Matthias Johnson
e4fdcdc279
- Add default landing page (roles/caddy/templates/index.html.j2) deployed
to empty caddy sites; adapted from YC/coming-soon by Steven Tang (MIT),
with site domain and powered-by footer linking to codeberg.org/opennomad/linderhof
- Apply hcloud_labels to all Hetzner cloud and DNS resources; default to {}
in role defaults for stacks without the variable defined
- Fix setup.sh: export stack_name so envsubst substitutes it in config.yml
- Add Codeberg repo link to README
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
114 lines
2.7 KiB
YAML
114 lines
2.7 KiB
YAML
- name: Allow HTTP traffic
|
|
ufw:
|
|
rule: allow
|
|
port: 80
|
|
proto: tcp
|
|
|
|
- name: Allow HTTPS traffic
|
|
ufw:
|
|
rule: allow
|
|
port: 443
|
|
proto: tcp
|
|
|
|
- name: Allow HTTPS/QUIC (HTTP/3) traffic
|
|
ufw:
|
|
rule: allow
|
|
port: 443
|
|
proto: udp
|
|
|
|
- name: Create Caddy directories
|
|
file:
|
|
path: "/srv/caddy/{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: docker
|
|
mode: "0755"
|
|
loop:
|
|
- ""
|
|
- data
|
|
- config
|
|
- sites
|
|
|
|
- name: Create site roots
|
|
file:
|
|
path: "/srv/caddy/sites/{{ item }}"
|
|
state: directory
|
|
owner: root
|
|
group: docker
|
|
mode: "0775" # also allow members of the docker group to write
|
|
loop: "{{ caddy_sites }}"
|
|
|
|
- name: Deploy default landing page for empty sites
|
|
template:
|
|
src: index.html.j2
|
|
dest: "/srv/caddy/sites/{{ item }}/index.html"
|
|
owner: root
|
|
group: docker
|
|
mode: "0644"
|
|
force: false # never overwrite real content
|
|
loop: "{{ caddy_sites }}"
|
|
|
|
- name: Install Caddyfile
|
|
template:
|
|
src: Caddyfile.j2
|
|
dest: /srv/caddy/Caddyfile
|
|
owner: root
|
|
group: docker
|
|
mode: "0644"
|
|
notify: Restart Caddy
|
|
tags: config
|
|
|
|
- name: Check for cached goaccess hash
|
|
ansible.builtin.stat:
|
|
path: /srv/caddy/.goaccess_hash
|
|
register: _goaccess_hash_stat
|
|
when: enable_goaccess | default(true)
|
|
|
|
- name: Read goaccess hash from cache
|
|
ansible.builtin.slurp:
|
|
src: /srv/caddy/.goaccess_hash
|
|
register: _goaccess_hash_file
|
|
when: enable_goaccess | default(true) and _goaccess_hash_stat.stat.exists
|
|
|
|
- name: Set goaccess hash fact from cache
|
|
ansible.builtin.set_fact:
|
|
caddy_goaccess_hash_stdout: "{{ _goaccess_hash_file.content | b64decode | trim }}"
|
|
when: enable_goaccess | default(true) and _goaccess_hash_stat.stat.exists
|
|
|
|
- name: Generate goaccess password hash
|
|
ansible.builtin.command:
|
|
argv:
|
|
- docker
|
|
- run
|
|
- --rm
|
|
- "caddy:{{ caddy_version }}"
|
|
- caddy
|
|
- hash-password
|
|
- --plaintext
|
|
- "{{ goaccess_password }}"
|
|
register: _goaccess_hash_result
|
|
changed_when: false
|
|
no_log: true
|
|
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
|
|
|
- name: Cache goaccess hash
|
|
ansible.builtin.copy:
|
|
content: "{{ _goaccess_hash_result.stdout }}"
|
|
dest: /srv/caddy/.goaccess_hash
|
|
mode: "0600"
|
|
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
|
|
|
- name: Set goaccess hash fact from generation
|
|
ansible.builtin.set_fact:
|
|
caddy_goaccess_hash_stdout: "{{ _goaccess_hash_result.stdout }}"
|
|
when: enable_goaccess | default(true) and not _goaccess_hash_stat.stat.exists
|
|
|
|
- name: Deploy Caddy compose.yml
|
|
template:
|
|
src: compose.yml.j2
|
|
dest: /srv/caddy/compose.yml
|
|
owner: root
|
|
group: docker
|
|
mode: "0644"
|
|
notify: Restart Caddy
|
|
tags: config
|