Add caddy reverse proxy role

Acts as reverse proxy for the docker instance. Can be configured through
docker labels. Proxies anything that is received on port 80 or 443.

ansible/playbook.yaml

@@ -25,6 +25,11 @@
 - name: Prepare all docker hosted containers
   hosts: instance_system
   tasks:
+    - name: Set up Caddy stack
+      ansible.builtin.import_role:
+        name: caddy
+      tags: caddy
+
     - name: Set up Arr stack
       ansible.builtin.import_role:
         name: arr

ansible/roles/caddy/tasks/main.yaml

@@ -0,0 +1,19 @@
+- name: Install python requirements
+  ansible.builtin.package:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - python3-yaml # for docker compose_v2
+    - python3-requests # for docker network
+
+- name: Ensure caddy network exists
+  community.docker.docker_network:
+    name: caddy
+
+- name: Start the compose stack
+  community.docker.docker_compose_v2:
+    project_name: caddy
+    definition: "{{ lookup('template', 'docker-compose.yaml.j2') | from_yaml }}"
+    remove_orphans: true
+    wait: true
+    wait_timeout: 60

ansible/roles/caddy/templates/docker-compose.yaml.j2

@@ -0,0 +1,30 @@
+services:
+  caddy:
+    image: lucaslorentz/caddy-docker-proxy:ci-alpine
+    ports:
+      - 80:80
+      - 443:443
+    networks:
+      - caddy
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - caddy_data:/caddy
+    labels:
+      caddy.auto_https: "off"
+
+  whoami:
+    container_name: whoami
+    image: traefik/whoami
+    networks:
+      - caddy
+    labels:
+      caddy: "http://test.pichi.berlin"
+      caddy.reverse_proxy: "{{ '{{' }}upstreams 80{{ '}}'}}" # has to be done to prevent ansible templating
+
+networks:
+  caddy:
+    external: true
+
+volumes:
+  caddy_data: {}
+