--- # Caddy reverse proxy (ADR-024). Vanilla Caddy; TLS via ACME HTTP-01 (public hosts). reverse_proxy__base_dir: /opt/services/reverse_proxy reverse_proxy__acme_email: admin@example.test reverse_proxy__routes: [] # each: {host: x, upstream: "svc:port"} OR {host: x, respond: "text"} reverse_proxy__manage: true # set false in Molecule to render without Docker # access__*/backup__* are the ADR-021/022 CROSS-ROLE conventions — shared field names that # render ACCESS.md/BACKUP.md and drive /check-access · /check-backup. They intentionally do # NOT carry the reverse_proxy__ prefix, so each is marked `# noqa: var-naming[no-role-prefix]` # (ansible-lint's role-prefix rule has no per-prefix allowlist; keeping it enabled elsewhere). # Operational-access record (ADR-021) — source of truth for ACCESS.md + /check-access. access__service: reverse_proxy # noqa: var-naming[no-role-prefix] access__compose_project: reverse_proxy # noqa: var-naming[no-role-prefix] access__compose_path: "{{ reverse_proxy__base_dir }}/docker-compose.yml" # noqa: var-naming[no-role-prefix] access__containers: [caddy] # noqa: var-naming[no-role-prefix] access__log: # noqa: var-naming[no-role-prefix] loki_labels: { service: caddy } # intent; Loki/Alloy pipeline is ADR-018 (pending) access__api: # noqa: var-naming[no-role-prefix] enabled: false reason: "Caddy admin API bound to container localhost :2019; never exposed (ADR-020 catalog owns ports)" # Backup contract (ADR-022). Stateless: Caddy's /data holds only ACME account keys + # issued certs, which are re-requested automatically on restart via HTTP-01 (no manual # steps). Residual risk: Let's Encrypt rate limits on rapid repeated re-issuance. backup__service: reverse_proxy # noqa: var-naming[no-role-prefix] backup__state: false # noqa: var-naming[no-role-prefix]