--- # ================================================================= # Caddy Web Server Role Configuration # ================================================================= # This role provides a complete Caddy setup with automatic HTTPS # Override these variables in host_vars/ for production deployment # ================================================================= # Basic Installation Configuration # ================================================================= caddy_version: "latest" caddy_user: "caddy" caddy_home: "/var/lib/caddy" caddy_config_dir: "/etc/caddy" caddy_data_dir: "/var/lib/caddy" caddy_log_dir: "/var/log/caddy" caddy_web_root: "/var/www" caddy_default_site_root: "{{ caddy_web_root }}/default" # ================================================================= # Service Configuration # ================================================================= caddy_config_file: "/etc/caddy/Caddyfile" # Package default path caddy_sites_enabled_dir: "/etc/caddy/sites-enabled" # Directory for service configurations caddy_service_enabled: true caddy_service_state: "started" caddy_auto_https: true caddy_admin_listen: "127.0.0.1:2019" # ================================================================= # TLS/HTTPS Configuration # ================================================================= # Enable automatic HTTPS with Let's Encrypt certificates caddy_tls_enabled: false # Set to true to enable HTTPS caddy_tls_email: "" # Required for Let's Encrypt (e.g., "admin@example.com") caddy_domain: "localhost" # Primary domain to serve # ACME Certificate Authority settings caddy_acme_ca: "https://acme-v02.api.letsencrypt.org/directory" # Production CA # caddy_acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging for testing # ================================================================= # DNS Challenge Configuration (for wildcard certificates) # ================================================================= # DNS challenge allows wildcard certificates and works behind firewalls caddy_dns_provider: "" # Set to "cloudflare" for Cloudflare DNS challenge cloudflare_api_token: "" # Cloudflare API token (override in host_vars with vault reference) # DNS challenge settings caddy_dns_resolvers: # DNS resolvers for challenge verification - "1.1.1.1:53" - "1.0.0.1:53" caddy_dns_propagation_timeout: 120 # Seconds to wait for DNS propagation # ================================================================= # Service Configuration # ================================================================= # File-based service configuration using import directive # Services deploy .caddy files to sites-enabled directory # ================================================================= # Security & Network Configuration # ================================================================= # Firewall ports to open automatically caddy_firewall_ports: - 80 # HTTP (for redirects and ACME challenges) - 443 # HTTPS (for TLS traffic) # ================================================================= # Advanced Configuration # ================================================================= # Systemd service customization caddy_systemd_security: true # Enable systemd security restrictions caddy_log_level: "INFO" # Logging level (ERROR, WARN, INFO, DEBUG) caddy_log_format: "json" # Log format (common, json) caddy_log_credentials: false # Log credentials in access logs (security risk)