fixed sops decrypt path

hosts/home-morefine/docker/caddy/Caddyfile

@@ -1,5 +1,5 @@
 {
-    admin off
+    admin localhost:2019
     email admin@catmedved.com
     auto_https disable_redirects
 
@@ -8,8 +8,26 @@
     }
 }
 
+(tls_catmedved) {
+    tls /etc/caddy/certs/catmedved.com.crt /etc/caddy/certs/catmedved.com.key
+}
+
+(tls_kladovka52) {
+    tls /etc/caddy/certs/kladovka52.com.crt /etc/caddy/certs/kladovka52.com.key
+}
+
+(tls_ulakar) {
+    tls /etc/caddy/certs/ulakar.com.crt /etc/caddy/certs/ulakar.com.key
+}
+
 (apps) {
 
+# A
+    @auth host              auth.catmedved.com
+    handle @auth {
+        reverse_proxy http://authentik_server:9000
+    }
+# B
     @backrest host          backrest.catmedved.com
     handle @backrest {
         reverse_proxy http://host.docker.internal:9898
@@ -19,7 +37,7 @@
     handle @beszel {
         reverse_proxy http://beszel:8090
     }
-
+# C
 #    @copypaste host        copypaste.catmedved.com
 #    handle @copypaste {
 #        reverse_proxy http://microbin:8080
@@ -29,7 +47,22 @@
     handle @copypaste {
         reverse_proxy http://microbin:8080
     }
+# D
+    @databasus host         databasus.catmedved.com
+    handle @databasus {
+        reverse_proxy http://databasus:4005
+    }
+# F
+    @filebrowser host       filebrowser.catmedved.com
+    handle @filebrowser {
+        reverse_proxy http://filebrowser:80
+    }
 
+    @films host             films.catmedved.com
+    handle @films {
+        reverse_proxy http://jellyfin:8096
+    }
+# G
     @gameyfin host          gameyfin.catmedved.com
     handle @gameyfin {
         reverse_proxy http://gameyfin:8080
@@ -40,10 +73,25 @@
         reverse_proxy http://gitea:3000
     }
 
+    @glancesminipc host             glances-minipc.catmedved.com
+    handle @glancesminipc {
+        reverse_proxy http://glances:61208
+    }
+# H
+    @homepage host          home.catmedved.com
+    handle @homepage {
+        reverse_proxy http://homepage:3000
+    }
+# M
     @music host             music.catmedved.com
     handle @music {
         reverse_proxy http://navidrome:4533
     }
+# P
+    @passwords host          passwords.catmedved.com
+    handle @passwords {
+        reverse_proxy http://vaultwarden:80
+    }
 
     @pdftools host          pdf-tools.catmedved.com
     handle @pdftools {
@@ -55,15 +103,28 @@
         reverse_proxy http://stirling_pdf:8080
     }
 
+    @pihole host            pihole.catmedved.com
+    handle @pihole {
+        reverse_proxy http://pihole:80
+    }
+
     @photo host             photo.catmedved.com
     handle @photo {
         reverse_proxy immich_server:2283
     }
-
+# R
     @recepies host          recepies.catmedved.com
     handle @recepies {
         reverse_proxy http://mealie:9000
     }
+# S
+    @syncminipc host        sync-minipc.catmedved.com
+    handle @syncminipc {
+        reverse_proxy http://host.docker.internal:8384 {
+            header_up Host {upstream_hostport}
+        }
+    }
+
 }
 
 http://*.kladovka52.com {
@@ -83,65 +144,16 @@ http://*.catmedved.com {
 }
 
 https://*.catmedved.com {
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-
+    import tls_catmedved
     import apps
 }
 
-
-auth.catmedved.com {
-    reverse_proxy http://authentik_server:9000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+https://*.kladovka52.com {
+    import tls_kladovka52
+    import apps
 }
 
-# D
-databasus.catmedved.com {
-    reverse_proxy http://databasus:4005
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-drone.catmedved.com {
-    reverse_proxy http://drone:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# F
-filebrowser.catmedved.com {
-    reverse_proxy http://filebrowser:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-films.catmedved.com {
-    reverse_proxy http://jellyfin:8096
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-glances-minipc.catmedved.com {
-    reverse_proxy http://glances:61208
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# H
-home.catmedved.com {
-    reverse_proxy http://homepage:3000
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# P
-passwords.catmedved.com {
-    reverse_proxy http://vaultwarden:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-pihole.catmedved.com {
-    reverse_proxy http://pihole:80
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
-}
-
-# S
-sync-minipc.catmedved.com {
-    reverse_proxy http://host.docker.internal:8384 {
-        header_up Host {upstream_hostport}
-    }
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+https://*.ulakar.com {
+    import tls_ulakar
+    import apps
 }

hosts/home-morefine/docker/caddy/docker-compose.yml

@@ -10,9 +10,10 @@ services:
     ports:
       - "80:80"
       - "443:443"
+      - "443:443/udp" # HTTP/3 (QUIC)
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile
-      - /srv/ssl/catmedved.com:/etc/caddy/certs:ro
+      - /srv/tls/certificates:/etc/caddy/certs:ro
       - caddy_data:/data
       - caddy_config:/config
     environment:

hosts/home-morefine/docker/homepage/config/services.yaml

@@ -48,7 +48,7 @@
         siteMonitor: http://host.docker.internal:8384/rest/noauth/health
         statusStyle: 'dot'
     - Filebrowser:
-        href: https://files-minipc.catmedved.com/
+        href: https://filebrowser.catmedved.com/
         description: Files on minipc
         icon: filebrowser.png
         siteMonitor: http://filebrowser:80
@@ -70,11 +70,11 @@
   - Keenetic:
       href: http://192.168.1.1/
       description: Keenetic Giga Admin
-      icon: keenetic-alt.png
+      icon: /icons/keenetic-k.png
   - HydraRoute Neo:
       href: http://192.168.1.1:2000/
-      descryption: HydarRoute Neo - VPN Routing on Keenetic
-      icon: hydra-route-neo.png
+      description: VPN Routing on Keenetic
+      icon: /icons/hydra-route-neo.png
   - Pi-Hole:
       href: https://pihole.catmedved.com/admin/login
       description: Pi Hole DNS

hosts/home-morefine/docker/immich/docker-compose.yaml

@@ -50,7 +50,7 @@ services:
     #   file: hwaccel.ml.yml
     #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
     volumes:
-      - ./model-cache:/cache
+      - /srv/rundata/immich/model-cache:/cache
     env_file:
       - .env
     restart: always

hosts/home-morefine/systemd/sops/sops-decrypt.service

@@ -11,7 +11,7 @@ WorkingDirectory=/srv/gitops
 Environment=SOPS_AGE_KEY_FILE=/root/.config/sops/age/keys.txt
 
 # твой скрипт расшифровки (держи в репо или в /usr/local/bin)
-ExecStart=/srv/gitops/homelab-infra/lab-home/sops-decrypt.sh
+ExecStart=/srv/gitops/shared/sops-decrypt.sh
 
 TimeoutStartSec=300
 

hosts/home-morefine/usr/local/bin/caddy-reload

@@ -0,0 +1,18 @@
+#!/bin/bash
+# check if caddy is up and running
+if [ "$(docker ps -q -f name=caddy)" ]; then
+  echo "🔍 Validating configuration inside 'caddy' container..."
+  if docker exec -w /etc/caddy caddy caddy validate; then
+    echo "✅ Validation successful. Reloading..."
+    docker exec -w /etc/caddy caddy caddy reload
+    echo "🚀 Done!"
+  else
+    echo "❌ Validation failed! Reload aborted."
+    exit 1
+  fi
+else
+  echo "⚠️  Error: Container 'caddy' is not running."
+  exit 1
+fi
+
+# sudo chmod +x /usr/local/bin/caddy-reload