refactor: review, restructure, and potentially consolidate tilsit-caddy as sub-project

[smartwatermelon]

Background

The project currently spans two repositories:

• mac-server-setup — server provisioning automation (first-boot, app-setup, templates, configs)
• tilsit-caddy — Caddy web server configuration for TILSIT (Caddyfile, wrapper, LaunchDaemon, www assets)

These were split at some point, but the Caddy configuration is TILSIT-specific and tightly coupled to the same deployment model (operator user, System keychain, LaunchDaemons, PIA VPN constraints). The split creates friction: Cloudflare DDNS work in February 2026 required coordinated changes across both repos simultaneously, with separate PRs, separate checklists, and separate deployment steps.

Potential Directions

Option A: Fold tilsit-caddy into mac-server-setup

Move tilsit-caddy contents into mac-server-setup/caddy/ (or app-setup/caddy-setup/). Advantages:

• Single repo for all TILSIT automation
• Caddy setup becomes a proper caddy-setup.sh module in the app-setup/ pipeline
• caddy-wrapper.sh, Caddyfile, and www/ assets deploy via the same rsync + template pattern as other services
• CLOUDFLARE_ZONE_ID, CLOUDFLARE_RECORD_ID, EXTERNAL_HOSTNAME already exist in config.conf — they could drive Caddyfile substitution at deploy time instead of being hardcoded

Option B: Keep separate but improve cross-repo coherence

Keep tilsit-caddy as its own repo but establish cleaner boundaries:

• Move TILSIT-specific values (zone ID, record ID, hostnames) out of the Caddyfile and into deployment-time substitution driven by config.conf
• Add a caddy-deploy.sh convenience script in mac-server-setup that handles the rsync + validate + reload sequence
• Document the relationship explicitly in both READMEs

Broader Restructuring Questions

Beyond the repo split, a clean-test cycle (wipe → first-boot → app-setup) hasn't been run since initial deployment. Before doing that:

• transmission-setup.sh was not used for initial setup — Transmission was configured manually. Validate the script against the current running config.
• caddy-setup.sh was never run on TILSIT (the www/ directory didn't exist and had to be manually populated in Feb 2026). The script needs validation against the current deployment.
• Module extraction completeness — all 19 modules were extracted but not all have been exercised against live hardware.
• Template variables — EXTERNAL_HOSTNAME, CLOUDFLARE_ZONE_ID, CLOUDFLARE_RECORD_ID were added to config.conf.template in Feb 2026 as part of the Cloudflare DDNS work. Verify all template variables have corresponding substitutions and documentation.

Acceptance Criteria

• Decision made on repo consolidation (fold in or improve boundary)
• caddy-setup.sh validated against live TILSIT deployment
• transmission-setup.sh validated against live TILSIT config
• Clean test cycle run (wipe → first-boot → app-setup)
• All template variables documented in config.conf.template and docs/configuration.md