Extract caddy to separate playbook

2024-12-21 15:38:54 +03:00 · 2024-12-21 15:38:54 +03:00 · 03db3241b3
commit 03db3241b3
parent cd86348f88
4 changed files with 38 additions and 52 deletions
--- a/playbook-caddy.yml
+++ b/playbook-caddy.yml
@ -0,0 +1,27 @@
 ---
 - name: 'Install and configure Caddy server'
  hosts: all
  vars_files:
    - vars/ports.yml
    - vars/vars.yml
  tasks:
    - name: 'Ensure networkd service is started (required by Caddy).'
      ansible.builtin.systemd:
        name: systemd-networkd
        state: started
        enabled: true
    - name: 'Install and configure Caddy server'
      ansible.builtin.import_role:
        name: caddy_ansible.caddy_ansible
      vars:
        caddy_github_token: '{{ caddy_vars.github_token }}'
        caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
        caddy_setcap: true
        caddy_systemd_capabilities_enabled: true
        caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
        # Поменяй на true, чтобы обновить Caddy
        caddy_update: false
--- a/playbook-configuration.yml
+++ b/playbook-configuration.yml
@ -7,26 +7,6 @@
  tasks:
    - name: 'Ensure networkd service is started (required by Caddy).'
      systemd:
        name: systemd-networkd
        state: started
        enabled: true
      tags:
        - webserver
    - import_role:
        name: caddy_ansible.caddy_ansible
      vars:
        caddy_github_token: '{{ caddy_vars.github_token }}'
        caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
        caddy_update: False
        caddy_setcap: True
        caddy_systemd_capabilities_enabled: True
        caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
      tags:
        - webserver
    # Applications
    - import_role:
--- a/playbook-upgrade.yml
+++ b/playbook-upgrade.yml
@ -10,18 +10,18 @@
    - name: Perform an upgrade of packages
      ansible.builtin.apt:
        upgrade: 'yes'
-        update_cache: yes
+        update_cache: true
    - name: Check if a reboot is required
      ansible.builtin.stat:
        path: /var/run/reboot-required
-        get_checksum: no
+        get_checksum: false
      register: reboot_required_file
    - name: Reboot the server (if required)
      ansible.builtin.reboot:
-      when: reboot_required_file.stat.exists == true
+      when: reboot_required_file.stat.exists
    - name: Remove dependencies that are no longer required
      ansible.builtin.apt:
-        autoremove: yes
+        autoremove: true
--- a/templates/Caddyfile.j2
+++ b/templates/Caddyfile.j2
@ -7,18 +7,9 @@
 }
 # -------------------------------------------------------------------
-# Proxy services
+# Netdata service
 # -------------------------------------------------------------------
 vakhrushev.me {
    tls anwinged@ya.ru
    reverse_proxy {
        to 127.0.0.1:{{ homepage_port }}
    }
 }
 # NetData proxy
 status.vakhrushev.me, :29999 {
    tls anwinged@ya.ru
@ -31,27 +22,15 @@ status.vakhrushev.me, :29999 {
    }
 }
-wiki.vakhrushev.me {
+# -------------------------------------------------------------------
 # Applications
 # -------------------------------------------------------------------
 vakhrushev.me {
    tls anwinged@ya.ru
    reverse_proxy {
-        to 127.0.0.1:{{ wiki_port }}
+        to 127.0.0.1:{{ homepage_port }}
    }
 }
 nomie.vakhrushev.me {
    tls anwinged@ya.ru
    reverse_proxy {
        to 127.0.0.1:{{ nomie_port }}
    }
 }
 nomie-db.vakhrushev.me {
    tls anwinged@ya.ru
    reverse_proxy {
        to 127.0.0.1:{{ nomie_db_port }}
    }
 }