ansible-role-caddy/tasks/main.yml

- name: Ensure Caddy is installed
  ansible.builtin.package:
    name: caddy
    state: present

- name: Create Caddy configuration directory
  ansible.builtin.file:
    path: /etc/caddy
    state: directory
    owner: root
    group: root
    mode: '0755'

- name: Deploy Caddyfile
  ansible.builtin.template:
    src: Caddyfile.j2
    dest: "{{ caddy_config_path }}"
    owner: root
    group: root
    mode: '0644'

- name: Ensure Caddy authorities directory exists
  ansible.builtin.file:
    path: /var/lib/caddy/.local/share/caddy/pki/authorities/local
    state: directory
    owner: caddy
    group: caddy
    mode: '0700'
    become: yes

# Copy the pre-generated certs from files/certs folder to Caddy, 
# so that you only need to import the root.crt once for all .local domains
- name: Deploy Caddy root certificates
  vars:
    cert_list: "{{ lookup('fileglob', role_path + '/files/certs/*', wantlist=True) | map('basename') | list }}"
  ansible.builtin.copy:
    src: "certs/{{ item }}"
    dest: "{{ caddy_authorities_path }}/{{ item }}"
    owner: caddy
    group: caddy
    mode: '0600'
    force: yes

  loop: "{{ cert_list }}"
  become: yes
- name: Ensure Caddy root directory exists
  ansible.builtin.file:
    path: "{{ caddy_root }}"
    state: directory
    owner: www-data
    group: www-data
    mode: '0755'

- name: Start and enable Caddy service
  ansible.builtin.service:
    name: "{{ caddy_service_name }}"
    state: started
    enabled: true

- name: Restart Caddy
  become: yes
  ansible.builtin.service:
    name: "{{ caddy_service_name }}"
    state: restarted

# By default don't trust as its not usually needed
- name: Trust Caddy local CA
  copy:
    src: /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
    dest: /usr/local/share/ca-certificates/caddy-local.crt
    remote_src: yes
  notify: Update CA trust
  when: caddy_trust_local_ca | default(false) | bool
Add first commit 2025-10-31 14:33:03 +02:00			`- name: Ensure Caddy is installed`
			`ansible.builtin.package:`
			`name: caddy`
			`state: present`

			`- name: Create Caddy configuration directory`
			`ansible.builtin.file:`
			`path: /etc/caddy`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '0755'`

			`- name: Deploy Caddyfile`
			`ansible.builtin.template:`
			`src: Caddyfile.j2`
			`dest: "{{ caddy_config_path }}"`
			`owner: root`
			`group: root`
			`mode: '0644'`

Add functionality by copy-pasting pre-generated certs to vm and update README.md This commit includes the pre-generated certs in the files/certs directory. README.md was thoroughly updated to include an example of using certbot with this role and how to import the root.crt to Firefox. 2025-12-01 15:51:30 +02:00			`- name: Ensure Caddy authorities directory exists`
			`ansible.builtin.file:`
			`path: /var/lib/caddy/.local/share/caddy/pki/authorities/local`
			`state: directory`
			`owner: caddy`
			`group: caddy`
			`mode: '0700'`
			`become: yes`

			`# Copy the pre-generated certs from files/certs folder to Caddy,`
			`# so that you only need to import the root.crt once for all .local domains`
			`- name: Deploy Caddy root certificates`
			`vars:`
			`cert_list: "{{ lookup('fileglob', role_path + '/files/certs/*', wantlist=True) \| map('basename') \| list }}"`
			`ansible.builtin.copy:`
			`src: "certs/{{ item }}"`
			`dest: "{{ caddy_authorities_path }}/{{ item }}"`
			`owner: caddy`
			`group: caddy`
			`mode: '0600'`
			`force: yes`

			`loop: "{{ cert_list }}"`
			`become: yes`
Add first commit 2025-10-31 14:33:03 +02:00			`- name: Ensure Caddy root directory exists`
			`ansible.builtin.file:`
			`path: "{{ caddy_root }}"`
			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: '0755'`

			`- name: Start and enable Caddy service`
			`ansible.builtin.service:`
			`name: "{{ caddy_service_name }}"`
			`state: started`
			`enabled: true`

Add functionality by copy-pasting pre-generated certs to vm and update README.md This commit includes the pre-generated certs in the files/certs directory. README.md was thoroughly updated to include an example of using certbot with this role and how to import the root.crt to Firefox. 2025-12-01 15:51:30 +02:00			`- name: Restart Caddy`
			`become: yes`
			`ansible.builtin.service:`
			`name: "{{ caddy_service_name }}"`
			`state: restarted`

			`# By default don't trust as its not usually needed`
Add first commit 2025-10-31 14:33:03 +02:00			`- name: Trust Caddy local CA`
			`copy:`
			`src: /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt`
			`dest: /usr/local/share/ca-certificates/caddy-local.crt`
			`remote_src: yes`
Add functionality by copy-pasting pre-generated certs to vm and update README.md This commit includes the pre-generated certs in the files/certs directory. README.md was thoroughly updated to include an example of using certbot with this role and how to import the root.crt to Firefox. 2025-12-01 15:51:30 +02:00			`notify: Update CA trust`
			`when: caddy_trust_local_ca \| default(false) \| bool`