diff --git a/roles/vhost/tasks/caddy.yaml b/roles/vhost/tasks/caddy.yaml index 497208c..ab30f56 100644 --- a/roles/vhost/tasks/caddy.yaml +++ b/roles/vhost/tasks/caddy.yaml @@ -3,56 +3,7 @@ ansible.builtin.blockinfile: path: /etc/caddy/Caddyfile marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}" - # yamllint disable rule:line-length - block: | - {{ vhost_domains | join(' ') }} { - {% for location in _vhost_locations_complete %} - handle {{ location.path }} { - {% for header in location.delete_headers %} - header -{{ header }} - {% endfor %} - {% for header in location.headers | dict2items %} - header {{ header.key }} `{{ header.value }}` - {% endfor %} - {% if location.basicauth %} - basicauth { - {% for user in location.basicauth_users | dict2items %} - {{ user.key }} {{ user.value }} - {% endfor %} - } - {% endif %} - {% if location.type == 'reverse_proxy' %} - reverse_proxy { - {% if location.proxy_target_netproto == 'tcp' %} - to tcp/{{ location.proxy_target_host }}:{{ location.proxy_target_port }} - {% else %} - to unix/{{ location.proxy_target_socket }} - {% endif %} - {% if location.proxy_target_protocol == 'https' %} - transport http { - tls - {% if location.proxy_target_host == 'localhost' %} - tls_insecure_skip_verify - {% endif %} - } - {% endif %} - } - {% for header in location.proxy_delete_headers %} - request_header -{{ header }} - {% endfor %} - {% elif location.type == 'redirect' %} - redir * {{ location.redirect_target }}{{ '{path}' if location.redirect_preserve_path }}{{ '?{query}' if location.redirect_preserve_query }} {{ location.redirect_type }} - {% elif location.type == 'respond' %} - {% if location.respond_content_type == 'json' %} - respond `{{ location.respond_content | to_json }}` - {% else %} - respond `{{ location.respond_content }}` - {% endif %} - {% endif %} - } - {% endfor %} - } - # yamllint enable rule:line-length + block: "{{ lookup('ansible.builtin.template', 'Caddyfile_block.j2') }}" validate: 'caddy validate --config %s --adapter caddyfile' backup: true state: "{{ vhost_state }}" diff --git a/roles/vhost/templates/Caddyfile_block.j2 b/roles/vhost/templates/Caddyfile_block.j2 new file mode 100644 index 0000000..e87baca --- /dev/null +++ b/roles/vhost/templates/Caddyfile_block.j2 @@ -0,0 +1,48 @@ +#jinja2: lstrip_blocks: True +{{ vhost_domains | join(' ') }} { + {% for location in _vhost_locations_complete %} + handle {{ location.path }} { + {% for header in location.delete_headers %} + header -{{ header }} + {% endfor %} + {% for header in location.headers | dict2items %} + header {{ header.key }} `{{ header.value }}` + {% endfor %} + {% if location.basicauth %} + basicauth { + {% for user in location.basicauth_users | dict2items %} + {{ user.key }} {{ user.value }} + {% endfor %} + } + {% endif %} + {% if location.type == 'reverse_proxy' %} + reverse_proxy { + {% if location.proxy_target_netproto == 'tcp' %} + to tcp/{{ location.proxy_target_host }}:{{ location.proxy_target_port }} + {% else %} + to unix/{{ location.proxy_target_socket }} + {% endif %} + {% if location.proxy_target_protocol == 'https' %} + transport http { + tls + {% if location.proxy_target_host == 'localhost' %} + tls_insecure_skip_verify + {% endif %} + } + {% endif %} + {% for header in location.proxy_delete_headers %} + header_up -{{ header }} + {% endfor %} + } + {% elif location.type == 'redirect' %} + redir * {{ location.redirect_target }}{{ '{path}' if location.redirect_preserve_path }}{{ '?{query}' if location.redirect_preserve_query }} {{ location.redirect_type }} + {% elif location.type == 'respond' %} + {% if location.respond_content_type == 'json' %} + respond `{{ location.respond_content | to_json }}` + {% else %} + respond `{{ location.respond_content }}` + {% endif %} + {% endif %} + } + {% endfor %} +}