Ansible-Zammad/roles/zammad/tasks/main.yml

---
# file: roles/zammad/tasks/main.yml

- name: Install epel
  package:
    name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"
    state: present
    disable_gpg_check: True

- name: Install prereq packages
  package:
    name: 
      - imlib2
      - glibc-langpack-en    
    state: present
    disable_gpg_check: True

- name: Install certbot
  pip:
    name: certbot
    executable: pip3
    state: latest
  when: zammad_certbot

- name: Deploy certbot renewal service
  template:
    src: certbot-renewal.service.j2
    dest: /etc/systemd/system/certbot-renewal.service
  notify: Daemon Reload
  when: zammad_certbot

- name: Deploy certbot renewal timer
  template:
    src: certbot-renewal.timer.j2
    dest: /etc/systemd/system/certbot-renewal.timer
  notify: Daemon Reload
  when: zammad_certbot

- name: Enable systemd timer for certbot renewal
  service:
    name: certbot-renewal.timer
    enabled: yes
  when: zammad_certbot

- name: Get localectl status
  shell:
      cmd: localectl status | grep -E "en_US.UTF-8"
  register: locale_status
  failed_when: false
  changed_when: false

- name: Set localectl setting to en_US
  command: localectl set-locale LANG=en_US.UTF-8
  when: locale_status.rc == 1

- name: Import zammad rpm key
  rpm_key:
    state: present
    key: https://dl.packager.io/srv/zammad/zammad/key

- name: Add zammad repo
  yum_repository:
    name: zammad
    description: "Repository for zammad/zammad (stable) packages."
    baseurl:  "https://dl.packager.io/srv/rpm/zammad/zammad/stable/el/9/$basearch"
    gpgcheck: false
    gpgkey: "https://dl.packager.io/srv/zammad/zammad/key"
    state: present

- name: Add elasticsearch repo
  yum_repository:
    name: elasticsearch
    description: "Elasticsearch repository for {{ zammad_es_version }}.x packages"
    baseurl:  "https://artifacts.elastic.co/packages/{{ zammad_es_version }}.x/yum"
    gpgcheck: false
    gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"
    state: present

- name: Install core packages
  package:
    name: 
      - elasticsearch
      - nginx
      - postgresql-server
      - compat-openssl11
      - redis
    state: present

- name: Start and enable redis services
  service:
    name: redis
    state: started
    enabled: yes

- name: Check if postgresql is initialized
  stat:
    path: "/var/lib/pgsql/data/pg_hba.conf"
  register: postgres_data

- name: Initialize postgresql
  shell: "postgresql-setup initdb"
  when: not postgres_data.stat.exists

- name: Ensure that password auth is enabled for postgre on ipv4 addresses
  lineinfile:
    path: /var/lib/pgsql/data/pg_hba.conf
    regexp: '^host    all             all             127.0.0.1/32'
    insertafter: '^# IPv4 local connections:'
    line: "host    all             all             127.0.0.1/32            md5"
  notify: Restart postgresql

- name: Ensure that password auth is enabled for postgre on ipv6 addresses
  lineinfile:
    path: /var/lib/pgsql/data/pg_hba.conf
    regexp: '^host    all             all             ::1/128'
    insertafter: '^# IPv6 local connections:'
    line: "host    all             all             ::1/128                 md5"
  notify: Restart postgresql

- name: Start and enable postgresql services
  service:
    name: postgresql
    state: started
    enabled: yes

- name: Install ingest-attachment plugin in elasticsearch
  elasticsearch_plugin:
    name: ingest-attachment
    state: present

- name: Ensure the network host is set
  lineinfile:
    path: /etc/elasticsearch/elasticsearch.yml
    regexp: '^network.host:'
    insertafter: '^#network.host:'
    line: "network.host: {{ zammad_es_network_host }}"
  when: zammad_es_network_host != ""
  notify: Restart elasticsearch

- name: Ensure the discovery seed hosts is set
  lineinfile:
    path: /etc/elasticsearch/elasticsearch.yml
    regexp: '^discovery.seed_hosts:'
    insertafter: '^#discovery.seed_hosts:'
    line: "discovery.seed_hosts: {{ zammad_es_discovery_seed_hosts }}"
  when: zammad_es_discovery_seed_hosts != ""
  notify: Restart elasticsearch

- name: Ensure the max_content_length is set
  lineinfile:
    path: /etc/elasticsearch/elasticsearch.yml
    regexp: '^http.max_content_length:'
    insertafter: '^#http.max_content_length:'
    line: "http.max_content_length: {{ zammad_es_max_content_length }}"
  when: zammad_es_max_content_length != ""
  notify: Restart elasticsearch

- name: Ensure the max_content_length is set
  lineinfile:
    path: /etc/elasticsearch/elasticsearch.yml
    regexp: '^indices.query.bool.max_clause_count:'
    insertafter: '^#indices.query.bool.max_clause_count:'
    line: "indices.query.bool.max_clause_count: {{ zammad_es_max_clause_count }}"
  when: zammad_es_max_clause_count != ""
  notify: Restart elasticsearch

- name: Ensure the xpack_security is set
  lineinfile:
    path: /etc/elasticsearch/elasticsearch.yml
    regexp: '^xpack.security.enabled:'
    insertafter: '^#xpack.security.enabled:'
    line: "xpack.security.enabled: {{ zammad_es_xpack_security_enabled }}"
  when: zammad_es_xpack_security_enabled != ""
  notify: Restart elasticsearch

# TODO Add elasticsearch user/pass

- name: Enable elastic search ingest fix
  block:
    - name: Ensure directory exists for zammad scripts
      file: 
        path: /bin/zammadUtilites
        recurse: yes
        state: directory

    - name: Deploy ingest-attachment-fix script
      template:
        src: ingest-attachment-fix.sh.j2
        dest: /bin/zammadUtilites/ingest-attachment-fix.sh

    - name: Ensure directory exists for elasticsearch override
      file: 
        path: /etc/systemd/system/elasticsearch.service.d
        recurse: yes
        state: directory

    - name: Configure elasticsearch-fail service
      template:
        src: elasticsearch-fail.service.j2
        dest: /etc/systemd/system/elasticsearch-fail.service
      notify: Daemon Reload

    - name: Configure elasticsearch override
      template:
        src: elasticsearch.override.conf.j2
        dest: /etc/systemd/system/elasticsearch.service.d/override.conf
      notify: Daemon Reload
  when: zammad_es_ingest_fix

- name: Start and enable elasticsearch services
  service:
    name: elasticsearch
    state: started
    enabled: yes

- name: Install zammad
  package:
    name: zammad
    state: present

- name: Fix permissions on zammad public folder
  file:
    path: /opt/zammad/public
    owner: zammad
    group: zammad
    mode: '755'
    recurse: true

- name: Manage es_user
  block:
    - name: Get es_user
      shell: zammad run rails r "p Setting.get('es_user')"
      changed_when: False
      register: es_user_result

    - name: Set es_user
      shell: zammad run rails r "Setting.set('es_user', '{{ zammad_es_username }}')"
      when: not ( ('"' + zammad_es_username + '"') == es_user_result.stdout)
  when: zammad_es_username != ""

- name: Manage es_password
  block:
    - name: Get es_password
      shell: zammad run rails r "p Setting.get('es_password')"
      changed_when: False
      register: es_password_result

    - name: Set es_password
      shell: zammad run rails r "Setting.set('es_password', '{{ zammad_es_password }}')"
      when: not ( ('"' + zammad_es_password + '"') == es_password_result.stdout)
  when: zammad_es_password != ""

- name: Get es_url
  shell: zammad run rails r "p Setting.get('es_url')"
  changed_when: False
  register: es_url_result

- name: Manage es_url
  block: 
    - name: Set es_url
      shell: zammad run rails r "Setting.set('es_url', '{{ zammad_es_url }}')"

    - name: Rebuild search index
      shell: zammad run rake zammad:searchindex:rebuild
  when: not ( ('"' + zammad_es_url + '"') == es_url_result.stdout)

- name: Manage es_attachment_ignore
  block:
    - name: Get es_attachment_ignore
      shell: zammad run rails r "p Setting.get('es_attachment_ignore')"
      changed_when: False
      register: es_attachment_ignore_result

    - name: Set es_attachment_ignore
      shell: zammad run rails r "Setting.set('es_attachment_ignore', [ {{ zammad_es_attachment_ignore }} ] )"
      when: not ( ("[" + zammad_es_attachment_ignore | regex_replace("'", '"') + "]") == es_attachment_ignore_result.stdout )
  when: zammad_es_attachment_ignore != ""

- name: Manage es_attachment_max_size_in_mb
  block:
    - name: Get es_attachment_max_size_in_mb
      shell: zammad run rails r "p Setting.get('es_attachment_max_size_in_mb')"
      changed_when: False
      register: es_attachment_max_size_in_mb_result

    - name: Set es_attachment_max_size_in_mb
      shell: zammad run rails r "Setting.set('es_attachment_max_size_in_mb', '{{ zammad_es_attachment_max_size_in_mb }}')"
      when: not ( ('"' + zammad_es_attachment_max_size_in_mb + '"') == es_attachment_max_size_in_mb_result.stdout)
  when: zammad_es_attachment_max_size_in_mb != ""

- name: Deploy custom CSS
  template:
    src: "{{ item }}"
    dest: "/opt/zammad/app/assets/stylesheets/custom/{{ item | basename }}"
    owner: zammad
    group: zammad
  with_fileglob: "{{ zammad_custom_css  }}/*"
  notify: Zammad precompile

- name: Get current template folders
  find:
    paths: "{{ role_path }}/{{ zammad_custom_templates }}/"
    file_type: directory
  register: templateDirs
  delegate_to: 127.0.0.1

- name: Process loop for a given template
  include_tasks: 
    file: customTemplates.yml
  loop: "{{ templateDirs.files }}"
  loop_control:
    loop_var: templateType
    extended: yes

- name: Enable zammad override
  block:
    - name: Ensure directory exists for zammad override
      file: 
        path: /etc/systemd/system/zammad.service.d
        recurse: yes
        state: directory

    - name: Configure zammad override
      template:
        src: zammad.override.conf.j2
        dest: /etc/systemd/system/zammad.service.d/override.conf
      notify: Daemon Reload
  when: zammad_precompile

- name: Start and enable zammad service
  service:
    name: zammad
    state: started
    enabled: yes

- name: Deploy zammad configuration file
  template:
    src: zammad.conf.j2
    dest: /etc/nginx/conf.d/zammad.conf
  notify: Reload nginx

- name: Deploy httpsRedirect configuration file
  template:
    src: httpsRedirect.conf.j2
    dest: /etc/nginx/conf.d/httpsRedirect.conf
  notify: Reload nginx
  when: zammad_httpsRedirect

- name: Start and enable nginx services
  service:
    name: nginx
    state: started
    enabled: yes

- name: Set httpd_can_network_connect flag
  seboolean:
    name: httpd_can_network_connect
    state: true
    persistent: true

- name: Allow apache to modify files in /opt/zammad/public/
  sefcontext:
    target: '/opt/zammad/public(/.*)?'
    setype: httpd_sys_content_t
    state: present
  register: se_zammad_public

- name: Apply SELinux file context to files
  command: restorecon -irv /opt/zammad/public
  when: se_zammad_public.changed

- name: Allow http ports access through the firewall
  firewalld:
    service: http
    permanent: yes
    state: enabled
  notify: Reload firewalld

- name: Allow https ports access through the firewall
  firewalld:
    service: https
    permanent: yes
    state: enabled
  notify: Reload firewalld
Initial commit 2023-04-04 15:33:23 -06:00			`---`
			`# file: roles/zammad/tasks/main.yml`

			`- name: Install epel`
			`package:`
			`name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm"`
			`state: present`
			`disable_gpg_check: True`

			`- name: Install prereq packages`
			`package:`
			`name:`
			`- imlib2`
			`- glibc-langpack-en`
			`state: present`
			`disable_gpg_check: True`

			`- name: Install certbot`
			`pip:`
			`name: certbot`
			`executable: pip3`
			`state: latest`
			`when: zammad_certbot`

			`- name: Deploy certbot renewal service`
			`template:`
			`src: certbot-renewal.service.j2`
			`dest: /etc/systemd/system/certbot-renewal.service`
			`notify: Daemon Reload`
Adding certbot requirement for relevant tasks 2023-04-05 06:22:10 -06:00			`when: zammad_certbot`
Initial commit 2023-04-04 15:33:23 -06:00
			`- name: Deploy certbot renewal timer`
			`template:`
			`src: certbot-renewal.timer.j2`
			`dest: /etc/systemd/system/certbot-renewal.timer`
			`notify: Daemon Reload`
Adding certbot requirement for relevant tasks 2023-04-05 06:22:10 -06:00			`when: zammad_certbot`
Initial commit 2023-04-04 15:33:23 -06:00
			`- name: Enable systemd timer for certbot renewal`
			`service:`
			`name: certbot-renewal.timer`
			`enabled: yes`
Adding certbot requirement for relevant tasks 2023-04-05 06:22:10 -06:00			`when: zammad_certbot`
Initial commit 2023-04-04 15:33:23 -06:00
			`- name: Get localectl status`
			`shell:`
			`cmd: localectl status \| grep -E "en_US.UTF-8"`
			`register: locale_status`
			`failed_when: false`
			`changed_when: false`

			`- name: Set localectl setting to en_US`
			`command: localectl set-locale LANG=en_US.UTF-8`
			`when: locale_status.rc == 1`

			`- name: Import zammad rpm key`
			`rpm_key:`
			`state: present`
			`key: https://dl.packager.io/srv/zammad/zammad/key`

			`- name: Add zammad repo`
			`yum_repository:`
			`name: zammad`
			`description: "Repository for zammad/zammad (stable) packages."`
Updating to centos 9 repo 2024-05-21 08:39:45 -06:00			`baseurl: "https://dl.packager.io/srv/rpm/zammad/zammad/stable/el/9/$basearch"`
Initial commit 2023-04-04 15:33:23 -06:00			`gpgcheck: false`
			`gpgkey: "https://dl.packager.io/srv/zammad/zammad/key"`
			`state: present`

			`- name: Add elasticsearch repo`
			`yum_repository:`
			`name: elasticsearch`
			`description: "Elasticsearch repository for {{ zammad_es_version }}.x packages"`
			`baseurl: "https://artifacts.elastic.co/packages/{{ zammad_es_version }}.x/yum"`
			`gpgcheck: false`
			`gpgkey: "https://artifacts.elastic.co/GPG-KEY-elasticsearch"`
			`state: present`

			`- name: Install core packages`
			`package:`
			`name:`
			`- elasticsearch`
			`- nginx`
			`- postgresql-server`
Updates for v6 2023-06-06 06:18:15 -06:00			`- compat-openssl11`
			`- redis`
Initial commit 2023-04-04 15:33:23 -06:00			`state: present`

Updates for v6 2023-06-06 06:18:15 -06:00			`- name: Start and enable redis services`
			`service:`
			`name: redis`
			`state: started`
			`enabled: yes`

Initial commit 2023-04-04 15:33:23 -06:00			`- name: Check if postgresql is initialized`
			`stat:`
			`path: "/var/lib/pgsql/data/pg_hba.conf"`
			`register: postgres_data`

			`- name: Initialize postgresql`
			`shell: "postgresql-setup initdb"`
			`when: not postgres_data.stat.exists`

			`- name: Ensure that password auth is enabled for postgre on ipv4 addresses`
			`lineinfile:`
			`path: /var/lib/pgsql/data/pg_hba.conf`
			`regexp: '^host all all 127.0.0.1/32'`
			`insertafter: '^# IPv4 local connections:'`
			`line: "host all all 127.0.0.1/32 md5"`
			`notify: Restart postgresql`

			`- name: Ensure that password auth is enabled for postgre on ipv6 addresses`
			`lineinfile:`
			`path: /var/lib/pgsql/data/pg_hba.conf`
			`regexp: '^host all all ::1/128'`
			`insertafter: '^# IPv6 local connections:'`
			`line: "host all all ::1/128 md5"`
			`notify: Restart postgresql`

			`- name: Start and enable postgresql services`
			`service:`
			`name: postgresql`
			`state: started`
			`enabled: yes`

			`- name: Install ingest-attachment plugin in elasticsearch`
			`elasticsearch_plugin:`
			`name: ingest-attachment`
			`state: present`

			`- name: Ensure the network host is set`
			`lineinfile:`
			`path: /etc/elasticsearch/elasticsearch.yml`
			`regexp: '^network.host:'`
			`insertafter: '^#network.host:'`
			`line: "network.host: {{ zammad_es_network_host }}"`
			`when: zammad_es_network_host != ""`
			`notify: Restart elasticsearch`

			`- name: Ensure the discovery seed hosts is set`
			`lineinfile:`
			`path: /etc/elasticsearch/elasticsearch.yml`
			`regexp: '^discovery.seed_hosts:'`
			`insertafter: '^#discovery.seed_hosts:'`
			`line: "discovery.seed_hosts: {{ zammad_es_discovery_seed_hosts }}"`
			`when: zammad_es_discovery_seed_hosts != ""`
			`notify: Restart elasticsearch`

			`- name: Ensure the max_content_length is set`
			`lineinfile:`
			`path: /etc/elasticsearch/elasticsearch.yml`
			`regexp: '^http.max_content_length:'`
			`insertafter: '^#http.max_content_length:'`
			`line: "http.max_content_length: {{ zammad_es_max_content_length }}"`
			`when: zammad_es_max_content_length != ""`
			`notify: Restart elasticsearch`

			`- name: Ensure the max_content_length is set`
			`lineinfile:`
			`path: /etc/elasticsearch/elasticsearch.yml`
			`regexp: '^indices.query.bool.max_clause_count:'`
			`insertafter: '^#indices.query.bool.max_clause_count:'`
			`line: "indices.query.bool.max_clause_count: {{ zammad_es_max_clause_count }}"`
			`when: zammad_es_max_clause_count != ""`
			`notify: Restart elasticsearch`

			`- name: Ensure the xpack_security is set`
			`lineinfile:`
			`path: /etc/elasticsearch/elasticsearch.yml`
			`regexp: '^xpack.security.enabled:'`
			`insertafter: '^#xpack.security.enabled:'`
			`line: "xpack.security.enabled: {{ zammad_es_xpack_security_enabled }}"`
			`when: zammad_es_xpack_security_enabled != ""`
			`notify: Restart elasticsearch`

			`# TODO Add elasticsearch user/pass`

			`- name: Enable elastic search ingest fix`
			`block:`
			`- name: Ensure directory exists for zammad scripts`
			`file:`
			`path: /bin/zammadUtilites`
			`recurse: yes`
			`state: directory`

			`- name: Deploy ingest-attachment-fix script`
			`template:`
			`src: ingest-attachment-fix.sh.j2`
			`dest: /bin/zammadUtilites/ingest-attachment-fix.sh`

			`- name: Ensure directory exists for elasticsearch override`
			`file:`
			`path: /etc/systemd/system/elasticsearch.service.d`
			`recurse: yes`
			`state: directory`

			`- name: Configure elasticsearch-fail service`
			`template:`
			`src: elasticsearch-fail.service.j2`
			`dest: /etc/systemd/system/elasticsearch-fail.service`
			`notify: Daemon Reload`

			`- name: Configure elasticsearch override`
			`template:`
			`src: elasticsearch.override.conf.j2`
			`dest: /etc/systemd/system/elasticsearch.service.d/override.conf`
			`notify: Daemon Reload`
			`when: zammad_es_ingest_fix`

			`- name: Start and enable elasticsearch services`
			`service:`
			`name: elasticsearch`
			`state: started`
			`enabled: yes`

			`- name: Install zammad`
			`package:`
			`name: zammad`
			`state: present`

			`- name: Fix permissions on zammad public folder`
			`file:`
			`path: /opt/zammad/public`
			`owner: zammad`
			`group: zammad`
			`mode: '755'`
			`recurse: true`

			`- name: Manage es_user`
			`block:`
			`- name: Get es_user`
			`shell: zammad run rails r "p Setting.get('es_user')"`
			`changed_when: False`
			`register: es_user_result`

			`- name: Set es_user`
			`shell: zammad run rails r "Setting.set('es_user', '{{ zammad_es_username }}')"`
			`when: not ( ('"' + zammad_es_username + '"') == es_user_result.stdout)`
			`when: zammad_es_username != ""`

			`- name: Manage es_password`
			`block:`
			`- name: Get es_password`
			`shell: zammad run rails r "p Setting.get('es_password')"`
			`changed_when: False`
			`register: es_password_result`

			`- name: Set es_password`
			`shell: zammad run rails r "Setting.set('es_password', '{{ zammad_es_password }}')"`
			`when: not ( ('"' + zammad_es_password + '"') == es_password_result.stdout)`
			`when: zammad_es_password != ""`

			`- name: Get es_url`
			`shell: zammad run rails r "p Setting.get('es_url')"`
			`changed_when: False`
			`register: es_url_result`

			`- name: Manage es_url`
			`block:`
			`- name: Set es_url`
			`shell: zammad run rails r "Setting.set('es_url', '{{ zammad_es_url }}')"`

			`- name: Rebuild search index`
			`shell: zammad run rake zammad:searchindex:rebuild`
			`when: not ( ('"' + zammad_es_url + '"') == es_url_result.stdout)`

			`- name: Manage es_attachment_ignore`
			`block:`
			`- name: Get es_attachment_ignore`
			`shell: zammad run rails r "p Setting.get('es_attachment_ignore')"`
			`changed_when: False`
			`register: es_attachment_ignore_result`

			`- name: Set es_attachment_ignore`
			`shell: zammad run rails r "Setting.set('es_attachment_ignore', [ {{ zammad_es_attachment_ignore }} ] )"`
			`when: not ( ("[" + zammad_es_attachment_ignore \| regex_replace("'", '"') + "]") == es_attachment_ignore_result.stdout )`
			`when: zammad_es_attachment_ignore != ""`

			`- name: Manage es_attachment_max_size_in_mb`
			`block:`
			`- name: Get es_attachment_max_size_in_mb`
			`shell: zammad run rails r "p Setting.get('es_attachment_max_size_in_mb')"`
			`changed_when: False`
			`register: es_attachment_max_size_in_mb_result`

			`- name: Set es_attachment_max_size_in_mb`
			`shell: zammad run rails r "Setting.set('es_attachment_max_size_in_mb', '{{ zammad_es_attachment_max_size_in_mb }}')"`
			`when: not ( ('"' + zammad_es_attachment_max_size_in_mb + '"') == es_attachment_max_size_in_mb_result.stdout)`
			`when: zammad_es_attachment_max_size_in_mb != ""`

			`- name: Deploy custom CSS`
			`template:`
			`src: "{{ item }}"`
			`dest: "/opt/zammad/app/assets/stylesheets/custom/{{ item \| basename }}"`
			`owner: zammad`
			`group: zammad`
			`with_fileglob: "{{ zammad_custom_css }}/*"`
			`notify: Zammad precompile`

			`- name: Get current template folders`
			`find:`
			`paths: "{{ role_path }}/{{ zammad_custom_templates }}/"`
			`file_type: directory`
			`register: templateDirs`
			`delegate_to: 127.0.0.1`

			`- name: Process loop for a given template`
			`include_tasks:`
			`file: customTemplates.yml`
			`loop: "{{ templateDirs.files }}"`
			`loop_control:`
			`loop_var: templateType`
			`extended: yes`

			`- name: Enable zammad override`
			`block:`
			`- name: Ensure directory exists for zammad override`
			`file:`
			`path: /etc/systemd/system/zammad.service.d`
			`recurse: yes`
			`state: directory`

			`- name: Configure zammad override`
			`template:`
			`src: zammad.override.conf.j2`
			`dest: /etc/systemd/system/zammad.service.d/override.conf`
			`notify: Daemon Reload`
			`when: zammad_precompile`

			`- name: Start and enable zammad service`
			`service:`
			`name: zammad`
			`state: started`
			`enabled: yes`

			`- name: Deploy zammad configuration file`
			`template:`
			`src: zammad.conf.j2`
			`dest: /etc/nginx/conf.d/zammad.conf`
			`notify: Reload nginx`

			`- name: Deploy httpsRedirect configuration file`
			`template:`
			`src: httpsRedirect.conf.j2`
			`dest: /etc/nginx/conf.d/httpsRedirect.conf`
			`notify: Reload nginx`
			`when: zammad_httpsRedirect`

			`- name: Start and enable nginx services`
			`service:`
			`name: nginx`
			`state: started`
			`enabled: yes`

			`- name: Set httpd_can_network_connect flag`
			`seboolean:`
			`name: httpd_can_network_connect`
			`state: true`
			`persistent: true`

			`- name: Allow apache to modify files in /opt/zammad/public/`
			`sefcontext:`
			`target: '/opt/zammad/public(/.*)?'`
			`setype: httpd_sys_content_t`
			`state: present`
			`register: se_zammad_public`

			`- name: Apply SELinux file context to files`
			`command: restorecon -irv /opt/zammad/public`
			`when: se_zammad_public.changed`

			`- name: Allow http ports access through the firewall`
			`firewalld:`
			`service: http`
			`permanent: yes`
			`state: enabled`
			`notify: Reload firewalld`

			`- name: Allow https ports access through the firewall`
			`firewalld:`
			`service: https`
			`permanent: yes`
			`state: enabled`
			`notify: Reload firewalld`