From e4f623ffa7f35ab90a04b43840cb9d3eca08ac3a Mon Sep 17 00:00:00 2001
From: "v.karaychentsev" <105486287+vk-aterise@users.noreply.github.com>
Date: Tue, 24 Feb 2026 18:13:19 +0300
Subject: [PATCH] caddy: update config. Move sites to the (apps) section. Use
 existing certificates.

---
 hosts/home-morefine/docker/caddy/Caddyfile    | 128 ++++++++++--------
 .../docker/caddy/docker-compose.yml           |   3 +-
 2 files changed, 72 insertions(+), 59 deletions(-)

diff --git a/hosts/home-morefine/docker/caddy/Caddyfile b/hosts/home-morefine/docker/caddy/Caddyfile
index f9c1aac..58c427c 100644
--- a/hosts/home-morefine/docker/caddy/Caddyfile
+++ b/hosts/home-morefine/docker/caddy/Caddyfile
@@ -8,8 +8,26 @@
     }
 }
 
+(tls_catmedved) {
+    tls /etc/caddy/certs/catmedved.com.crt /etc/caddy/certs/catmedved.com.key
+}
+
+(tls_kladovka52) {
+    tls /etc/caddy/certs/kladovka52.com.crt /etc/caddy/certs/kladovka52.com.key
+}
+
+(tls_ulakar) {
+    tls /etc/caddy/certs/ulakar.com.crt /etc/caddy/certs/ulakar.com.key
+}
+
 (apps) {
 
+# A
+    @auth host              auth.catmedved.com
+    handle @auth {
+        reverse_proxy http://authentik_server:9000
+    }
+# B
     @backrest host          backrest.catmedved.com
     handle @backrest {
         reverse_proxy http://host.docker.internal:9898
@@ -19,7 +37,7 @@
     handle @beszel {
         reverse_proxy http://beszel:8090
     }
-
+# C
 #    @copypaste host        copypaste.catmedved.com
 #    handle @copypaste {
 #        reverse_proxy http://microbin:8080
@@ -29,7 +47,22 @@
     handle @copypaste {
         reverse_proxy http://microbin:8080
     }
+# D
+    @databasus host         databasus.catmedved.com
+    handle @databasus {
+        reverse_proxy http://databasus:4005
+    }
+# F
+    @filebrowser host       filebrowser.catmedved.com
+    handle @filebrowser {
+        reverse_proxy http://filebrowser:80
+    }
 
+    @films host             films.catmedved.com
+    handle @films {
+        reverse_proxy http://jellyfin:8096
+    }
+# G
     @gameyfin host          gameyfin.catmedved.com
     handle @gameyfin {
         reverse_proxy http://gameyfin:8080
@@ -40,10 +73,25 @@
         reverse_proxy http://gitea:3000
     }
 
+    @glancesminipc host             glances-minipc.catmedved.com
+    handle @glancesminipc {
+        reverse_proxy http://gitea:61208
+    }
+# H
+    @homepage host          home.catmedved.com
+    handle @homepage {
+        reverse_proxy http://homepage:3000
+    }
+# M
     @music host             music.catmedved.com
     handle @music {
         reverse_proxy http://navidrome:4533
     }
+# P
+    @passwords host          passwords.catmedved.com
+    handle @passwords {
+        reverse_proxy http://vaultwarden:80
+    }
 
     @pdftools host          pdf-tools.catmedved.com
     handle @pdftools {
@@ -55,15 +103,28 @@
         reverse_proxy http://stirling_pdf:8080
     }
 
+    @pihole host            pihole.catmedved.com
+    handle @passwords {
+        reverse_proxy http://pihole:80
+    }
+
     @photo host             photo.catmedved.com
     handle @photo {
         reverse_proxy immich_server:2283
     }
-
+# R
     @recepies host          recepies.catmedved.com
     handle @recepies {
         reverse_proxy http://mealie:9000
     }
+# S
+    @syncminipc host        sync-minipc.catmedved.com
+    handle @syncminipc {
+        reverse_proxy http://host.docker.internal:8384 {
+            header_up Host {upstream_hostport}
+        }
+    }
+
 }
 
 http://*.kladovka52.com {
@@ -83,65 +144,16 @@ http://*.catmedved.com {
 }
 
 https://*.catmedved.com {
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-
+    import tls_catmedved
     import apps
 }
 
-
-auth.catmedved.com {
-    reverse_proxy http://authentik_server:9000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+https://*.kladovka52.com {
+    import tls_kladovka52
+    import apps
 }
 
-# D
-databasus.catmedved.com {
-    reverse_proxy http://databasus:4005
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-drone.catmedved.com {
-    reverse_proxy http://drone:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# F
-filebrowser.catmedved.com {
-    reverse_proxy http://filebrowser:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-films.catmedved.com {
-    reverse_proxy http://jellyfin:8096
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-glances-minipc.catmedved.com {
-    reverse_proxy http://glances:61208
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# H
-home.catmedved.com {
-    reverse_proxy http://homepage:3000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# P
-passwords.catmedved.com {
-    reverse_proxy http://vaultwarden:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-pihole.catmedved.com {
-    reverse_proxy http://pihole:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# S
-sync-minipc.catmedved.com {
-    reverse_proxy http://host.docker.internal:8384 {
-        header_up Host {upstream_hostport}
-    }
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+https://*.ulakar.com {
+    import tls_ulakar
+    import apps
 }
diff --git a/hosts/home-morefine/docker/caddy/docker-compose.yml b/hosts/home-morefine/docker/caddy/docker-compose.yml
index 963b78c..9d98859 100644
--- a/hosts/home-morefine/docker/caddy/docker-compose.yml
+++ b/hosts/home-morefine/docker/caddy/docker-compose.yml
@@ -10,9 +10,10 @@ services:
     ports:
       - "80:80"
       - "443:443"
+      - "443:443/udp" # HTTP/3 (QUIC)
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile
-      - /srv/ssl/catmedved.com:/etc/caddy/certs:ro
+      - /srv/tls/certificates:/etc/caddy/certs:ro
       - caddy_data:/data
       - caddy_config:/config
     environment: