From 693e5446b6a8d62b80e63d008a60264e0f78eaf1 Mon Sep 17 00:00:00 2001
From: Brad Cowie <brad@wand.net.nz>
Date: Sun, 6 Oct 2024 17:34:32 +1300
Subject: [PATCH] Initial commit

---
 defaults/main.yml          |  15 ++++++
 handlers/main.yml          |  10 ++++
 tasks/configure.yml        |  47 ++++++++++++++++
 tasks/install.yml          |  30 +++++++++++
 tasks/main.yml             |  12 +++++
 tasks/packages.yml         | 106 +++++++++++++++++++++++++++++++++++++
 templates/Caddyfile        |   3 ++
 templates/apt.conf.d       |   4 ++
 templates/caddy-upgrade.sh |   8 +++
 9 files changed, 235 insertions(+)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/configure.yml
 create mode 100644 tasks/install.yml
 create mode 100644 tasks/main.yml
 create mode 100644 tasks/packages.yml
 create mode 100644 templates/Caddyfile
 create mode 100644 templates/apt.conf.d
 create mode 100644 templates/caddy-upgrade.sh

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..6285702
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,15 @@
+---
+caddy_apt_key_fingerprint: "65760C51EDEA2017CEA2CA15155B6D79CA56EA34"
+caddy_apt_key_url: "https://dl.cloudsmith.io/public/caddy/stable/gpg.key"
+caddy_apt_repo: "https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
+
+caddy_apt_packages:
+  - caddy
+
+caddy_packages: []
+
+caddy_dpkg_hook_script: "/usr/local/bin/caddy-upgrade"
+
+caddy_file: ""
+
+caddy_files: []
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..51e1c5b
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,10 @@
+---
+- name: restart caddy
+  ansible.builtin.service:
+    name: caddy
+    state: restarted
+
+- name: reload caddy
+  ansible.builtin.service:
+    name: caddy
+    state: reloaded
diff --git a/tasks/configure.yml b/tasks/configure.yml
new file mode 100644
index 0000000..577263e
--- /dev/null
+++ b/tasks/configure.yml
@@ -0,0 +1,47 @@
+---
+- name: Configure /etc/caddy/Caddyfile
+  ansible.builtin.template:
+    src: "Caddyfile"
+    dest: "/etc/caddy/Caddyfile"
+    owner: "root"
+    group: "root"
+    mode: "u=rw,g=r,o=r"
+  when: caddy_file != ""
+  notify: reload caddy
+
+- name: Configure Caddyfiles
+  ansible.builtin.template:
+    src: "Caddyfile"
+    dest: "/etc/caddy/{{ item.name }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rw,g=r,o=r"
+  notify: reload caddy
+  loop: "{{ caddy_files | selectattr('dir', 'undefined') }}"
+  loop_control:
+    label: "/etc/caddy/{{ item.name }}"
+
+- name: Create subdirectories for Caddyfiles
+  ansible.builtin.file:
+    path: "/etc/caddy/{{ item }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rwx,g=rx,o=rx"
+    state: "directory"
+  loop: >-
+    {{ caddy_files
+       | selectattr('dir', 'defined')
+       | map(attribute="dir")
+       | unique }}
+
+- name: Configure Caddyfiles in subdirectory
+  ansible.builtin.template:
+    src: "Caddyfile"
+    dest: "/etc/caddy/{{ item.dir }}/{{ item.name }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rw,g=r,o=r"
+  notify: reload caddy
+  loop: "{{ caddy_files | selectattr('dir', 'defined') }}"
+  loop_control:
+    label: "/etc/caddy/{{ item.dir }}/{{ item.name }}"
diff --git a/tasks/install.yml b/tasks/install.yml
new file mode 100644
index 0000000..86bd44e
--- /dev/null
+++ b/tasks/install.yml
@@ -0,0 +1,30 @@
+---
+- name: Create apt keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    owner: root
+    group: root
+    mode: u=rwx,g=rx,o=rx
+
+- name: Add caddy apt signing key
+  ansible.builtin.apt_key:
+    id: "{{ caddy_apt_key_fingerprint }}"
+    url: "{{ caddy_apt_key_url }}"
+    keyring: /etc/apt/keyrings/caddy.gpg
+    state: present
+
+- name: Add caddy apt repository
+  ansible.builtin.apt_repository:
+    repo: >-
+      deb [signed-by=/etc/apt/keyrings/caddy.gpg]
+      {{ caddy_apt_repo }}
+    filename: caddy
+    update_cache: true
+    state: present
+
+- name: Install caddy
+  ansible.builtin.apt:
+    name: "{{ caddy_apt_packages }}"
+    install_recommends: false
+    state: present
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..fd3b174
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Install caddy
+  ansible.builtin.import_tasks:
+    file: install.yml
+
+- name: Install caddy packages
+  ansible.builtin.import_tasks:
+    file: packages.yml
+
+- name: Configure caddy
+  ansible.builtin.import_tasks:
+    file: configure.yml
diff --git a/tasks/packages.yml b/tasks/packages.yml
new file mode 100644
index 0000000..d5da862
--- /dev/null
+++ b/tasks/packages.yml
@@ -0,0 +1,106 @@
+---
+- name: Divert caddy binary provided by apt package
+  community.general.dpkg_divert:
+    path: /usr/bin/caddy
+    rename: true
+    force: true
+    state: "{{ 'present' if caddy_packages | length >= 1 else 'absent' }}"
+  notify: restart caddy
+
+- name: Create custom caddy binary
+  ansible.builtin.copy:
+    src: /usr/bin/caddy.distrib
+    dest: /usr/bin/caddy.custom
+    force: false
+    remote_src: true
+    owner: root
+    group: root
+    mode: "u=rwx,g=rx,o=rx"
+  when: "caddy_packages | length >= 1"
+
+- name: Configure alternative link for original caddy binary
+  community.general.alternatives:
+    name: caddy
+    link: /usr/bin/caddy
+    path: /usr/bin/caddy.distrib
+    priority: 10
+    state: "{{ 'auto' if caddy_packages | length >= 1 else 'absent' }}"
+  notify: restart caddy
+
+- name: Configure alternative link for custom caddy binary
+  community.general.alternatives:
+    name: caddy
+    link: /usr/bin/caddy
+    path: /usr/bin/caddy.custom
+    priority: 50
+    state: "{{ 'auto' if caddy_packages | length >= 1 else 'absent' }}"
+  notify: restart caddy
+
+- name: Remove custom caddy binary
+  ansible.builtin.file:
+    path: /usr/bin/caddy.custom
+    state: absent
+  when: "caddy_packages | length == 0"
+
+- name: Get list of installed caddy packages
+  ansible.builtin.command:
+    cmd: caddy list-modules --skip-standard --packages
+  register: _caddy_list_modules_cmd
+  changed_when: false
+
+- name: Set installed packages fact
+  ansible.builtin.set_fact:
+    _caddy_packages: >-
+      {{ _caddy_list_modules_cmd.stdout_lines
+         | select("search", "^[\w.]+ \S+$")
+         | map("split", " ")
+         | map("last") }}
+
+- name: Install caddy packages
+  ansible.builtin.command:
+    cmd: caddy add-package {{ item }}
+  register: _caddy_add_package_cmd
+  changed_when: "'requesting build' in _caddy_add_package_cmd.stderr"
+  failed_when: >-
+    _caddy_add_package_cmd.rc != 0
+    and 'package is already added' not in _caddy_add_package_cmd.stderr
+  loop: "{{ caddy_packages }}"
+  when: "item not in _caddy_packages"
+  notify: restart caddy
+
+- name: Remove caddy packages
+  ansible.builtin.command:
+    cmd: caddy remove-package {{ _caddy_packages_remove | join(" ") }}
+  vars:
+    _caddy_packages_remove: "{{ _caddy_packages | difference(caddy_packages) }}"
+  register: _caddy_remove_package_cmd
+  changed_when: "'requesting build' in _caddy_remove_package_cmd.stderr"
+  when: "_caddy_packages_remove | length >= 1"
+  notify: restart caddy
+
+- name: Add caddy upgrade apt hook script
+  ansible.builtin.template:
+    src: "caddy-upgrade.sh"
+    dest: "{{ caddy_dpkg_hook_script }}"
+    owner: "root"
+    group: "root"
+    mode: "u=rwx,g=rx,o=rx"
+  when: "caddy_packages | length >= 1"
+
+- name: Configure caddy upgrade apt hook script
+  ansible.builtin.template:
+    src: "apt.conf.d"
+    dest: "/etc/apt/apt.conf.d/99caddy-upgrade"
+    owner: "root"
+    group: "root"
+    mode: "u=rw,g=r,o=r"
+  when: "caddy_packages | length >= 1"
+
+- name: Remove caddy upgrade apt hook script
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "{{ caddy_dpkg_hook_script }}"
+    - "/etc/apt/apt.conf.d/99caddy-upgrade"
+  when: "caddy_packages | length == 0"
diff --git a/templates/Caddyfile b/templates/Caddyfile
new file mode 100644
index 0000000..f676a7a
--- /dev/null
+++ b/templates/Caddyfile
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+{{ item.config if item.config is defined else caddy_file }}
diff --git a/templates/apt.conf.d b/templates/apt.conf.d
new file mode 100644
index 0000000..a870b7f
--- /dev/null
+++ b/templates/apt.conf.d
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+DPkg::Pre-Install-Pkgs { "{{ caddy_dpkg_hook_script }} || true"; };
+DPkg::Tools::Options::{{ caddy_dpkg_hook_script }}::Version "3";
diff --git a/templates/caddy-upgrade.sh b/templates/caddy-upgrade.sh
new file mode 100644
index 0000000..4ab78ce
--- /dev/null
+++ b/templates/caddy-upgrade.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# {{ ansible_managed }}
+
+set -euo pipefail
+
+if grep -q "^caddy .* \*\*CONFIGURE\*\*$"; then
+    caddy upgrade
+fi