From f046245080dfae9e6f4c1e83c962a45c17857f8c Mon Sep 17 00:00:00 2001
From: Alex Frantz <alex@alexav.gg>
Date: Mon, 28 Jul 2025 23:58:38 -0400
Subject: [PATCH] add templates

---
 group_vars/all.template.yml        | 103 +++++++++++++++++++++++++++++
 roles/caddy/vars/main.template.yml |  32 +++++++++
 2 files changed, 135 insertions(+)
 create mode 100644 roles/caddy/vars/main.template.yml

diff --git a/group_vars/all.template.yml b/group_vars/all.template.yml
index e69de29..330494c 100644
--- a/group_vars/all.template.yml
+++ b/group_vars/all.template.yml
@@ -0,0 +1,103 @@
+# global
+data_dir:
+docker_network_name:
+PUID:
+PGID:
+TZ:
+
+# glance
+GLANCE_PIHOLE_TOKEN:
+GLANCE_VIDEO_MACHINE:
+GLANCE_JELLYFIN_URL:
+GLANCE_JELLYFIN_TOKEN:
+
+# tinyauth
+TINYAUTH_USERS:
+TINYAUTH_SECRET:
+TINYAUTH_APP_URL:
+TINYAUTH_GENERIC_CLIENT_ID:
+TINYAUTH_GENERIC_CLIENT_SECRET:
+TINYAUTH_GENERIC_AUTH_URL:
+TINYAUTH_GENERIC_TOKEN_URL:
+TINYAUTH_GENERIC_USER_URL:
+TINYAUTH_GENERIC_SCOPES:
+TINYAUTH_GENERIC_NAME:
+TINYAUTH_OAUTH_WHITELIST:
+TINYAUTH_APP_TITLE:
+TINYAUTH_BACKGROUND_IMAGE:
+
+# code-server
+CODE_PROXY_DOMAIN:
+CODE_DEFAULT_WORKSPACE:
+
+# dozzle
+DOZZLE_ACTIONS:
+DOZZLE_SHELL:
+
+# gluetun
+GLUETUN_VPN_SERVICE_PROVIDER:
+GLUETUN_VPN_TYPE:
+GLUETUN_WIREGUARD_PRIVATE_KEY:
+GLUETUN_WIREGUARD_ADDRESSES:
+GLUETUN_SERVER_COUNTRIES:
+GLUETUN_SERVER_CITIES:
+GLUETUN_SERVER_HOSTNAMES:
+
+# immich
+IMMICH_UPLOAD_LOCATION:
+IMMICH_DB_DATA_LOCATION: /postgres
+IMMICH_VERSION: release
+IMMICH_DB_PASSWORD: postgres
+IMMICH_DB_USERNAME: postgres
+IMMICH_DB_DATABASE_NAME: postgres
+
+# jellyfin
+JELLYFIN_TV_PATH:
+JELLYFIN_MOVIE_PATH:
+JELLYFIN_MUSIC_PATH:
+
+# navidrome
+NAVIDROME_MUSIC_PATH:
+
+# nextcloud
+NEXTCLOUD_POSTGRES_PASSWORD:
+NEXTCLOUD_POSTGRES_DATABASE:
+NEXTCLOUD_POSTGRES_USER:
+NEXTCLOUD_POSTGRES_HOST:
+
+# ntfy
+NTFY_UPSTREAM_BASE_URL: https://ntfy.sh
+NTFY_BASE_URL:
+
+# nzbget
+NZBGET_USER:
+NZBGET_PASS:
+NZBGET_DOWNLOADS_PATH:
+
+# pihole
+PIHOLE_FTLCONF_WEBSERVER_API_PASSWORD:
+
+# pocketid
+POCKETID_APP_URL:
+POCKETID_TRUST_PROXY:
+
+# romm
+ROMM_AUTH_SECRET_KEY:
+ROMM_LIBRARY_PATH:
+ROMM_IGDB_CLIENT_ID:
+ROMM_IGDB_CLIENT_SECRET:
+ROMM_OIDC_ENABLED:
+ROMM_OIDC_PROVIDER:
+ROMM_OIDC_CLIENT_ID:
+ROMM_OIDC_CLIENT_SECRET:
+ROMM_OIDC_REDIRECT_URL:
+ROMM_SERVER_APPLICATION_URL:
+
+# servarr
+SERVARR_MEDIA_PATH:
+
+# syncthing
+SYNCTHING_DATA_PATH:
+
+# vaultwarden
+VAULTWARDEN_DOMAIN:
diff --git a/roles/caddy/vars/main.template.yml b/roles/caddy/vars/main.template.yml
new file mode 100644
index 0000000..beecd8d
--- /dev/null
+++ b/roles/caddy/vars/main.template.yml
@@ -0,0 +1,32 @@
+# caddy
+CADDY_CLOUDFLARE_TOKEN:
+
+caddy_snippets:
+  tinyauth_forwarder:
+    - "forward_auth tinyauth:3000 {"
+    - "  uri /api/auth/caddy"
+    - "}"
+
+caddy_sites:
+  - domains:
+      - "domain.net"
+      - "*.domain.net"
+    tls:
+      dns:
+        provider: cloudflare
+        token: "{{ CADDY_CLOUDFLARE_TOKEN }}"
+    matchers:
+      - name: home
+        type: host
+        value: domain.net
+      - name: code
+        type: host
+        value: code.domain.net
+    handlers:
+      - matcher: home
+        reverse_proxy: glance:8080
+      - matcher: code
+        reverse_proxy: codeserver:8443
+        import_snippets:
+          - tinyauth_forwarder
+      - respond 404