---
# SSL/TLS setup for Caddy
# Note: Caddy handles Let's Encrypt certificates automatically!
# This file only sets up log directories and verifies configuration.

- name: Create Caddy log directory
  ansible.builtin.file:
    path: /var/log/caddy
    state: directory
    owner: caddy
    group: caddy
    mode: '0755'
  become: yes

- name: Verify Caddy is configured for HTTPS
  ansible.builtin.debug:
    msg: >
      Caddy will automatically obtain and renew TLS certificates for {{ forgejo_domain }}
      using Let's Encrypt. The email {{ letsencrypt_email }} will be used for renewal
      notifications. No manual certificate management is required.

- name: Ensure Caddy data directory exists (for certificates)
  ansible.builtin.file:
    path: /var/lib/caddy/.local/share/caddy
    state: directory
    owner: caddy
    group: caddy
    mode: '0700'
  become: yes