---
- name: Deploy Caddy
  hosts: all
  tasks:
    - name: Ensure group "caddy" exists
      ansible.builtin.group:
        name: caddy
        state: present

    - name: Ensure user "caddy" exists
      user:
        name: caddy
        system: yes
        shell: /usr/sbin/nologin

    - name: Copy Caddy binary
      copy:
        src: caddy
        dest: /usr/local/bin/caddy
        mode: "0755"

    - name: Check if systemd unit file exists
      stat:
        path: /etc/systemd/system/caddy.service
      register: systemd_unit_file

    - name: Create systemd unit file for Caddy
      copy:
        dest: /etc/systemd/system/caddy.service
        content: |
          # caddy.service
          # See: https://github.com/caddyserver/dist/blob/master/init/caddy.service
          [Unit]
          Description=Caddy
          Documentation=https://caddyserver.com/docs/
          After=network.target network-online.target
          Requires=network-online.target

          [Service]
          Type=notify
          User=caddy
          Group=caddy
          ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
          ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
          TimeoutStopSec=5s
          LimitNOFILE=1048576
          PrivateTmp=true
          ProtectSystem=full
          AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

          [Install]
          WantedBy=multi-user.target
      when: not systemd_unit_file.stat.exists

    - name: Enable and start Caddy service
      systemd:
        name: caddy
        enabled: yes
        state: started

    - name: Restart Caddy service
      systemd:
        name: caddy
        state: reloaded