Switch to terraform

2026-02-15 18:37:15 +02:00
commit a7062b43ab
70 changed files with 6063 additions and 0 deletions
--- a/ansible/caddy/playbook.yml
+++ b/ansible/caddy/playbook.yml
@@ -0,0 +1,134 @@
+---
+# =============================================================================
+# Shared Caddy Reverse Proxy Playbook
+# =============================================================================
+# Deploys single Caddy instance that proxies to Gitea and NetBird.
+# Run AFTER deploying Gitea and NetBird (needs their networks).
+#
+# Prerequisites:
+#   1. Gitea deployed (creates gitea_gitea network)
+#   2. NetBird deployed (creates netbird_netbird network)
+#   3. DNS records pointing to VPS
+#
+# Usage:
+#   ansible-playbook -i poc-inventory.yml playbook.yml
+# =============================================================================
+
+- name: Deploy Shared Caddy Reverse Proxy
+  hosts: caddy_servers
+  become: true
+  vars_files:
+    - group_vars/caddy_servers.yml
+
+  pre_tasks:
+    - name: Check if Gitea network exists
+      ansible.builtin.command:
+        cmd: docker network inspect {{ gitea_network }}
+      register: gitea_network_check
+      failed_when: false
+      changed_when: false
+
+    - name: Check if NetBird network exists
+      ansible.builtin.command:
+        cmd: docker network inspect {{ netbird_network }}
+      register: netbird_network_check
+      failed_when: false
+      changed_when: false
+
+    - name: Warn about missing networks
+      ansible.builtin.debug:
+        msg: |
+          WARNING: Some service networks don't exist yet.
+          Gitea network ({{ gitea_network }}): {{ 'EXISTS' if gitea_network_check.rc == 0 else 'MISSING - deploy Gitea first' }}
+          NetBird network ({{ netbird_network }}): {{ 'EXISTS' if netbird_network_check.rc == 0 else 'MISSING - deploy NetBird first' }}
+
+          Caddy will fail to start until both networks exist.
+      when: gitea_network_check.rc != 0 or netbird_network_check.rc != 0
+
+  tasks:
+    # =========================================================================
+    # Stop existing Caddy if running elsewhere
+    # =========================================================================
+    - name: Check for Caddy in Gitea deployment
+      ansible.builtin.stat:
+        path: /opt/gitea/docker-compose.yml
+      register: gitea_compose
+
+    - name: Stop Caddy in Gitea deployment
+      ansible.builtin.shell: |
+        cd /opt/gitea && docker compose stop caddy && docker compose rm -f caddy
+      when: gitea_compose.stat.exists
+      failed_when: false
+      changed_when: true
+
+    # =========================================================================
+    # Caddy Directory Structure
+    # =========================================================================
+    - name: Create Caddy directory
+      ansible.builtin.file:
+        path: "{{ caddy_base_dir }}"
+        state: directory
+        mode: "0755"
+
+    # =========================================================================
+    # Deploy Configuration Files
+    # =========================================================================
+    - name: Deploy docker-compose.yml
+      ansible.builtin.template:
+        src: templates/docker-compose.yml.j2
+        dest: "{{ caddy_base_dir }}/docker-compose.yml"
+        mode: "0644"
+
+    - name: Deploy Caddyfile
+      ansible.builtin.template:
+        src: templates/Caddyfile.j2
+        dest: "{{ caddy_base_dir }}/Caddyfile"
+        mode: "0644"
+      register: caddyfile_changed
+
+    # =========================================================================
+    # Start Caddy
+    # =========================================================================
+    - name: Pull Caddy image
+      ansible.builtin.command:
+        cmd: docker compose pull
+        chdir: "{{ caddy_base_dir }}"
+      changed_when: true
+
+    - name: Start Caddy
+      ansible.builtin.command:
+        cmd: docker compose up -d
+        chdir: "{{ caddy_base_dir }}"
+      changed_when: true
+
+    - name: Reload Caddy config if changed
+      ansible.builtin.command:
+        cmd: docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile
+        chdir: "{{ caddy_base_dir }}"
+      when: caddyfile_changed.changed
+      failed_when: false
+      changed_when: true
+
+    # =========================================================================
+    # Deployment Summary
+    # =========================================================================
+    - name: Display deployment status
+      ansible.builtin.debug:
+        msg: |
+          ============================================
+          Shared Caddy Deployed!
+          ============================================
+
+          Proxying:
+            - https://{{ gitea_domain }} -> gitea:{{ gitea_http_port }}
+            - https://{{ netbird_domain }} -> netbird services
+
+          ============================================
+
+          View logs:
+            ssh root@{{ ansible_host }} "cd {{ caddy_base_dir }} && docker compose logs -f"
+
+          Reload config after changes:
+            ssh root@{{ ansible_host }} "cd {{ caddy_base_dir }} && docker compose exec caddy caddy reload --config /etc/caddy/Caddyfile"
+
+          ============================================