Fix Caddy DNS plugin syntax and add wrapper script
- Use correct Gandi DNS syntax: dns gandi {env.VAR} (not nested block)
- Add wrapper script to load token from file into environment variable
- Update LaunchAgent to use wrapper script
Caddy now successfully obtains Let's Encrypt wildcard certs via DNS-01.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
e590945006
commit
465cfa76d2
4 changed files with 16 additions and 15 deletions
|
|
@ -52,6 +52,13 @@
|
|||
mode: "0644"
|
||||
notify: Restart caddy
|
||||
|
||||
- name: Deploy caddy wrapper script
|
||||
ansible.builtin.template:
|
||||
src: caddy-wrapper.sh.j2
|
||||
dest: "{{ caddy_config_dir }}/caddy-wrapper.sh"
|
||||
mode: "0755"
|
||||
notify: Restart caddy
|
||||
|
||||
- name: Deploy caddy LaunchAgent plist
|
||||
ansible.builtin.template:
|
||||
src: caddy.plist.j2
|
||||
|
|
|
|||
|
|
@ -7,19 +7,12 @@
|
|||
{
|
||||
# Global options
|
||||
admin off
|
||||
|
||||
# Use ACME DNS-01 challenge with Gandi
|
||||
acme_dns gandi {
|
||||
api_token {file.{{ caddy_gandi_token_file }}}
|
||||
}
|
||||
}
|
||||
|
||||
# Wildcard certificate for all services
|
||||
*.{{ caddy_domain }}:{{ caddy_https_port }} {
|
||||
tls {
|
||||
dns gandi {
|
||||
api_token {file.{{ caddy_gandi_token_file }}}
|
||||
}
|
||||
dns gandi {env.GANDI_BEARER_TOKEN}
|
||||
}
|
||||
|
||||
{% for service in caddy_services %}
|
||||
|
|
@ -38,9 +31,7 @@
|
|||
# Base domain (ops.eblu.me)
|
||||
{{ caddy_domain }}:{{ caddy_https_port }} {
|
||||
tls {
|
||||
dns gandi {
|
||||
api_token {file.{{ caddy_gandi_token_file }}}
|
||||
}
|
||||
dns gandi {env.GANDI_BEARER_TOKEN}
|
||||
}
|
||||
|
||||
respond "blumeops services - use a subdomain (e.g., forge.{{ caddy_domain }})"
|
||||
|
|
|
|||
6
ansible/roles/caddy/templates/caddy-wrapper.sh.j2
Normal file
6
ansible/roles/caddy/templates/caddy-wrapper.sh.j2
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Wrapper script for Caddy that loads the Gandi token from file
|
||||
# Managed by ansible - do not edit manually
|
||||
|
||||
export GANDI_BEARER_TOKEN=$(cat {{ caddy_gandi_token_file }})
|
||||
exec {{ caddy_binary }} run --config {{ caddy_config_dir }}/Caddyfile
|
||||
|
|
@ -7,10 +7,7 @@
|
|||
|
||||
<key>ProgramArguments</key>
|
||||
<array>
|
||||
<string>{{ caddy_binary }}</string>
|
||||
<string>run</string>
|
||||
<string>--config</string>
|
||||
<string>{{ caddy_config_dir }}/Caddyfile</string>
|
||||
<string>{{ caddy_config_dir }}/caddy-wrapper.sh</string>
|
||||
</array>
|
||||
|
||||
<key>WorkingDirectory</key>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue