feat(reverse-proxy): Add Caddy for reverse proxy

Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>

roles/reverse_proxy/tasks/configure.yml

@@ -0,0 +1,15 @@
+---
+- name: Ensure Caddy configuration directory exists
+  ansible.builtin.file:
+    path: /etc/caddy
+    state: directory
+    mode: "0755"
+  become: true
+
+- name: Deploy Caddy configuration file
+  ansible.builtin.template:
+    src: Caddyfile.j2
+    dest: "{{ caddy_config_path }}"
+    mode: "0644"
+  become: true
+  notify: Restart Caddy

roles/reverse_proxy/tasks/install.yml

@@ -0,0 +1,32 @@
+---
+- name: Download xCaddy GPG key
+  ansible.builtin.get_url:
+    url: "https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key"
+    dest: /etc/apt/keyrings/caddy-xcaddy.asc
+    mode: "0644"
+  become: true
+
+- name: Add xCaddy repository to apt sources
+  ansible.builtin.apt_repository:
+    repo: "deb [signed-by=/etc/apt/keyrings/caddy-xcaddy.asc] https://dl.cloudsmith.io/public/caddy/xcaddy/deb/debian any-version main"
+    state: present
+    update_cache: true
+  become: true
+
+- name: Update apt cache
+  ansible.builtin.apt:
+    update_cache: true
+  become: true
+
+- name: Install xCaddy
+  ansible.builtin.apt:
+    name: xcaddy
+    state: present
+  become: true
+
+- name: Install Caddy
+  ansible.builtin.command: xcaddy build --with github.com/caddy-dns/netcup
+  environment:
+    PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin"
+  register: xcaddy_build
+  failed_when: xcaddy_build.rc != 0

roles/reverse_proxy/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: Install Prerequisites
+  ansible.builtin.include_tasks: prereq.yml
+- name: Install Caddy
+  ansible.builtin.include_tasks: install.yml
+- name: Configure Caddy
+  ansible.builtin.include_tasks: configure.yml
+- name: Start Caddy
+  ansible.builtin.include_tasks: start.yml

roles/reverse_proxy/tasks/prereq.yml

@@ -0,0 +1,44 @@
+---
+- name: Install prerequisites for Caddy
+  ansible.builtin.apt:
+    name:
+      - debian-keyring
+      - debian-archive-keyring
+      - apt-transport-https
+      - curl
+    state: present
+    update_cache: true
+  become: true
+
+- name: Remove existing Go installation
+  ansible.builtin.file:
+    path: /usr/local/go
+    state: absent
+  become: true
+
+- name: Download Go tarball
+  ansible.builtin.get_url:
+    url: "https://go.dev/dl/go{{ go_version }}.linux-amd64.tar.gz"
+    dest: "/tmp/go{{ go_version }}.linux-amd64.tar.gz"
+    mode: "0755"
+
+- name: Extract Go tarball to /usr/local
+  ansible.builtin.unarchive:
+    src: /tmp/go1.23.4.linux-amd64.tar.gz
+    dest: /usr/local
+    remote_src: true
+  become: true
+  register: go_install
+
+- name: Ensure Go binary path is added to /etc/profile
+  ansible.builtin.lineinfile:
+    path: /etc/profile
+    line: "PATH=$PATH:/usr/local/go/bin"
+    state: present
+    regexp: "^PATH=.*:/usr/local/go/bin$"
+  become: true
+
+- name: Source /etc/profile to update PATH for the current session
+  ansible.builtin.shell: "source /etc/profile"
+  args:
+    executable: /bin/bash

roles/reverse_proxy/tasks/start.yml

@@ -0,0 +1,4 @@
+---
+- name: Ensure Caddy service is running
+  ansible.builtin.command: "{{ caddy_binary }} start --config {{ caddy_config_path }}"
+  become: true