }}"    # apache2
    state: restarted
    enabled: yes
  when: pbx_apache_installed is defined and pbx_enabled

- name: OR ELSE - Stop & Disable '{{ apache_service }}' systemd service - if not (pbx_use_apache and pbx_enabled)
  systemd:
    daemon_reload: yes
    name: "{{ apache_service }}"
    state: stopped
    enabled: no
  when: pbx_apache_installed is defined and not pbx_enabled

- name: Open-or-Close Asterix ports (including Apache port {{ pbx_http_port }}) in iptables firewall, depending on pbx_enabled [{{ pbx_enabled }}] in local_vars.yml - in support of './runrole pbx'
  command: /usr/bin/iiab-gen-iptables
  when: iiab_stage|int == 9 and network_enabled
# iptables installed in 1-prep via roles/network/tasks/install.yml, but iiab-gen-tables may not be set up until 
# roles/network runs later and can be omitted altogether


- block:

  - name: EITHER - TURN ON 4 SETTINGS FOR NGINX - if pbx_use_nginx and pbx_enabled
    meta: noop

  - name: "Add user 'www-data' to group 'asterisk' BEFORE restarting Asterisk (via FreePBX, below) -- Ansible doesn't support removing a single non-primary group, so if you later change to 'pbx_use_nginx: False' please manually edit /etc/group to revert this"
    user:
      name: www-data
      groups: asterisk
      append: yes

  - name: Run 'fwconsole set CHECKREFERER 0' (0 means false) so 'Submit' button definitively works with NGINX at http://box/freepbx >> Settings >> Advanced Settings -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
    command: fwconsole set CHECKREFERER 0    # Or/later try to run 'fwconsole set CHECKREFERER 1' (1 means true) to restore FreePBX's default strict checking!

  - name: Install /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf converted from www.conf for user 'asterisk'
    copy:
      src: roles/pbx/templates/asterisk.conf
      dest: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf

  - name: Enable http://box/freepbx via NGINX, by installing {{ nginx_conf_dir }}/freepbx-nginx.conf from template
    template:
      src: freepbx-nginx.conf.j2
      dest: "{{ nginx_conf_dir }}/freepbx-nginx.conf"    # /etc/nginx/conf.d

  when: pbx_use_nginx and pbx_enabled

- block:

  - name: OR ELSE - TURN OFF 3 SETTINGS FOR NGINX (1st of 4 above settings too hard!) - if not (pbx_use_nginx and pbx_enabled)
    meta: noop

  - name: Restore FreePBX default by running 'fwconsole set CHECKREFERER 1' (1 means true) as works with Apache -- FYI you can run 'fwconsole set -l' or 'fwconsole set CHECKREFERER' to view FreePBX settings -- FYI /etc/freepbx.conf can completely override FreePBX's stored settings if nec
    command: fwconsole set CHECKREFERER 1

  - name: Remove /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
    file:
      path: /etc/php/{{ php_version }}/fpm/pool.d/asterisk.conf
      state: absent

  - name: Disable http://box/freepbx via NGINX, by removing {{ nginx_conf_dir }}/freepbx-nginx.conf
    file:
      path: "{{ nginx_conf_dir }}/freepbx-nginx.conf"
      state: absent

  when: pbx_use_nginx and not pbx_enabled


- name: "ENACT ABOVE 3-4 SETTINGS FOR NGINX - 'pbx_use_nginx: False' might arise later, so best ALWAYS run these 2..."
  meta: noop

- name: Enable & Restart 'php{{ php_version }}-fpm' systemd service
  systemd:
    name: php{{ php_version }}-fpm
    state: restarted
    enabled: yes

- name: Restart 'nginx' systemd service
  systemd:
    name: nginx
    state: restarted




- name: WRAP UP - Asterisk VIA FreePBX systemd service...
  meta: noop

- name: EITHER - Enable & (Re)start 'freepbx' systemd service, if pbx_enabled
  systemd:
    name: freepbx
    enabled: yes
    state: restarted
  when: pbx_enabled

- name: OR ELSE - Disable & Stop 'freepbx' systemd service, if not pbx_enabled
  systemd:
    name: freepbx
    enabled: no
    state: stopped
  when: not pbx_enabled