initial commit
This commit is contained in:
commit
41c60409e5
19
.editorconfig
Normal file
19
.editorconfig
Normal file
@ -0,0 +1,19 @@
|
||||
# EditorConfig: http://EditorConfig.org
|
||||
|
||||
# top-most EditorConfig file
|
||||
root = true
|
||||
|
||||
# Defaults for all editor files
|
||||
[*]
|
||||
insert_final_newline = true
|
||||
indent_style = space
|
||||
indent_size = 4
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
# Files with a smaller indent
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
|
||||
# Jinja2 template files
|
||||
[*.j2]
|
||||
end_of_line = lf
|
20
.gitignore
vendored
Normal file
20
.gitignore
vendored
Normal file
@ -0,0 +1,20 @@
|
||||
local-configure.yml
|
||||
.vagrant/
|
||||
docs/_build/
|
||||
roles/plone.plone_server
|
||||
roles/jnv.unattended-upgrades
|
||||
roles/tersmitten.fail2ban
|
||||
roles/ANXS.hostname
|
||||
roles/ANXS.apt
|
||||
._*
|
||||
bin/
|
||||
lib/
|
||||
include/
|
||||
local/
|
||||
tests.out
|
||||
*.retry
|
||||
*.log
|
||||
vbox_host.cfg
|
||||
.DS_Store
|
||||
*.py[co]
|
||||
.idea/
|
26
README.md
Normal file
26
README.md
Normal file
@ -0,0 +1,26 @@
|
||||
Caddy Role
|
||||
=========
|
||||
|
||||
A role to install and manage caddy
|
||||
|
||||
## Config
|
||||
### General
|
||||
|
||||
* `caddy_version_check`: Check if installed version != `caddy_version` before initiating binary download (true/false)
|
||||
* `caddy_version`: The Caddy-Version you want to install
|
||||
* `caddy_user`: UNIX user used by Caddy (default: caddy)
|
||||
* `caddy_group`: UNIX group used by Caddy (default: caddy)
|
||||
* `caddy_home`: Base directory to work (default: /var/lib/caddy)
|
||||
* `caddy_dl_url`: The URL, the compiled caddy-binary will be downloaded from
|
||||
* `caddy_dl_url_checksum`: The URL, the checksums will be installed from
|
||||
|
||||
### Caddyfile
|
||||
|
||||
* `caddy_caddyfile.global.debug`: Enabled the Debug mode and set the log level to DEBUG (true/false)
|
||||
* `caddy_caddyfile.global.http`: HTTP Port from Caddy (default: 80)
|
||||
* `caddy_caddyfile.global.https`: HTTPS Port from Caddy (default: 443)
|
||||
* `caddy_caddyfile.global.acme.issuer`: Set the global ACME Issuer (acme/zerossl)
|
||||
* `caddy_caddyfile.global.acme.token`: Set the token for the global issuer. Required if issuer is `zerossl`
|
||||
* `caddy_caddyfile.global.acme.email`: The email-address used while generating https certificates
|
||||
* `caddy_caddyfile.global.acme.dns.provider`: The Provider used if you want to use dns-challenge. (Example: cloudflare)
|
||||
* `caddy_caddyfile.global.acme.dns.token`: The Provider-Token used if you want to use dns-challenge
|
2
ansible.cfg
Normal file
2
ansible.cfg
Normal file
@ -0,0 +1,2 @@
|
||||
[defaults]
|
||||
roles_path: ./../
|
29
defaults/main.yml
Normal file
29
defaults/main.yml
Normal file
@ -0,0 +1,29 @@
|
||||
---
|
||||
caddy_version_check: true
|
||||
caddy_version: "2.6.2"
|
||||
caddy_dl_url: "https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_linux_{{ caddy_arch }}"
|
||||
caddy_dl_url_checksum: "https://github.com/caddyserver/caddy/releases/download/v{{ caddy_version }}/caddy_{{ caddy_version }}_checksums.txt"
|
||||
|
||||
caddy_user: "caddy"
|
||||
caddy_group: "caddy"
|
||||
caddy_home: "/var/lib/caddy"
|
||||
|
||||
caddy_caddyfile:
|
||||
global:
|
||||
debug: true
|
||||
http: 80
|
||||
https: 443
|
||||
acme:
|
||||
issuer: ""
|
||||
token: ""
|
||||
email: ""
|
||||
dns:
|
||||
provider: ""
|
||||
token: ""
|
||||
|
||||
domains:
|
||||
- domain: localhost
|
||||
reverse_proxy:
|
||||
targets:
|
||||
- "localhost:3000"
|
||||
lb_policy: "least_conn"
|
11
handlers/main.yml
Normal file
11
handlers/main.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: "Restart caddy"
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
state: restarted
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: "Reload systemd"
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
when: ansible_service_mgr == "systemd"
|
34
meta/main.yml
Normal file
34
meta/main.yml
Normal file
@ -0,0 +1,34 @@
|
||||
galaxy_info:
|
||||
author: Lennard Brinkhaus
|
||||
description: Install and manage a Caddy instance
|
||||
company: DragSE
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
min_ansible_version: 2.1
|
||||
|
||||
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||
# min_ansible_container_version:
|
||||
|
||||
#
|
||||
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- all
|
||||
|
||||
galaxy_tags:
|
||||
- caddy
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||
# if you add dependencies to this list.
|
14
tasks/create_user.yml
Normal file
14
tasks/create_user.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: "Create Caddy Group"
|
||||
group:
|
||||
name: "{{ caddy_group }}"
|
||||
system: true
|
||||
state: "present"
|
||||
|
||||
- name: "Create Caddy user"
|
||||
ansible.builtin.user:
|
||||
name: "{{ caddy_user }}"
|
||||
comment: "Caddy user"
|
||||
home: "{{ caddy_home }}"
|
||||
shell: "/bin/false"
|
||||
system: true
|
68
tasks/install.yml
Normal file
68
tasks/install.yml
Normal file
@ -0,0 +1,68 @@
|
||||
---
|
||||
- block:
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
cache_valid_time: 3600
|
||||
update_cache: true
|
||||
register: _pre_update_apt_cache
|
||||
until: _pre_update_apt_cache is succeeded
|
||||
when:
|
||||
- ansible_pkg_mgr == "apt"
|
||||
|
||||
- name: Install dependencies
|
||||
package:
|
||||
name: "{{ caddy_dependencies }}"
|
||||
state: present
|
||||
register: _install_dep_packages
|
||||
until: _install_dep_packages is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
- block:
|
||||
- name: Download caddy archive
|
||||
get_url:
|
||||
url: "{{ caddy_dl_url }}.tar.gz"
|
||||
dest: "/tmp/caddy-{{ caddy_version }}-linux-{{ caddy_arch }}.tar.gz"
|
||||
register: _download_archive
|
||||
until: _download_archive is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Download caddy checksum.txt
|
||||
get_url:
|
||||
url: "{{ caddy_dl_url_checksum }}"
|
||||
dest: "/tmp/caddy_{{ caddy_version }}_checksums.txt"
|
||||
register: _download_checksums_txt
|
||||
until: _download_checksums_txt is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Download caddy checksum.txt.pem
|
||||
get_url:
|
||||
url: "{{ caddy_dl_url_checksum }}.pem"
|
||||
dest: "/tmp/caddy_{{ caddy_version }}_checksums.txt.pem"
|
||||
register: _download_checksums_txt_pem
|
||||
until: _download_checksums_txt_pem is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
- name: Download caddy checksum.txt.sig
|
||||
get_url:
|
||||
url: "{{ caddy_dl_url_checksum }}.sig"
|
||||
dest: "/tmp/caddy_{{ caddy_version }}_checksums.txt.sig"
|
||||
register: _download_checksums_txt_sig
|
||||
until: _download_checksums_txt_pem is succeeded
|
||||
retries: 5
|
||||
delay: 2
|
||||
|
||||
# TODO verify checksum with cosign (need to be installed (dependency))
|
||||
|
||||
- name: Unpack caddy binary
|
||||
unarchive:
|
||||
remote_src: yes
|
||||
src: "/tmp/caddy-{{ caddy_version }}-linux-{{ caddy_arch }}.tar.gz"
|
||||
dest: "/usr/local/bin"
|
||||
mode: 0755
|
||||
owner: root
|
||||
group: root
|
||||
notify: "Restart caddy"
|
||||
when: (not caddy_version_check|bool) or (caddy_active_version.stdout != caddy_version)
|
11
tasks/install_systemd.yml
Normal file
11
tasks/install_systemd.yml
Normal file
@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: "Setup systemd service"
|
||||
ansible.builtin.template:
|
||||
src: caddy.service.j2
|
||||
dest: /lib/systemd/system/caddy.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify:
|
||||
- "Reload systemd"
|
||||
- "Restart caddy"
|
45
tasks/main.yml
Normal file
45
tasks/main.yml
Normal file
@ -0,0 +1,45 @@
|
||||
---
|
||||
- name: Gather variables for each operating system
|
||||
include_vars: "{{ ansible_distribution | lower }}.yml"
|
||||
|
||||
- name: "Check caddy version"
|
||||
ansible.builtin.shell: "set -eo pipefail; caddy version | cut -d' ' -f 1 | cut -d'v' -f 2"
|
||||
args:
|
||||
executable: /bin/bash
|
||||
register: caddy_active_version
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
when: caddy_version_check|bool
|
||||
|
||||
- include_tasks: "create_user.yml"
|
||||
|
||||
- include_tasks: "install.yml"
|
||||
|
||||
- include_tasks: install_systemd.yml
|
||||
when: ansible_service_mgr == "systemd"
|
||||
|
||||
- name: "Create config and data directory"
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ caddy_user }}"
|
||||
group: "{{ caddy_group }}"
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- "/etc/caddy"
|
||||
|
||||
- name: "Configure caddy"
|
||||
ansible.builtin.template:
|
||||
src: Caddyfile.j2
|
||||
dest: /etc/caddy/Caddyfile
|
||||
owner: "{{ caddy_user }}"
|
||||
group: "{{ caddy_group }}"
|
||||
mode: 0600
|
||||
notify: "Restart caddy"
|
||||
|
||||
- name: "Service caddy"
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
state: started
|
||||
enabled: true
|
||||
when: ansible_service_mgr == "systemd"
|
27
templates/Caddyfile.j2
Normal file
27
templates/Caddyfile.j2
Normal file
@ -0,0 +1,27 @@
|
||||
{
|
||||
{% if caddy_caddyfile.global.debug | default(false) %}
|
||||
debug
|
||||
{% endif %}
|
||||
http_port {{ caddy_caddyfile.global.http | default('80') }}
|
||||
https_port {{ caddy_caddyfile.global.https | default('443') }}
|
||||
storage file_system {{ caddy_home }}
|
||||
{% if caddy_caddyfile.global.acme.dns.provider is defined %}
|
||||
acme_dns: {{ caddy_caddyfile.global.acme.dns.provider }} {{ caddy_caddyfile.global.acme.dns.token | default('') }}
|
||||
{% endif %}
|
||||
{% if caddy_caddyfile.global.acme.issuer is defined %}
|
||||
cert_issuer: {{ caddy_caddyfile.global.acme.issuer }} {{ caddy_caddyfile.global.acme.token | default('') }}
|
||||
{% endif %}
|
||||
{% if caddy_caddyfile.global.acme.email is defined %}
|
||||
email: {{ caddy_caddyfile.global.acme.email }}
|
||||
{% endif %}
|
||||
admin off
|
||||
}
|
||||
{% for domain in caddy_caddyfile.domains %}
|
||||
{{ domain.domain }} {
|
||||
{% if domain.reverse_proxy %}
|
||||
reverse_proxy {{ domain.reverse_proxy.targets | join(" ") }} {
|
||||
lb_policy {{ domain.reverse_proxy.lb_policy }}
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
39
templates/caddy.service.j2
Normal file
39
templates/caddy.service.j2
Normal file
@ -0,0 +1,39 @@
|
||||
# Example from https://github.com/caddyserver/dist/blob/master/init/caddy.service
|
||||
# caddy.service
|
||||
#
|
||||
# For using Caddy with a config file.
|
||||
#
|
||||
# Make sure the ExecStart and ExecReload commands are correct
|
||||
# for your installation.
|
||||
#
|
||||
# See https://caddyserver.com/docs/install for instructions.
|
||||
#
|
||||
# WARNING: This service does not use the --resume flag, so if you
|
||||
# use the API to make changes, they will be overwritten by the
|
||||
# Caddyfile next time the service is restarted. If you intend to
|
||||
# use Caddy's API to configure it, add the --resume flag to the
|
||||
# `caddy run` command or use the caddy-api.service file instead.
|
||||
|
||||
[Unit]
|
||||
Description=Caddy
|
||||
Documentation=https://caddyserver.com/docs/
|
||||
After=network.target
|
||||
After=network-online.target
|
||||
Requires=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
User=caddy
|
||||
Group=caddy
|
||||
ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
||||
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
|
||||
TimeoutStopSec=5s
|
||||
LimitNOFILE=1048576
|
||||
LimitNPROC=512
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=true
|
||||
ProtectSystem=full
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
1
tests/inventory
Normal file
1
tests/inventory
Normal file
@ -0,0 +1 @@
|
||||
192.168.1.142
|
14
tests/test.yml
Normal file
14
tests/test.yml
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
- hosts: all
|
||||
remote_user: root
|
||||
roles:
|
||||
- role-caddy
|
||||
vars:
|
||||
caddy_caddyfile:
|
||||
global:
|
||||
domains:
|
||||
- domain: 192.168.1.142
|
||||
reverse_proxy:
|
||||
targets:
|
||||
- "localhost:3000"
|
||||
lb_policy: "least_conn"
|
2
vars/debian.yml
Normal file
2
vars/debian.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
caddy_dependencies: []
|
10
vars/main.yml
Normal file
10
vars/main.yml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
caddy_go_arch_map:
|
||||
i386: '386'
|
||||
x86_64: 'amd64'
|
||||
aarch64: 'arm64'
|
||||
armv7l: 'arm-6'
|
||||
armv6l: 'arm-6'
|
||||
armv5l: 'arm-5'
|
||||
|
||||
caddy_arch: "{{ caddy_go_arch_map[ansible_architecture] | default(ansible_architecture) }}"
|
Loading…
Reference in New Issue
Block a user