From 92948eb2589e81e0aab1fe18eb3e40b08fc7111c Mon Sep 17 00:00:00 2001
From: Vojtech Mares <vojtech@mares.cz>
Date: Wed, 1 Jan 2025 00:58:34 +0100
Subject: [PATCH 01/10] feat(playbook.yml): create /etc/caddy, Caddyfile and
 .env file

---
 playbook.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/playbook.yml b/playbook.yml
index fbe4e3f..18c720e 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -16,6 +16,21 @@
         create_home: yes
         group: caddy
 
+    - name: Ensure directory "/etc/caddy" exists
+      file:
+        path: /etc/caddy
+        state: directory
+
+    - name: Ensure file "/etc/caddy/Caddyfile" exists
+      file:
+        path: /etc/caddy/Caddyfile
+        state: touch
+
+    - name: Ensure file "/etc/caddy/.env" exists"
+      file:
+        path: /etc/caddy/.env
+        state: touch
+
     - name: Copy Caddy binary
       copy:
         src: caddy

From 1619192748ce4da5614a6c952fa0c3dbbfe800e0 Mon Sep 17 00:00:00 2001
From: Vojtech Mares <vojtech@mares.cz>
Date: Wed, 1 Jan 2025 01:08:30 +0100
Subject: [PATCH 02/10] fix(playbook.yml): location of caddy binary for
 original systemd unit file

---
 playbook.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbook.yml b/playbook.yml
index 18c720e..64fc19d 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -34,7 +34,7 @@
     - name: Copy Caddy binary
       copy:
         src: caddy
-        dest: /usr/local/bin/caddy
+        dest: /usr/bin/caddy
         mode: "0755"
 
     - name: Check if systemd unit file exists

From b6d419db8877a2b401daf7e9e880e5b59970c040 Mon Sep 17 00:00:00 2001
From: Vojtech Mares <vojtech@mares.cz>
Date: Sun, 2 Mar 2025 23:53:02 +0100
Subject: [PATCH 03/10] ci: specify caddy version

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e3b08b..d6ce565 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,6 +11,7 @@ build:
     - >
       xcaddy
       build
+      v2.9.1
       --output ./caddy
       --with github.com/caddy-dns/cloudflare
   artifacts:

From cdbd1e6dcc65b2f14f97eea7c99d059fe872788f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Wed, 14 May 2025 21:45:40 +0200
Subject: [PATCH 04/10] ci: use depdendency proxy for pipeline base images
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX} for golang and ansible

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 .gitlab-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d6ce565..13e2e7e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@ stages:
 
 build:
   stage: build
-  image: golang:bookworm
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/golang:bookworm
   before_script:
     - bash hack/install-xcaddy.sh
   script:
@@ -20,7 +20,7 @@ build:
 
 deploy:
   stage: deploy
-  image: alpine/ansible:latest
+  image: ${CI_DEPENDENCY_PROXY_GROUP_IMAGE_PREFIX}/alpine/ansible:latest
   before_script:
     - "command -v ssh-agent >/dev/null || ( apk add --no-cache openssh-client )"
     - eval $(ssh-agent -s)

From 2d1f9cd9558ffd803ebc99dceef98de90ffa1320 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Wed, 14 May 2025 21:47:07 +0200
Subject: [PATCH 05/10] feat: update caddy to v2.10.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 13e2e7e..2f3ccc7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,7 +11,7 @@ build:
     - >
       xcaddy
       build
-      v2.9.1
+      v2.10.0
       --output ./caddy
       --with github.com/caddy-dns/cloudflare
   artifacts:

From 3ff9c88db72b5971c513fec94a7d342f848e9438 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Thu, 15 May 2025 14:12:38 +0200
Subject: [PATCH 06/10] feat(inventory): add alfheim server
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 inventory.ini | 1 +
 1 file changed, 1 insertion(+)

diff --git a/inventory.ini b/inventory.ini
index 2cbc0ac..9773d97 100644
--- a/inventory.ini
+++ b/inventory.ini
@@ -1 +1,2 @@
 valhalla.vxm.cz ansible_user=root
+alfheim.vxm.cz ansible_user=root

From dfdcf551fce85b4ac196771fea317b6caa7a65eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Thu, 15 May 2025 14:14:24 +0200
Subject: [PATCH 07/10] fix(playbook): ansible-lint issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- prefix functions with ansible.builtin
- missing mode for file and copy functions
- boolean values use true|false values and no other (yes,no,...)

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 playbook.yml | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/playbook.yml b/playbook.yml
index 64fc19d..740c7a7 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -8,43 +8,47 @@
         state: present
 
     - name: Ensure user "caddy" exists
-      user:
+      ansible.builtin.user:
         name: caddy
-        system: yes
+        system: true
         shell: /usr/sbin/nologin
         home: /var/lib/caddy
-        create_home: yes
+        create_home: true
         group: caddy
 
     - name: Ensure directory "/etc/caddy" exists
-      file:
+      ansible.builtin.file:
         path: /etc/caddy
         state: directory
+        mode: "0644"
 
     - name: Ensure file "/etc/caddy/Caddyfile" exists
-      file:
+      ansible.builtin.file:
         path: /etc/caddy/Caddyfile
         state: touch
+        mode: "0644"
 
     - name: Ensure file "/etc/caddy/.env" exists"
-      file:
+      ansible.builtin.file:
         path: /etc/caddy/.env
         state: touch
+        mode: "0600"
 
     - name: Copy Caddy binary
-      copy:
+      ansible.builtin.copy:
         src: caddy
         dest: /usr/bin/caddy
         mode: "0755"
 
     - name: Check if systemd unit file exists
-      stat:
+      ansible.builtin.stat:
         path: /etc/systemd/system/caddy.service
       register: systemd_unit_file
 
     - name: Create systemd unit file for Caddy
-      copy:
+      ansible.builtin.copy:
         dest: /etc/systemd/system/caddy.service
+        mode: "0644"
         content: |
           # caddy.service
           # See: https://github.com/caddyserver/dist/blob/master/init/caddy.service
@@ -71,12 +75,12 @@
       when: not systemd_unit_file.stat.exists
 
     - name: Enable and start Caddy service
-      systemd:
+      ansible.builtin.systemd:
         name: caddy
-        enabled: yes
+        enabled: true
         state: started
 
     - name: Restart Caddy service
-      systemd:
+      ansible.builtin.systemd:
         name: caddy
         state: reloaded

From 21bb91be7dede1571d1b3b5b27cd68c42f2f3278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Thu, 15 May 2025 14:25:41 +0200
Subject: [PATCH 08/10] fix(playbook): add missing owner and group to files and
 copy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 playbook.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/playbook.yml b/playbook.yml
index 740c7a7..159cfe5 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -21,24 +21,32 @@
         path: /etc/caddy
         state: directory
         mode: "0644"
+        owner: caddy
+        group: caddy
 
     - name: Ensure file "/etc/caddy/Caddyfile" exists
       ansible.builtin.file:
         path: /etc/caddy/Caddyfile
         state: touch
         mode: "0644"
+        owner: caddy
+        group: caddy
 
     - name: Ensure file "/etc/caddy/.env" exists"
       ansible.builtin.file:
         path: /etc/caddy/.env
         state: touch
         mode: "0600"
+        owner: caddy
+        group: caddy
 
     - name: Copy Caddy binary
       ansible.builtin.copy:
         src: caddy
         dest: /usr/bin/caddy
         mode: "0755"
+        owner: caddy
+        group: caddy
 
     - name: Check if systemd unit file exists
       ansible.builtin.stat:

From d0ad9e6c7ac5d6a7efe401f4c3fb729d421ec930 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Thu, 15 May 2025 14:58:08 +0200
Subject: [PATCH 09/10] fix(playbook): /etc/caddy chmod 0755, /usr/bin/caddy
 chmod 0755 owner root group root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 playbook.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/playbook.yml b/playbook.yml
index 159cfe5..9b1f869 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -20,9 +20,9 @@
       ansible.builtin.file:
         path: /etc/caddy
         state: directory
-        mode: "0644"
-        owner: caddy
-        group: caddy
+        mode: "0755"
+        owner: root
+        group: root
 
     - name: Ensure file "/etc/caddy/Caddyfile" exists
       ansible.builtin.file:
@@ -45,8 +45,8 @@
         src: caddy
         dest: /usr/bin/caddy
         mode: "0755"
-        owner: caddy
-        group: caddy
+        owner: root
+        group: root
 
     - name: Check if systemd unit file exists
       ansible.builtin.stat:
@@ -57,6 +57,8 @@
       ansible.builtin.copy:
         dest: /etc/systemd/system/caddy.service
         mode: "0644"
+        owner: root
+        group: root
         content: |
           # caddy.service
           # See: https://github.com/caddyserver/dist/blob/master/init/caddy.service

From b6a8bb2ab84036cb706c0233378791591c5bfa95 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vojt=C4=9Bch=20Mare=C5=A1?= <vojtech@mares.cz>
Date: Thu, 15 May 2025 15:05:49 +0200
Subject: [PATCH 10/10] ci: add alfheim.vxm.cz to known hosts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Vojtěch Mareš <vojtech@mares.cz>
---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2f3ccc7..ab54930 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -28,5 +28,6 @@ deploy:
     - mkdir -p ~/.ssh
     - chmod 700 ~/.ssh
     - ssh-keyscan -H valhalla.vxm.cz >> ~/.ssh/known_hosts
+    - ssh-keyscan -H alfheim.vxm.cz >> ~/.ssh/known_hosts
   script:
     - ansible-playbook -i inventory.ini playbook.yml