# Install and configure caddy reverse proxy --- - name: create caddy group become: true ansible.builtin.group: name: "{{ caddy.group | default('caddy') }}" state: present system: true tags: - http - caddy - proxy - user_group - name: create caddy user become: true ansible.builtin.user: comment: caddy server user create_home: true group: "{{ caddy.group | default('caddy') }}" name: "{{ caddy.user | default('caddy') }}" state: present system: true password_lock: true shell: /sbin/nologin tags: - http - caddy - proxy - user_group - name: install caddy binary become: true ansible.builtin.copy: dest: /usr/local/bin/caddy group: root owner: root mode: '0755' setype: bin_t src: caddy/caddy tags: - http - caddy - proxy - binary - name: install caddy systemd service become: true ansible.builtin.template: backup: true dest: /etc/systemd/system/caddy.service group: root owner: root mode: '0640' setype: systemd_unit_file_t src: caddy/caddy.service.j2 vars: domain_name: "{{ nextcloud.domain_name }}" user: "{{ caddy.user | default('caddy') }}" group: "{{ caddy.group | default('caddy') }}" envfile: "{{ caddy.envfile | default(omit) }}" cmdpath: /usr/local/bin/caddy extra_args: --environ configfile: "{{ caddy.configfile | default('/etc/caddy/Caddyfile') }}" timeout: 5s capabilities: CAP_NET_ADMIN CAP_NET_BIND_SERVICE tags: - http - caddy - proxy - service - config - name: install Caddyfile become: true ansible.builtin.template: backup: true dest: /etc/caddy/Caddyfile group: "{{ caddy.group | default('caddy') }}" owner: "{{ caddy.user | default('caddy') }}" mode: '0640' setype: etc_t src: caddy/Caddyfile.j2 tags: - http - caddy - proxy - config - name: install .env file become: true when: - caddy.env_vars is defined - caddy.envfile is defined ansible.builtin.copy: dest: "{{ caddy.envfile }}" group: root owner: root mode: '0600' setype: etc_t content: | {{ caddy.env_vars }} tags: - caddy