From 79e391e5ff4a5e935058fdaf1298fb0750c3bd35 Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Sun, 2 Jul 2023 18:07:23 +0200
Subject: [PATCH] Add DNS Caddy plugin and enable IPFS subdomains

---
 group_vars/all/secrets.yml                    | 103 +++++++++---------
 roles/docker_services/defaults/main.yml       |   2 +-
 .../docker_services/files/ipfs/ipfs-config.sh |   2 +-
 roles/docker_services/handlers/main.yml       |  10 ++
 .../docker_services/tasks/services/caddy.yml  |  15 ++-
 roles/docker_services/templates/Caddyfile.j2  |   6 +-
 .../templates/caddy.Dockerfile.j2             |   8 ++
 7 files changed, 91 insertions(+), 55 deletions(-)
 create mode 100644 roles/docker_services/handlers/main.yml
 create mode 100644 roles/docker_services/templates/caddy.Dockerfile.j2

diff --git a/group_vars/all/secrets.yml b/group_vars/all/secrets.yml
index cee24bc..7d7dbd2 100644
--- a/group_vars/all/secrets.yml
+++ b/group_vars/all/secrets.yml
@@ -1,51 +1,54 @@
 $ANSIBLE_VAULT;1.1;AES256
-61656663376164643830613535383937366333626339316130366138353333336666616639333763
-3939633535666465353566613035376665643862366564610a363139343563646563353465346539
-36313731346531653364303063303166306266373539393436356661323362653139326166323363
-6439616536343231660a613563333534346165343532326265353439303037346266326534653466
-61386562623834396637613833356536633466613438653030353532316462313134373030316265
-35343634316461306164386237383563623032393932663834333333303661353038313133303037
-64366136666637326438643235333131376433623034616565666131323564306635626534316436
-63393738616439393161383834643663343331623338383463316662343431393031663163663233
-32303932623933333761633262366465343064356262373764336566653261383266663165313235
-61346462363566313535356232306361393832353765346434313462306261386431663062383039
-37663130326539346438316435333438636330343934666435316434653239353934343734393435
-33343437393939376662323931346338353239633333613035396662356465643263343231313933
-32633438326636323863323331383362613639353562653836393461626166373766303064396164
-61313064613736363734353861333165666632303739353233326535373432336433333433653131
-34396139643438623839626565333965366238303332343465373730343735633131376439623130
-62666338633965316233656238616564356230363664613238613338376639376333313738663336
-64396233656430346235393430653031326432656439313936346363363732353035383066333638
-39306166613330643064666133353538623930373130386662346562653265393261613863376333
-30303165343831333830636262366537616235363936323130386133393730636663303631643462
-31333662366136653139303334313963333661666562303038626335386232346666353861326132
-63396431656530386561363836636436363839396434353933616633643430333133313334313435
-66333766653361646361363730356330643832616233323661653365313230383837623238343739
-61313833393166386562636333373038393332386661383032363161336464373363333164623065
-38633561363361373231653062326438353934663530383334363030343566396365623937376262
-35323632373637363830633666353130396639333466323138653061306162643033643865306363
-65653237343730303930623364633735303934376237386331393862326363333863626238623231
-35383636356631343234396633643136353036663835316534383466623831623935323934653361
-39626637383839373862343832396137623364653032623136383262643832396633366434313037
-34383465306364343634636465336339323362626166356530346139373465383534623338666463
-35303138343738376261616434633733373634333364343561313339386139386664333339366262
-33306137313836383362343561646161313239356366316361363831373032633863323832323330
-32353566313037616133666365363331373937333137653333323130396237633430333834633833
-31333232343531623665653634313363383434653935356263646338663531386166626166393661
-61366133353633636566373730623135313030626332306535313164393932396361353831323238
-38643361373863383862616536393261663136323034663530336434643564323138386565363339
-36633566356531663337353531376362666264623136323533363138636237356262343131653964
-33646563373165323161666433323933663262326666626439396537646430623739373366626439
-31623831353239373364343135613830356566313736626631646536393434346238616130353931
-31366161666464333630653730656437316436323635666563353766376264656365323531396539
-64356632386535393438323564646361303036313630626331356135373239316638636664643335
-38643433383636356163376431663137323531643661393562323364363232373337396661643231
-30633665383161383762333931613861313562636463383761383862323064323039336430646338
-34313261313963633937333662363564383561306562613631303034343831313134323134633239
-30623438656631323962643432323865333136303666336663653166393230363762623565366539
-64626363303463306463333831313035623662613630353438386431656130623733303630653333
-30306535326532393366323163393266616261316563623938396561633339323261313566326231
-36613761363131396438626563316435613363366339343261643237366335303430636339353038
-61313364373434373730333830353235373239393263333266333338646632636639373663383064
-38623266393634376530393031363862343863653765666636333734353563326438393466303262
-6363616232633263396661626430646366626461613038343663
+65653764303436313934646462396636636335303334636532306438613635333362313530323731
+3236383962303039393238646362626665613463666335610a353261343163663934353366656630
+65356562616661326535626238373635366233326366343631386165653735373637656330343735
+3330376331306633300a393530313436653737366630336165653839616437626531346331653466
+35626530373932303962333933626265326166656136623139666533643934653666383436383838
+35643430383763323038646461313563373462353736376137323230613338613430303763376164
+32633833653236323561643636373461353932663232663561636164383361663361346263376436
+33346335323530666436393538326531623931643838633631646137306563306630336238333166
+34346634306337313938626632663131333534356631386564363233643339623338363539326262
+62336331646134626439313032626231383833353831343038393739366435663766333262633461
+61383830656566666262376162376637313933336533396664303830306266323234323463613966
+33383864393964323866613937623331343966373432643732383663343335316562326637353837
+32646362613631633263386566353930363665353361353934393537353461383333343331356639
+31633861346635386432363835373736363133303266383835633436313533393835616231313165
+62363835623866323961313664333430656131373061373764316331343639653437633037636339
+37656363366137666138333835353661613363333963333134313338386362656435633063353538
+64346464336230323131346537653565383630613532356264633035363962303131663036343065
+31363536366362303164373339333462653166333031616362653631383234303836613532633332
+64333337343362613161626166393634636336373265643561323230383534326663643536366333
+63393230343735346631306461653636396634343864623532306661326564633661623131346639
+38363331613463616266633863303161326237313037643934383032663834366634363965396238
+63633330636130373331393533393531623535656361306165623539383962653839353334643233
+35663566383434396135323531353230643763326134323865343863616461326530353963376232
+31373965353732386630366130656266623464666333383433393062613366363136333933343461
+61323832626466386433636134383765383834643536363635623830303535646530613238343437
+36363566396465313830326137396532393762623436646663643663393266396631363663343936
+32383561643237386630353730323563313636663633623036363131366139396235343138306134
+66653538663937616266343065333366613236313235346635326337633866363263313832653732
+35663634363432383066386561663661643265613532386165646230313531356535353165343666
+38663764643439633664353439366536323763663063626664623365613734386265393934383532
+66323963303133653465366138666132666339353630323739383633383462373532323762663432
+30643436376539303430343164663238376634346437623063656466653138626237663538626436
+30623836393362666231323435383238643731623931396235346330323539643966663365363632
+65646564656563303064643161353930396663363638383965616662663238646434373862316430
+39343932656532626631323035633563373730393163396338653064326631626436373533333734
+65626361346162383530626134336230346234653936366462393538353137373933376533313839
+34383932343637623262373134636233373839313339393433303337363566643833353066396337
+66643966373436393937363064353365363239323461653034626161383936303236313364366535
+65316335333235623463613766633836643730363634666465386663386235306334376364323162
+39333466383333643339633538336632376333623439646234643666333162326135663130303536
+39663234633761633632346534383966313234613763323038626466346235333165303934633431
+36313565346631623166383338643739346634393663303264373962343932376430663333376165
+62613462396531323634613966616331623538306636343235393362396437633239366136616436
+65323638393566363034633231643565636431356431386234316233636266663136656139663532
+38613637636432626236323066643632343661316565343361323764353335313265383831373764
+64323361333463346438626134323166623231393338373333653161623663336434383931393163
+36633163393235636435323931313265633234623433653134616132346262653234636364376238
+66313761333436336663323663626563656566366665336439643461623837666338313565313964
+31666466663863623334316164316432353362316336616662666666363766306231653664306663
+37613839383864386533326634336433633464343831303835656366616339393332633965323431
+65643136643866653834353538356233623662663237303261333564346566643839633532366262
+66653162366563666463353533656665323661326566383966306332626566663732353730313732
+65323034326161306165613364336336386265313735396237623633346263333966
diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml
index d5eb15b..dc097dd 100644
--- a/roles/docker_services/defaults/main.yml
+++ b/roles/docker_services/defaults/main.yml
@@ -8,7 +8,7 @@ services:
   caddy:
     volume: "{{ base_volume }}/caddy"
     docker_ipv4: 172.16.3.2
-    version: 2-alpine
+    version: 2.6.4
 
   postfix:
     domain: smtp.{{ base_domain }}
diff --git a/roles/docker_services/files/ipfs/ipfs-config.sh b/roles/docker_services/files/ipfs/ipfs-config.sh
index 822c56f..c90a7bf 100644
--- a/roles/docker_services/files/ipfs/ipfs-config.sh
+++ b/roles/docker_services/files/ipfs/ipfs-config.sh
@@ -7,7 +7,7 @@ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST"]
 
 ipfs config --json Gateway.PublicGateways '{
         "'$IPFS_DOMAIN'": {
-            "UseSubdomains": false,
+            "UseSubdomains": true,
             "Paths": ["/ipfs", "/ipns"]
         }
     }'
diff --git a/roles/docker_services/handlers/main.yml b/roles/docker_services/handlers/main.yml
new file mode 100644
index 0000000..323c86a
--- /dev/null
+++ b/roles/docker_services/handlers/main.yml
@@ -0,0 +1,10 @@
+# vim: ft=yaml.ansible
+---
+- name: Build Caddy Docker image
+  community.docker.docker_image:
+    name: custom/caddy:{{ services.caddy.version }}-alpine
+    source: build
+    build:
+      path: "{{ services.caddy.volume }}"
+      dockerfile: caddy.Dockerfile
+    state: present
diff --git a/roles/docker_services/tasks/services/caddy.yml b/roles/docker_services/tasks/services/caddy.yml
index bd7c1c5..cb10f1b 100644
--- a/roles/docker_services/tasks/services/caddy.yml
+++ b/roles/docker_services/tasks/services/caddy.yml
@@ -19,12 +19,25 @@
     owner: root
     mode: u=rw,g=r,o=r
 
+- name: Copy caddy.Dockerfile
+  ansible.builtin.template:
+    src: caddy.Dockerfile.j2
+    dest: "{{ services.caddy.volume }}/caddy.Dockerfile"
+    owner: root
+    mode: u=rw,g=r,o=r
+  register: dockerfile
+  notify: Build Caddy Docker image
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
+
 - name: Deploy Caddy Docker container
   community.docker.docker_container:
     name: caddy
     state: "{{ 'absent' if stop is defined and stop else 'started' }}"
     restart: "{{ stop is undefined or not stop }}"
-    image: caddy:{{ services.caddy.version }}
+    recreate: "{{ dockerfile.changed }}"
+    image: custom/caddy:{{ services.caddy.version }}-alpine
     restart_policy: always
     default_host_ip: ''
     networks:
diff --git a/roles/docker_services/templates/Caddyfile.j2 b/roles/docker_services/templates/Caddyfile.j2
index e6c08cd..1173c34 100644
--- a/roles/docker_services/templates/Caddyfile.j2
+++ b/roles/docker_services/templates/Caddyfile.j2
@@ -27,8 +27,10 @@
     reverse_proxy emby:8096
 }
 
-{{ services.ipfs.domain }} {
-    tls {{ secrets.tls_email }}
+{{ services.ipfs.domain }}, *.{{ services.ipfs.domain }} {
+    tls {{ secrets.tls_email }} {
+        dns njalla {{ secrets.caddy.njalla_api_token }}
+    }
 
     header {
         Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
diff --git a/roles/docker_services/templates/caddy.Dockerfile.j2 b/roles/docker_services/templates/caddy.Dockerfile.j2
new file mode 100644
index 0000000..2ed5828
--- /dev/null
+++ b/roles/docker_services/templates/caddy.Dockerfile.j2
@@ -0,0 +1,8 @@
+FROM caddy:{{ services.caddy.version }}-builder-alpine AS builder
+
+RUN xcaddy build v{{ services.caddy.version }} \
+    --with github.com/caddy-dns/njalla
+
+FROM caddy:{{ services.caddy.version }}-alpine
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy