Date: 2026-05-11
Time: 15:37
This is an FTL2 AI-loop rule that ensures Caddy reverse proxy is correctly configured on the arcade host, routing arcade.catbeez18.com to localhost:8000 with automatic TLS. It follows the observe-condition-action pattern: gather state, check if drift exists, and remediate if needed.
This rule is loaded by the FTL2 AI reconciliation loop automatically. It is not called directly by user code. The loop executes the three phases in order:
1. Observe — runs commands on arcade to collect current Caddyfile content, systemd service status, and firewall rules.
2. Condition — compares observed state against expected; returns True if any component has drifted.
3. Action — remediates by writing the correct Caddyfile, enabling firewall services, and ensuring caddy is started/enabled.
# The observe list defines what state to collect before evaluation
observe = [
{"name": "caddyfile_content", "module": "command", "params": {"cmd": "cat /etc/caddy/Caddyfile ..."}, "host": "arcade"},
{"name": "caddy_status", "module": "command", "params": {"cmd": "systemctl is-active caddy && ..."}, "host": "arcade"},
{"name": "firewall_services", "module": "command", "params": {"cmd": "sudo firewall-cmd --list-services ..."}, "host": "arcade"},
]
arcade (must be defined in FTL2 inventory)EXPECTED_CADDYFILE — reverse proxies arcade.catbeez18.com to localhost:8000http and https must be enabled (permanent + immediate)active and enabled via systemd.strip() when comparing Caddyfile content.http and https — this avoids false matches on substrings.active then enabled) from combined is-active and is-enabled calls; any deviation triggers action.copy overwrites Caddyfile, firewalld with state="enabled" is a no-op if already enabled, service with state="started" is a no-op if already running.|| true and 2>&1 to prevent observation failures from crashing the loop.command (observe), copy, ansible.posix.firewalld, service (action)arcade inventory hostlocalhost:8000