2026-06-14 19:31:23 +02:00
|
|
|
# {{ ansible_managed }}
|
2026-06-14 17:36:58 +02:00
|
|
|
{
|
|
|
|
|
email {{ reverse_proxy__acme_email }}
|
2026-06-18 12:30:49 +02:00
|
|
|
{%- if reverse_proxy__acme_ca %}
|
|
|
|
|
acme_ca {{ reverse_proxy__acme_ca }}
|
|
|
|
|
{%- endif %}
|
2026-06-15 06:57:47 +02:00
|
|
|
{% if reverse_proxy__acme_dns_provider == 'gandi' %}
|
|
|
|
|
# ACME DNS-01 via Gandi (mesh/LAN-only hosts, incl. wildcard certs). Token is the
|
|
|
|
|
# Gandi PAT, injected from the env file as a Bearer token (ADR-024). Needs the custom
|
|
|
|
|
# caddy-gandi image — the upstream caddy:2 has no DNS provider modules.
|
|
|
|
|
acme_dns gandi {env.GANDI_BEARER_TOKEN}
|
|
|
|
|
{% endif %}
|
2026-06-14 17:36:58 +02:00
|
|
|
}
|
|
|
|
|
{% for r in reverse_proxy__routes %}
|
2026-06-15 17:55:05 +02:00
|
|
|
{{ r['host'] }} {
|
2026-06-18 12:30:49 +02:00
|
|
|
{%- if reverse_proxy__tls_internal %}
|
|
|
|
|
tls internal
|
|
|
|
|
{%- endif %}
|
2026-06-15 17:55:05 +02:00
|
|
|
{% if r['caddy'] is defined %}
|
|
|
|
|
{{ r['caddy'] | trim | indent(2, first=true) }}
|
|
|
|
|
{% elif r['upstream'] is defined %}
|
|
|
|
|
reverse_proxy {{ r['upstream'] }}
|
2026-06-14 18:11:20 +02:00
|
|
|
{% else %}
|
2026-06-15 17:55:05 +02:00
|
|
|
respond "{{ r['respond'] | default('boma') }}" 200
|
2026-06-14 18:11:20 +02:00
|
|
|
{% endif %}
|
2026-06-14 17:36:58 +02:00
|
|
|
}
|
2026-06-14 18:11:20 +02:00
|
|
|
{% endfor %}
|