---
- name: (CentOS/RHEL) Install dependencies
  block:
    - name: (CentOS/RHEL 6/7) Install dependencies
      yum:
        name:
          - policycoreutils-python
          - setools
      when: ansible_facts['distribution_major_version'] is version('8', '!=')

    - name: (CentOS/RHEL 8) Install dependencies
      yum:
        name:
          - libselinux-utils
          - policycoreutils
          - selinux-policy-targeted
      when: ansible_facts['distribution_major_version'] is version('8', '==')
  when: ansible_facts['os_family'] == "RedHat"

- name: Set SELinux mode to permissive
  selinux:
    state: permissive
    policy: targeted

- name: Allow SELinux HTTP network connections
  seboolean:
    name: httpd_can_network_connect
    state: yes
    persistent: yes

- name: Allow SELinux HTTP network connections
  seboolean:
    name: httpd_can_network_relay
    state: yes
    persistent: yes

- name: Allow SELinux TCP connections on specific ports
  seport:
    ports: "{{ nginx_unit_selinux_tcp_ports }}"
    proto: tcp
    setype: http_port_t
    state: present
  when: nginx_unit_selinux_tcp_ports is defined

- name: Allow SELinux UDP connections on specific ports
  seport:
    ports: "{{ nginx_unit_selinux_udp_ports }}"
    proto: udp
    setype: http_port_t
    state: present
  when: nginx_unit_selinux_udp_ports is defined

- name: Set SELinux mode to enforcing
  selinux:
    state: enforcing
    policy: targeted
  when: nginx_unit_selinux_enforcing | bool