# Kifi Caddy

Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing. 
This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h). 

## Example usage

In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs. 
 
Example for tilastot.kirjastot.fi.local:
```
- role: kifi.caddy
    caddy_config_path: /etc/caddy/Caddyfile
    caddy_root: /var/www/caddy
    caddy_service_name: caddy
```

Another example of how to use this in combination with the kifi.certbot role: 
```
tasks:
    - name: Run Certbot role
    include_role:
        name: kifi.certbot
    vars:
        certbot_disable_certbot_cron: yes
        certbot_host_with_certs: tilastot.kirjastot.fi.local
        certbot_create_if_missing: yes
        certbot_admin_email: tekniikka@kirjastot.fi
        certbot_certs:
        - domains:
            - tilastot.kirjastot.fi.local
        certbot_create_command: >
            sudo -E REQUESTS_CA_BUNDLE=/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
            certbot certonly --server https://localhost:8443/acme/local/directory
            --standalone
            --email {{ certbot_admin_email }}
            --agree-tos
            --non-interactive
            -d {{ certbot_certs | map(attribute='domains') | flatten | join(' -d ') }}
        tags: certbot, ssl
``` 

Note that the domains get looped over, so you can have multiple of them. 
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this

# Dependencies

[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy