moving everything to active or retired vs incubating and graduated

active/podman_caddy/caddy.container

@@ -0,0 +1,18 @@
+[Unit]
+Description=Caddy
+
+[Container]
+AddCapability=NET_ADMIN
+ContainerName=caddy
+Image=docker.io/caddy:2
+Network=host
+SecurityLabelDisable=true
+Volume=/etc/caddy:/etc/caddy
+Volume=caddy_data:/data
+Volume=caddy_config:/config
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target

active/podman_caddy/caddy.md

@@ -0,0 +1,104 @@
+# Caddy Reverse Proxy
+
+- [Caddy Reverse Proxy](#caddy-reverse-proxy)
+  - [DNS Records](#dns-records)
+  - [Install Caddy](#install-caddy)
+    - [Ansible](#ansible)
+    - [Manual](#manual)
+
+## DNS Records
+
+Before you can create a Caddyfile you need records that point to your server.
+
+You can either create them manually in your DNS provider of choice or use the provided
+ddns service:
+
+1. Update the [ddns caddy records](/active/podman_ddns/secrets/caddy_records.yaml)
+2. Run the [caddy ansible playbook](/active/podman_ddns/ddns.md#ansible-caddy-records)
+
+## Install Caddy
+
+### Ansible
+
+You'll need a secrets/Caddyfile with your caddy config.
+
+`secrets/Caddyfile` example:
+
+```conf
+https://something.reeseapps.com:443 {
+    reverse_proxy internal.reeselink.com:8000
+}
+
+https://something-else.reeseapps.com:443 {
+    reverse_proxy internal-other.reeselink.com:8080
+}
+```
+
+The playbook limits the installer to `hosts: caddy` so make sure you have a caddy
+host in your inventory.
+
+Now you can install the Caddy service with something like:
+
+```bash
+ansible-playbook \
+-i ansible/inventory.yaml \
+active/podman_caddy/install_caddy.yaml
+```
+
+See ansible playbook [install_caddy.yaml](/active/podman_caddy/install_caddy.yaml)
+
+### Manual
+
+As root
+
+```bash
+mkdir /etc/caddy
+vim /etc/caddy/Caddyfile
+```
+
+Caddy will automatically provision certificates if the server DNS points to the correct IP
+and is accessible on the ports specifified. All you need to do is put `https` in the caddy conf.
+
+Example:
+
+```conf
+# Gitea
+https://gitea.reeseapps.com:443 {
+    reverse_proxy podman.reeselink.com:3000
+}
+
+# Jellyfin
+https://jellyfin.reeseapps.com:443 {
+    reverse_proxy podman.reeselink.com:8096
+}
+```
+
+```bash
+vim /etc/containers/systemd/caddy.container
+```
+
+```conf
+[Unit]
+Description=Caddy
+
+[Container]
+AddCapability=NET_ADMIN
+ContainerName=caddy
+Image=docker.io/caddy:2
+Network=host
+SecurityLabelDisable=true
+Volume=/etc/caddy:/etc/caddy
+Volume=caddy_data:/data
+Volume=caddy_config:/config
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=default.target
+```
+
+```bash
+systemctl daemon-reload
+systemctl restart caddy
+```

active/podman_caddy/install_caddy.yaml

@@ -0,0 +1,28 @@
+- name: Create DDNS Service
+  hosts: caddy
+  tasks:
+  - name: Create /etc/caddy dir
+    ansible.builtin.file:
+      path: /etc/caddy
+      state: directory
+      mode: '0755'
+  - name: Copy Caddyfile
+    template:
+      src: secrets/Caddyfile
+      dest: /etc/caddy/Caddyfile
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Template Caddy Container Services
+    template:
+      src: caddy.container
+      dest: /etc/containers/systemd/caddy.container
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Reload and start the Caddy service
+    ansible.builtin.systemd_service:
+      state: restarted
+      name: caddy.service
+      enabled: true
+      daemon_reload: true