|
@@ -0,0 +1,134 @@
|
|
|
+---
|
|
|
+- include: preflight.yml
|
|
|
+- include: packages-{{ ansible_pkg_mgr }}.yml
|
|
|
+
|
|
|
+- name: Create Caddy user
|
|
|
+ user:
|
|
|
+ name: "{{ caddy_user }}"
|
|
|
+ system: true
|
|
|
+ createhome: true
|
|
|
+ home: "{{ caddy_home }}"
|
|
|
+ register: caddy_user_details
|
|
|
+
|
|
|
+- name: Build headers to use when making requests to github
|
|
|
+ set_fact:
|
|
|
+ caddy_github_headers: "{{ caddy_github_headers | combine({'Authorization': 'token ' + caddy_github_token}) }}"
|
|
|
+ when: caddy_github_token | length > 0
|
|
|
+
|
|
|
+- name: Get all Caddy releases
|
|
|
+ get_url:
|
|
|
+ url: https://api.github.com/repos/mholt/caddy/git/refs/tags
|
|
|
+ dest: "{{ caddy_home }}/releases.txt"
|
|
|
+ force: true
|
|
|
+ headers: '{{ caddy_github_headers }}'
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ group: "{{ caddy_user_details.group }}"
|
|
|
+ retries: 3
|
|
|
+ delay: 2
|
|
|
+ when: caddy_update
|
|
|
+ register: caddy_releases_cache
|
|
|
+
|
|
|
+- name: Set Caddy features
|
|
|
+ copy:
|
|
|
+ content: "{{ ','.join(caddy_packages) }}"
|
|
|
+ dest: "{{ caddy_home }}/features.txt"
|
|
|
+ mode: 0640
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ group: "{{ caddy_user_details.group }}"
|
|
|
+ when: caddy_update
|
|
|
+ register: caddy_features_cache
|
|
|
+
|
|
|
+- include: github-url.yml
|
|
|
+ when: caddy_use_github
|
|
|
+
|
|
|
+- name: Download Caddy
|
|
|
+ get_url:
|
|
|
+ url: "{{ caddy_url }}"
|
|
|
+ dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
|
|
|
+ force: true
|
|
|
+ timeout: 300
|
|
|
+ mode: 0644
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ group: "{{ caddy_user_details.group }}"
|
|
|
+ retries: 3
|
|
|
+ delay: 2
|
|
|
+ when: caddy_releases_cache.changed or caddy_features_cache.changed
|
|
|
+ register: caddy_binary_cache
|
|
|
+ tags: skip_ansible_lint
|
|
|
+
|
|
|
+- name: Download Caddy
|
|
|
+ get_url:
|
|
|
+ url: "{{ caddy_url }}"
|
|
|
+ dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
|
|
|
+ timeout: 300
|
|
|
+ mode: 0644
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ group: "{{ caddy_user_details.group }}"
|
|
|
+ retries: 3
|
|
|
+ delay: 2
|
|
|
+ register: caddy_download
|
|
|
+ tags: skip_ansible_lint
|
|
|
+
|
|
|
+- include: github-extract.yml
|
|
|
+ when: caddy_use_github
|
|
|
+
|
|
|
+- name: Copy Caddy Binary
|
|
|
+ copy:
|
|
|
+ src: "{{ caddy_home }}/caddy"
|
|
|
+ dest: "{{ caddy_bin }}"
|
|
|
+ mode: 0755
|
|
|
+ remote_src: true
|
|
|
+ notify:
|
|
|
+ - Restart caddy
|
|
|
+
|
|
|
+- name: Create directories
|
|
|
+ file:
|
|
|
+ path: "{{ item }}"
|
|
|
+ state: directory
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ mode: 0770
|
|
|
+ with_items:
|
|
|
+ - "{{ caddy_conf_dir }}"
|
|
|
+ - "{{ caddy_certs_dir }}"
|
|
|
+
|
|
|
+- name: Create log directory
|
|
|
+ file:
|
|
|
+ path: "{{ caddy_log_dir }}"
|
|
|
+ state: directory
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ mode: 0775
|
|
|
+
|
|
|
+- name: Create Caddyfile
|
|
|
+ copy:
|
|
|
+ content: "{{ caddy_config }}"
|
|
|
+ dest: "{{ caddy_conf_dir }}/Caddyfile"
|
|
|
+ owner: "{{ caddy_user }}"
|
|
|
+ mode: 0640
|
|
|
+ notify:
|
|
|
+ - Reload caddy
|
|
|
+
|
|
|
+- name: Template systemd service
|
|
|
+ template:
|
|
|
+ src: caddy.service
|
|
|
+ dest: /etc/systemd/system/caddy.service
|
|
|
+ owner: root
|
|
|
+ group: root
|
|
|
+ mode: 0644
|
|
|
+ notify:
|
|
|
+ - Restart caddy
|
|
|
+
|
|
|
+- name: Set capability on the binary file to be able to bind to TCP port <1024
|
|
|
+ capabilities:
|
|
|
+ path: "{{ caddy_bin }}"
|
|
|
+ capability: cap_net_bind_service+eip
|
|
|
+ state: present
|
|
|
+ when: caddy_setcap
|
|
|
+
|
|
|
+- name: Ensue caddy service is up-to-date before starting it
|
|
|
+ meta: flush_handlers
|
|
|
+
|
|
|
+- name: Start Caddy service
|
|
|
+ systemd:
|
|
|
+ name: caddy
|
|
|
+ state: started
|
|
|
+ enabled: true
|