From 22e69a2c8e08fc2a8123557f2b27d1e657b2686a Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@sevenseas.org>
Date: Fri, 22 Apr 2016 18:16:45 +0200
Subject: [PATCH] library/roles/apache: Use a variable to decide if apache will
 use the letsencrypt certificates or not.

---
 apache/defaults/main.yml            |  1 +
 apache/tasks/apache-letsencrypt.yml | 14 +++++++++-----
 apache/tasks/main.yml               |  4 +++-
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml
index 297e100f..fa01fca2 100644
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@@ -73,6 +73,7 @@ apache_additional_modules_list:
 #  -
 #  -
 
+apache_letsencrypt_managed: False
 apache_letsencrypt_proxy_modules:
   - proxy
   - proxy_http
diff --git a/apache/tasks/apache-letsencrypt.yml b/apache/tasks/apache-letsencrypt.yml
index d8a1cb45..5765e43a 100644
--- a/apache/tasks/apache-letsencrypt.yml
+++ b/apache/tasks/apache-letsencrypt.yml
@@ -2,15 +2,17 @@
 - block:
     - name: Enable the proxy modules needed by letsencrypt
       apache2_module: name={{ item }} state=present
-      notify: apache2 reload 
       with_items: '{{ apache_letsencrypt_proxy_modules }}'
+      notify: apache2 reload 
 
     - name: Install the letsencrypt conf
-      template: src=letsencrypt-proxy.conf.j2 dest=/etc/apache2/conf-available/letsencrypt-proxy.conf owner=root group=root mode=0644
+      template: src={{ item }}.j2 dest=/etc/apache2/conf-available/{{ item }} owner=root group=root mode=0644
+      with_items: '{{ apache_letsencrypt_proxy_conf }}'
       notify: apache2 reload 
 
     - name: Enable the letsencrypt conf
-      file: src=/etc/apache2/conf-available/letsencrypt-proxy.conf dest=/etc/apache2/conf-enabled/letsencrypt-proxy.conf state=link
+      file: src=/etc/apache2/conf-available/{{ item }} dest=/etc/apache2/conf-enabled/{{ item }} state=link
+      with_items: '{{ apache_letsencrypt_proxy_conf }}'
       notify: apache2 reload 
 
     - name: Create the acme hooks directory if it does not yet exist
@@ -19,7 +21,9 @@
     - name: Install a letsencrypt hook for apache
       copy: src=apache-letsencrypt-acme.sh dest={{ letsencrypt_acme_services_scripts_dir }}/apache2 owner=root group=root mode=4555
 
-  when: letsencrypt_acme_install is defined and letsencrypt_acme_install
+  when:
+    - letsencrypt_acme_install is defined and letsencrypt_acme_install
+    - apache_letsencrypt_managed
   tags: [ 'apache', 'letsencrypt' ]
 
 - block:
@@ -31,5 +35,5 @@
       file: path={{ letsencrypt_acme_services_scripts_dir }}/apache2 state=absent
 
   when: ( letsencrypt_acme_install is defined ) and ( not letsencrypt_acme_install )
-  tags: [ 'apache', 'apache_mods', 'letsencrypt' ]
+  tags: [ 'apache', 'letsencrypt' ]
 
diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml
index a3d5e85d..81e218a1 100644
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@@ -4,4 +4,6 @@
 - include: apache-basic-auth.yml
   when: apache_basic_auth
 - include: apache-letsencrypt.yml
-  when: letsencrypt_acme_install is defined and letsencrypt_acme_install
+  when:
+    - letsencrypt_acme_install is defined and letsencrypt_acme_install
+    - apache_letsencrypt_managed