joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
90bbcd97b1bcece72adface2fabf3e12e4476eea
rick-infra/roles/caddy/defaults/main.yml

77 lines
3.6 KiB
YAML
Raw Blame History

---
# =================================================================
# Caddy Web Server Role Configuration
# =================================================================
# This role provides a complete Caddy setup with automatic HTTPS
# Override these variables in host_vars/ for production deployment
# =================================================================
# Basic Installation Configuration
# =================================================================
caddy_version: "latest"
caddy_user: "caddy"
caddy_home: "/var/lib/caddy"
caddy_config_dir: "/etc/caddy"
caddy_data_dir: "/var/lib/caddy"
caddy_log_dir: "/var/log/caddy"
caddy_web_root: "/var/www"
caddy_default_site_root: "{{ caddy_web_root }}/default"
# =================================================================
# Service Configuration
# =================================================================
caddy_config_file: "/etc/caddy/Caddyfile" # Package default path
caddy_sites_enabled_dir: "/etc/caddy/sites-enabled" # Directory for service configurations
caddy_service_enabled: true
caddy_service_state: "started"
caddy_auto_https: true
caddy_admin_listen: "127.0.0.1:2019"
# =================================================================
# TLS/HTTPS Configuration
# =================================================================
# Enable automatic HTTPS with Let's Encrypt certificates
caddy_tls_enabled: false # Set to true to enable HTTPS
caddy_tls_email: "" # Required for Let's Encrypt (e.g., "admin@example.com")
caddy_domain: "localhost" # Primary domain to serve
# ACME Certificate Authority settings
caddy_acme_ca: "https://acme-v02.api.letsencrypt.org/directory" # Production CA
# caddy_acme_ca: "https://acme-staging-v02.api.letsencrypt.org/directory" # Staging for testing
# =================================================================
# DNS Challenge Configuration (for wildcard certificates)
# =================================================================
# DNS challenge allows wildcard certificates and works behind firewalls
caddy_dns_provider: "" # Set to "cloudflare" for Cloudflare DNS challenge
cloudflare_api_token: "" # Cloudflare API token (override in host_vars with vault reference)
# DNS challenge settings
caddy_dns_resolvers: # DNS resolvers for challenge verification
- "1.1.1.1:53"
- "1.0.0.1:53"
caddy_dns_propagation_timeout: 120 # Seconds to wait for DNS propagation
# =================================================================
# Service Configuration
# =================================================================
# File-based service configuration using import directive
# Services deploy .caddy files to sites-enabled directory
# =================================================================
# Security & Network Configuration
# =================================================================
# Firewall ports to open automatically
caddy_firewall_ports:
- 80 # HTTP (for redirects and ACME challenges)
- 443 # HTTPS (for TLS traffic)
# =================================================================
# Advanced Configuration
# =================================================================
# Systemd service customization
caddy_systemd_security: true # Enable systemd security restrictions
caddy_log_level: "INFO" # Logging level (ERROR, WARN, INFO, DEBUG)
caddy_log_format: "json" # Log format (common, json)
caddy_log_credentials: false # Log credentials in access logs (security risk)
Reference in New Issue View Git Blame Copy Permalink