---

- name: Selinux... selinux targets
  sefcontext:
    target: "{{ item }}"
    setype: httpd_sys_rw_content_t
    state: present
  register: filecontext
  with_items:
    - '{{ nc_data_dir }}(/.*)?'
    - '{{ http_webroot }}/nextcloud/config(/.*)?'
    - '{{ http_webroot }}/nextcloud/apps(/.*)?'
    - '{{ http_webroot }}/nextcloud/custom_apps(/.*)?'
    - '{{ http_webroot }}/nextcloud/assets(/.*)?'
    - '{{ http_webroot }}/nextcloud/.htaccess'
    - '{{ http_webroot }}/nextcloud/.user.ini'
    - '{{ http_webroot }}/nextcloud/3rdparty/aws/aws-sdk-php/src/data/logs(/.*)?'

- name: Selinux... enable seboolean settings
  seboolean:
    name: "{{ item }}"
    state: yes
    persistent: yes
  with_items:
    - httpd_unified
    - httpd_graceful_shutdown
    - httpd_can_network_relay
    - httpd_can_network_connect
    - httpd_can_network_connect_db
    - daemons_enable_cluster_mode
    - httpd_use_fusefs
    - httpd_use_cifs
    - httpd_use_gpg
    - httpd_use_nfs
    - httpd_execmem
    - httpd_can_sendmail

      ###- name: Selinux... enable seboolean settings
      ###  command: semodule -i {{ role_path }}/files/{{ item }}
      ###  loop:
      ###    - httpd-to-php-fpm.pp
      ###    - httpd-to-redis-socket.pp
      ###    - httpd-to-upload-tmp.pp

# if you have trouble with php-fpm and selinux in this nextcloud configuration :
# # ausearch -c 'php-fpm' --raw | audit2allow -M my-phpfpm
# # semodule -X 300 -i my-phpfpm.pp
# # ausearch -c 'df' --raw | audit2allow -M my-df
# # semodule -X 300 -i my-df.pp

- name: Selinux... Run restore context to reload selinux
  shell: restorecon -R -v {{ item.target }}
  when: filecontext.results[item.index] is changed
  with_items:
    - { index: 0, target: '{{ nc_data_dir }}/' }
    - { index: 1, target: '{{ http_webroot }}/nextcloud/' }

- name: Selinux... Restart {{ http_service_name }} service
  service:
    name: "{{ http_service_name }}" 
    state: restarted