personal_infra/ansible/services/caddy_playbook.yml

- name: Install and configure Caddy on Debian 12
  hosts: vipy
  become: yes

  tasks:
    - name: Install required packages
      apt:
        name:
          - debian-keyring
          - debian-archive-keyring
          - apt-transport-https
          - curl
        state: present
        update_cache: yes

    - name: Download Caddy GPG armored key
      ansible.builtin.get_url:
        url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
        dest: /tmp/caddy-stable-archive-keyring.asc
        mode: '0644'

    - name: Convert ASCII armored key to binary keyring
      ansible.builtin.command:
        cmd: gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.asc
      args:
        creates: /usr/share/keyrings/caddy-stable-archive-keyring.gpg

    - name: Ensure permissions on keyring file
      ansible.builtin.file:
        path: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
        owner: root
        group: root
        mode: '0644'

    - name: Add Caddy repository list file
      ansible.builtin.get_url:
        url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt
        dest: /etc/apt/sources.list.d/caddy-stable.list
        mode: '0644'
        validate_certs: yes

    - name: Update apt cache after adding repo
      apt:
        update_cache: yes

    - name: Install Caddy
      apt:
        name: caddy
        state: present

    - name: Ensure Caddy service is enabled and started
      systemd:
        name: caddy
        enabled: yes
        state: started

    - name: Allow HTTP through UFW
      ufw:
        rule: allow
        port: '80'
        proto: tcp

    - name: Allow HTTPS through UFW
      ufw:
        rule: allow
        port: '443'
        proto: tcp
thingies 2025-07-01 16:14:44 +02:00			`- name: Install and configure Caddy on Debian 12`
			`hosts: vipy`
			`become: yes`

			`tasks:`
			`- name: Install required packages`
			`apt:`
			`name:`
			`- debian-keyring`
			`- debian-archive-keyring`
			`- apt-transport-https`
			`- curl`
			`state: present`
			`update_cache: yes`

			`- name: Download Caddy GPG armored key`
			`ansible.builtin.get_url:`
			`url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key`
			`dest: /tmp/caddy-stable-archive-keyring.asc`
			`mode: '0644'`

			`- name: Convert ASCII armored key to binary keyring`
			`ansible.builtin.command:`
			`cmd: gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.asc`
			`args:`
			`creates: /usr/share/keyrings/caddy-stable-archive-keyring.gpg`

			`- name: Ensure permissions on keyring file`
			`ansible.builtin.file:`
			`path: /usr/share/keyrings/caddy-stable-archive-keyring.gpg`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: Add Caddy repository list file`
			`ansible.builtin.get_url:`
			`url: https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt`
			`dest: /etc/apt/sources.list.d/caddy-stable.list`
			`mode: '0644'`
			`validate_certs: yes`

			`- name: Update apt cache after adding repo`
			`apt:`
			`update_cache: yes`

			`- name: Install Caddy`
			`apt:`
			`name: caddy`
			`state: present`

			`- name: Ensure Caddy service is enabled and started`
			`systemd:`
			`name: caddy`
			`enabled: yes`
			`state: started`

allow http, so caddy can redirect 2025-07-04 15:53:27 +02:00			`- name: Allow HTTP through UFW`
			`ufw:`
			`rule: allow`
			`port: '80'`
			`proto: tcp`

thingies 2025-07-01 16:14:44 +02:00			`- name: Allow HTTPS through UFW`
			`ufw:`
			`rule: allow`
			`port: '443'`
			`proto: tcp`