From 3f44c2261d0ff9a8002137fd42b64fe7f83a06f9 Mon Sep 17 00:00:00 2001
From: transcaffeine <transcaffeine@finally.coffee>
Date: Sun, 28 Dec 2025 12:38:53 +0100
Subject: [PATCH] feat(playbooks/phpldapadmin): expand playbook

---
 README.md                  |  1 +
 playbooks/phpldapadmin.md  |  6 ++++++
 playbooks/phpldapadmin.yml | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 44 insertions(+)
 create mode 100644 playbooks/phpldapadmin.md

diff --git a/README.md b/README.md
index dac4384..b8c9441 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,7 @@ concise area of concern.
 - [`hedgedoc`](playbooks/hedgedoc.md)
 - [`jellyfin`](playbooks/jellyfin.md)
 - [`gitea`](playbooks/gitea.md)
+- [`phpldapadmin`](playbooks/phpldapadmin.md)
 - [`vaultwarden`](playbooks/vaultwarden.md)
 
 ## License
diff --git a/playbooks/phpldapadmin.md b/playbooks/phpldapadmin.md
new file mode 100644
index 0000000..384d83b
--- /dev/null
+++ b/playbooks/phpldapadmin.md
@@ -0,0 +1,6 @@
+# `finallycoffee.services.phpldapadmin` ansible playbook
+
+## Feature toggles
+
+- `phpldapadmin_configure_lego_rfc2136` (default `false`)
+- `phpldapadmin_configure_caddy_reverse_proxy` (default `false`)
diff --git a/playbooks/phpldapadmin.yml b/playbooks/phpldapadmin.yml
index eb3a77c..2e3f65f 100644
--- a/playbooks/phpldapadmin.yml
+++ b/playbooks/phpldapadmin.yml
@@ -1,7 +1,44 @@
 ---
+- import_playbook: finallycoffee.base.lego_certificate
+  when: phpldapadmin_configure_lego_rfc2136 | default(false)
+  vars:
+    target_domains:
+      - "{{ phpldapadmin_domain }}"
+    target_acme_zone: "{{ acme_domain }}"
+    target_acme_account_email: "{{ phpldapadmin_lego_acme_account_email }}"
+    target_dns_server: "{{ dns_server }}"
+    target_dns_tsig_key: "{{ dns_tsig_keydata }}"
+    target_dns_additional_records: "{{ phpldapadmin_dns_records }}"
+    target_hosts: >-2
+      {{ phpldapadmin_lego_hosts | default(phpldapadmin_hosts | default('phpldapadmin')) }}
+    target_become: >-2
+      {{ phpldapadmin_lego_become | default(phpldapadmin_become | default(false)) }}
+    target_gather_facts: >-2
+      {{ phpldapadmin_lego_gather_facts | default(false) }}
+  tags:
+    - phpldapadmin
+    - phpldapadmin-lego
+
 - name: Configure and run phpldapadmin
   hosts: "{{ phpldapadmin_hosts | default('phpldapadmin', true) }}"
   become: "{{ phpldapadmin_become | default(false) }}"
   gather_facts: "{{ phpldapadmin_gather_facts | default(false) }}"
   roles:
     - role: finallycoffee.services.phpldapadmin
+  tags:
+    - phpldapadmin
+
+- import_playbook: finallycoffee.base.caddy_reverse_proxy
+  when: phpldapadmin_configure_caddy_reverse_proxy | default(false)
+  vars:
+    caddy_site_name: "{{ phpldapadmin_domain }}"
+    caddy_reverse_proxy_backend_addr: "http://{{ phpldapadmin_host_bind_ip }}"
+    target_hosts: >-2
+      {{ phpldapadmin_caddy_hosts | default(phpldapadmin_hosts | default('phpldapadmin')) }}
+    target_become: >-2
+      {{ phpldapadmin_caddy_become | default(phpldapadmin_become | default(false)) }}
+    target_gather_facts: >-2
+      {{ phpldapadmin_caddy_gather_facts | default(false) }}
+  tags:
+    - phpldapadmin
+    - phpldapadmin-caddy