109 lines
2.9 KiB
YAML
109 lines
2.9 KiB
YAML
- name: Update default SELinux contexts.
|
|
community.general.sefcontext:
|
|
target: "{{ item }}(/.*)?"
|
|
setype: "container_file_t"
|
|
selevel: "{{ caddy_selinux_level }}"
|
|
state: present
|
|
loop:
|
|
- "{{ caddy_install_dir }}/config"
|
|
- "{{ caddy_install_dir }}/data"
|
|
- "{{ caddy_install_dir }}/srv"
|
|
become: true
|
|
notify: "caddy selinux context changed"
|
|
|
|
- name: Create caddy directories.
|
|
ansible.builtin.file:
|
|
path: "{{ caddy_install_dir }}"
|
|
state: directory
|
|
mode: "0700"
|
|
owner: "root"
|
|
group: "root"
|
|
become: true
|
|
|
|
- name: Ensure caddy directories and configs exist.
|
|
block:
|
|
- name: Stat caddy config directory.
|
|
ansible.builtin.stat:
|
|
path: "{{ caddy_install_dir }}/config"
|
|
become: true
|
|
register: caddy_stat_config_dir
|
|
|
|
- name: Create caddy directories.
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
|
|
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
|
|
mode: "0700"
|
|
loop:
|
|
- path: "{{ caddy_install_dir }}/config"
|
|
- path: "{{ caddy_install_dir }}/data"
|
|
- path: "{{ caddy_install_dir }}/srv"
|
|
become: true
|
|
|
|
- name: Deploy caddy configs.
|
|
ansible.builtin.template:
|
|
src: Caddyfile.j2
|
|
dest: "{{ caddy_install_dir }}/config/Caddyfile"
|
|
mode: "0600"
|
|
owner: "{{ caddy_stat_config_dir.stat.uid | default('root') }}"
|
|
group: "{{ caddy_stat_config_dir.stat.gid | default('root') }}"
|
|
become: true
|
|
notify: "caddy config changed"
|
|
|
|
- name: Ensure container image is present on the host.
|
|
containers.podman.podman_image:
|
|
name: "{{ caddy_container_image }}"
|
|
state: present
|
|
tag: "{{ caddy_image_tag }}"
|
|
become: true
|
|
|
|
- name: Allow http and https.
|
|
ansible.posix.firewalld:
|
|
service: "{{ item }}"
|
|
zone: public
|
|
permanent: true
|
|
immediate: true
|
|
state: enabled
|
|
loop:
|
|
- http
|
|
- https
|
|
become: true
|
|
|
|
# Ref: https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
|
|
- name: Set maximum udp send/receive buffer size to around 2,5MB for quic.
|
|
ansible.posix.sysctl:
|
|
name: "{{ item.name }}"
|
|
value: 2500000
|
|
sysctl_set: true
|
|
state: present
|
|
reload: true
|
|
loop:
|
|
- name: net.core.rmem_max
|
|
- name: net.core.wmem_max
|
|
become: true
|
|
|
|
- name: Create caddy container / network file.
|
|
ansible.builtin.template:
|
|
src: "{{ item.src }}"
|
|
dest: "{{ item.dest }}"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0644"
|
|
loop:
|
|
- src: caddy.container.j2
|
|
dest: /etc/containers/systemd/caddy.container
|
|
- src: caddy.network.j2
|
|
dest: /etc/containers/systemd/caddy.network
|
|
become: true
|
|
notify: "caddy service changed"
|
|
|
|
- name: Flush handlers.
|
|
ansible.builtin.meta: flush_handlers
|
|
|
|
- name: Start and enable caddy service.
|
|
ansible.builtin.systemd:
|
|
state: started
|
|
enabled: true
|
|
name: "caddy"
|
|
become: true
|