r/loki-caddy: Caddy reverse proxy for Loki

Caddy handles TLS termination for Loki, automatically requesting and
renewing its certificate via ACME.

roles/loki-caddy/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: ensure caddy is configured to proxy for loki
+  template:
+    src: Caddyfile.j2
+    dest: /etc/caddy/Caddyfile.d/loki.caddyfile
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload caddy
+  tags:
+  - config
+
+- name: ensure client ca is configured
+  copy:
+    dest: /etc/caddy/loki-client-ca.crt
+    content: >-
+      {{ loki_caddy_client_ca|d('') }}
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload caddy
+  tags:
+  - cert