# {{ ansible_managed }} { email {{ reverse_proxy__acme_email }} {%- if reverse_proxy__acme_ca %} acme_ca {{ reverse_proxy__acme_ca }} {%- endif %} {% if reverse_proxy__acme_dns_provider == 'gandi' %} # ACME DNS-01 via Gandi (mesh/LAN-only hosts, incl. wildcard certs). Token is the # Gandi PAT, injected from the env file as a Bearer token (ADR-024). Needs the custom # caddy-gandi image — the upstream caddy:2 has no DNS provider modules. acme_dns gandi {env.GANDI_BEARER_TOKEN} {% endif %} } {% for r in reverse_proxy__routes %} {{ r['host'] }} { {%- if reverse_proxy__tls_internal %} tls internal {%- endif %} {% if r['caddy'] is defined %} {{ r['caddy'] | trim | indent(2, first=true) }} {% elif r['upstream'] is defined %} reverse_proxy {{ r['upstream'] }} {% else %} respond "{{ r['respond'] | default('boma') }}" 200 {% endif %} } {% endfor %}