GregoryDosh
b80cd5a4b9
All checks were successful
Update Version / Update Version (push) Successful in 7s
98 lines
3.1 KiB
YAML
98 lines
3.1 KiB
YAML
# Ansible Roles for managing Auengun.net Infrastructure & Testing/Learning.
|
|
# Source available at git.auengun.net/homelab/ansible-collection
|
|
# Copyright (C) 2023 GregoryDosh
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
# SPDX-FileCopyrightText: 2023 GregoryDosh
|
|
---
|
|
- name: Ensure config paths exist
|
|
become: true
|
|
when: item is not mapping
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: caddy
|
|
group: caddy
|
|
mode: "0770"
|
|
state: directory
|
|
with_items:
|
|
- /etc/caddy
|
|
|
|
- name: Ensure config paths empty
|
|
become: true
|
|
when: item is not mapping
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/caddy/acme_step_pki
|
|
- /etc/caddy/waf
|
|
|
|
- name: Config - Caddyfile & Extensions
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: caddy
|
|
group: caddy
|
|
mode: "0640"
|
|
register: _caddy_caddyfile_paths
|
|
with_items:
|
|
- {
|
|
src: "{{ CADDY_CADDYFILE_BASIC_RATELIMIT }}",
|
|
dest: "/etc/caddy/basic_ratelimit",
|
|
}
|
|
- { src: "{{ CADDY_CADDYFILE_CORS }}", dest: "/etc/caddy/cors" }
|
|
- {
|
|
src: "{{ CADDY_CADDYFILE_AUTHENTIK_AUTH_PROXY }}",
|
|
dest: "/etc/caddy/authentik_auth_proxy",
|
|
}
|
|
- { src: "{{ CADDY_CADDYFILE_GLOBALS }}", dest: "/etc/caddy/globals" }
|
|
- { src: "{{ CADDY_CADDYFILE_LOCAL_SRC }}", dest: "/etc/caddy/Caddyfile" }
|
|
- {
|
|
src: "{{ CADDY_CADDYFILE_REDIRECT_BAD_ACTORS }}",
|
|
dest: "/etc/caddy/redirect_bad_actors",
|
|
}
|
|
- { src: "{{ CADDY_CADDYFILE_ROBOTS_TXT }}", dest: "/etc/caddy/robots.txt" }
|
|
- {
|
|
src: "{{ CADDY_CADDYFILE_SECURITY_TXT }}",
|
|
dest: "/etc/caddy/security.txt",
|
|
}
|
|
- {
|
|
src: "{{ CADDY_CADDYFILE_WELLKNOWN_SECURITY }}",
|
|
dest: "/etc/caddy/wellknown_security",
|
|
}
|
|
- { src: "{{ CADDY_CADDYFILE_WS }}", dest: "/etc/caddy/ws" }
|
|
- { src: "{{ CADDY_ROOT_CA }}", dest: "/etc/caddy/ca-root.crt" }
|
|
notify:
|
|
- "Restart caddy"
|
|
|
|
- name: Template caddy systemd service into place
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: "{{ role_path }}/templates/caddy.service.j2"
|
|
dest: "/etc/systemd/system/caddy.service"
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
register: _caddy_service_template
|
|
notify:
|
|
- "Restart caddy"
|
|
|
|
- name: Force systemd daemon reload
|
|
when: (_caddy_service_template.changed or _caddy_caddyfile_paths.changed)
|
|
become: true
|
|
ansible.builtin.systemd_service:
|
|
daemon_reload: true
|