From 744c70b534bec1eb5af95d18f872d85bf5ad0234 Mon Sep 17 00:00:00 2001
From: S <islam.ahmad@outlook.com>
Date: Sun, 1 Mar 2026 10:27:13 -0500
Subject: [PATCH] feat: add docker-compose-caddy template

Caddy reverse proxy container using slothcroissant/caddy-cloudflaredns
image for DNS-01 TLS. Joins the macvlan gitea_net network with a
static IP. CADDY_ENV_VARS and CADDY_EXTRA_VOLUMES are populated by
phase8 based on TLS_MODE (cloudflare vs existing cert paths).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 templates/docker-compose-caddy.yml.tpl | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 templates/docker-compose-caddy.yml.tpl

diff --git a/templates/docker-compose-caddy.yml.tpl b/templates/docker-compose-caddy.yml.tpl
new file mode 100644
index 0000000..03946e6
--- /dev/null
+++ b/templates/docker-compose-caddy.yml.tpl
@@ -0,0 +1,25 @@
+# Caddy Docker Compose — rendered by phase8_cutover.sh
+# Caddy with Cloudflare DNS-01 support for wildcard TLS.
+# CF_API_TOKEN env var is only needed when TLS_MODE=cloudflare.
+
+version: "3"
+
+services:
+  caddy:
+    image: slothcroissant/caddy-cloudflaredns:latest
+    container_name: caddy
+    restart: unless-stopped
+    environment:
+${CADDY_ENV_VARS}
+    volumes:
+      - ${CADDY_DATA_PATH}/Caddyfile:/etc/caddy/Caddyfile
+      - ${CADDY_DATA_PATH}/data:/data
+      - ${CADDY_DATA_PATH}/config:/config
+${CADDY_EXTRA_VOLUMES}
+    networks:
+      gitea_net:
+        ipv4_address: ${CADDY_CONTAINER_IP}
+
+networks:
+  gitea_net:
+    external: true