From e6b6154043c80b7d84d6889d239a8f3ee63db062 Mon Sep 17 00:00:00 2001
From: Marty Oehme <contact@martyoeh.me>
Date: Mon, 14 Jul 2025 10:01:19 +0200
Subject: [PATCH] Add caddy reverse proxy role

Acts as reverse proxy for the docker instance. Can be configured through
docker labels. Proxies anything that is received on port 80 or 443.
---
 ansible/playbook.yaml                         |  5 ++++
 ansible/roles/caddy/tasks/main.yaml           | 19 ++++++++++++
 .../caddy/templates/docker-compose.yaml.j2    | 30 +++++++++++++++++++
 3 files changed, 54 insertions(+)
 create mode 100644 ansible/roles/caddy/tasks/main.yaml
 create mode 100644 ansible/roles/caddy/templates/docker-compose.yaml.j2

diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index 45a17b4..0fe9fcc 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -25,6 +25,11 @@
 - name: Prepare all docker hosted containers
   hosts: instance_system
   tasks:
+    - name: Set up Caddy stack
+      ansible.builtin.import_role:
+        name: caddy
+      tags: caddy
+
     - name: Set up Arr stack
       ansible.builtin.import_role:
         name: arr
diff --git a/ansible/roles/caddy/tasks/main.yaml b/ansible/roles/caddy/tasks/main.yaml
new file mode 100644
index 0000000..0871a8e
--- /dev/null
+++ b/ansible/roles/caddy/tasks/main.yaml
@@ -0,0 +1,19 @@
+- name: Install python requirements
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - python3-yaml # for docker compose_v2
+    - python3-requests # for docker network
+
+- name: Ensure caddy network exists
+  community.docker.docker_network:
+    name: caddy
+
+- name: Start the compose stack
+  community.docker.docker_compose_v2:
+    project_name: caddy
+    definition: "{{ lookup('template', 'docker-compose.yaml.j2') | from_yaml }}"
+    remove_orphans: true
+    wait: true
+    wait_timeout: 60
diff --git a/ansible/roles/caddy/templates/docker-compose.yaml.j2 b/ansible/roles/caddy/templates/docker-compose.yaml.j2
new file mode 100644
index 0000000..9f47f5a
--- /dev/null
+++ b/ansible/roles/caddy/templates/docker-compose.yaml.j2
@@ -0,0 +1,30 @@
+services:
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - caddy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - caddy_data:/caddy
+    labels:
+      caddy.auto_https: "off"
+
+  whoami:
+    container_name: whoami
+    image: traefik/whoami
+    networks:
+      - caddy
+    labels:
+      caddy: "http://test.pichi.berlin"
+      caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}" # has to be done to prevent ansible templating
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}
+