Initial version of the caddy rule

Signed-off-by: Nis Wechselberg <enbewe@enbewe.de>

roles/caddy/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+caddy_use_local_certs: false

roles/caddy/handlers/main.yml

@@ -0,0 +1,23 @@
+---
+- name: 'Reload caddy services'
+  become: true
+  ansible.builtin.service:
+    daemon-reload: true
+
+- name: 'Restart caddy image'
+  become: true
+  ansible.builtin.service:
+    name: 'caddy-image.service'
+    state: 'restarted'
+
+- name: 'Restart caddy volume'
+  become: true
+  ansible.builtin.service:
+    name: 'caddy-data-volume.service'
+    state: 'restarted'
+
+- name: 'Restart caddy container'
+  become: true
+  ansible.builtin.service:
+    name: 'caddy.service'
+    state: 'restarted'

roles/caddy/tasks/main.yml

@@ -0,0 +1,75 @@
+---
+- name: 'Ensure required software is installed'
+  become: true
+  ansible.builtin.apt:
+    name: 'podman'
+    state: 'present'
+
+- name: 'Define caddy image'
+  become: true
+  containers.podman.podman_image:
+    name: 'docker.io/library/caddy:latest'
+    state: 'quadlet'
+  notify:
+    - 'Reload caddy services'
+    - 'Restart caddy image'
+
+- name: 'Define caddy data volume'
+  become: true
+  containers.podman.podman_volume:
+    name: 'caddy-data'
+    state: 'quadlet'
+  notify:
+    - 'Reload caddy services'
+    - 'Restart caddy volume'
+
+- name: 'Create caddy conf directory'
+  become: true
+  ansible.builtin.file:
+    name: '/etc/caddy'
+    state: 'directory'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rwx,g=rx,o=rx'
+
+- name: 'Generate Caddyfile'
+  become: true
+  ansible.builtin.template:
+    src: 'Caddyfile.j2'
+    dest: '/etc/caddy/Caddyfile'
+    owner: 'root'
+    group: 'root'
+    mode: 'u=rw,g=r,o=r'
+  notify: 
+      - 'Restart caddy container'
+
+- name: 'Create caddy container'
+  become: true
+  containers.podman.podman_container:
+    name: 'caddy'
+    image: 'caddy.image'
+    network: '{{ caddy_networks }}'
+    state: 'quadlet'
+    volume: 
+      - '/etc/caddy:/etc/caddy'
+      - 'caddy-data.volume:/data'
+    publish:
+      - '80:80'
+      - '443:443'
+    quadlet_options: |
+      [Install]
+      WantedBy=default.target
+      [Unit]
+      Requires=caddy-image.service
+      After=caddy-image.service
+      Requires=caddy-data-volume.service
+      After=caddy-data-volume.service
+      {% for net in caddy_networks %}
+      Requires={{ net | replace('.network', '-network') }}.service
+      After={{ net | replace('.network', '-network') }}.service
+      {% endfor %}
+  notify:
+    - 'Reload caddy services'
+    - 'Restart caddy container'
+
+

roles/caddy/templates/Caddyfile.j2

@@ -0,0 +1,17 @@
+{% if caddy_use_local_certs %}
+{
+	local_certs
+}
+{% endif %}
+
+{% for site in caddy_sites %}
+{{ site.name }} {
+{% if site.directives is defined %}
+	{{ site.directives }}
+{% endif %}
+{% if site.proxy_to is defined %}
+	reverse_proxy {{ site.proxy_to }}
+{% endif %}
+}
+
+{% endfor %}