Bootstrap caddy http sync role

2019-02-01 18:50:35 +01:00 · 2019-02-01 18:50:35 +01:00 · 4164ebb829
commit 4164ebb829
7 changed files with 162 additions and 0 deletions
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+         DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2019 Wilfried OLLIVIER <wollivier@fdn.fr>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
--- a/README.md
+++ b/README.md
@ -0,0 +1,37 @@
+galaxy-caddy.http.sync
+======================
+
+Push config file and sync code source of a basic html site
+
+Requirements
+------------
+
+Caddy webserver up and running
+
+Role Variables
+--------------
+
+- vhost_url: vhost url
+- vhost_name: name of the vhost
+- caddy_home: path to caddy home directory
+- caddy_logs: path to caddy logs directory
+- caddy_conf: path to caddy config directory
+- caddy_confd: path to caddy confd directory
+- caddy_logs: path to caddy vhost log directory
+- caddy_www: path to caddy www dir
+- custom_errors: yes/no - use custom errors or not
+- www_redirect: yes/no - redirect www. to .
+
+Dependencies
+------------
+
+galaxy-caddy
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: galaxy-caddy.http.sync, custom_errors: no, vhost_name: test, vhost_url: test.test, syncpath: path/to/some/directory }
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,12 @@
+---
+# defaults file for galaxy-caddy.http.sync
+
+caddy_home: /srv/caddy
+caddy_logs: /srv/caddy/logs
+caddy_conf: /etc/caddy
+caddy_confd: /etc/caddy/conf.d
+caddy_www: /var/www/caddy
+
+www_redirect: no
+
+custom_errors: no
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,13 @@
+---
+# handlers file for galaxy-caddy.http.sync
+
+- name: start caddy
+  service: name=caddy
+           state=started
+           enabled=yes
+           daemon_reload=yes
+
+- name: restart caddy
+  service: name=caddy
+           state=restarted
+           enabled=yes
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,20 @@
+galaxy_info:
+  author: Wilfried OLLIVIER
+  description: Push caddy config file and sync code
+  company: none
+
+  license: WTFPL
+
+  min_ansible_version: 2.4
+
+  platforms:
+  - name: Debian
+    versions:
+    - Stretch
+
+  galaxy_tags:
+    - caddy
+    - webserver
+    - http
+
+dependencies: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,25 @@
+---
+# tasks file for galaxy-caddy.http.sync
+
+- name: Push caddy config file
+  template:
+    src: http.caddy.j2
+    dest: "{{ caddy_confd }}/{{ vhost_name }}.caddy"
+  notify: restart caddy
+
+- name: Ensure caddy log dir
+  file:
+    path: "{{ caddy_logs }}/{{ vhost_name }}"
+    state: directory
+    owner: caddy
+
+- name: Ensure vhost www dir
+  file: path={{ caddy_www }}/{{ vhost_name }}
+        state=directory
+        owner=caddy
+        group=caddy
+
+- name: Synchronize
+  synchronize: src={{ syncpath }}
+               dest={{ caddy_www }}/{{ vhost_name }}
+               delete=yes
--- a/templates/http.caddy.j2
+++ b/templates/http.caddy.j2
@ -0,0 +1,42 @@
+{{ vhost_url }} {
+
+    header / {
+        # Enable HTTP Strict Transport Security (HSTS) to force clients to always
+        # connect via HTTPS (do not use if only testing)
+        Strict-Transport-Security "max-age=31536000;"
+        # Enable cross-site filter (XSS) and tell browser to block detected attacks
+        X-XSS-Protection "1; mode=block"
+        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+        X-Content-Type-Options "nosniff"
+        # Disallow the site to be rendered within a frame (clickjacking protection)
+        X-Frame-Options "DENY"
+    }
+
+    log {{ caddy_logs }}/{{ vhost_name }}/access.log {
+        rotate_size  100
+        rotate_age   30
+        rotate_keep  10
+    }
+
+    root {{ caddy_www }}/{{ vhost_name }}
+
+    gzip {
+        ext .jpg
+        level 9
+    }
+
+{% if custom_errors %}
+    errors {
+	    404 404.html # Not Found
+    }
+{% endif %}
+
+}
+
+{% if www_redirect %}
+www.{{ vhost_url }} {
+
+    redir https://{{ vhost_url }}
+
+}
+{% endif %}