- name: configure public web server
  hosts: dmz-www1
  roles:
    - role: common
      tags: common

    - role: apache_vhost
      apache_server_name: www.example.com
      apache_server_aliases: [example.com]
      apache_canonical_hostname: www.example.com
      apache_letsencrypt: yes
      apache_document_root: /var/www/www.example.com
      apache_config: |
        Alias /.well-known/matrix /var/www/well-known/example.com/matrix
      tags: apache

    - role: archive_job
      archive_name: www
      archive_shell: >-
        TIMESTAMP=$(date +%Y%m%d%H%M%S);
        tar czf "www-${TIMESTAMP}.tar.gz"
        --transform "s|^\.|www-${TIMESTAMP}|"
        -C "{{ apache_public_dir }}" {% for dir in apache_backup_dirs %}{{ dir | quote }} {% endfor %}
      tags: archive

    # prosody letsencrypt proxy
    - role: prosody_letsencrypt_proxy
      prosody_le_role: master
      tags: prosody

  tasks:
    - name: create webroot
      file:
        path: /var/www/www.example.com
        state: directory
        owner: root
        group: webmasters
        mode: 02770
      tags: apache

    - name: create well-known directories
      file:
        path: '/var/www/well-known/{{ item }}'
        state: directory
        recurse: yes
      loop:
        - example.com/matrix
      tags: apache

    - name: create .well-known/matrix/server for example.com
      copy:
        content: '{"m.server": "matrix.example.com:8448"}'
        dest: /var/www/well-known/example.com/matrix/server
      tags: apache

    - name: create .well-known/matrix/client for example.com
      copy:
        content: '{"m.homeserver": {"base_url": "https://matrix.example.com:8443"}}'
        dest: /var/www/well-known/example.com/matrix/client
      tags: apache