diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e3b08b..ab54930 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,13 +4,14 @@ stages:
 
 build:
   stage: build
-  image: golang:bookworm
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golang:bookworm
   before_script:
     - bash hack/install-xcaddy.sh
   script:
     - >
       xcaddy
       build
+      v2.10.0
       --output ./caddy
       --with github.com/caddy-dns/cloudflare
   artifacts:
@@ -19,7 +20,7 @@ build:
 
 deploy:
   stage: deploy
-  image: alpine/ansible:latest
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/ansible:latest
   before_script:
     - "command -v ssh-agent >/dev/null || ( apk add --no-cache openssh-client )"
     - eval $(ssh-agent -s)
@@ -27,5 +28,6 @@ deploy:
     - mkdir -p ~/.ssh
     - chmod 700 ~/.ssh
     - ssh-keyscan -H valhalla.vxm.cz >> ~/.ssh/known_hosts
+    - ssh-keyscan -H alfheim.vxm.cz >> ~/.ssh/known_hosts
   script:
     - ansible-playbook -i inventory.ini playbook.yml
diff --git a/inventory.ini b/inventory.ini
index 2cbc0ac..9773d97 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -1 +1,2 @@
 valhalla.vxm.cz ansible_user=root
+alfheim.vxm.cz ansible_user=root
diff --git a/playbook.yml b/playbook.yml
index fbe4e3f..9b1f869 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -8,28 +8,57 @@
         state: present
 
     - name: Ensure user "caddy" exists
-      user:
+      ansible.builtin.user:
         name: caddy
-        system: yes
+        system: true
         shell: /usr/sbin/nologin
         home: /var/lib/caddy
-        create_home: yes
+        create_home: true
+        group: caddy
+
+    - name: Ensure directory "/etc/caddy" exists
+      ansible.builtin.file:
+        path: /etc/caddy
+        state: directory
+        mode: "0755"
+        owner: root
+        group: root
+
+    - name: Ensure file "/etc/caddy/Caddyfile" exists
+      ansible.builtin.file:
+        path: /etc/caddy/Caddyfile
+        state: touch
+        mode: "0644"
+        owner: caddy
+        group: caddy
+
+    - name: Ensure file "/etc/caddy/.env" exists"
+      ansible.builtin.file:
+        path: /etc/caddy/.env
+        state: touch
+        mode: "0600"
+        owner: caddy
         group: caddy
 
     - name: Copy Caddy binary
-      copy:
+      ansible.builtin.copy:
         src: caddy
-        dest: /usr/local/bin/caddy
+        dest: /usr/bin/caddy
         mode: "0755"
+        owner: root
+        group: root
 
     - name: Check if systemd unit file exists
-      stat:
+      ansible.builtin.stat:
         path: /etc/systemd/system/caddy.service
       register: systemd_unit_file
 
     - name: Create systemd unit file for Caddy
-      copy:
+      ansible.builtin.copy:
         dest: /etc/systemd/system/caddy.service
+        mode: "0644"
+        owner: root
+        group: root
         content: |
           # caddy.service
           # See: https://github.com/caddyserver/dist/blob/master/init/caddy.service
@@ -56,12 +85,12 @@
       when: not systemd_unit_file.stat.exists
 
     - name: Enable and start Caddy service
-      systemd:
+      ansible.builtin.systemd:
         name: caddy
-        enabled: yes
+        enabled: true
         state: started
 
     - name: Restart Caddy service
-      systemd:
+      ansible.builtin.systemd:
         name: caddy
         state: reloaded