fixed sops decrypt path

add script to reload caddy
enable admin interface to reload caddy
2026-03-15 16:17:39 +03:00 · 2026-02-24 18:43:23 +03:00 · 2026-02-24 18:24:22 +03:00 · 2026-02-24 18:20:48 +03:00 · 2026-02-24 18:18:06 +03:00 · 2026-02-24 18:13:19 +03:00
7 changed files with 97 additions and 66 deletions
--- a/hosts/home-morefine/docker/caddy/Caddyfile
+++ b/hosts/home-morefine/docker/caddy/Caddyfile
@@ -1,5 +1,5 @@
 {
-    admin off
+    admin localhost:2019
    email admin@catmedved.com
    auto_https disable_redirects
@@ -8,8 +8,26 @@
    }
 }
 (tls_catmedved) {
    tls /etc/caddy/certs/catmedved.com.crt /etc/caddy/certs/catmedved.com.key
 }
 (tls_kladovka52) {
    tls /etc/caddy/certs/kladovka52.com.crt /etc/caddy/certs/kladovka52.com.key
 }
 (tls_ulakar) {
    tls /etc/caddy/certs/ulakar.com.crt /etc/caddy/certs/ulakar.com.key
 }
 (apps) {
 # A
    @auth host              auth.catmedved.com
    handle @auth {
        reverse_proxy http://authentik_server:9000
    }
 # B
    @backrest host          backrest.catmedved.com
    handle @backrest {
        reverse_proxy http://host.docker.internal:9898
@@ -19,7 +37,7 @@
    handle @beszel {
        reverse_proxy http://beszel:8090
    }
-
+# C
 #    @copypaste host        copypaste.catmedved.com
 #    handle @copypaste {
 #        reverse_proxy http://microbin:8080
@@ -29,7 +47,22 @@
    handle @copypaste {
        reverse_proxy http://microbin:8080
    }
 # D
    @databasus host         databasus.catmedved.com
    handle @databasus {
        reverse_proxy http://databasus:4005
    }
 # F
    @filebrowser host       filebrowser.catmedved.com
    handle @filebrowser {
        reverse_proxy http://filebrowser:80
    }
    @films host             films.catmedved.com
    handle @films {
        reverse_proxy http://jellyfin:8096
    }
 # G
    @gameyfin host          gameyfin.catmedved.com
    handle @gameyfin {
        reverse_proxy http://gameyfin:8080
@@ -40,10 +73,25 @@
        reverse_proxy http://gitea:3000
    }
    @glancesminipc host             glances-minipc.catmedved.com
    handle @glancesminipc {
        reverse_proxy http://glances:61208
    }
 # H
    @homepage host          home.catmedved.com
    handle @homepage {
        reverse_proxy http://homepage:3000
    }
 # M
    @music host             music.catmedved.com
    handle @music {
        reverse_proxy http://navidrome:4533
    }
 # P
    @passwords host          passwords.catmedved.com
    handle @passwords {
        reverse_proxy http://vaultwarden:80
    }
    @pdftools host          pdf-tools.catmedved.com
    handle @pdftools {
@@ -55,15 +103,28 @@
        reverse_proxy http://stirling_pdf:8080
    }
    @pihole host            pihole.catmedved.com
    handle @pihole {
        reverse_proxy http://pihole:80
    }
    @photo host             photo.catmedved.com
    handle @photo {
        reverse_proxy immich_server:2283
    }
-
+# R
    @recepies host          recepies.catmedved.com
    handle @recepies {
        reverse_proxy http://mealie:9000
    }
 # S
    @syncminipc host        sync-minipc.catmedved.com
    handle @syncminipc {
        reverse_proxy http://host.docker.internal:8384 {
            header_up Host {upstream_hostport}
        }
    }
 }
 http://*.kladovka52.com {
@@ -83,65 +144,16 @@ http://*.catmedved.com {
 }
 https://*.catmedved.com {
-    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
+    import tls_catmedved
    import apps
 }
-
+https://*.kladovka52.com {
-auth.catmedved.com {
+    import tls_kladovka52
-    reverse_proxy http://authentik_server:9000
+    import apps
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
-# D
+https://*.ulakar.com {
-databasus.catmedved.com {
+    import tls_ulakar
-    reverse_proxy http://databasus:4005
+    import apps
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 drone.catmedved.com {
    reverse_proxy http://drone:80
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 # F
 filebrowser.catmedved.com {
    reverse_proxy http://filebrowser:80
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 films.catmedved.com {
    reverse_proxy http://jellyfin:8096
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 glances-minipc.catmedved.com {
    reverse_proxy http://glances:61208
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 # H
 home.catmedved.com {
    reverse_proxy http://homepage:3000
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 # P
 passwords.catmedved.com {
    reverse_proxy http://vaultwarden:80
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 pihole.catmedved.com {
    reverse_proxy http://pihole:80
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
 # S
 sync-minipc.catmedved.com {
    reverse_proxy http://host.docker.internal:8384 {
        header_up Host {upstream_hostport}
    }
    tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
 }
--- a/hosts/home-morefine/docker/caddy/docker-compose.yml
+++ b/hosts/home-morefine/docker/caddy/docker-compose.yml
@@ -10,9 +10,10 @@ services:
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp" # HTTP/3 (QUIC)
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
-      - /srv/ssl/catmedved.com:/etc/caddy/certs:ro
+      - /srv/tls/certificates:/etc/caddy/certs:ro
      - caddy_data:/data
      - caddy_config:/config
    environment:
--- a/hosts/home-morefine/docker/homepage/config/services.yaml
+++ b/hosts/home-morefine/docker/homepage/config/services.yaml
@@ -48,7 +48,7 @@
        siteMonitor: http://host.docker.internal:8384/rest/noauth/health
        statusStyle: 'dot'
    - Filebrowser:
-        href: https://files-minipc.catmedved.com/
+        href: https://filebrowser.catmedved.com/
        description: Files on minipc
        icon: filebrowser.png
        siteMonitor: http://filebrowser:80
@@ -70,11 +70,11 @@
  - Keenetic:
      href: http://192.168.1.1/
      description: Keenetic Giga Admin
-      icon: keenetic-alt.png
+      icon: /icons/keenetic-k.png
  - HydraRoute Neo:
      href: http://192.168.1.1:2000/
-      descryption: HydarRoute Neo - VPN Routing on Keenetic
+      description: VPN Routing on Keenetic
-      icon: hydra-route-neo.png
+      icon: /icons/hydra-route-neo.png
  - Pi-Hole:
      href: https://pihole.catmedved.com/admin/login
      description: Pi Hole DNS
--- a/hosts/home-morefine/docker/homepage/icons/keenetic-k.png
+++ b/hosts/home-morefine/docker/homepage/icons/keenetic-k.png
--- a/hosts/home-morefine/docker/immich/docker-compose.yaml
+++ b/hosts/home-morefine/docker/immich/docker-compose.yaml
@@ -50,7 +50,7 @@ services:
    #   file: hwaccel.ml.yml
    #   service: cpu # set to one of [armnn, cuda, openvino, openvino-wsl] for accelerated inference - use the `-wsl` version for WSL2 where applicable
    volumes:
-      - ./model-cache:/cache
+      - /srv/rundata/immich/model-cache:/cache
    env_file:
      - .env
    restart: always
--- a/hosts/home-morefine/systemd/sops/sops-decrypt.service
+++ b/hosts/home-morefine/systemd/sops/sops-decrypt.service
@@ -11,7 +11,7 @@ WorkingDirectory=/srv/gitops
 Environment=SOPS_AGE_KEY_FILE=/root/.config/sops/age/keys.txt
 # твой скрипт расшифровки (держи в репо или в /usr/local/bin)
-ExecStart=/srv/gitops/homelab-infra/lab-home/sops-decrypt.sh
+ExecStart=/srv/gitops/shared/sops-decrypt.sh
 TimeoutStartSec=300
--- a/hosts/home-morefine/usr/local/bin/caddy-reload
+++ b/hosts/home-morefine/usr/local/bin/caddy-reload
@@ -0,0 +1,18 @@
 #!/bin/bash
 # check if caddy is up and running
 if [ "$(docker ps -q -f name=caddy)" ]; then
  echo "🔍 Validating configuration inside 'caddy' container..."
  if docker exec -w /etc/caddy caddy caddy validate; then
    echo "✅ Validation successful. Reloading..."
    docker exec -w /etc/caddy caddy caddy reload
    echo "🚀 Done!"
  else
    echo "❌ Validation failed! Reload aborted."
    exit 1
  fi
 else
  echo "⚠️  Error: Container 'caddy' is not running."
  exit 1
 fi
 # sudo chmod +x /usr/local/bin/caddy-reload
Author	SHA1	Message	Date
v.karaychentsev	6c69fb0ace	fixed sops decrypt path	2026-03-15 16:17:39 +03:00
v.karaychentsev	0b0ea9b288	add script to reload caddy	2026-02-24 18:43:23 +03:00
v.karaychentsev	687fb17038	enable admin interface to reload caddy	2026-02-24 18:24:22 +03:00
v.karaychentsev	f16acb6aea	fixes	2026-02-24 18:20:48 +03:00
Uladzimir K	ac3712b722	fixes	2026-02-24 18:18:06 +03:00
v.karaychentsev	e4f623ffa7	caddy: update config. Move sites to the (apps) section. Use existing certificates.	2026-02-24 18:13:19 +03:00
v.karaychentsev	d00f4f65c4	fix typo	2026-02-24 16:35:18 +03:00
v.karaychentsev	3d1f6375e3	fix typo	2026-02-24 16:34:45 +03:00
v.karaychentsev	211c19ff41	homepage: add keenetic icon	2026-02-24 16:33:39 +03:00
Uladzimir K	59091880e4	homepage: fixed hydra route icon	2026-02-24 16:32:47 +03:00