Add first commit

2025-10-31 14:33:03 +02:00 · 2025-10-31 14:33:03 +02:00 · b3204eb4da
commit b3204eb4da
7 changed files with 102 additions and 0 deletions
--- a/README.MD
+++ b/README.MD
@ -0,0 +1,15 @@
+# Kifi Caddy
+
+Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing
+
+## Example usage
+
+In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs. 
+ 
+Example:
+```
+- role: caddy
+    caddy_config_path: /etc/caddy/Caddyfile
+    caddy_root: /var/www/caddy
+    caddy_service_name: caddy
+```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,5 @@
+# defaults file for caddy
+
+caddy_root: /usr/share/caddy
+caddy_config_path: /etc/caddy/Caddyfile
+caddy_service_name: caddy
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,8 @@
+- name: Restart Caddy
+  ansible.builtin.service:
+    name: "{{ caddy_service_name }}"
+    state: restarted
+
+- name: Update CA trust
+  ansible.builtin.command: update-ca-certificates
+  become: yes
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,12 @@
+galaxy_info:
+  author: Santeri Kainulainen
+  description: Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing
+  min_ansible_version: 2.11.12
+#  platforms:
+#    - name: Ubuntu
+#      versions: [ "20.04", "22.04" ]
+  galaxy_tags:
+    - caddy
+    - tls
+    - localca
+dependencies: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,42 @@
+- name: Ensure Caddy is installed
+  ansible.builtin.package:
+    name: caddy
+    state: present
+
+- name: Create Caddy configuration directory
+  ansible.builtin.file:
+    path: /etc/caddy
+    state: directory
+    owner: root
+    group: root
+    mode: '0755'
+
+- name: Deploy Caddyfile
+  ansible.builtin.template:
+    src: Caddyfile.j2
+    dest: "{{ caddy_config_path }}"
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart Caddy
+
+- name: Ensure Caddy root directory exists
+  ansible.builtin.file:
+    path: "{{ caddy_root }}"
+    state: directory
+    owner: www-data
+    group: www-data
+    mode: '0755'
+
+- name: Start and enable Caddy service
+  ansible.builtin.service:
+    name: "{{ caddy_service_name }}"
+    state: started
+    enabled: true
+
+- name: Trust Caddy local CA
+  copy:
+    src: /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
+    dest: /usr/local/share/ca-certificates/caddy-local.crt
+    remote_src: yes
+  notify: Update CA trust
--- a/templates/Caddyfile.j2
+++ b/templates/Caddyfile.j2
@ -0,0 +1,19 @@
+{
+    pki {
+        ca local {
+            name "My Local CA"
+        }
+    }
+    http_port 8080
+    https_port 8443
+}
+
+localhost:8443 {
+    acme_server {
+        ca local
+    }
+}
+
+# Refer to the Caddy docs for more information:
+# https://caddyserver.com/docs/caddyfile
+
--- a/vars/main.yml
+++ b/vars/main.yml
@ -0,0 +1 @@
+# Caddy variables