init: Caddy setup

caddy/Caddyfile

@@ -0,0 +1,63 @@
+# Global config
+{
+    email me@sauravdhakal.com.np
+    acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+}
+
+# -----------------------------------------------
+# PUBLIC services (resolves to your public VPS IP)
+# -----------------------------------------------
+
+# blog.sauravdhakal.com.np {
+#    reverse_proxy blog:3000
+# }
+
+#n8n-webhook.sauravdhakal.com.np {
+#    reverse_proxy n8n:5678
+#}
+
+# Public — only webhook endpoint, no UI
+n8n.sauravdhakal.com.np {
+    reverse_proxy n8n:5678 {
+        # Only allow webhook paths publicly
+        header_up Host {host}
+    }
+    @public path /webhook/* /webhook-test/*
+    handle @public {
+        reverse_proxy n8n:5678
+    }
+    handle {
+        abort   # block everything else (UI, API, etc)
+    }
+}
+
+# Private — full n8n UI through VPN
+n8n-admin.sauravdhakal.com.np {
+    bind 100.81.85.182
+    reverse_proxy n8n:5678
+}
+
+# -----------------------------------------------
+# VPN-ONLY services (resolves to 100.81.85.182)
+# bind tells Caddy to only listen on Netbird interface
+# -----------------------------------------------
+
+vault.sauravdhakal.com.np {
+    bind 100.81.85.182
+    reverse_proxy vaultwarden:80
+}
+
+actual.sauravdhakal.com.np {
+    bind 100.81.85.182
+    reverse_proxy actual:5006
+}
+
+immich.sauravdhakal.com.np {
+    bind 100.81.85.182
+    reverse_proxy immich-server:2283
+}
+
+filebrowser.sauravdhakal.com.np {
+    bind 100.81.85.182
+    reverse_proxy filebrowser:80
+}

caddy/Dockerfile

@@ -0,0 +1,7 @@
+# Custom build of caddy with Cloudflare API
+FROM caddy:builder AS builder
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare
+
+FROM caddy:latest
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy