- name: Install dependencies
  apt:
    name: 
     - apt-transport-https
     - golang
    state: present
    update_cache: true

- name: Make config directory
  ansible.builtin.file:
    dest: "/etc/caddy"
    state: directory
    mode: '0777'

- name: Download and install XCaddy GPG key
  ansible.builtin.shell:
    cmd: >
      curl -1sLf 'https://dl.cloudsmith.io/public/caddy/xcaddy/gpg.key' |
      gpg --dearmor -o /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
  args:
    creates: /usr/share/keyrings/caddy-xcaddy-archive-keyring.gpg
  become: true

- name: Add XCaddy repository list
  ansible.builtin.get_url:
    url: https://dl.cloudsmith.io/public/caddy/xcaddy/debian.deb.txt
    dest: /etc/apt/sources.list.d/caddy-xcaddy.list
    mode: '0644'
    force: true

- name: Update apt cache
  ansible.builtin.apt:
    update_cache: true

- name: Install xcaddy
  ansible.builtin.apt:
    name: xcaddy
    state: present

- name: Build Caddy with Cloudflare DNS plugin
  ansible.builtin.shell: |
    xcaddy build \
      --with github.com/caddy-dns/cloudflare \
      --with github.com/mholt/caddy-dynamicdns \
      --output /usr/local/bin/caddy
  args:
    creates: /usr/local/bin/caddy

- name: Create systemd service for custom Caddy binary
  ansible.builtin.copy:
    dest: /etc/systemd/system/caddy.service
    owner: root
    group: root
    mode: '0644'
    content: |
      [Unit]
      Description=Caddy

      [Service]
      User=root
      Group=root
      ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
      ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
      TimeoutStopSec=5s
      LimitNOFILE=1048576
      Restart=on-failure

      [Install]
      WantedBy=multi-user.target

- name: Unmask Caddy service
  ansible.builtin.systemd:
    name: caddy
    masked: false

- name: Allow Caddy to bind to ports <1024
  command: setcap 'cap_net_bind_service=+ep' /usr/local/bin/caddy

- name: Reload systemd to pick up caddy.service changes
  ansible.builtin.systemd:
    daemon_reload: true

- name: Set resolv.conf DNS
  ansible.builtin.copy:
    dest: /etc/resolv.conf
    content: |
      nameserver 1.1.1.1
      nameserver 8.8.8.8
    force: true

- name: Restart systemd-resolved
  systemd:
    name: systemd-resolved
    state: restarted
    enabled: true

- name: Enable and start Caddy service
  ansible.builtin.systemd:
    name: caddy
    enabled: true
    state: started