mirror of
https://github.com/Crocmagnon/ansible.git
synced 2025-03-14 21:44:03 +01:00
build caddy with OVH DNS + try ECH on caddy beta
Some checks failed
/ run ansible (push) Has been cancelled
Some checks failed
/ run ansible (push) Has been cancelled
This commit is contained in:
parent
48e247c5dc
commit
fef296cbbd
6 changed files with 76 additions and 28 deletions
|
|
@ -45,4 +45,4 @@ repos:
|
|||
name: caddy fmt
|
||||
language: system
|
||||
entry: caddy fmt --overwrite
|
||||
files: Caddyfile
|
||||
files: ^Caddyfile$
|
||||
|
|
|
|||
|
|
@ -6,15 +6,48 @@
|
|||
tasks:
|
||||
- name: Write Caddyfile
|
||||
ansible.builtin.copy:
|
||||
src: files/Caddyfile
|
||||
src: files/caddy/Caddyfile
|
||||
dest: /etc/caddy/Caddyfile
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
- Reload caddy
|
||||
- name: Write dns-ovh.Caddyfile
|
||||
ansible.builtin.template:
|
||||
src: files/caddy/dns-ovh.Caddyfile.j2
|
||||
dest: /etc/caddy/dns-ovh.Caddyfile
|
||||
mode: "0644"
|
||||
owner: root
|
||||
group: root
|
||||
notify:
|
||||
- Reload caddy
|
||||
handlers:
|
||||
- name: Reload caddy
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
state: reloaded
|
||||
vars:
|
||||
ovh_app_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
30626165303033383937353835383233633833623434333061393632346266373439393137343066
|
||||
6331333266393761636634363564656662323962633034660a323632333866656565303561363939
|
||||
62633064386133363938326665323961353236663831663035663863336161303533633131623631
|
||||
6166633466313563620a366264653533616437646638626136306332636232396538316432306163
|
||||
30366531393462396335653638643938663937356336393065303531643132336534
|
||||
ovh_app_secret: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39366431363534386435613336343736343930636636313261373063623863373335346639333335
|
||||
6233623137643536656632663262303465633433303033360a383638626138613837306163353834
|
||||
63376439343761333439613662303431666662633561363833346162623261643532373637646537
|
||||
3263303031326338620a636662376333366132303964613565383139363065626564316536653833
|
||||
66663338623239393537393664306132366639343138343139336132366466663231323637306637
|
||||
3162656265656137396530326336383731383133653066626235
|
||||
ovh_consumer_key: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
66666533623962393934343630326232336564393565653231373638666662613133346665613962
|
||||
3033333037393933666332663562396132616536326433300a333239386132376431393833313661
|
||||
32366666366366396266646234666436626664313332666364646464616434326537386337386330
|
||||
6561643039613661340a303461346634386662376638656636643261643961323038653633623665
|
||||
64323935663066376231386466383930613632623634643030396131623530663034363931313435
|
||||
3130663863656465663839383332383666386235326130383039
|
||||
|
|
|
|||
|
|
@ -5,6 +5,9 @@
|
|||
log {
|
||||
format console
|
||||
}
|
||||
|
||||
import ./dns-ovh.Caddyfile
|
||||
ech ech.augendre.info
|
||||
}
|
||||
|
||||
(common_headers) {
|
||||
13
playbooks/apps/files/caddy/dns-ovh.Caddyfile.j2
Normal file
13
playbooks/apps/files/caddy/dns-ovh.Caddyfile.j2
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
dns ovh {
|
||||
endpoint ovh-eu
|
||||
application_key {{ ovh_app_key }}
|
||||
application_secret {{ ovh_app_secret }}
|
||||
consumer_key {{ ovh_consumer_key }}
|
||||
}
|
||||
|
||||
acme_dns ovh {
|
||||
endpoint ovh-eu
|
||||
application_key {{ ovh_app_key }}
|
||||
application_secret {{ ovh_app_secret }}
|
||||
consumer_key {{ ovh_consumer_key }}
|
||||
}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
#!/usr/bin/env python3
|
||||
#!./venv/bin/python3
|
||||
|
||||
import json
|
||||
import sys
|
||||
|
|
|
|||
|
|
@ -2,35 +2,34 @@
|
|||
- name: Setup caddy
|
||||
hosts: servers
|
||||
gather_facts: false
|
||||
become: true
|
||||
tasks:
|
||||
- name: Install system deps
|
||||
ansible.builtin.apt:
|
||||
pkg:
|
||||
- debian-keyring
|
||||
- debian-archive-keyring
|
||||
- apt-transport-https
|
||||
- gnupg2
|
||||
- curl
|
||||
state: present
|
||||
- name: Add caddy repository
|
||||
ansible.builtin.deb822_repository:
|
||||
name: caddy
|
||||
uris: https://dl.cloudsmith.io/public/caddy/stable/deb/debian
|
||||
signed_by: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||
components: main
|
||||
suites: any-version
|
||||
types: [deb]
|
||||
state: present
|
||||
enabled: true
|
||||
- name: Install caddy
|
||||
ansible.builtin.apt:
|
||||
update_cache: true
|
||||
name: caddy
|
||||
state: present
|
||||
- name: Install xcaddy
|
||||
ansible.builtin.command:
|
||||
cmd: go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
|
||||
register: install
|
||||
changed_when: '"downloading" in install.stdout' # doesn't seem to work
|
||||
- name: Build caddy from source
|
||||
ansible.builtin.command:
|
||||
cmd: xcaddy build v2.10.0-beta.1 --with github.com/caddy-dns/ovh
|
||||
chdir: /tmp
|
||||
changed_when: true
|
||||
- name: Copy new caddy binary
|
||||
ansible.builtin.copy:
|
||||
src: /tmp/caddy
|
||||
dest: /usr/bin/caddy
|
||||
remote_src: true
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
become: true
|
||||
notify: Restart caddy
|
||||
- name: Cleanup in /tmp
|
||||
ansible.builtin.file:
|
||||
path: /tmp/caddy
|
||||
state: absent
|
||||
handlers:
|
||||
- name: Restart caddy
|
||||
ansible.builtin.service:
|
||||
name: caddy
|
||||
state: restarted
|
||||
become: true
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue