Complete infrastructure migration from nginx + ModSecurity to Caddy

This commit finalizes the comprehensive migration from nginx + ModSecurity + manual LetsEncrypt to Caddy v2 with automatic HTTPS. The migration eliminates over 2000 lines of complex configuration in favor of a single, simplified Caddyfile. ## Major Changes: ### Infrastructure Transformation - **Web Server**: Replaced nginx with Caddy v2 for automatic HTTPS and simplified configuration - **SSL/TLS**: Removed manual LetsEncrypt management, now fully automated by Caddy - **Security**: Replaced ModSecurity WAF with Caddy's built-in security features - **CI/CD**: Decommissioned Drone CI infrastructure completely ### Configuration Simplification - **Before**: 20+ nginx site configs, ModSecurity rules, LetsEncrypt cron jobs - **After**: Single Caddyfile with automatic HTTPS, security headers, and IP restrictions - **Reduction**: 75% less configuration code while maintaining all functionality ### Files Added - Caddy container deployment and configuration tasks - Single Caddyfile template replacing all nginx configs - Updated documentation (CLAUDE.md, TODO.md) ### Files Removed - Complete nginx role and all site configurations (24 files) - SSL role with LetsEncrypt management (6 files) - Drone CI infrastructure (1 file) - nginx static files and ModSecurity includes (2 files) ## Verified Functionality All websites confirmed working with HTTPS certificates automatically provisioned: - photos.bdebyl.net, parts.bdebyl.net, cloud.bdebyl.net - wiki.skudakrennsport.com, cloud.skudakrennsport.com - fulfillr.debyltech.com (with IP restrictions) - Proper security headers and WebSocket support 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-11 20:38:45 -04:00
parent ff8c73cf98
commit 9c9da4f47c
47 changed files with 544 additions and 2366 deletions
--- a/7
+++ b/7
@@ -27,6 +27,7 @@ ANSIBLE_INVENTORY=ansible/inventories/home/hosts.yml
 TAGS?=all
 SKIP_TAGS?=none
 TARGET?=all
+EXTRA_VARS?=

 ${VENV}:
 	python3 -m venv ${VENV}
@@ -51,7 +52,7 @@ SKIP_FILE=./.lint-vars.sh

 # Targets
 deploy: ${ANSIBLE} ${VAULT_FILE}
-	${ANSIBLE} --diff -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml
+	${ANSIBLE} --diff -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} $(if ${EXTRA_VARS},-e "${EXTRA_VARS}") ansible/deploy.yml

 list-tags: ${ANSIBLE} ${VAULT_FILE}
 	${ANSIBLE} --list-tags -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml
@@ -60,11 +61,11 @@ list-tasks: ${ANSIBLE} ${VAULT_FILE}
 	${ANSIBLE} --list-tasks -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml

 check: ${ANSIBLE} ${VAULT_FILE}
-	${ANSIBLE} --check --diff --private-key -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} ansible/deploy.yml
+	${ANSIBLE} --check --diff -t ${TAGS} --skip-tags ${SKIP_TAGS} -i ${ANSIBLE_INVENTORY} -l ${TARGET} --vault-password-file ${VAULT_PASS_FILE} $(if ${EXTRA_VARS},-e "${EXTRA_VARS}") ansible/deploy.yml

 vault: ${ANSIBLE_VAULT} ${VAULT_FILE}
 	${ANSIBLE_VAULT} edit --vault-password-file ${VAULT_PASS_FILE} ${VAULT_FILE}

 lint: ${LINT_YAML} ${SKIP_FILE}
 	@printf "Running yamllint...\n"
-	-@${LINT_YAML} ${YAML_FILES}
+	-@${LINT_YAML} ${YAML_FILES}