|
|
|
- name: determine if custom caddy build should be used
|
|
|
|
set_fact:
|
|
|
|
caddy_custom_build: "{{ (((caddy_default_plugins | d([])) + (caddy_custom_plugins | d([]))) | length > 0) or (caddy_use_xcaddy | d(false) == true) }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: import vars for unmanaged tls
|
|
|
|
include_vars:
|
|
|
|
file: tls.yml
|
|
|
|
|
|
|
|
|
|
|
|
- name: import reverse proxy vars
|
|
|
|
include_vars:
|
|
|
|
file: reverse_proxy.yml
|
|
|
|
when: caddy_reverse_proxy_handlers is defined
|
|
|
|
|
|
|
|
|
|
|
|
- name: set caddy_cfg
|
|
|
|
set_fact:
|
|
|
|
caddy_cfg: "{{ caddy_default_config | d({}) |
|
|
|
|
combine(caddy_tls_config | d({}), recursive=true) |
|
|
|
|
combine(caddy_reverse_proxy_config | d({}), recursive=true, list_merge='replace') |
|
|
|
|
combine(caddy_config | d({}), recursive=true) }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: create user and group
|
|
|
|
include_tasks: tasks/create_user.yml
|
|
|
|
vars:
|
|
|
|
user:
|
|
|
|
name: "{{ caddy_user }}"
|
|
|
|
group: "{{ caddy_group }}"
|
|
|
|
dir: "{{ caddy_conf_dir }}"
|
|
|
|
create_home: no
|
|
|
|
|
|
|
|
|
|
|
|
- name: create caddy directories
|
|
|
|
file:
|
|
|
|
path: "{{ item }}"
|
|
|
|
state: directory
|
|
|
|
owner: "{{ caddy_user }}"
|
|
|
|
group: "{{ caddy_group }}"
|
|
|
|
loop:
|
|
|
|
- "{{ caddy_conf_dir }}"
|
|
|
|
- "{{ caddy_asset_dir }}"
|
|
|
|
- "{{ caddy_cert_dir }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: create caddy bin dir
|
|
|
|
file:
|
|
|
|
path: "{{ caddy_bin_dir }}"
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
|
|
|
|
- name: build caddy
|
|
|
|
include_tasks: build_caddy.yml
|
|
|
|
when: caddy_custom_build
|
|
|
|
|
|
|
|
|
|
|
|
- name: install prebuilt caddy
|
|
|
|
include_tasks: install_prebuilt_caddy.yml
|
|
|
|
when: not caddy_custom_build
|
|
|
|
|
|
|
|
|
|
|
|
- name: template caddy config
|
|
|
|
template:
|
|
|
|
src: caddy.j2
|
|
|
|
dest: "{{ caddy_conf_file }}"
|
|
|
|
force: yes
|
|
|
|
owner: "{{ caddy_user }}"
|
|
|
|
group: "{{ caddy_group }}"
|
|
|
|
mode: 0400
|
|
|
|
validate: "{{ (caddy_bin_dir, 'caddy') | path_join }} validate --config %s"
|
|
|
|
notify: restart caddy
|
|
|
|
|
|
|
|
|
|
|
|
- name: template systemd file
|
|
|
|
template:
|
|
|
|
src: systemd.j2
|
|
|
|
dest: /etc/systemd/system/caddy.service
|
|
|
|
force: yes
|
|
|
|
lstrip_blocks: yes
|
|
|
|
notify:
|
|
|
|
- reload systemd daemons
|
|
|
|
- restart caddy
|
|
|
|
when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
|
|
|
|
|
|
|
|
|
|
|
|
- name: template init script
|
|
|
|
template:
|
|
|
|
src: init.j2
|
|
|
|
dest: /etc/init.d/caddy
|
|
|
|
force: yes
|
|
|
|
mode: 0755
|
|
|
|
notify: restart caddy
|
|
|
|
when: ansible_distribution == 'Alpine'
|
|
|
|
|
|
|
|
|
|
|
|
- name: change permissions on asset dir contents
|
|
|
|
file:
|
|
|
|
path: "{{ caddy_asset_dir }}"
|
|
|
|
recurse: yes
|
|
|
|
owner: "{{ caddy_user }}"
|
|
|
|
group: "{{ caddy_group }}"
|
|
|
|
notify: restart caddy
|
|
|
|
|
|
|
|
|
|
|
|
- name: deploy certificates
|
|
|
|
include_role:
|
|
|
|
name: certs
|
|
|
|
vars:
|
|
|
|
certs:
|
|
|
|
cert: "{{ (caddy_cert_dir, 'ecc384.crt') | path_join }}"
|
|
|
|
key: "{{ (caddy_cert_dir, 'ecc384.key') | path_join }}"
|
|
|
|
ecc: yes
|
|
|
|
post_hook: service caddy restart
|
|
|
|
owner: "{{ caddy_user }}"
|
|
|
|
group: "{{ caddy_group }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: flush handlers
|
|
|
|
meta: flush_handlers
|
|
|
|
|
|
|
|
|
|
|
|
- name: add directories to backup plan
|
|
|
|
include_role:
|
|
|
|
name: backup
|
|
|
|
tasks_from: add.yml
|
|
|
|
vars:
|
|
|
|
backup_items:
|
|
|
|
- "{{ caddy_asset_dir }}"
|
|
|
|
- "{{ caddy_conf_dir }}"
|
|
|
|
- "{{ caddy_cert_dir }}"
|
|
|
|
|
|
|
|
|
|
|
|
- name: enable and start caddy
|
|
|
|
service:
|
|
|
|
name: caddy
|
|
|
|
enabled: yes
|
|
|
|
state: started
|