commit b3204eb4daa76e0f6087c5c778dd79c8b8e97ea2 Author: Santeri Kainulainen Date: Fri Oct 31 14:33:03 2025 +0200 Add first commit diff --git a/README.MD b/README.MD new file mode 100644 index 0000000..ed72ced --- /dev/null +++ b/README.MD @@ -0,0 +1,15 @@ +# Kifi Caddy + +Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing + +## Example usage + +In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs. + +Example: +``` +- role: caddy + caddy_config_path: /etc/caddy/Caddyfile + caddy_root: /var/www/caddy + caddy_service_name: caddy +``` \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..bc475db --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,5 @@ +# defaults file for caddy + +caddy_root: /usr/share/caddy +caddy_config_path: /etc/caddy/Caddyfile +caddy_service_name: caddy \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..2c1b468 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,8 @@ +- name: Restart Caddy + ansible.builtin.service: + name: "{{ caddy_service_name }}" + state: restarted + +- name: Update CA trust + ansible.builtin.command: update-ca-certificates + become: yes diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..d960394 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,12 @@ +galaxy_info: + author: Santeri Kainulainen + description: Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing + min_ansible_version: 2.11.12 +# platforms: +# - name: Ubuntu +# versions: [ "20.04", "22.04" ] + galaxy_tags: + - caddy + - tls + - localca +dependencies: [] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d0b25e6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,42 @@ +- name: Ensure Caddy is installed + ansible.builtin.package: + name: caddy + state: present + +- name: Create Caddy configuration directory + ansible.builtin.file: + path: /etc/caddy + state: directory + owner: root + group: root + mode: '0755' + +- name: Deploy Caddyfile + ansible.builtin.template: + src: Caddyfile.j2 + dest: "{{ caddy_config_path }}" + owner: root + group: root + mode: '0644' + notify: Restart Caddy + +- name: Ensure Caddy root directory exists + ansible.builtin.file: + path: "{{ caddy_root }}" + state: directory + owner: www-data + group: www-data + mode: '0755' + +- name: Start and enable Caddy service + ansible.builtin.service: + name: "{{ caddy_service_name }}" + state: started + enabled: true + +- name: Trust Caddy local CA + copy: + src: /var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt + dest: /usr/local/share/ca-certificates/caddy-local.crt + remote_src: yes + notify: Update CA trust \ No newline at end of file diff --git a/templates/Caddyfile.j2 b/templates/Caddyfile.j2 new file mode 100644 index 0000000..fd0b6f9 --- /dev/null +++ b/templates/Caddyfile.j2 @@ -0,0 +1,19 @@ +{ + pki { + ca local { + name "My Local CA" + } + } + http_port 8080 + https_port 8443 +} + +localhost:8443 { + acme_server { + ca local + } +} + +# Refer to the Caddy docs for more information: +# https://caddyserver.com/docs/caddyfile + diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..7ac96c7 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1 @@ +# Caddy variables \ No newline at end of file