Bootstrap caddy reverse role

LICENCE

@@ -0,0 +1,13 @@
+         DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2019 Wilfried OLLIVIER <wollivier@fdn.fr>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.

README.md

@@ -0,0 +1,44 @@
+galaxy-caddy.reverse
+====================
+
+Push a reverse caddy config file
+
+Requirements
+------------
+
+Caddy webserver
+
+Role Variables
+--------------
+
+- caddy_home: caddy home directory
+- caddy_logs: caddy log directory
+- caddy_conf: caddy config directory
+- caddy_confd: caddy conf.d directory
+- caddy_www: /var/www/caddy
+
+- reverse_location: reverse destination point
+- reverse_port: port to redirect to
+
+- vhost_name: name of the vhost
+
+Dependencies
+------------
+
+- galaxy-caddy
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: galaxy-caddy.reverse, vhostname: none, reverse_location: localhost, reverse_port: 4242 }
+
+Run tests
+---------
+
+Ensure galaxy-vagrant is up
+
+    ansible-playbook -i tests/inventory tests/test.yml

defaults/main.yml

@@ -0,0 +1,13 @@
+---
+# defaults file for galaxy-caddy.reverse
+
+caddy_home: /srv/caddy
+caddy_logs: /srv/caddy/logs
+caddy_conf: /etc/caddy
+caddy_confd: /etc/caddy/conf.d
+caddy_www: /var/www/caddy
+
+reverse_location: localhost
+reverse_port: 8080
+
+vhost_name: default

handlers/main.yml

@@ -0,0 +1,13 @@
+---
+# handlers file for galaxy-caddy.reverse
+
+- name: start caddy
+  service: name=caddy
+           state=started
+           enabled=yes
+           daemon_reload=yes
+
+- name: restart caddy
+  service: name=caddy
+           state=restarted
+           enabled=yes

meta/main.yml

@@ -0,0 +1,20 @@
+galaxy_info:
+  author: Wilfried OLLIVIER
+  description: Push caddy reverse config file
+  company: none
+
+  license: WTFPL
+
+  min_ansible_version: 2.4
+
+  platforms:
+  - name: Debian
+    versions:
+    - Stretch
+
+  galaxy_tags:
+    - webserver
+    - caddy
+    - reverse
+
+dependencies: []

tasks/main.yml

@@ -0,0 +1,16 @@
+---
+# tasks file for galaxy-caddy.reverse
+
+- name: Push caddy template file
+  template:
+    src: reverse.caddy.j2
+    dest: "{{ caddy.confd }}/{{ vhost_name }}.caddy"
+    owner: caddy
+  notify: restart caddy
+
+
+- name: Ensure log dir
+  file:
+    path: "{{ caddy_logs }}/{{ vhost_name }}"
+    state: directory
+    owner: caddy

templates/reverse.caddy.j2

@@ -0,0 +1,25 @@
+{{ vhost_url }} {
+
+    header / {
+        # Enable HTTP Strict Transport Security (HSTS) to force clients to always
+        # connect via HTTPS (do not use if only testing)
+        Strict-Transport-Security "max-age=31536000;"
+        # Enable cross-site filter (XSS) and tell browser to block detected attacks
+        X-XSS-Protection "1; mode=block"
+        # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
+        X-Content-Type-Options "nosniff"
+        # Disallow the site to be rendered within a frame (clickjacking protection)
+        X-Frame-Options "DENY"
+    }
+
+    proxy / http://{{ reverse_location }}:{{ reverse_port }} {
+        transparent
+    }
+
+    log {{ caddy_logs }}/{{ vhost_name }}/access.log {
+        rotate_size  100
+        rotate_age   30
+        rotate_keep  10
+    }
+
+}

tests/inventory

@@ -0,0 +1 @@
+galaxy-vagrant.example.com

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: galaxy-vagrant.example.com
+  remote_user: root
+  roles:
+    - ../galaxy-caddy.reverse