Move Apache-PHP to its own role, set up dependencies

roles/apache-php/meta/main.yml

@@ -0,0 +1,2 @@
+---
+allow_duplicates: no

roles/apache-php/tasks/main.yml

@@ -0,0 +1,42 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Install, configure, and start Apache
+  block:
+  - name: Install Apache packages
+    apt:
+      name: "{{ packages }}"
+    vars:
+      packages:
+      - apache2
+      - libapache2-mod-php7.2
+      - php7.2
+      - php7.2-gd
+      - php7.2-json
+      - php7.2-mysql
+      - php7.2-curl
+      - php7.2-mbstring
+      - php7.2-intl
+      - php7.2-xml
+      - php7.2-zip
+      - php7.2-cgi
+      - php7.2-cli
+  - name: Copy configuration
+    copy:
+      src: "{{ item.src }}"
+      dest: "{{ item.dest }}"
+      mode: "{{ item.mode }}"
+    loop:
+      - { src: "php-apache2.ini", dest: "/etc/php/7.2/apache2/php.ini", mode: "0644" }
+      - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
+  - name: Disable default website
+    file:
+      # This is a symlink so who cares
+      path: "/etc/apache2/sites-enabled/000-default.conf"
+      state: absent
+  - name: Enable modules
+    shell: "{{ item }}"
+    loop:
+      - "a2enmod rewrite"
+      - "a2enmod ssl"
+  become: yes

roles/https/meta/main.yml

@@ -1,2 +1,4 @@
 ---
 allow_duplicates: yes
+dependencies:
+  - role: apache-php

roles/nextcloud/meta/main.yml

@@ -1,2 +1,5 @@
 ---
 allow_duplicates: no
+dependencies:
+  - role: apache-php
+  - role: mysql

roles/nextcloud/tasks/main.yml

@@ -1,9 +1,6 @@
 #!/usr/bin/ansible-playbook
 # vim:ft=ansible:
 ---
-- name: Include MySQL role
-  include_role:
-    name: mysql
 - name: Install, configure, and start Nextcloud
   block:
   - name: Install Nextcloud-required packages
@@ -11,28 +8,7 @@
       name: "{{ packages }}"
     vars:
       packages:
-      - apache2
-      - libapache2-mod-php7.2
-      - php7.2
-      - php7.2-gd
-      - php7.2-json
-      - php7.2-mysql
-      - php7.2-curl
-      - php7.2-mbstring
-      - php7.2-intl
       - php-imagick
-      - php7.2-xml
-      - php7.2-zip
-      - php7.2-cgi
-      - php7.2-cli
-  - name: Copy configuration
-    copy:
-      src: "{{ item.src }}"
-      dest: "{{ item.dest }}"
-      mode: "{{ item.mode }}"
-    loop:
-      - { src: "php-apache2.ini", dest: "/etc/php/7.2/apache2/php.ini", mode: "0644" }
-      - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
   - name: Set up MySQL
     block:
       - name: Create database
@@ -51,11 +27,6 @@
           login_password: "{{ mysql_root_password }}"
   - name: Set up Apache
     block:
-      - name: Disable default configuration
-        file:
-          # This is a symlink so who cares
-          path: "/etc/apache2/sites-enabled/000-default.conf"
-          state: absent
       - name: Create webroot
         file:
           path: "{{ nextcloud_webroot }}"
@@ -104,11 +75,6 @@
           name: "nextcloud-cron"
           minute: "*/5"
           job: 'php -f "{{ nextcloud_webroot }}/cron.php"'
-      - name: Enable Apache configs and modules
-        shell: "{{ item }}"
-        loop:
-          - "a2enmod rewrite"
-          - "a2enmod ssl"
   - name: Register certificates
     block:
       # Note: We copy over some insecure configs now
@@ -127,6 +93,7 @@
           website_webroot: "{{ nextcloud_webroot }}"
   - name: Secure Apache
     block:
+      # If we copied over http-only configs before, they get oblooterated now
       - name: Copy over virtual host configs
         template:
           src: apache2-vhost-ssl.conf