[BREAKING] Caddy: Upgrade to caddyserver v2

See https://caddyserver.com/docs/v2-upgrade for changes on the Caddyfile

templates/caddy.service

@@ -1,24 +1,19 @@
 [Unit]
 Description=Caddy HTTP/2 web server
 Documentation=https://caddyserver.com/docs
-After=network-online.target
-Wants=network-online.target
+After=network.target
 
 [Service]
 Restart=on-abnormal
 
 User=www-data
 Group=www-data
-Environment=CADDYPATH=/etc/ssl/caddy
+Environment=HOME=/var/lib/caddy
 
-PIDFile=/run/caddy.pid
-ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp
-ExecReload=/bin/kill -USR1 $MAINPID
+ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
 
-KillMode=mixed
-KillSignal=SIGQUIT
 TimeoutStopSec=5s
-
 LimitNOFILE=8192
 LimitNPROC=64
 
@@ -30,15 +25,9 @@ PermissionsStartOnly=true
 PrivateTmp=true
 ;PrivateDevices=true
 ;ProtectHome=true
-;ProtectSystem=full
-ReadWriteDirectories=/etc/ssl/caddy
+ProtectSystem=full
 
-; The following additional security directives only work with systemd v229 or later.
-; They further restrict privileges that can be gained by caddy.
-; Note that you may have to add capabilities required by any plugins in use.
-;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-;AmbientCapabilities=CAP_NET_BIND_SERVICE
-;NoNewPrivileges=true
+AmbientCapabilities=CAP_NET_BIND_SERVICE
 
 [Install]
 WantedBy=multi-user.target