r/frigate-caddy: Deploy Caddy in front of Frigate

Deploying Caddy as a reverse proxy for Frigate enables HTTPS with a
certificate issued by the internal CA (via ACME) and authentication via
Authelia.

Separating the installation and base configuratieon of Caddy into its
own role will allow us to reuse that part for other sapplications that
use Caddy for similar reasons.

roles/caddy/tasks/main.yml

@@ -0,0 +1,47 @@
+- name: ensure caddy is installed
+  package:
+    name: caddy
+    state: present
+  tags:
+  - install
+
+- name: ensure base caddy configuration is set
+  copy:
+    src: Caddyfile
+    dest: /etc/caddy/Caddyfile
+    owner: root
+    group: root
+    mode: u=rw,go=r
+  notify:
+  - reload caddy
+  tags:
+  - config
+
+- name: ensure firewall is configured for caddy
+  firewalld:
+    service: '{{ item }}'
+    permanent: true
+    immediate: true
+    state: enabled
+  when: host_uses_firewalld|d(true)
+  loop:
+  - http
+  - https
+  tags:
+  - firewalld
+
+- name: flush handlers
+  meta: flush_handlers
+
+- name: ensure caddy starts at boot
+  service:
+    name: caddy
+    enabled: true
+  tags:
+  - service
+- name: ensure caddy is running
+  service:
+    name: caddy
+    state: started
+  tags:
+  - service