From 0555c8d8e91dfbcd5552b07a16f88039d10b8410 Mon Sep 17 00:00:00 2001
From: S <islam.ahmad@outlook.com>
Date: Sun, 1 Mar 2026 10:26:53 -0500
Subject: [PATCH] feat: add Caddyfile template for reverse proxy

Template uses TLS_BLOCK placeholder that phase8 populates based on
TLS_MODE: cloudflare (DNS-01 wildcard via Cloudflare API) or
existing (manual cert/key paths). Reverse proxies to Gitea container
on its macvlan IP.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 templates/Caddyfile.tpl | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 templates/Caddyfile.tpl

diff --git a/templates/Caddyfile.tpl b/templates/Caddyfile.tpl
new file mode 100644
index 0000000..0d6ab45
--- /dev/null
+++ b/templates/Caddyfile.tpl
@@ -0,0 +1,9 @@
+# Caddyfile — rendered by phase8_cutover.sh
+# TLS_BLOCK is replaced by the phase script based on TLS_MODE:
+#   cloudflare → dns cloudflare {env.CF_API_TOKEN}
+#   existing   → tls /path/to/cert /path/to/key
+
+${GITEA_DOMAIN} {
+${TLS_BLOCK}
+    reverse_proxy ${GITEA_CONTAINER_IP}:3000
+}