From 43045d868acd218dbf9ae5c7ec03369a44be007a Mon Sep 17 00:00:00 2001
From: Tobias Reisinger <tobias@msrg.cc>
Date: Tue, 29 Apr 2025 11:53:24 +0200
Subject: [PATCH] Improve caddy config for general wildcard

---
 dnsconfig.js                                 | 4 +---
 playbooks/roles/caddy/files/snippets         | 7 +++++++
 playbooks/roles/caddy/templates/Caddyfile.j2 | 7 +++++++
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/dnsconfig.js b/dnsconfig.js
index 6d8ece0..3465918 100644
--- a/dnsconfig.js
+++ b/dnsconfig.js
@@ -65,9 +65,7 @@ D("serguzim.me", REG_OVH, DnsProvider(DSP_OVH),
 
 	acme_challenge("auth", "18a42983-3d19-4c17-8213-fc275a8be721"),
 	acme_challenge("db", "ca2c86c0-ff3d-458a-89e0-11bcfd2543e4"),
-	acme_challenge("paas", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
-	acme_challenge("alloy", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
-	acme_challenge("mimir", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
+	acme_challenge("", "92924f7c-0859-4941-9e3d-2ecedfb21c1b"),
 
 	verify_amazon_ses(dkim_ses["serguzim.me"]),
 
diff --git a/playbooks/roles/caddy/files/snippets b/playbooks/roles/caddy/files/snippets
index a9199cb..1de7f22 100644
--- a/playbooks/roles/caddy/files/snippets
+++ b/playbooks/roles/caddy/files/snippets
@@ -44,3 +44,10 @@
 		}
 	}
 }
+
+(vpn_only) {
+    @denied not client_ip private_ranges
+    handle @denied {
+        redir https://www.serguzim.me/
+    }
+}
diff --git a/playbooks/roles/caddy/templates/Caddyfile.j2 b/playbooks/roles/caddy/templates/Caddyfile.j2
index 803ac06..f09a3c2 100644
--- a/playbooks/roles/caddy/templates/Caddyfile.j2
+++ b/playbooks/roles/caddy/templates/Caddyfile.j2
@@ -8,4 +8,11 @@
 }
 
 import /etc/caddy/snippets
+
+*.serguzim.me {
+	import acmedns
+
+	redir https://www.serguzim.me/
+}
+
 import /etc/caddy/conf.d/*.conf