aligned_layer/infra/ansible/playbooks/caddy.yaml at 4e711de89c86bcb0dafe0622a37f19c9f24aee8a · yetanotherco/aligned_layer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
- name: Caddy Setup
  hosts: "{{ host }}"

  tasks:
  - name: Allow http/https traffic on UFW
    become: true
    ufw:
      rule: allow
      state: enabled
      port: '{{ item }}'
    loop:
      - http
      - https
    vars:
      ansible_ssh_user: "{{ admin_user }}"

  - name: Install dependencies for Caddy
    become: true
    apt:
      name:
        - debian-keyring
        - debian-archive-keyring
        - apt-transport-https
        - curl
      state: present
      update_cache: yes
    vars:
      ansible_ssh_user: "{{ admin_user }}"

  - name: Download and install Caddy GPG key
    shell:
      cmd: curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
      creates: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
    vars:
      ansible_ssh_user: "{{ admin_user }}"

  - name: Add Caddy repository
    shell:
      cmd: curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
      creates: /etc/apt/sources.list.d/caddy-stable.list
    vars:
      ansible_ssh_user: "{{ admin_user }}"

  - name: Install Caddy
    become: true
    apt:
      update_cache: yes
      name: caddy
      state: present
    vars:
      ansible_ssh_user: "{{ admin_user }}"

  - name: Add caddyfile config
    become: true
    template:
      src: caddy/Caddyfile.{{ host }}.j2
      dest: /etc/caddy/Caddyfile
    vars:
      ansible_ssh_user: "{{ admin_user }}"
      caddy_metrics_url: "{{ lookup('ini', 'caddy_metrics_url', file=ini_file) }}"
      caddy_telemetry_url: "{{ lookup('ini', 'caddy_telemetry_url', file=ini_file) }}"
      caddy_jaeger_url: "{{ lookup('ini', 'caddy_jaeger_url', file=ini_file) }}"

  - name: Enable caddy
    become: true
    systemd_service:
      name: caddy
      enabled: true
      state: started
    vars:
      ansible_ssh_user: "{{ admin_user }}"