64 lines
1.7 KiB
YAML
64 lines
1.7 KiB
YAML
---
|
|
- name: Deploy Caddy
|
|
hosts: all
|
|
tasks:
|
|
- name: Ensure group "caddy" exists
|
|
ansible.builtin.group:
|
|
name: caddy
|
|
state: present
|
|
|
|
- name: Ensure user "caddy" exists
|
|
user:
|
|
name: caddy
|
|
system: yes
|
|
shell: /usr/sbin/nologin
|
|
|
|
- name: Copy Caddy binary
|
|
copy:
|
|
src: caddy
|
|
dest: /usr/local/bin/caddy
|
|
mode: "0755"
|
|
|
|
- name: Check if systemd unit file exists
|
|
stat:
|
|
path: /etc/systemd/system/caddy.service
|
|
register: systemd_unit_file
|
|
|
|
- name: Create systemd unit file for Caddy
|
|
copy:
|
|
dest: /etc/systemd/system/caddy.service
|
|
content: |
|
|
# caddy.service
|
|
# See: https://github.com/caddyserver/dist/blob/master/init/caddy.service
|
|
[Unit]
|
|
Description=Caddy
|
|
Documentation=https://caddyserver.com/docs/
|
|
After=network.target network-online.target
|
|
Requires=network-online.target
|
|
|
|
[Service]
|
|
Type=notify
|
|
User=caddy
|
|
Group=caddy
|
|
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
|
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
|
|
TimeoutStopSec=5s
|
|
LimitNOFILE=1048576
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
when: not systemd_unit_file.stat.exists
|
|
|
|
- name: Enable and start Caddy service
|
|
systemd:
|
|
name: caddy
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Restart Caddy service
|
|
systemd:
|
|
name: caddy
|
|
state: reloaded
|