- name: ensure unifi.container systemd unit exists
  template:
    src: unifi.container.j2
    dest: /etc/containers/systemd/unifi.container
    owner: root
    group: root
    mode: u=rw,go=r
  notify:
  - reload systemd
  - restart unifi
  tags:
  - container
- name: flush_handlers
  meta: flush_handlers

- name: ensure unifi.service is running
  systemd:
    name: unifi.service
    state: started
  tags:
  - service

- name: ensure firewall is configured for unifi
  firewalld:
    port: 8080/tcp
    permanent: true
    immediate: true
    state: enabled
  when: host_uses_firewalld|d(true)|bool
  tags:
  - firewalld

- name: ensure nginx is configured to proxy for unifi
  template:
    src: unifi.nginx.conf.j2
    dest: /etc/nginx/default.d/unifi.conf
    mode: u=rw,go=r
    owner: root
    group: root
  notify:
  - reload nginx
  tags:
  - nginx

- name: ensure selinux allows nginx to proxy for unifi
  seboolean:
    name: httpd_can_network_connect
    persistent: true
    state: true
  tags:
  - nginx
  - selinux