--- - name: Check if DNS challenge is needed set_fact: dns_challenge_needed: "{{ caddy_dns_provider == 'cloudflare' and cloudflare_api_token != '' }}" - name: Check if Caddy is already installed command: /usr/bin/caddy version register: caddy_version_check failed_when: false changed_when: false when: dns_challenge_needed | bool - name: Check if installed Caddy has Cloudflare plugin command: /usr/bin/caddy list-modules --packages register: caddy_modules_check failed_when: false changed_when: false when: dns_challenge_needed | bool and caddy_version_check.rc == 0 - name: Install standard Caddy (if no DNS challenge needed) pacman: name: caddy state: present when: not dns_challenge_needed and not caddy_version_check | bool notify: restart caddy - name: Download Caddy with Cloudflare plugin (if DNS challenge needed) get_url: url: "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com/caddy-dns/cloudflare" dest: /tmp/caddy-with-cloudflare mode: '0755' when: - dns_challenge_needed | bool - caddy_version_check.rc != 0 or 'github.com/caddy-dns/cloudflare' not in caddy_modules_check.stdout | default('') - name: Install Caddy with Cloudflare plugin copy: src: /tmp/caddy-with-cloudflare dest: /usr/bin/caddy mode: '0755' remote_src: yes backup: yes when: dns_challenge_needed and caddy_version_check | bool notify: restart caddy - name: Clean up temporary Caddy binary file: path: /tmp/caddy-with-cloudflare state: absent - name: Create caddy user and group user: name: "{{ caddy_user }}" home: "{{ caddy_home }}" shell: /usr/bin/nologin system: yes createhome: yes notify: restart caddy - name: Create Caddy directories file: path: "{{ item }}" state: directory owner: "{{ caddy_user }}" group: "{{ caddy_user }}" mode: '0755' loop: - "{{ caddy_config_dir }}" - "{{ caddy_sites_enabled_dir }}" - "{{ caddy_data_dir }}" - "{{ caddy_log_dir }}" - "{{ caddy_web_root }}" - "{{ caddy_default_site_root }}" - name: Deploy default index page template: src: index.html.j2 dest: "{{ caddy_default_site_root }}/index.html" owner: "{{ caddy_user }}" group: "{{ caddy_user }}" mode: '0644' - name: Create systemd service file for custom Caddy installation template: src: caddy.service.j2 dest: /usr/lib/systemd/system/caddy.service mode: '0644' when: dns_challenge_needed | bool notify: - reload systemd - restart caddy - name: Create systemd override directory (for standard installation) file: path: /etc/systemd/system/caddy.service.d state: directory mode: '0755' when: not dns_challenge_needed | bool - name: Configure Caddy systemd override (for standard installation) template: src: systemd-override.conf.j2 dest: /etc/systemd/system/caddy.service.d/override.conf mode: '0644' when: not dns_challenge_needed | bool notify: - reload systemd - restart caddy - name: Generate Caddyfile from template (with vault secrets) template: src: Caddyfile.j2 dest: "{{ caddy_config_file }}" owner: root group: "{{ caddy_user }}" mode: '0640' backup: yes notify: reload caddy - name: Check Caddyfile syntax (basic check) command: caddy fmt --overwrite "{{ caddy_config_file }}" register: caddy_fmt_result changed_when: false failed_when: false # Note: Full validation with environment variables happens at service startup - name: Enable and start Caddy service systemd: name: caddy enabled: "{{ caddy_service_enabled }}" state: "{{ caddy_service_state }}" daemon_reload: yes - name: Wait for Caddy to be running wait_for: port: 80 host: 127.0.0.1 timeout: 30 when: caddy_service_state == "started" - name: Verify Caddy admin API is accessible uri: url: "http://{{ caddy_admin_listen }}/config/" method: GET register: caddy_admin_check failed_when: false changed_when: false