build caddy with OVH DNS + try ECH on caddy beta

2025-03-14 21:44:03 +01:00 · 2025-03-06 23:37:24 +01:00 · 2025-03-06 23:37:24 +01:00 · fef296cbbd
commit fef296cbbd
parent 48e247c5dc
6 changed files with 76 additions and 28 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -45,4 +45,4 @@ repos:
        name: caddy fmt
        language: system
        entry: caddy fmt --overwrite
-        files: Caddyfile
+        files: ^Caddyfile$
--- a/playbooks/apps/caddy.yaml
+++ b/playbooks/apps/caddy.yaml
@ -6,15 +6,48 @@
  tasks:
    - name: Write Caddyfile
      ansible.builtin.copy:
-        src: files/Caddyfile
+        src: files/caddy/Caddyfile
        dest: /etc/caddy/Caddyfile
        mode: "0644"
        owner: root
        group: root
      notify:
        - Reload caddy
    - name: Write dns-ovh.Caddyfile
      ansible.builtin.template:
        src: files/caddy/dns-ovh.Caddyfile.j2
        dest: /etc/caddy/dns-ovh.Caddyfile
        mode: "0644"
        owner: root
        group: root
      notify:
        - Reload caddy
  handlers:
    - name: Reload caddy
      ansible.builtin.service:
        name: caddy
        state: reloaded
  vars:
    ovh_app_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      30626165303033383937353835383233633833623434333061393632346266373439393137343066
      6331333266393761636634363564656662323962633034660a323632333866656565303561363939
      62633064386133363938326665323961353236663831663035663863336161303533633131623631
      6166633466313563620a366264653533616437646638626136306332636232396538316432306163
      30366531393462396335653638643938663937356336393065303531643132336534
    ovh_app_secret: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      39366431363534386435613336343736343930636636313261373063623863373335346639333335
      6233623137643536656632663262303465633433303033360a383638626138613837306163353834
      63376439343761333439613662303431666662633561363833346162623261643532373637646537
      3263303031326338620a636662376333366132303964613565383139363065626564316536653833
      66663338623239393537393664306132366639343138343139336132366466663231323637306637
      3162656265656137396530326336383731383133653066626235
    ovh_consumer_key: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      66666533623962393934343630326232336564393565653231373638666662613133346665613962
      3033333037393933666332663562396132616536326433300a333239386132376431393833313661
      32366666366366396266646234666436626664313332666364646464616434326537386337386330
      6561643039613661340a303461346634386662376638656636643261643961323038653633623665
      64323935663066376231386466383930613632623634643030396131623530663034363931313435
      3130663863656465663839383332383666386235326130383039
--- a/playbooks/apps/files/caddy/Caddyfile
+++ b/playbooks/apps/files/caddy/Caddyfile
@ -5,6 +5,9 @@
 	log {
 		format console
 	}
 	import ./dns-ovh.Caddyfile
 	ech ech.augendre.info
 }
 (common_headers) {
--- a/playbooks/apps/files/caddy/dns-ovh.Caddyfile.j2
+++ b/playbooks/apps/files/caddy/dns-ovh.Caddyfile.j2
@ -0,0 +1,13 @@
 dns ovh {
    endpoint ovh-eu
    application_key {{ ovh_app_key }}
    application_secret {{ ovh_app_secret }}
    consumer_key {{ ovh_consumer_key }}
 }
 acme_dns ovh {
    endpoint ovh-eu
    application_key {{ ovh_app_key }}
    application_secret {{ ovh_app_secret }}
    consumer_key {{ ovh_consumer_key }}
 }
--- a/playbooks/apps/templates/bin/new_domain.py.j2
+++ b/playbooks/apps/templates/bin/new_domain.py.j2
@ -1,4 +1,4 @@
-#!/usr/bin/env python3
+#!./venv/bin/python3
 import json
 import sys
--- a/playbooks/dependencies/caddy.yaml
+++ b/playbooks/dependencies/caddy.yaml
@ -2,35 +2,34 @@
 - name: Setup caddy
  hosts: servers
  gather_facts: false
  become: true
  tasks:
-    - name: Install system deps
+    - name: Install xcaddy
-      ansible.builtin.apt:
+      ansible.builtin.command:
-        pkg:
+        cmd: go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
-          - debian-keyring
+      register: install
-          - debian-archive-keyring
+      changed_when: '"downloading" in install.stdout' # doesn't seem to work
-          - apt-transport-https
+    - name: Build caddy from source
-          - gnupg2
+      ansible.builtin.command:
-          - curl
+        cmd: xcaddy build v2.10.0-beta.1 --with github.com/caddy-dns/ovh
-        state: present
+        chdir: /tmp
-    - name: Add caddy repository
+      changed_when: true
-      ansible.builtin.deb822_repository:
+    - name: Copy new caddy binary
-        name: caddy
+      ansible.builtin.copy:
-        uris: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
+        src: /tmp/caddy
-        signed_by: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
+        dest: /usr/bin/caddy
-        components: main
+        remote_src: true
-        suites: any-version
+        owner: root
-        types: [deb]
+        group: root
-        state: present
+        mode: "0755"
-        enabled: true
+      become: true
    - name: Install caddy
      ansible.builtin.apt:
        update_cache: true
        name: caddy
        state: present
      notify: Restart caddy
    - name: Cleanup in /tmp
      ansible.builtin.file:
        path: /tmp/caddy
        state: absent
  handlers:
    - name: Restart caddy
      ansible.builtin.service:
        name: caddy
        state: restarted
      become: true