boma/roles/reverse_proxy/molecule/default/verify.yml
sjat b7e919d6b3 refactor(reverse_proxy): vanilla Caddy + HTTP-01 (drop DNS-01 custom image)
Switch from a custom caddy-dns/gandi image built on-host to the official
caddy:2 image with per-host ACME HTTP-01 certificates. Removes the
Dockerfile, env.j2 (Gandi token), on-host image build/ship/load tasks,
the caddy-image Makefile target, and the wildcard DNS-01 Caddyfile.
Each route now gets its own server block and automatic certificate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 18:11:20 +02:00

22 lines
744 B
YAML

---
- name: Verify
hosts: all
gather_facts: false
tasks:
- name: Slurp the rendered Caddyfile
ansible.builtin.slurp:
src: /opt/services/reverse_proxy/Caddyfile
register: _caddyfile
tags: [verify]
- name: Assert Caddyfile exists and contains expected content
ansible.builtin.assert:
that:
- _caddyfile.content | b64decode | length > 0
- "'app.example.test' in (_caddyfile.content | b64decode)"
- "'reverse_proxy app:80' in (_caddyfile.content | b64decode)"
- "'respond \"ok\" 200' in (_caddyfile.content | b64decode)"
fail_msg: "Caddyfile is missing expected content"
success_msg: "Caddyfile rendered correctly"
tags: [verify]