Add rules to include tasks and handlers only when needed

roles/common/handlers/main.yml

@@ -1,7 +1,11 @@
 - include: base.yml
 - include: firewall.yml
+  when: with_firewall
 - include: security.yml
 - include: smtp.yml
+  when: with_postfix
 - include: dkim.yml
+  when: with_opendkim
 - include: ssh.yml
 - include: smartd.yml
+  when: with_smartd

roles/common/tasks/dkim.yml

@@ -6,7 +6,6 @@
     update_cache: 'yes'
   with_items:
     - 'opendkim'
-  when: with_opendkim
 
 - name: 'Install opendkim main configuration'
   template:
@@ -17,7 +16,6 @@
     mode: '0640'
   notify:
     - 'Restart opendkim'
-  when: with_opendkim
 
 - name: 'Create opendkim config directory'
   file:
@@ -26,7 +24,6 @@
     owner: 'root'
     group: 'opendkim'
     mode: '0750'
-  when: with_opendkim
 
 - name: 'Install opendkim KeyTable'
   template:
@@ -37,7 +34,6 @@
     mode: '0640'
   notify:
     - 'Restart opendkim'
-  when: with_opendkim
 
 - name: 'Install opendkim SigningTable'
   template:
@@ -48,7 +44,6 @@
     mode: '0640'
   notify:
     - 'Restart opendkim'
-  when: with_opendkim
 
 - name: 'Install opendkim InternalHosts'
   template:
@@ -59,7 +54,6 @@
     mode: '0640'
   notify:
     - 'Restart opendkim'
-  when: with_opendkim
 
 - name: 'Install DKIM private keys'
   copy:

roles/common/tasks/dotfiles.yml

@@ -1,7 +1,5 @@
 - name: Install dotfiles
   git: repo={{ dotfiles_repo }} dest={{ dotfiles_dest }} recursive=yes accept_hostkey=yes force=yes
-  when: with_dotfiles
 
 - name: Enable sourcing of dotfiles
   lineinfile: dest=/etc/zsh/zshrc regexp='source {{ dotfiles_dest }}' line='[[ -f {{ dotfiles_dest }}/zsh/zshrc ]] && export LC_SSH_VARS={{ dotfiles_lcsshvars}} && source {{ dotfiles_dest }}/zsh/zshrc'
-  when: with_dotfiles

roles/common/tasks/firewall.yml

@@ -3,10 +3,8 @@
   with_items:
     - linux-image-{{ facter_architecture }}
     - ferm
-  when: with_firewall
 
 - name: Install firewall configuration (ferm.conf)
   template: src=ferm/ferm.conf.j2 dest=/etc/ferm/ferm.conf owner=root group=root mode=0644
   notify:
     - Apply firewall rules (ferm)
-  when: with_firewall

roles/common/tasks/main.yml

@@ -1,11 +1,18 @@
 - include: base.yml
 - include: ssl.yml
+  when: ssl_certs
 - include: dotfiles.yml
+  when: with_dotfiles
 - include: dns.yml
 - include: firewall.yml
+  when: with_firewall
 - include: ovh.yml
+  when: with_ovh
 - include: security.yml
 - include: smtp.yml
+  when: with_postfix or with_mail_aliases
 - include: dkim.yml
+  when: with_opendkim
 - include: ssh.yml
 - include: smartd.yml
+  when: with_smartd

roles/common/tasks/ovh.yml

@@ -4,7 +4,6 @@
       - 01-ovh-network.conf
   notify:
     - Apply kernel configuration (proc)
-  when: with_ovh
 
 - name: Install kernel configuration for OVH dedicated servers (sys)
   template: src=kernel/sysfs.d/{{ item }}.j2 dest=/etc/sysfs.d/{{ item }} owner=root group=root mode=0644
@@ -12,4 +11,3 @@
       - 01-ovh-network.conf
   notify:
     - Refresh sysfs configuration
-  when: with_ovh

roles/common/tasks/smartd.yml

@@ -1,19 +1,15 @@
 - name: Install smartmontools package
   apt: pkg=smartmontools state=installed update_cache=yes
-  when: with_smartd
 
 - name: Install smartd configuration
   template: src=smartd/smartd.conf.j2 dest=/etc/smartd.conf owner=root group=root mode=0644
   notify:
     - Restart smartmontools
-  when: with_smartd
 
 - name: Update smartmontools default/init parameters
   template: src=smartd/default.j2 dest=/etc/default/smartmontools owner=root group=root mode=0644
   notify:
     - Restart smartmontools
-  when: with_smartd
 
 - name: Ensure smartmontools is running
   service: name=smartmontools state=started
-  when: with_smartd

roles/common/tasks/smtp.yml

@@ -9,7 +9,6 @@
     - 'ca-certificates'
     - 'procmail'
     - 'libsasl2-modules'
-  when: with_postfix
 
 - name: 'Install mail aliases file'
   template:
@@ -20,7 +19,7 @@
     mode: '0644'
   notify:
     - 'Regenerate aliases cache'
-  when: with_postfix or with_mail_aliases
+  when: with_mail_aliases
 
 - name: 'Install postfix main configuration'
   template:
@@ -31,7 +30,6 @@
     mode: '0644'
   notify:
     - 'Reload postfix'
-  when: with_postfix
 
 - name: 'Update postfix master config for slowsmtp transport'
   blockinfile:
@@ -43,7 +41,7 @@
             -o slowsmtp_destination_rate_delay=1
   notify:
     - 'Reload postfix'
-  when: with_postfix and with_postfix_slowsmtp
+  when: with_postfix_slowsmtp
 
 - name: 'Install postfix slowsmtp transport map'
   template:
@@ -55,7 +53,7 @@
   notify:
     - 'Rehash slowsmtp transport map'
     - 'Reload postfix'
-  when: with_postfix and with_postfix_slowsmtp
+  when: with_postfix_slowsmtp
 
 - name: 'Install postfix sasl credentials map'
   template:
@@ -67,7 +65,7 @@
   notify:
     - 'Rehash sasl credentials map'
     - 'Reload postfix'
-  when: with_postfix and with_postfix_external_smtp
+  when: with_postfix_external_smtp
 
 - name: 'Install postfix sasl sender rewrite map'
   template:
@@ -78,4 +76,4 @@
     mode: '0600'
   notify:
     - 'Reload postfix'
-  when: with_postfix and with_postfix_external_smtp
+  when: with_postfix_external_smtp

roles/common/tasks/ssl.yml

@@ -6,7 +6,6 @@
     group: 'root'
     mode: '0755'
   with_items: '{{ ssl_certs }}'
-  when: ssl_certs
 
 - name: 'Install ssl certificates (certificate)'
   copy:
@@ -17,7 +16,6 @@
     mode: '0640'
   register: ssl_cert_result
   with_items: '{{ ssl_certs }}'
-  when: ssl_certs
 
 - name: 'Install ssl certificates (private key)'
   copy:
@@ -28,7 +26,6 @@
     mode: '0640'
   register: ssl_key_result
   with_items: '{{ ssl_certs }}'
-  when: ssl_certs
 
 - name: 'Install ssl certificates (chain)'
   copy:
@@ -39,28 +36,25 @@
     mode: '0644'
   register: ssl_chain_result
   with_items: '{{ ssl_certs }}'
-  when: ssl_certs
 
 - name: 'Gathering info about ssl full chain (certificate + chain)'
   stat:
     path: '/etc/ssl/local/certs/{{ item }}/fullchain.pem'
   with_items: '{{ ssl_certs }}'
   register: ssl_fullchain_stats
-  when: ssl_certs
 
 - name: 'Gathering info about ssl bundle (key + fullchain)'
   stat:
     path: '/etc/ssl/local/certs/{{ item }}/bundle.pem'
   with_items: '{{ ssl_certs }}'
   register: ssl_bundle_stats
-  when: ssl_certs
 
 - name: 'Create ssl certificates full chain (certificate + chain)'
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/fullchain.pem'
   with_items: '{{ ssl_fullchain_stats.results }}'
-  when: ssl_certs and (not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed)
+  when: not item.stat.exists or ssl_cert_result|changed or ssl_chain_result|changed
 
 - name: 'Create ssl certificates bundle (key + certificate + bundle)'
   shell: sed '/^\s*$/d' '/etc/ssl/local/certs/{{ item.item }}/privkey.pem' '/etc/ssl/local/certs/{{ item.item }}/cert.pem' '/etc/ssl/local/certs/{{ item.item }}/chain.pem' > '/etc/ssl/local/certs/{{ item.item }}/bundle.pem'
   with_items: '{{ ssl_bundle_stats.results }}'
-  when: ssl_certs and (not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed)
+  when: not item.stat.exists or ssl_key_result|changed or ssl_cert_result|changed or ssl_chain_result|changed

roles/dbserver/tasks/main.yml

@@ -1,2 +1,4 @@
 - include: mysql.yml
+  when: with_mysql or with_mariadb
 - include: postgresql.yml
+  when: with_postgresql

roles/dbserver/tasks/mysql.yml

@@ -14,19 +14,18 @@
 
 - name: Install MySQL or MariaDB backup related packages (automysqlbackup)
   apt: pkg=automysqlbackup state=installed update_cache=yes
-  when: (with_mysql or with_mariadb) and with_mysql_backup
+  when: with_mysql_backup
 
 - name: Fix automysqlbackup to handle events properly
   lineinfile:
     dest: /usr/sbin/automysqlbackup
     regexp: "^OPT="
     line: 'OPT="--quote-names --events" # OPT string for use with mysqldump ( see man mysqldump )'
-  when: (with_mysql or with_mariadb) and with_mysql_backup
+  when: with_mysql_backup
 
 - name: Change MySQL or MariaDB root default password
   raw: if ! echo "SELECT VERSION();" | mysql -u root --password='{{ mysql_root_password }}' >/dev/null 2>&1 ; then echo "UPDATE mysql.user SET Password=PASSWORD('{{ mysql_root_password }}') WHERE User IN ('', 'root'); FLUSH PRIVILEGES;" | mysql --defaults-file=/etc/mysql/debian.cnf ; fi
-  when: (with_mysql or with_mariadb) and mysql_root_password
+  when: mysql_root_password
 
 - name: Ensure MySQL or MariaDB is running
   service: name=mysql state=started
-  when: with_mysql or with_mariadb

roles/dbserver/tasks/postgresql.yml

@@ -3,12 +3,10 @@
   with_items:
     - postgresql
     - postgresql-client
-  when: with_postgresql
 
 - name: Install PostgreSQL backup related packages (autopostgresqlbackup)
   apt: pkg=autopostgresqlbackup state=installed update_cache=yes
-  when: with_postgresql and with_postgresql_backup
+  when: with_postgresql_backup
 
 - name: Ensure PostgreSQL server is running
   service: name=postgresql state=started
-  when: with_postgresql

roles/ftpserver/handlers/main.yml

@@ -1,2 +1,4 @@
 - include: 'common.yml'
+  when: with_ftp
 - include: 'pure-ftpd.yml'
+  when: with_ftp

roles/ftpserver/tasks/common.yml

@@ -7,4 +7,4 @@
     mode: '0644'
   notify:
     - 'Load kernel modules for ftp server'
-  when: with_ftp and ansible_lsb.major_release|int >= 8
+  when: ansible_lsb.major_release|int >= 8

roles/ftpserver/tasks/main.yml

@@ -1,2 +1,4 @@
 - include: 'common.yml'
+  when: with_ftp
 - include: 'pure-ftpd.yml'
+  when: with_ftp

roles/ftpserver/tasks/pure-ftpd.yml

@@ -5,7 +5,6 @@
     update_cache: 'yes'
   with_items:
     - 'pure-ftpd'
-  when: with_ftp
 
 - name: 'Install pure-ftpd configuration (TLS settings)'
   lineinfile:
@@ -18,7 +17,7 @@
     - { dest: 'TLSCipherSuite', regexp: '^.*$', line: 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SSLv3:!SSLv2:!TLSv1' }
   notify:
     - 'Restart pure-ftpd'
-  when: with_ftp and with_ftp_tls
+  when: with_ftp_tls
 
 - name: 'Create pure-ftpd SSL bundle certificate symlink'
   file:
@@ -27,7 +26,7 @@
     state: 'link'
   notify:
     - 'Restart pure-ftpd'
-  when: with_ftp and with_ftp_tls and ftp_tls_domain
+  when: with_ftp_tls and ftp_tls_domain
 
 - name: 'Create pure-ftpd Diffie Hellman Param file symlink'
   file:
@@ -36,7 +35,7 @@
     state: 'link'
   notify:
     - 'Restart pure-ftpd'
-  when: with_ftp and with_ftp_tls
+  when: with_ftp_tls
 
 - name: 'Install pure-ftpd configuration'
   lineinfile:
@@ -56,7 +55,6 @@
     - { dest: 'PassivePortRange', regexp: '^[0-9]+ [0-9]+$', line: '64000 65000' }
   notify:
     - 'Restart pure-ftpd'
-  when: with_ftp
 
 - name: 'Enable pure-ftpd internal DB'
   file:
@@ -65,11 +63,9 @@
     state: 'link'
   notify:
     - 'Restart pure-ftpd'
-  when: with_ftp
 
 - name: 'Clean up pure-ftpd internal DB'
   raw: pure-pw list 2>/dev/null | sed -r 's/^(\S+)\s.*$/\1/' | while read u ; do pure-pw userdel "${u}" ; done
-  when: with_ftp
 
 - name: 'Create FTP accounts home directory'
   file:
@@ -79,7 +75,7 @@
     mode: 0755
     state: 'directory'
   with_items: '{{ ftp_accounts }}'
-  when: ftp_accounts and with_ftp
+  when: ftp_accounts
 
 - name: 'Add FTP accounts in pure-ftpd'
   raw: printf "{{item.password}}\n{{item.password}}\n" | pure-pw useradd "{{item.user}}" -d "{{item.home}}" -u "{{item.uid}}" -g "{{item.gid}}"
@@ -88,10 +84,8 @@
 
 - name: 'Rebuild pure-ftpd internal DB'
   raw: pure-pw mkdb 2>/dev/null
-  when: with_ftp
 
 - name: 'Ensure pure-ftpd is running'
   service:
     name: 'pure-ftpd'
     state: 'started'
-  when: with_ftp

roles/monitoring/handlers/main.yml

@@ -1,3 +1,6 @@
 - include: munin.yml
+  when: with_munin or with_munin_node
 - include: mon.yml
+  when: with_mon
 - include: zabbix.yml
+  when: with_zabbix_agent

roles/monitoring/tasks/main.yml

@@ -1,3 +1,6 @@
 - include: munin.yml
+  when: with_munin or with_munin_node
 - include: mon.yml
+  when: with_mon
 - include: zabbix.yml
+  when: with_zabbix_agent

roles/monitoring/tasks/mon.yml

@@ -1,22 +1,18 @@
 - name: Install mon packages
   apt: pkg=mon state=installed update_cache=yes
-  when: with_mon
 
 - name: Create need directory for mon configuration
   file: path=/etc/mon/mon.d state=directory owner=root group=root mode=0755
-  when: with_mon
 
 - name: Install mon configuration
   template: src=mon/{{ ansible_hostname }}.conf.j2 dest=/etc/mon/mon.cf owner=root group=root mode=0644
   notify:
     - Restart mon
-  when: with_mon
 
 - name: Install mon (default) configuration
   template: src=mon/default.j2 dest=/etc/default/mon owner=root group=root mode=0644
   notify:
     - Restart mon
-  when: with_mon
 
 - name: Install custom mon plugins
   copy: src=mon/{{ item }}.monitor dest=/etc/mon/mon.d/{{ item }}.monitor owner=root group=root mode=0755
@@ -26,7 +22,6 @@
     - dns
   notify:
     - Restart mon
-  when: with_mon
 
 - name: Install mon plugins
   file: src=/usr/lib/mon/mon.d/{{ item }}.monitor path=/etc/mon/mon.d/{{ item }}.monitor state=link
@@ -38,8 +33,6 @@
     - tcp
   notify:
     - Restart mon
-  when: with_mon
 
 - name: Ensure mon is running
   service: name=mon state=started
-  when: with_mon

roles/monitoring/tasks/zabbix.yml

@@ -5,7 +5,6 @@
     update_cache: 'yes'
   with_items:
     - 'zabbix-agent'
-  when: with_zabbix_agent
 
 - name: 'Install Zabbix agent config file'
   template:
@@ -14,7 +13,6 @@
     owner: 'root'
     group: 'root'
     mode: '0600'
-  when: with_zabbix_agent
   notify:
     - 'Restart zabbix agent'
 
@@ -25,7 +23,7 @@
     group: 'root'
     mode: '0755'
     state: 'directory'
-  when: with_zabbix_agent and zabbix_plugins_config
+  when: zabbix_plugins_config
 
 - name: 'Install zabbix plugins configuration (ssl, web availability)'
   template:
@@ -37,4 +35,4 @@
   with_items:
     - 'ssl-discovery'
     - 'web-availability-discovery'
-  when: with_zabbix_agent and zabbix_plugins_config
+  when: zabbix_plugins_config

roles/webserver/handlers/main.yml

@@ -1,4 +1,8 @@
 - include: apache2.yml
+  when: with_apache2
 - include: nginx.yml
+  when: with_nginx
 - include: fpm.yml
+  when: with_fpm
 - include: php.yml
+  when: with_php

roles/webserver/tasks/apache2.yml

@@ -3,7 +3,6 @@
     pkg: 'apache2'
     state: 'installed'
     update_cache: 'yes'
-  when: with_apache2
 
 - name: 'Install logrotate configuration for Apache'
   template:
@@ -12,7 +11,6 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
-  when: with_apache2
 
 - name: 'Install SSL vhost configuration for Apache'
   template:
@@ -24,7 +22,7 @@
   with_items: '{{ ssl_certs }}'
   notify:
     - 'Reload apache2'
-  when: with_apache2 and ssl_certs
+  when: ssl_certs
 
 - name: 'Install Apache2 basic security configuration (Debian < 8)'
   template:
@@ -35,7 +33,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_apache2 and ansible_lsb.major_release|int < 8
+  when: ansible_lsb.major_release|int < 8
 
 - name: 'Install Apache2 basic security configuration (Debian >= 8)'
   template:
@@ -46,7 +44,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_apache2 and ansible_lsb.major_release|int >= 8
+  when: ansible_lsb.major_release|int >= 8
 
 - name: 'Create basic authentication file for admin (Apache2)'
   template:
@@ -55,7 +53,6 @@
     owner: 'root'
     group: 'www-data'
     mode: '0640'
-  when: with_apache2
 
 - name: 'Install PHPMyAdmin virtual host for Apache2 (sites-available)'
   template:
@@ -66,7 +63,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_phpmyadmin and with_apache2
+  when: with_phpmyadmin
 
 - name: 'Install PHPMyAdmin virtual host for Apache2 (sites-enabled)'
   file:
@@ -75,7 +72,7 @@
     state: 'link'
   notify:
     - 'Reload apache2'
-  when: with_phpmyadmin and with_apache2
+  when: with_phpmyadmin
 
 - name: "Install PHPPgAdmin virtual host for Apache2 (sites-available)"
   template:
@@ -86,7 +83,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_phppgadmin and with_apache2
+  when: with_phppgadmin
 
 - name: 'Install PHPPgAdmin virtual host for Apache2 (sites-enabled)'
   file:
@@ -95,7 +92,7 @@
     state: 'link'
   notify:
     - 'Reload apache2'
-  when: with_phppgadmin and with_apache2
+  when: with_phppgadmin
 
 - name: 'Install PHP system checks virtual host for Apache2 (sites-available)'
   template:
@@ -106,7 +103,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_php and with_apache2
+  when: with_php
 
 - name: 'Install PHP system checks virtual host for Apache2 (sites-enabled)'
   file:
@@ -115,10 +112,9 @@
     state: 'link'
   notify:
     - 'Reload apache2'
-  when: with_php and with_apache2
+  when: with_php
 
 - name: 'Ensure apache2 is running'
   service:
     name: 'apache2'
     state: 'started'
-  when: with_apache2

roles/webserver/tasks/main.yml

@@ -1,3 +1,6 @@
 - include: apache2.yml
+  when: with_apache2
 - include: nginx.yml
+  when: with_nginx
 - include: php.yml
+  when: with_php

roles/webserver/tasks/nginx.yml

@@ -3,7 +3,6 @@
     pkg: 'nginx'
     state: 'installed'
     update_cache: 'yes'
-  when: with_nginx
 
 - name: 'Install logrotate configuration for nginx'
   template:
@@ -12,7 +11,6 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
-  when: with_nginx
 
 - name: 'Install nginx default file configuration'
   template:
@@ -23,7 +21,6 @@
     mode: '0644'
   notify:
     - 'Restart nginx'
-  when: with_nginx
 
 - name: 'Install custom mime types for nginx'
   template:
@@ -34,7 +31,6 @@
     mode: '0644'
   notify:
     - 'Restart nginx'
-  when: with_nginx
 
 - name: 'Install nginx configuration'
   template:
@@ -45,7 +41,6 @@
     mode: '0644'
   notify:
     - 'Restart nginx'
-  when: with_nginx
 
 - name: 'Install additional nginx configuration params (conf.d/)'
   template:
@@ -58,7 +53,6 @@
     - 'status'
   notify:
     - 'Reload nginx'
-  when: with_nginx
 
 - name: 'Install additional nginx configuration params (vhost_*)'
   template:
@@ -75,7 +69,6 @@
     - 'security'
   notify:
     - 'Reload nginx'
-  when: with_nginx
 
 - name: 'Install SSL vhost configuration for Nginx'
   template:
@@ -87,7 +80,7 @@
   with_items: '{{ ssl_certs }}'
   notify:
     - 'Reload nginx'
-  when: with_nginx and ssl_certs
+  when: ssl_certs
 
 - name: 'Create basic authentication file for admin (Nginx)'
   template:
@@ -96,7 +89,6 @@
     owner: 'root'
     group: 'www-data'
     mode: '0640'
-  when: with_nginx
 
 - name: 'Install PHPMyAdmin virtual host for nginx (sites-available)'
   template:
@@ -107,7 +99,7 @@
     mode: '0644'
   notify:
     - 'Reload nginx'
-  when: with_phpmyadmin and with_nginx
+  when: with_phpmyadmin
 
 - name: 'Install PHPMyAdmin virtual host for nginx (sites-enabled)'
   file:
@@ -116,7 +108,7 @@
     state: 'link'
   notify:
     - 'Reload nginx'
-  when: with_phpmyadmin and with_nginx
+  when: with_phpmyadmin
 
 - name: 'Install PHPPgAdmin virtual host for nginx (sites-available)'
   template:
@@ -127,7 +119,7 @@
     mode: '0644'
   notify:
     - 'Reload nginx'
-  when: with_phppgadmin and with_nginx
+  when: with_phppgadmin
 
 - name: 'Install PHPPgAdmin virtual host for nginx (sites-enabled)'
   file:
@@ -136,7 +128,7 @@
     state: 'link'
   notify:
     - 'Reload nginx'
-  when: with_phppgadmin and with_nginx
+  when: with_phppgadmin
 
 - name: 'Install PHP system checks virtual host for nginx (sites-available)'
   template:
@@ -147,7 +139,7 @@
     mode: '0644'
   notify:
     - 'Reload nginx'
-  when: with_php and with_nginx
+  when: with_php
 
 - name: 'Install PHP system checks virtual host for nginx (sites-enabled)'
   file:
@@ -156,10 +148,9 @@
     state: 'link'
   notify:
     - 'Reload nginx'
-  when: with_php and with_nginx
+  when: with_php
 
 - name: 'Ensure nginx is running'
   service:
     name: 'nginx'
     state: 'started'
-  when: with_nginx

roles/webserver/tasks/php.yml

@@ -9,11 +9,10 @@
     - php-mime-type
     - php5-pgsql
     - php5-sqlite
-  when: with_php
 
 - name: Create PHP log directory
   file: path=/var/log/php state=directory owner=root group=root mode=0755
-  when: with_php and with_fpm
+  when: with_fpm
 
 - name: Install PHP configuration for syslog
   template: src={{ item.src }} dest={{ item.dest }} owner=root group=root mode=0644
@@ -22,7 +21,7 @@
     - { src: 'logrotate/php-errors.j2', dest: '/etc/logrotate.d/php-errors' }
   notify:
       - Reload rsyslog for php
-  when: with_php and with_fpm
+  when: with_fpm
 
 - name: Install local PHP configuration overrides for php5-cli (Debian >= 8)
   template: src=php/php-config-cli.ini.j2 dest=/etc/php5/cli/conf.d/99-local-config.ini owner=root group=root mode=0644
@@ -42,11 +41,9 @@
 
 - name: Create system checks directory /etc/php5/syscheck.d
   file: path=/etc/php5/syscheck.d owner=root group=root mode=0755 state=directory
-  when: with_php
 
 - name: Install phpinfo system check
   template: src=php/phpinfo.php dest=/etc/php5/syscheck.d/index.php owner=root group=root mode=0644
-  when: with_php
 
 - name: Install PHP APC extension
   apt: pkg=php-apc state=installed update_cache=yes
@@ -58,11 +55,11 @@
 
 - name: Install MySQL extension for PHP (native driver)
   apt: pkg=php5-mysqlnd state=installed update_cache=yes
-  when: with_php and not with_php_mysql_legacy
+  when: not with_php_mysql_legacy
 
 - name: Install MySQL extension for PHP (old driver)
   apt: pkg=php5-mysql state=installed update_cache=yes
-  when: with_php and with_php_mysql_legacy
+  when: with_php_mysql_legacy
 
 - name: Install PHPMyAdmin
   apt: pkg=phpmyadmin state=installed update_cache=yes