diff --git a/roles/caddy/defaults/main.yml b/roles/caddy/defaults/main.yml index 60500e2..99ae431 100644 --- a/roles/caddy/defaults/main.yml +++ b/roles/caddy/defaults/main.yml @@ -10,5 +10,3 @@ caddy_use_https: yes caddy_tls_use_staging: no # caddy_email: your@email.here -# sets up a quick test server on port 80 to see if the container is set up correctly -caddy_create_test_file_server: no diff --git a/roles/caddy/tasks/main.yml b/roles/caddy/tasks/main.yml index c40d83a..d3a345a 100644 --- a/roles/caddy/tasks/main.yml +++ b/roles/caddy/tasks/main.yml @@ -12,9 +12,9 @@ - name: Ensure Caddyfile exists ansible.builtin.template: - src: Caddyfile.j2 - dest: "{{ caddy_caddyfile_dir }}/Caddyfile" - validate: "docker run --rm -v %s:/Caddyfile caddy caddy validate --config /Caddyfile" + src: config.json.j2 + dest: "{{ caddy_caddyfile_dir }}/config.json" + validate: "docker run --rm -v %s:/config.json peterdavehello/jsonlint jsonlint -q /config.json" become: true tags: - fs diff --git a/roles/caddy/templates/Caddyfile.j2 b/roles/caddy/templates/Caddyfile.j2 deleted file mode 100644 index 864da41..0000000 --- a/roles/caddy/templates/Caddyfile.j2 +++ /dev/null @@ -1,29 +0,0 @@ -{ -{%- if caddy_email is not undefined and not none %} - email "{{ caddy_email }}" -{% endif %} - -{% if caddy_tls_use_staging is sameas true %} - acme_ca https://acme-staging-v02.api.letsencrypt.org/directory -{% endif %} - -{% if caddy_use_debug is sameas true %} - debug -{% endif %} -{% if caddy_use_api is sameas false %} - admin off -{% endif %} - -{% if caddy_use_https is sameas false %} - auto_https off -{% endif %} -} - -{% if caddy_create_test_file_server is sameas true %} -:80 { - file_server { - browse - } -} -{% endif %} - diff --git a/roles/caddy/templates/config.json.j2 b/roles/caddy/templates/config.json.j2 new file mode 100644 index 0000000..ea70f49 --- /dev/null +++ b/roles/caddy/templates/config.json.j2 @@ -0,0 +1,79 @@ +{ +{% if caddy_use_api is sameas false %} + "admin": { + "disabled": true + }, +{% endif %} +{% if caddy_use_debug is sameas true %} + "logging": { + "logs": { + "default": { + "level": "DEBUG" + } + } + }, +{% endif %} + "apps": { + "http": { + "servers": { + "{{ caddy_http_server_name }}": { + "listen": [ + ":80" + ], + "routes": [] +{% if caddy_use_https is sameas true %}, + "automatic_https": { + "disable": true + } +{% endif %} + }, + "{{ caddy_https_server_name }}": { + "listen": [ + ":443" + ], + "routes": [] +{% if caddy_use_https is sameas true %}, + "automatic_https": { + "disable": true + } +{% endif %} + } + } + } +{% if caddy_use_https is sameas true %}, + "tls": { + "automation": { + "policies": [ + { + "subjects": [], + "issuers": [ + {% if caddy_tls_use_staging is sameas true %} + { + "ca": "https://acme-staging-v02.api.letsencrypt.org/directory", + {%- if caddy_email is not undefined and not none %} + "email": "{{ caddy_email }}", + {% endif %} + "module": "acme" + } + {% else %} + { + {%- if caddy_email is not undefined and not none %} + "email": "{{ caddy_email }}", + {% endif %} + "module": "acme" + }, + { + {%- if caddy_email is not undefined and not none %} + "email": "{{ caddy_email }}", + {% endif %} + "module": "zerossl" + } + {% endif %} + ] + } + ] + } + } +{% endif %} + } +} diff --git a/roles/caddy/templates/docker-stack.yml.j2 b/roles/caddy/templates/docker-stack.yml.j2 index cbfcd5b..81bd1f6 100644 --- a/roles/caddy/templates/docker-stack.yml.j2 +++ b/roles/caddy/templates/docker-stack.yml.j2 @@ -3,6 +3,7 @@ version: "3.7" services: app: image: caddy:{{ caddy_version }} + command: caddy run --config /etc/caddy/config.json ports: - "80:80" - "443:443" diff --git a/roles/caddy/vars/main.yml b/roles/caddy/vars/main.yml index 69cf612..f3bcca6 100644 --- a/roles/caddy/vars/main.yml +++ b/roles/caddy/vars/main.yml @@ -3,3 +3,6 @@ caddy_stack: name: caddy compose: "{{ lookup('template', 'docker-stack.yml.j2') | from_yaml }}" + +caddy_http_server_name: http +caddy_https_server_name: https