infra/roles/caddy/tasks/main.yml
2020-11-10 23:14:10 +01:00

133 lines
3.1 KiB
YAML

---
- include: packages-{{ ansible_pkg_mgr }}.yml
- name: Create Caddy user
user:
name: "{{ caddy_user }}"
system: true
createhome: true
home: "{{ caddy_home }}"
register: caddy_user_details
- name: Build headers to use when making requests to github
set_fact:
caddy_github_headers: "{{ caddy_github_headers | combine({'Authorization': 'token ' + caddy_github_token}) }}"
when: caddy_github_token | length > 0
- name: Get all Caddy releases
get_url:
url: https://api.github.com/repos/mholt/caddy/git/refs/tags
dest: "{{ caddy_home }}/releases.txt"
force: true
headers: '{{ caddy_github_headers }}'
owner: "{{ caddy_user }}"
group: "{{ caddy_user_details.group }}"
retries: 3
delay: 2
when: caddy_update
register: caddy_releases_cache
- name: Set Caddy features
copy:
content: "{{ ','.join(caddy_packages) }}"
dest: "{{ caddy_home }}/features.txt"
mode: 0640
owner: "{{ caddy_user }}"
group: "{{ caddy_user_details.group }}"
when: caddy_update
register: caddy_features_cache
- include: github-url.yml
when: caddy_use_github
- name: Download Caddy
get_url:
url: "{{ caddy_url }}"
dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
force: true
timeout: 300
mode: 0644
owner: "{{ caddy_user }}"
group: "{{ caddy_user_details.group }}"
retries: 3
delay: 2
when: caddy_releases_cache.changed or caddy_features_cache.changed
register: caddy_binary_cache
tags: skip_ansible_lint
- name: Download Caddy
get_url:
url: "{{ caddy_url }}"
dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
timeout: 300
mode: 0644
owner: "{{ caddy_user }}"
group: "{{ caddy_user_details.group }}"
retries: 3
delay: 2
register: caddy_download
tags: skip_ansible_lint
- include: github-extract.yml
when: caddy_use_github
- name: Copy Caddy Binary
copy:
src: "{{ caddy_home }}/caddy"
dest: "{{ caddy_bin }}"
mode: 0755
remote_src: true
notify:
- Restart caddy
- name: Create directories
file:
path: "{{ item }}"
state: directory
owner: "{{ caddy_user }}"
mode: 0770
with_items:
- "{{ caddy_conf_dir }}"
- "{{ caddy_certs_dir }}"
- name: Create log directory
file:
path: "{{ caddy_log_dir }}"
state: directory
owner: "{{ caddy_user }}"
mode: 0775
- name: Create Caddyfile
copy:
content: "{{ caddy_config }}"
dest: "{{ caddy_conf_dir }}/Caddyfile"
owner: "{{ caddy_user }}"
mode: 0640
notify:
- Reload caddy
- name: Template systemd service
template:
src: caddy.service
dest: /etc/systemd/system/caddy.service
owner: root
group: root
mode: 0644
notify:
- Restart caddy
- name: Set capability on the binary file to be able to bind to TCP port <1024
capabilities:
path: "{{ caddy_bin }}"
capability: cap_net_bind_service+eip
state: present
when: caddy_setcap
- name: Ensue caddy service is up-to-date before starting it
meta: flush_handlers
- name: Start Caddy service
systemd:
name: caddy
state: started
enabled: true