cloudserve-infrastructure/roles/caddy/tasks/main.yml

---
# install caddy as a docker stack

- name: Ensure Caddyfile directory exists
  ansible.builtin.file:
    path: "{{ caddy_caddyfile_dir }}"
    state: directory
    mode: '0755'
  become: true
  tags: 
    - fs

- name: Ensure Caddyfile exists
  ansible.builtin.template:
    src: config.json.j2
    dest: "{{ caddy_caddyfile_dir }}/config.json"
    validate: "docker run --rm -v %s:/config.json peterdavehello/jsonlint jsonlint -q /config.json"
  become: true
  tags:
    - fs

- name: Deploy caddy to swarm
  community.general.docker_stack:
    name: "{{ caddy_stack.name }}"
    state: present
    prune: yes
    compose:
      - "{{ caddy_stack.compose }}"
  when: caddy_stack is defined
  become: yes
  tags:
    - docker-swarm

- name: Get caddy container info
  ansible.builtin.command:
    cmd: docker ps -q -f name={{ caddy_stack.name }}
  become: yes
  # bringing up the container takes some time, we have to wait
  until: caddy_container_info['rc'] == 0 and caddy_container_info['stdout'] | length >= 1
  retries: 5
  delay: 10
  changed_when: False
  register: caddy_container_info

- name: Register caddy container id
  ansible.builtin.set_fact: caddy_container_id={{ caddy_container_info['stdout'] }}
  notify: 
    - debug caddy container

# FIXME this should be taken care of in Dockerfile not here
- name: Ensure caddy curl available
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
      apk add curl
  become: yes
  register: result
  changed_when: "'Installing' in result.stdout"

- name: Ensure caddy api is responsive
  community.docker.docker_container_exec:
    container: "{{ caddy_container_id }}"
    command: >
      curl localhost:2019/config/
  become: yes
  until: result.rc == 0
  when: caddy_use_api == True
  changed_when: False
  register: result

# TODO FIXME UP
# - name: Allow access to services
#   firewalld:
#     service: "{{ item }}"
#     permanent: true
#     state: enabled
#   with_items:
#     - http
#     - https
#   become: true
#   tags:
#     - firewall