---
# Caddy web server setup tasks
# Caddy handles HTTPS certificates automatically via Let's Encrypt

- name: Install dependencies for Caddy
  ansible.builtin.apt:
    name:
      - debian-keyring
      - debian-archive-keyring
      - apt-transport-https
      - curl
    state: present
    update_cache: yes
  become: yes

- name: Add Caddy GPG key
  ansible.builtin.shell: |
    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
  args:
    creates: /usr/share/keyrings/caddy-stable-archive-keyring.gpg
  become: yes

- name: Add Caddy repository
  ansible.builtin.shell: |
    curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
  args:
    creates: /etc/apt/sources.list.d/caddy-stable.list
  become: yes

- name: Install Caddy
  ansible.builtin.apt:
    name: caddy
    state: present
    update_cache: yes
  become: yes

- name: Create Caddy configuration directory
  ansible.builtin.file:
    path: /etc/caddy
    state: directory
    owner: root
    group: root
    mode: '0755'
  become: yes

- name: Create Caddy log directory
  ansible.builtin.file:
    path: /var/log/caddy
    state: directory
    owner: caddy
    group: caddy
    mode: '0755'
  become: yes

- name: Create Caddyfile for Forgejo
  ansible.builtin.template:
    src: Caddyfile.j2
    dest: /etc/caddy/Caddyfile
    owner: root
    group: root
    mode: '0644'
    validate: 'caddy validate --adapter caddyfile --config %s'
  become: yes
  notify: Reload Caddy

- name: Ensure Caddy is started and enabled
  ansible.builtin.systemd:
    name: caddy
    state: started
    enabled: yes
  become: yes