155 lines
4.0 KiB
YAML
155 lines
4.0 KiB
YAML
---
|
|
- name: Check if DNS challenge is needed
|
|
set_fact:
|
|
dns_challenge_needed: "{{ caddy_dns_provider == 'cloudflare' }}"
|
|
|
|
- name: Check if Caddy is already installed
|
|
command: /usr/bin/caddy version
|
|
register: caddy_version_check
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Check if installed Caddy has Cloudflare plugin
|
|
command: /usr/bin/caddy list-modules --packages
|
|
register: caddy_modules_check
|
|
failed_when: false
|
|
changed_when: false
|
|
when: dns_challenge_needed | bool and caddy_version_check.rc == 0
|
|
|
|
- name: Install standard Caddy (if no DNS challenge needed)
|
|
pacman:
|
|
name: caddy
|
|
state: present
|
|
when:
|
|
- not dns_challenge_needed
|
|
- caddy_version_check.rc != 0
|
|
notify: restart caddy
|
|
|
|
- name: Download Caddy with Cloudflare plugin (if DNS challenge needed)
|
|
get_url:
|
|
url: "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com/caddy-dns/cloudflare"
|
|
dest: /tmp/caddy-with-cloudflare
|
|
mode: '0755'
|
|
when:
|
|
- dns_challenge_needed | bool
|
|
- caddy_version_check.rc != 0 or 'github.com/caddy-dns/cloudflare' not in caddy_modules_check.stdout | default('')
|
|
|
|
- name: Install Caddy with Cloudflare plugin
|
|
copy:
|
|
src: /tmp/caddy-with-cloudflare
|
|
dest: /usr/bin/caddy
|
|
mode: '0755'
|
|
remote_src: yes
|
|
backup: yes
|
|
when:
|
|
- dns_challenge_needed | bool
|
|
- caddy_version_check.rc != 0 or 'github.com/caddy-dns/cloudflare' not in caddy_modules_check.stdout | default('')
|
|
notify: restart caddy
|
|
|
|
- name: Clean up temporary Caddy binary
|
|
file:
|
|
path: /tmp/caddy-with-cloudflare
|
|
state: absent
|
|
when: dns_challenge_needed | bool
|
|
|
|
- name: Create caddy user and group
|
|
user:
|
|
name: "{{ caddy_user }}"
|
|
home: "{{ caddy_home }}"
|
|
shell: /usr/bin/nologin
|
|
system: yes
|
|
createhome: yes
|
|
notify: restart caddy
|
|
|
|
- name: Create Caddy directories
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: "{{ caddy_user }}"
|
|
group: "{{ caddy_user }}"
|
|
mode: '0755'
|
|
loop:
|
|
- "{{ caddy_config_dir }}"
|
|
- "{{ caddy_sites_enabled_dir }}"
|
|
- "{{ caddy_data_dir }}"
|
|
- "{{ caddy_log_dir }}"
|
|
- "{{ caddy_web_root }}"
|
|
- "{{ caddy_default_site_root }}"
|
|
|
|
- name: Deploy default index page
|
|
template:
|
|
src: index.html.j2
|
|
dest: "{{ caddy_default_site_root }}/index.html"
|
|
owner: "{{ caddy_user }}"
|
|
group: "{{ caddy_user }}"
|
|
mode: '0644'
|
|
|
|
|
|
|
|
- name: Create systemd service file for custom Caddy installation
|
|
template:
|
|
src: caddy.service.j2
|
|
dest: /usr/lib/systemd/system/caddy.service
|
|
mode: '0644'
|
|
when: dns_challenge_needed | bool
|
|
notify:
|
|
- reload systemd
|
|
- restart caddy
|
|
|
|
- name: Create systemd override directory (for standard installation)
|
|
file:
|
|
path: /etc/systemd/system/caddy.service.d
|
|
state: directory
|
|
mode: '0755'
|
|
when: not dns_challenge_needed | bool
|
|
|
|
- name: Configure Caddy systemd override (for standard installation)
|
|
template:
|
|
src: systemd-override.conf.j2
|
|
dest: /etc/systemd/system/caddy.service.d/override.conf
|
|
mode: '0644'
|
|
when: not dns_challenge_needed | bool
|
|
notify:
|
|
- reload systemd
|
|
- restart caddy
|
|
|
|
- name: Generate Caddyfile from template (with vault secrets)
|
|
template:
|
|
src: Caddyfile.j2
|
|
dest: "{{ caddy_config_file }}"
|
|
owner: root
|
|
group: "{{ caddy_user }}"
|
|
mode: '0640'
|
|
backup: no
|
|
notify: reload caddy
|
|
|
|
- name: Check Caddyfile syntax (basic check)
|
|
command: caddy fmt --overwrite "{{ caddy_config_file }}"
|
|
register: caddy_fmt_result
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
# Note: Full validation with environment variables happens at service startup
|
|
|
|
- name: Enable and start Caddy service
|
|
systemd:
|
|
name: caddy
|
|
enabled: "{{ caddy_service_enabled }}"
|
|
state: "{{ caddy_service_state }}"
|
|
daemon_reload: yes
|
|
|
|
- name: Wait for Caddy to be running
|
|
wait_for:
|
|
port: 80
|
|
host: 127.0.0.1
|
|
timeout: 30
|
|
when: caddy_service_state == "started"
|
|
|
|
- name: Verify Caddy admin API is accessible
|
|
uri:
|
|
url: "http://{{ caddy_admin_listen }}/config/"
|
|
method: GET
|
|
register: caddy_admin_check
|
|
failed_when: false
|
|
changed_when: false
|