From 34ca777a1d39786941b5d3bd5d5e4d75aeca44d1 Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Thu, 5 Feb 2026 15:14:34 +0200
Subject: [PATCH] caddy: make firewalld optional

---
 roles/caddy/defaults/main.yaml       | 2 ++
 roles/caddy/meta/argument_specs.yaml | 5 +++++
 roles/caddy/meta/main.yaml           | 1 +
 roles/caddy/tasks/main.yaml          | 1 +
 4 files changed, 9 insertions(+)
 create mode 100644 roles/caddy/defaults/main.yaml

diff --git a/roles/caddy/defaults/main.yaml b/roles/caddy/defaults/main.yaml
new file mode 100644
index 0000000..b03723a
--- /dev/null
+++ b/roles/caddy/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+caddy_use_firewalld: true
diff --git a/roles/caddy/meta/argument_specs.yaml b/roles/caddy/meta/argument_specs.yaml
index cf8b601..b2acf7d 100644
--- a/roles/caddy/meta/argument_specs.yaml
+++ b/roles/caddy/meta/argument_specs.yaml
@@ -7,3 +7,8 @@ argument_specs:
         description: Email address used for ssl certs
         type: str
         required: true
+      caddy_use_firewalld:
+        description: Whether to open ports using firewalld
+        type: bool
+        required: false
+        default: true
diff --git a/roles/caddy/meta/main.yaml b/roles/caddy/meta/main.yaml
index 4ee7a8b..e8db5ad 100644
--- a/roles/caddy/meta/main.yaml
+++ b/roles/caddy/meta/main.yaml
@@ -8,3 +8,4 @@ dependencies:
         - name: ubuntu
           version_min: 22
   - role: uumas.general.firewalld
+    when: caddy_use_firewalld
diff --git a/roles/caddy/tasks/main.yaml b/roles/caddy/tasks/main.yaml
index 4081537..5982bce 100644
--- a/roles/caddy/tasks/main.yaml
+++ b/roles/caddy/tasks/main.yaml
@@ -52,3 +52,4 @@
     - http
     - https
     - http3
+  when: caddy_use_firewalld