new role and FWCNs

roles/reverseproxy/tasks/caddy.yml

@@ -0,0 +1,17 @@
+# Load distro-specific variables
+- include_vars: "{{ ansible_distribution | lower }}.yml"
+  tags: always
+  ignore_errors: True
+
+- block:
+  - debug:
+      msg: Debug
+
+  # Perform remaining tasks:
+  - ansible.builtin.import_tasks: caddy_install.yml
+  - ansible.builtin.import_tasks: caddy_config.yml
+  - ansible.builtin.import_tasks: caddy_service.yml
+
+  rescue:
+    - set_fact: task_failed=true
+    

roles/reverseproxy/tasks/caddy_config.yml

@@ -0,0 +1,18 @@
+---
+- name: Create Caddy config dir
+  file:
+    path: /etc/caddy
+    state: directory
+    mode: 0755
+
+- name: Deploy Caddyfile
+  template:
+    src: Caddyfile.j2
+    dest: /etc/caddy/Caddyfile
+    mode: 0644
+
+- name: Deploy PowerDNS env file
+  template:
+    src: powerdns.env.j2
+    dest: /etc/caddy/powerdns.env
+    mode: 0600

roles/reverseproxy/tasks/caddy_install.yml

@@ -0,0 +1,37 @@
+---
+- name: Install dependencies
+  apt:
+    name:
+      - curl
+      - unzip
+      - git
+      - build-essential
+    state: present
+    update_cache: yes
+
+- name: Download xcaddy
+  get_url:
+    url: https://github.com/caddyserver/xcaddy/releases/download/v0.9.5/xcaddy_0.9.5_linux_amd64.tar.gz
+    dest: /tmp/xcaddy.tar.gz
+
+- name: Extract xcaddy
+  unarchive:
+    src: /tmp/xcaddy.tar.gz
+    dest: /usr/local/bin/
+    mode: 0755
+    remote_src: yes
+
+- name: Build Caddy with PowerDNS DNS plugin
+  command: >
+    xcaddy build
+    --with github.com/caddy-dns/powerdns
+  args:
+    chdir: /usr/local/bin
+    creates: /usr/local/bin/caddy-custom
+
+- name: Move custom caddy binary
+  copy:
+    src: /usr/local/bin/caddy
+    dest: /usr/local/bin/caddy
+    mode: 0755
+    remote_src: yes

roles/reverseproxy/tasks/caddy_service.yml

@@ -0,0 +1,31 @@
+---
+- name: Install systemd service
+  copy:
+    dest: /etc/systemd/system/caddy.service
+    mode: 0644
+    content: |
+      [Unit]
+      Description=Caddy
+      After=network-online.target
+      Wants=network-online.target
+
+      [Service]
+      EnvironmentFile=/etc/caddy/powerdns.env
+      ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
+      ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
+      Restart=on-failure
+      User=root
+      Group=root
+
+      [Install]
+      WantedBy=multi-user.target
+
+- name: Reload systemd
+  systemd:
+    daemon_reload: yes
+
+- name: Enable and start Caddy
+  systemd:
+    name: caddy
+    state: started
+    enabled: yes

roles/reverseproxy/tasks/main.yml

@@ -0,0 +1,11 @@
+# Load distro specific variables
+- include_vars: "{{ ansible_distribution | lower }}.yml"
+  tags: always
+  ignore_errors: True
+- include_vars: "{{ ansible_fqdn | lower }}.yml"
+  ignore_errors: True
+
+- include_tasks: caddy.yml
+  when:
+    - caddy is defined
+    - caddy == true