- name: Add Caddy GPG key
  ansible.builtin.get_url:
    url: 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key'
    dest: '/etc/apt/trusted.gpg.d/caddy.asc'
    mode: '0644'
    force: true

- name: Add Caddy repositories
  apt_repository:
    repo: "{{ item }} https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
    filename: 'caddy-stable'
    state: present
  with_items:
    - deb
    - deb-src

- name: Install Caddy
  apt:
    name: caddy
    state: present

- name: Copy over Caddyfile
  copy:
    src: Caddyfile
    dest: '/etc/caddy/Caddyfile'
    owner: root
    group: root
    mode: '644'
  notify: 'reload caddy'

- name: Ensure Caddy service is running & enabled
  service:
    name: caddy
    state: started
    enabled: true

- name: Open HTTP ports in firewall
  community.general.ufw:
    port: '{{ item }}'
    rule: 'allow'
  loop:
    - 'http'
    - 'https'