initial commit
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
commit
75891c3271
129 changed files with 8046 additions and 0 deletions
104
roles/caddy/tasks/main.yml
Normal file
104
roles/caddy/tasks/main.yml
Normal file
|
|
@ -0,0 +1,104 @@
|
|||
- name: Allow HTTP traffic
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 80
|
||||
proto: tcp
|
||||
|
||||
- name: Allow HTTPS traffic
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 443
|
||||
proto: tcp
|
||||
|
||||
- name: Allow HTTPS/QUIC (HTTP/3) traffic
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 443
|
||||
proto: udp
|
||||
|
||||
- name: Create Caddy directories
|
||||
file:
|
||||
path: "/srv/caddy/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: docker
|
||||
mode: "0755"
|
||||
loop:
|
||||
- ""
|
||||
- data
|
||||
- config
|
||||
- sites
|
||||
|
||||
- name: Create site roots
|
||||
file:
|
||||
path: "/srv/caddy/sites/{{ item }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: docker
|
||||
mode: "0775" # also allow members of the docker group to write
|
||||
loop: "{{ caddy_sites }}"
|
||||
|
||||
- name: Install Caddyfile
|
||||
template:
|
||||
src: Caddyfile.j2
|
||||
dest: /srv/caddy/Caddyfile
|
||||
owner: root
|
||||
group: docker
|
||||
mode: "0644"
|
||||
notify: Restart Caddy
|
||||
tags: config
|
||||
|
||||
- name: Check for cached goaccess hash
|
||||
ansible.builtin.stat:
|
||||
path: /srv/caddy/.goaccess_hash
|
||||
register: _goaccess_hash_stat
|
||||
when: enable_goaccess | default(true)
|
||||
|
||||
- name: Read goaccess hash from cache
|
||||
ansible.builtin.slurp:
|
||||
src: /srv/caddy/.goaccess_hash
|
||||
register: _goaccess_hash_file
|
||||
when: enable_goaccess | default(true) and _goaccess_hash_stat.stat.exists
|
||||
|
||||
- name: Set goaccess hash fact from cache
|
||||
ansible.builtin.set_fact:
|
||||
caddy_goaccess_hash_stdout: "{{ _goaccess_hash_file.content | b64decode | trim }}"
|
||||
when: enable_goaccess | default(true) and _goaccess_hash_stat.stat.exists
|
||||
|
||||
- name: Generate goaccess password hash
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- docker
|
||||
- run
|
||||
- --rm
|
||||
- "caddy:{{ caddy_version }}"
|
||||
- caddy
|
||||
- hash-password
|
||||
- --plaintext
|
||||
- "{{ goaccess_password }}"
|
||||
register: _goaccess_hash_result
|
||||
changed_when: false
|
||||
no_log: true
|
||||
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
||||
|
||||
- name: Cache goaccess hash
|
||||
ansible.builtin.copy:
|
||||
content: "{{ _goaccess_hash_result.stdout }}"
|
||||
dest: /srv/caddy/.goaccess_hash
|
||||
mode: "0600"
|
||||
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
||||
|
||||
- name: Set goaccess hash fact from generation
|
||||
ansible.builtin.set_fact:
|
||||
caddy_goaccess_hash_stdout: "{{ _goaccess_hash_result.stdout }}"
|
||||
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
||||
|
||||
- name: Deploy Caddy compose.yml
|
||||
template:
|
||||
src: compose.yml.j2
|
||||
dest: /srv/caddy/compose.yml
|
||||
owner: root
|
||||
group: docker
|
||||
mode: "0644"
|
||||
notify: Restart Caddy
|
||||
tags: config
|
||||
Loading…
Add table
Add a link
Reference in a new issue