infra/roles/caddy/tasks/main.yml

---
- include: preflight.yml
- include: packages-{{ ansible_pkg_mgr }}.yml

- name: Create Caddy user
  user:
    name: "{{ caddy_user }}"
    system: true
    createhome: true
    home: "{{ caddy_home }}"
  register: caddy_user_details

- name: Build headers to use when making requests to github
  set_fact:
    caddy_github_headers: "{{ caddy_github_headers | combine({'Authorization': 'token ' + caddy_github_token}) }}"
  when: caddy_github_token | length > 0

- name: Get all Caddy releases
  get_url:
    url: https://api.github.com/repos/mholt/caddy/git/refs/tags
    dest: "{{ caddy_home }}/releases.txt"
    force: true
    headers: '{{ caddy_github_headers }}'
    owner: "{{ caddy_user }}"
    group: "{{ caddy_user_details.group }}"
  retries: 3
  delay: 2
  when: caddy_update
  register: caddy_releases_cache

- name: Set Caddy features
  copy:
    content: "{{ ','.join(caddy_packages) }}"
    dest: "{{ caddy_home }}/features.txt"
    mode: 0640
    owner: "{{ caddy_user }}"
    group: "{{ caddy_user_details.group }}"
  when: caddy_update
  register: caddy_features_cache

- include: github-url.yml
  when: caddy_use_github

- name: Download Caddy
  get_url:
    url: "{{ caddy_url }}"
    dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
    force: true
    timeout: 300
    mode: 0644
    owner: "{{ caddy_user }}"
    group: "{{ caddy_user_details.group }}"
  retries: 3
  delay: 2
  when: caddy_releases_cache.changed or caddy_features_cache.changed
  register: caddy_binary_cache
  tags: skip_ansible_lint

- name: Download Caddy
  get_url:
    url: "{{ caddy_url }}"
    dest: "{{ caddy_home }}/{{ 'caddy.tar.gz' if caddy_use_github else 'caddy' }}"
    timeout: 300
    mode: 0644
    owner: "{{ caddy_user }}"
    group: "{{ caddy_user_details.group }}"
  retries: 3
  delay: 2
  register: caddy_download
  tags: skip_ansible_lint

- include: github-extract.yml
  when: caddy_use_github

- name: Copy Caddy Binary
  copy:
    src: "{{ caddy_home }}/caddy"
    dest: "{{ caddy_bin }}"
    mode: 0755
    remote_src: true
  notify:
    - Restart caddy

- name: Create directories
  file:
    path: "{{ item }}"
    state: directory
    owner: "{{ caddy_user }}"
    mode: 0770
  with_items:
    - "{{ caddy_conf_dir }}"
    - "{{ caddy_certs_dir }}"

- name: Create log directory
  file:
    path: "{{ caddy_log_dir }}"
    state: directory
    owner: "{{ caddy_user }}"
    mode: 0775

- name: Create Caddyfile
  copy:
    content: "{{ caddy_config }}"
    dest: "{{ caddy_conf_dir }}/Caddyfile"
    owner: "{{ caddy_user }}"
    mode: 0640
  notify:
    - Reload caddy

- name: Template systemd service
  template:
    src: caddy.service
    dest: /etc/systemd/system/caddy.service
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart caddy

- name: Set capability on the binary file to be able to bind to TCP port <1024
  capabilities:
    path: "{{ caddy_bin }}"
    capability: cap_net_bind_service+eip
    state: present
  when: caddy_setcap

- name: Ensue caddy service is up-to-date before starting it
  meta: flush_handlers

- name: Start Caddy service
  systemd:
    name: caddy
    state: started
    enabled: true