# Utility Caddy LXC — Initial Setup

One-time setup. Only needed if rebuilding from scratch.

## Overview

| Item | Value |
|------|-------|
| CT ID | 101 |
| Hostname | caddy |
| Local IP | 192.168.1.101 |
| Tailscale IP | 100.64.0.2 |
| Public access | 199.6.36.163 (router forwards 80/443) |

## 1. Create LXC

```bash
ssh root@192.168.1.241

pct create 101 local:vztmpl/debian-12-standard_12.12-1_amd64.tar.zst \
  --hostname caddy \
  --cores 1 \
  --memory 512 \
  --swap 256 \
  --rootfs local-lvm:8 \
  --net0 name=eth0,bridge=vmbr0,ip=192.168.1.101/24,gw=192.168.1.1 \
  --features nesting=1 \
  --unprivileged 1 \
  --password <from .ref/credentials>

# TUN device for Tailscale
cat >> /etc/pve/lxc/101.conf << EOF
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
EOF

pct start 101
```

## 1b. Bootstrap Standard Packages

Run the Echo6 LXC bootstrap script to install sshpass, curl, git, htop, and other standard packages:

```bash
echo6-bootstrap-ct.sh 101
```

If the script isn't on the Proxmox host yet, run `echo6-onboard-node.sh` first. See `runbooks/proxmox-onboard-node.md`.

## 2. Install Tailscale

```bash
pct exec 101 -- bash -c "
echo nameserver 1.1.1.1 > /etc/resolv.conf
apt-get update && apt-get install -y curl
curl -fsSL https://tailscale.com/install.sh | sh
"
```

## 3. Register with Headscale

```bash
pct exec 101 -- tailscale up --login-server https://vpn.echo6.co --hostname caddy

# On Contabo — register the node
ssh root@100.64.0.6 'docker exec headscale-standby headscale nodes register --key <KEY> --user echo6'

# Verify
pct exec 101 -- tailscale status
```

## 4. Install Caddy

```bash
pct exec 101 -- bash -c "
apt-get install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt | tee /etc/apt/sources.list.d/caddy-stable.list
apt-get update && apt-get install -y caddy
"
```

## 5. Install acme.sh

```bash
pct exec 101 -- bash -c "
curl https://get.acme.sh | sh -s email=admin@echo6.co
"
```

## 6. Create initial Caddyfile

```bash
pct exec 101 -- bash -c "cat > /etc/caddy/Caddyfile << 'EOF'
{
    email admin@echo6.co
}
EOF
systemctl enable caddy
systemctl start caddy"
```

## 7. Router port forward

Forward on your router:
- TCP 80 → 192.168.1.101:80
- TCP 443 → 192.168.1.101:443

## Done

Add services using the expose-service-home.md runbook.