serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Switch caddy acme ca to zerossl

Browse source
This commit is contained in:
Tobias Reisinger 2026-02-28 20:51:32 +01:00
parent b5214a0a9f
commit 92b20d3d88
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
3 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
playbooks/roles/acme_dns/defaults/main.yml
View file

@ -2,6 +2,9 @@
acme_dns_svc:
domain: "{{ all_services | service_get_domain(service_name) }}"
port: 80
caddy_extra:
# otherwise we have a dependency-loop with the wildcard, which needs this service
tls force_automate
nsadmin: "{{ admin_email | regex_replace('@', '.') }}"
records:
a: "{{ ansible_facts.default_ipv4.address }}"

2
playbooks/roles/caddy/defaults/main.yml
View file

@ -3,6 +3,8 @@ caddy_acmedns_user: "{{ undef() }}"
caddy_acmedns_pass: "{{ undef() }}"
caddy_acmedns_subd: "{{ undef() }}"
caddy_acmedns_url: "https://{{ acme_dns.host }}"
caddy_acme_eab_key_id: "{{ undef() }}"
caddy_acme_eab_mac_key: "{{ undef() }}"
caddy_ports: "{{ host_services | services_get_attr('ports') | flatten | services_ports_to_docker('reverse_proxy') }}"

6
playbooks/roles/caddy/templates/Caddyfile.j2
View file

@ -1,6 +1,12 @@
{
email {{ admin_email }}
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {{ caddy_acme_eab_key_id }}
mac_key {{ caddy_acme_eab_mac_key }}
}
metrics
servers {