Create Caddyfile from Ansible

This does mean that you can't run it directly, but it reduces
duplication of the list of repos.

Closes #11

Author: QuLogic

.github/workflows/lint.yml

@@ -28,37 +28,6 @@ jobs:
             reviewdog -f=pep8 -name=flake8 \
               -tee -reporter=github-check -filter-mode nofilter
 
-  caddyfmt:
-    name: caddyfmt
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Install caddy
-        run: |
-          sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
-          curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | \
-            sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
-          curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | \
-            sudo tee /etc/apt/sources.list.d/caddy-stable.list
-          sudo apt update
-          sudo apt install caddy
-
-      - name: Set up reviewdog
-        uses: reviewdog/action-setup@v1
-
-      - name: Run caddy validate
-        run: caddy validate --config caddy/Caddyfile
-
-      - name: Run caddy fmt
-        run: caddy fmt --overwrite caddy/Caddyfile
-
-      - name: Run reviewdog
-        uses: reviewdog/action-suggester@v1
-        with:
-          fail_on_error: true
-          tool_name: 'caddy fmt'
-
   ansible:
     name: Ansible Lint
     runs-on: ubuntu-latest

caddy/caddy.service.override

@@ -1,6 +1,10 @@
 ---
 - hosts: website
   vars:
+    caddy:
+      address: "https://do.matplotlib.org, https://matplotlib.org"
+      site_dir: "/usr/share/caddy"
+      tls_config: "tls /etc/caddy/tls/cert.pem /etc/caddy/tls/privkey.pem"
     repos:
       - mpl-brochure-site
       - matplotlib.github.com
@@ -154,24 +158,11 @@
       tags: caddy
       block:
         - name: Configure Caddy
-          ansible.builtin.copy:
-            src: "{{playbook_dir}}/caddy/Caddyfile"
+          ansible.builtin.template:
+            src: Caddyfile.j2
             dest: /etc/caddy/Caddyfile
           notify: Reload Caddy
 
-        - name: Configure Caddy system service
-          ansible.builtin.file:
-            path: /etc/systemd/system/caddy.service.d
-            state: directory
-            mode: 0755
-        - name: Configure Caddy system service
-          ansible.builtin.copy:
-            src: "{{playbook_dir}}/caddy/caddy.service.override"
-            dest: /etc/systemd/system/caddy.service.d/override.conf
-          notify:
-            - Reload systemd
-            - Restart Caddy
-
         - name: Configure Caddy TLS certificate directory
           ansible.builtin.file:
             path: /etc/caddy/tls

matplotlib.org.yml

@@ -6,20 +6,18 @@
 	redir /{args.0} /{args.0}/ permanent
 
 	handle_path /{args.0}/* {
-		root * {$SITE_DIR:sites}/{args.0}
+		root * {{ caddy.site_dir }}/{args.0}
 		try_files {path}.html {path}
 		file_server
 	}
 }
 
-# Set this variable in the environment when running in production.
-{$SITE_ADDRESS::2015} {
-	# Set the variable in the environment to the Caddy directive for tls
-	# support. By default, this is empty so you can test it locally, but
-	# the Ansible config sets it up with the right certificate paths.
-	{$TLS_CONFIG:}
+{{ caddy.address }} {
+{% if caddy.tls_config is defined %}
+	{{ caddy.tls_config }}
+{% endif %}
 
-	root * {$SITE_DIR:.}
+	root * {{ caddy.site_dir }}
 
 	# Setup a webhook
 	handle /gh/* {
@@ -49,40 +47,32 @@
 		}
 	}
 
-	import subproject basemap
-	import subproject cheatsheets
-	import subproject cycler
-	import subproject devdocs
-	import subproject governance
-	import subproject matplotblog
-	import subproject mpl-altair
-	import subproject mpl-bench
-	import subproject mpl-gui
-	import subproject mpl-third-party
+{% for site in repos %}
+	import subproject {{ site }}
+{% endfor %}
 
 	# redirect the objects.inv
 	redir /objects.inv /stable/objects.inv permanent
 
 	# Place the brochure site at the top level.
-	import subproject mpl-brochure-site
 	@brochure file {
-		root {$SITE_DIR:sites}/mpl-brochure-site
+		root {{ caddy.site_dir }}/mpl-brochure-site
 		try_files {path}.html {path}
 	}
 	rewrite / /mpl-brochure-site/index.html
 	rewrite @brochure /mpl-brochure-site{http.matchers.file.relative}
 
 	# Finally try any of the versioned docs.
 	handle {
-		root * {$SITE_DIR:sites}/matplotlib.github.com
+		root * {{ caddy.site_dir }}/matplotlib.github.com
 		try_files {path}.html {path}
 		file_server
 	}
 
 	# Use a custom 404 error page.
 	handle_errors {
 		@notfound expression {http.error.status_code} == 404
-		root * {$SITE_DIR:sites}/mpl-brochure-site
+		root * {{ caddy.site_dir }}/mpl-brochure-site
 		rewrite @notfound /404.html
 		file_server
 	}

caddy/Caddyfile renamed to templates/Caddyfile.j2

@@ -1,4 +1,4 @@
-SITE_DIR=/usr/share/caddy
+SITE_DIR={{ caddy.site_dir }}
 {%  for site, secret in webhook_secrets.items() %}
 WEBHOOK_{{ site | upper | replace('.', '_') | replace('-', '_') }}_SECRET={{secret}}
 {% endfor %}