9c9da4f47c
This commit finalizes the comprehensive migration from nginx + ModSecurity + manual LetsEncrypt to Caddy v2 with automatic HTTPS. The migration eliminates over 2000 lines of complex configuration in favor of a single, simplified Caddyfile. ## Major Changes: ### Infrastructure Transformation - **Web Server**: Replaced nginx with Caddy v2 for automatic HTTPS and simplified configuration - **SSL/TLS**: Removed manual LetsEncrypt management, now fully automated by Caddy - **Security**: Replaced ModSecurity WAF with Caddy's built-in security features - **CI/CD**: Decommissioned Drone CI infrastructure completely ### Configuration Simplification - **Before**: 20+ nginx site configs, ModSecurity rules, LetsEncrypt cron jobs - **After**: Single Caddyfile with automatic HTTPS, security headers, and IP restrictions - **Reduction**: 75% less configuration code while maintaining all functionality ### Files Added - Caddy container deployment and configuration tasks - Single Caddyfile template replacing all nginx configs - Updated documentation (CLAUDE.md, TODO.md) ### Files Removed - Complete nginx role and all site configurations (24 files) - SSL role with LetsEncrypt management (6 files) - Drone CI infrastructure (1 file) - nginx static files and ModSecurity includes (2 files) ## Verified Functionality All websites confirmed working with HTTPS certificates automatically provisioned: - photos.bdebyl.net, parts.bdebyl.net, cloud.bdebyl.net - wiki.skudakrennsport.com, cloud.skudakrennsport.com - fulfillr.debyltech.com (with IP restrictions) - Proper security headers and WebSocket support 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Deploy Home
There's no place like home!
Just as Dorothy managed the simple task of clicking her heels together, the desire for an equally simple one-button push deployment was in my heart. Thus, this repository was made.
Ansible
Ansible, along with double encrypted secrets, deploys the necessary configurations to make the home fit for certain needs and desires. Namely, having access to my home from anywhere, securely, and a self-hosted CI server that easily ties into existing workflows.
Makefile
The makefile is primarily used as a wrapper script to ensure that necessary
files, such as the secret vault password file, are provisioned as part of this.
One such addition to the task is utilizing dependency pinning through the
utilization of Python's virtualenv to lock down the specific dependency
versions within the requirements.txt file. This, ideally, prevents any
deployment issues with dependency version woes (e.g. version conflicts, major
updates in newest versions, etc.)
| Target Name | Description |
|---|---|
lint |
(default) Runs yamllint and ansible-lint on all YAML files in ansible/ |
deploy |
Deploys everything, or only tasks specified in TAGS= environment variable |
check |
Runs deploy in a "dry-run", showing diff-style outputs on tasks indicating changes |
vault |
Opens the Ansible vault file for editing |