make the packages role more generic

2025-01-18 09:24:11 -07:00
parent 3d466e64c7
commit 333ee4c3f5
112 changed files with 1610 additions and 3 deletions
--- a/files/caddy/caddy.yml
+++ b/files/caddy/caddy.yml
@@ -0,0 +1,104 @@
+# Install and configure caddy reverse proxy
+---
+- name: create caddy group
+  become: true
+  ansible.builtin.group:
+    name: "{{ caddy.group | default('caddy') }}"
+    state: present
+    system: true
+  tags:
+    - http
+    - caddy
+    - proxy
+    - user_group
+
+- name: create caddy user
+  become: true
+  ansible.builtin.user:
+    comment: caddy server user
+    create_home: true
+    group: "{{ caddy.group | default('caddy') }}"
+    name: "{{ caddy.user | default('caddy') }}"
+    state: present
+    system: true
+    password_lock: true
+    shell: /sbin/nologin
+  tags:
+    - http
+    - caddy
+    - proxy
+    - user_group
+
+- name: install caddy binary
+  become: true
+  ansible.builtin.copy:
+    dest: /usr/local/bin/caddy
+    group: root
+    owner: root
+    mode: '0755'
+    setype: bin_t
+    src: caddy/caddy
+  tags:
+    - http
+    - caddy
+    - proxy
+    - binary
+
+- name: install caddy systemd service
+  become: true
+  ansible.builtin.template:
+    backup: true
+    dest: /etc/systemd/system/caddy.service
+    group: root
+    owner: root
+    mode: '0640'
+    setype: systemd_unit_file_t
+    src: caddy/caddy.service.j2
+  vars:
+    domain_name: "{{ nextcloud.domain_name }}"
+    user: "{{ caddy.user | default('caddy') }}"
+    group: "{{ caddy.group | default('caddy') }}"
+    envfile: "{{ caddy.envfile | default(omit) }}"
+    cmdpath: /usr/local/bin/caddy
+    extra_args: --environ
+    configfile: "{{ caddy.configfile | default('/etc/caddy/Caddyfile') }}"
+    timeout: 5s
+    capabilities: CAP_NET_ADMIN CAP_NET_BIND_SERVICE
+  tags:
+    - http
+    - caddy
+    - proxy
+    - service
+    - config
+
+- name: install Caddyfile
+  become: true
+  ansible.builtin.template:
+    backup: true
+    dest: /etc/caddy/Caddyfile
+    group: "{{ caddy.group | default('caddy') }}"
+    owner: "{{ caddy.user | default('caddy') }}"
+    mode: '0640'
+    setype: etc_t
+    src: caddy/Caddyfile.j2
+  tags:
+    - http
+    - caddy
+    - proxy
+    - config
+
+- name: install .env file
+  become: true
+  when:
+    - caddy.env_vars is defined
+    - caddy.envfile is defined
+  ansible.builtin.copy:
+    dest: "{{ caddy.envfile }}"
+    group: root
+    owner: root
+    mode: '0600'
+    setype: etc_t
+    content: |
+      {{ caddy.env_vars }}
+  tags:
+    - caddy