ilia/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ansible/playbooks/caddy-levkin-site.yml
ilia f0ff00a8dc
All checks were successful
CI / skip-ci-check (pull_request) Successful in 6s
Details
CI / ansible-validation (pull_request) Successful in 46s
Details
CI / lint-and-test (pull_request) Successful in 51s
Details
CI / secret-scanning (pull_request) Successful in 6s
Details
CI / dependency-scan (pull_request) Successful in 15s
Details
CI / license-check (pull_request) Successful in 13s
Details
CI / sast-scan (pull_request) Successful in 24s
Details
CI / vault-check (pull_request) Successful in 11s
Details
CI / container-scan (pull_request) Successful in 6s
Details
CI / sonar-analysis (pull_request) Successful in 5s
Details
CI / playbook-test (pull_request) Successful in 25s
Details
CI / workflow-summary (pull_request) Successful in 4s
Details
Add levkin.ca site, document git-ci-01 runner tuning 
Inventory and Caddy playbook for levkin LXC 220; Makefile target
caddy-levkin. Document git-ci-01 disk (64G), capacity 2, prune cron,
and pve201 RAM limits in host_vars and homelab guides.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 22:38:56 -04:00

56 lines
1.8 KiB
YAML
Raw Blame History

---
# Playbook: caddy-levkin-site
# Purpose: Add levkin.ca reverse proxy to Caddy (site LXC 220)
# Targets: caddy
# Usage: make caddy-levkin
- name: Add levkin.ca proxy block to Caddy
hosts: caddy
become: true
become_method: ansible.builtin.su
tasks:
- name: Ensure levkin.ca HTTPS block exists (after caseware block)
ansible.builtin.shell: |
set -euo pipefail
if grep -q '^levkin\.ca,' /etc/caddy/Caddyfile || grep -q '^levkin\.ca {' /etc/caddy/Caddyfile; then
exit 0
fi
awk -v upstream="{{ levkin_site_upstream | default('10.0.10.60:80') }}" '
/^caseware\.levkin\.ca \{/ { in_cw=1 }
in_cw && /^}$/ && !done {
print
print ""
print "levkin.ca, www.levkin.ca {"
print " import security-headers"
print " @www host www.levkin.ca"
print " redir @www https://levkin.ca{uri} permanent"
print " reverse_proxy " upstream
print "}"
done=1
next
}
{ print }
' /etc/caddy/Caddyfile > /tmp/Caddyfile.new
mv /tmp/Caddyfile.new /etc/caddy/Caddyfile
args:
executable: /bin/bash
register: levkin_https_block
changed_when: levkin_https_block.rc == 0
notify: Reload caddy
- name: Ensure levkin.ca HTTP redirect in :80 block
ansible.builtin.blockinfile:
path: /etc/caddy/Caddyfile
marker: "# {mark} ANSIBLE MANAGED levkin.ca :80"
insertafter: '@vikunja host todo.levkin.ca'
block: |
@levkin host levkin.ca www.levkin.ca
redir @levkin https://levkin.ca{uri} permanent
notify: Reload caddy
handlers:
- name: Reload caddy
ansible.builtin.command: caddy reload --config /etc/caddy/Caddyfile
changed_when: true
Reference in New Issue View Git Blame Copy Permalink