- name: determine if custom caddy build should be used
  set_fact:
    caddy_custom_build: "{{ (((caddy_default_plugins | d([])) + (caddy_custom_plugins | d([]))) | length > 0) or (caddy_use_xcaddy | d(false) == true) }}"


- name: import vars for unmanaged tls
  include_vars:
    file: tls.yml
  when: host_tls


- name: import reverse proxy vars
  include_vars:
    file: reverse_proxy.yml
  when: caddy_reverse_proxy_handlers is defined


- name: set caddy_cfg
  set_fact:
    caddy_cfg: "{{ caddy_default_config | d({}) |
      combine(caddy_tls_config | d({}), recursive=true) |
      combine(caddy_reverse_proxy_config | d({}), recursive=true, list_merge='replace') |
      combine(caddy_config | d({}), recursive=true) }}"


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ caddy_user }}"
      group: "{{ caddy_group }}"
      dir: "{{ caddy_conf_dir }}"
      create_home: no


- name: create caddy directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ caddy_user }}"
    group: "{{ caddy_group }}"
  loop:
    - "{{ caddy_conf_dir }}"
    - "{{ caddy_asset_dir }}"
    - "{{ caddy_cert_dir }}"


- name: create caddy bin dir
  file:
    path: "{{ caddy_bin_dir }}"
    state: directory


- name: build caddy
  include_tasks: build_caddy.yml
  when: caddy_custom_build


- name: install prebuilt caddy
  include_tasks: install_prebuilt_caddy.yml
  when: not caddy_custom_build


- name: template systemd file
  template:
    src: systemd.j2
    dest: /etc/systemd/system/caddy.service
    force: yes
    lstrip_blocks: yes
  notify:
    - reload systemd daemons
    - restart caddy
  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/caddy
    force: yes
    mode: 0755
  notify: restart caddy
  when: ansible_distribution == 'Alpine'


- name: change permissions on asset dir contents
  file:
    path: "{{ caddy_asset_dir }}"
    recurse: yes
    owner: "{{ caddy_user }}"
    group: "{{ caddy_group }}"
  notify: restart caddy


- block:
    - name: deploy certificates through lego
      include_role:
        name: lego
      vars:
        acme:
          domains: "{{ caddy_domains }}"
          cert: "{{ caddy_ecc384_cert }}"
          key: "{{ caddy_ecc384_key }}"
          owner: "{{ caddy_user }}"
          group: "{{ caddy_group }}"
          run_after_renew: service caddy restart
          notify: restart caddy
        acme2: "{{ caddy_acme_config | d({}) }}"

  when: host_tls


- name: template caddy config
  template:
    src: caddy.j2
    dest: "{{ caddy_conf_file }}"
    force: yes
    owner: "{{ caddy_user }}"
    group: "{{ caddy_group }}"
    mode: 0400
    validate: "{{ (caddy_bin_dir, 'caddy') | path_join }} validate --config %s"
  notify: restart caddy


- name: flush handlers
  meta: flush_handlers


- name: add directories to backup plan
  include_role:
    name: backup
    tasks_from: add.yml
  vars:
    backup_items:
      - "{{ caddy_asset_dir }}"
      - "{{ caddy_conf_dir }}"
      - "{{ caddy_cert_dir }}"


- name: enable and start caddy
  service:
    name: caddy
    enabled: yes
    state: started