---
- name: Install koji-web and dependencies
  ansible.builtin.dnf:
    name:
      - koji-web
      - mod_ssl
    state: installed

# TODO: add FreeIPA support
- name: Generate koji-web HTTP principal keytab
  ansible.builtin.include_role:
    name: msvsphere.ci.kerberos_principal
  vars:
    kerberos_principal_name: "{{ koji_web_principal }}"
    kerberos_principal_keytab_path: "{{ koji_web_keytab }}"

- name: Grant httpd read access to koji-web keytab
  ansible.builtin.file:
    path: "{{ koji_web_keytab }}"
    owner: root
    group: apache
    mode: 0o640
    setype: httpd_config_t
  notify:
    - restart httpd

- name: Configure koji-web httpd
  ansible.builtin.template:
    src: etc/httpd/conf.d/kojiweb.conf.j2
    dest: /etc/httpd/conf.d/kojiweb.conf
    owner: root
    group: root
    mode: 0o644
  notify:
    - restart httpd

- name: Configure koji-web
  ansible.builtin.template:
    src: etc/kojiweb/web.conf.j2
    dest: /etc/kojiweb/web.conf
    owner: root
    group: apache
    mode: 0o640
  notify:
    - restart httpd

- name: Enable httpd network connections in SELinux
  ansible.posix.seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true