---
- name: Disable unused services
  hosts: all

  tasks:

  - name: Check installed packages
    package_facts:
      manager: "auto"
    when: ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' or ansible_os_family == 'Suse'
  
  - name: Ensure that Nginx is stopped and disabled in systemd
    systemd:
      name: nginx
      state: stopped
      enabled: no
      masked: yes
    when: (ansible_os_family == 'RedHat' or ansible_os_family == 'Debian' or ansible_os_family == 'Suse') and
          'www' not in group_names and
          'nginx' in ansible_facts.packages
  
  - name: Ensure that Apache is stopped and disabled in systemd on Debian-like and Suse hosts
    systemd:
      name: apache2
      state: stopped
      enabled: no
      masked: yes
    when: (ansible_os_family == 'Debian' or ansible_os_family == 'Suse') and
          'www_apache' not in group_names and
          'apache2' in ansible_facts.packages

  - name: Ensure that Apache is stopped and disabled in systemd on Redhat-like hosts
    systemd:
      name: httpd
      state: stopped
      enabled: no
      masked: yes
    when: ansible_os_family == 'RedHat' and
          'www_apache' not in group_names and
          'httpd' in ansible_facts.packages

  - name: Disable access for vhosts
    file:
      path: /var/www
      state: directory
      owner: root
      group: root
      mode: '750'
    when: ((ansible_os_family == 'RedHat') or (ansible_os_family == 'Debian') or (ansible_os_family == 'Suse')) and
          (not (('www' in group_names) or ('www_apache' in group_names))) and
          ('nginx' in ansible_facts.packages or
          'apache2' in ansible_facts.packages or
          'httpd' in ansible_facts.packages)