joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7788410bfc96374b5076218301657845667da945
rick-infra/host_vars/arch-vps/main.yml
Joakim 7788410bfc Complete production-ready Caddy infrastructure with security hardening 
- Add comprehensive Caddy role with HTTPS/TLS, DNS challenges, and systemd security
- Implement optimized systemd overrides with enhanced security restrictions
- Create detailed documentation with usage examples and variable references
- Establish proper Ansible configuration with vault integration
- Update site.yml for infrastructure orchestration with role-based deployment
- Add host-specific configuration structure for scalable multi-environment setup
2025-11-12 22:36:34 +01:00

41 lines
1.4 KiB
YAML
Raw Blame History

---
# =================================================================
# Production Configuration for arch-vps (jnss.me)
# =================================================================
# =================================================================
# TLS Configuration - Production Setup
# =================================================================
caddy_tls_enabled: true
caddy_domain: "jnss.me"
caddy_tls_email: "{{ vault_caddy_tls_email }}"
# DNS Challenge Configuration (Cloudflare)
caddy_dns_provider: "cloudflare"
cloudflare_api_token: "{{ vault_cloudflare_api_token }}"
# Production Let's Encrypt CA
caddy_acme_ca: "https://acme-v02.api.letsencrypt.org/directory"
# =================================================================
# Site Configuration
# =================================================================
# For now, just serve the main jnss.me domain
# Additional sites can be added here as services are deployed
caddy_sites: []
# Future sites will look like:
# caddy_sites:
# - domain: "cloud.jnss.me"
# backend: "localhost:8080"
# dns_challenge: true
# - domain: "auth.jnss.me"
# backend: "localhost:9000"
# dns_challenge: true
# =================================================================
# Security & Logging
# =================================================================
caddy_log_level: "INFO"
caddy_log_format: "json"
caddy_systemd_security: true
Reference in New Issue View Git Blame Copy Permalink