--- - name: Deploy Caddy hosts: all tasks: - name: Ensure group "caddy" exists ansible.builtin.group: name: caddy state: present - name: Ensure user "caddy" exists ansible.builtin.user: name: caddy system: true shell: /usr/sbin/nologin home: /var/lib/caddy create_home: true group: caddy - name: Ensure directory "/etc/caddy" exists ansible.builtin.file: path: /etc/caddy state: directory mode: "0755" owner: root group: root - name: Ensure file "/etc/caddy/Caddyfile" exists ansible.builtin.file: path: /etc/caddy/Caddyfile state: touch mode: "0644" owner: caddy group: caddy - name: Ensure file "/etc/caddy/.env" exists" ansible.builtin.file: path: /etc/caddy/.env state: touch mode: "0600" owner: caddy group: caddy - name: Copy Caddy binary ansible.builtin.copy: src: caddy dest: /usr/bin/caddy mode: "0755" owner: root group: root - name: Check if systemd unit file exists ansible.builtin.stat: path: /etc/systemd/system/caddy.service register: systemd_unit_file - name: Create systemd unit file for Caddy ansible.builtin.copy: dest: /etc/systemd/system/caddy.service mode: "0644" owner: root group: root content: | # caddy.service # See: https://github.com/caddyserver/dist/blob/master/init/caddy.service [Unit] Description=Caddy Documentation=https://caddyserver.com/docs/ After=network.target network-online.target Requires=network-online.target [Service] Type=notify User=caddy Group=caddy ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force TimeoutStopSec=5s LimitNOFILE=1048576 PrivateTmp=true ProtectSystem=full AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target when: not systemd_unit_file.stat.exists - name: Enable and start Caddy service ansible.builtin.systemd: name: caddy enabled: true state: started - name: Restart Caddy service ansible.builtin.systemd: name: caddy state: reloaded