Improve infrastructure configuration and installation logic

- Fix authentik Caddy template to use localhost instead of variable for consistency
- Improve Caddy installation logic with better conditional checks
- Fix version checking and plugin detection for more reliable deployments
- Add cleanup task condition for DNS challenge installations

These changes improve deployment reliability and consistency.

roles/caddy/tasks/main.yml

@@ -8,7 +8,6 @@
   register: caddy_version_check
   failed_when: false
   changed_when: false
-  when: dns_challenge_needed | bool
 
 - name: Check if installed Caddy has Cloudflare plugin
   command: /usr/bin/caddy list-modules --packages
@@ -21,7 +20,9 @@
   pacman:
     name: caddy
     state: present
-  when: not dns_challenge_needed and not caddy_version_check | bool
+  when: 
+    - not dns_challenge_needed
+    - caddy_version_check.rc != 0
   notify: restart caddy
 
 - name: Download Caddy with Cloudflare plugin (if DNS challenge needed)
@@ -40,13 +41,16 @@
     mode: '0755'
     remote_src: yes
     backup: yes
-  when: dns_challenge_needed and caddy_version_check | bool
+  when: 
+    - dns_challenge_needed | bool
+    - caddy_version_check.rc != 0 or 'github.com/caddy-dns/cloudflare' not in caddy_modules_check.stdout | default('')
   notify: restart caddy
 
 - name: Clean up temporary Caddy binary
   file:
     path: /tmp/caddy-with-cloudflare
     state: absent
+  when: dns_challenge_needed | bool
 
 - name: Create caddy user and group
   user: