102 lines
2.4 KiB
YAML
102 lines
2.4 KiB
YAML
- name: Install dependencies
|
|
apt:
|
|
name:
|
|
- apt-transport-https
|
|
- golang
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Make config directory
|
|
ansible.builtin.file:
|
|
dest: "/etc/caddy"
|
|
state: directory
|
|
mode: '0777'
|
|
|
|
- name: Download and install XCaddy GPG key
|
|
ansible.builtin.shell:
|
|
cmd: >
|
|
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' |
|
|
gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
|
|
args:
|
|
creates: /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
|
|
become: true
|
|
|
|
- name: Add XCaddy repository list
|
|
ansible.builtin.get_url:
|
|
url: https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt
|
|
dest: /etc/apt/sources.list.d/caddy-xcaddy.list
|
|
mode: '0644'
|
|
force: true
|
|
|
|
- name: Update apt cache
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
|
|
- name: Install xcaddy
|
|
ansible.builtin.apt:
|
|
name: xcaddy
|
|
state: present
|
|
|
|
- name: Build Caddy with Cloudflare DNS plugin
|
|
ansible.builtin.shell: |
|
|
xcaddy build \
|
|
--with github.com/caddy-dns/cloudflare \
|
|
--with github.com/mholt/caddy-dynamicdns \
|
|
--output /usr/local/bin/caddy
|
|
args:
|
|
creates: /usr/local/bin/caddy
|
|
|
|
- name: Create systemd service for custom Caddy binary
|
|
ansible.builtin.copy:
|
|
dest: /etc/systemd/system/caddy.service
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
content: |
|
|
[Unit]
|
|
Description=Caddy
|
|
|
|
[Service]
|
|
User=root
|
|
Group=root
|
|
ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
|
|
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
|
|
TimeoutStopSec=5s
|
|
LimitNOFILE=1048576
|
|
Restart=on-failure
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- name: Unmask Caddy service
|
|
ansible.builtin.systemd:
|
|
name: caddy
|
|
masked: false
|
|
|
|
- name: Allow Caddy to bind to ports <1024
|
|
command: setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy
|
|
|
|
- name: Reload systemd to pick up caddy.service changes
|
|
ansible.builtin.systemd:
|
|
daemon_reload: true
|
|
|
|
- name: Set resolv.conf DNS
|
|
ansible.builtin.copy:
|
|
dest: /etc/resolv.conf
|
|
content: |
|
|
nameserver 1.1.1.1
|
|
nameserver 8.8.8.8
|
|
force: true
|
|
|
|
- name: Restart systemd-resolved
|
|
systemd:
|
|
name: systemd-resolved
|
|
state: restarted
|
|
enabled: true
|
|
|
|
- name: Enable and start Caddy service
|
|
ansible.builtin.systemd:
|
|
name: caddy
|
|
enabled: true
|
|
state: started
|