fix: generate Caddyfile in setup and on identity changes

`make reinstall` wipes config/ then `make setup` creates an empty
Caddyfile (ensure_file just touches it). Add write_caddyfile() to
ip_utils.py that generates the full reverse-proxy config from ip_range,
cell_name, and domain. Call it from setup_cell.py so fresh installs
always get a valid Caddyfile. Also regenerate it in app.py whenever
ip_range, domain, or cell_name changes so Caddy stays in sync.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

scripts/setup_cell.py

@@ -44,7 +44,6 @@ REQUIRED_DIRS = [
 ]
 
 REQUIRED_FILES = [
-    'config/caddy/Caddyfile',
     'config/dns/Corefile',
     'config/dhcp/dnsmasq.conf',
     'config/ntp/chrony.conf',
@@ -205,6 +204,17 @@ def write_compose_env(ip_range: str):
         print(f'[WARN]    Could not write .env — containers will use built-in default IPs/ports')
 
 
+def write_caddy_config(ip_range: str, cell_name: str, domain: str):
+    """Generate Caddyfile with correct VIPs and hostnames for this cell."""
+    sys.path.insert(0, os.path.join(ROOT, 'api'))
+    import ip_utils
+    caddyfile = os.path.join(ROOT, 'config', 'caddy', 'Caddyfile')
+    if ip_utils.write_caddyfile(ip_range, cell_name, domain, caddyfile):
+        print(f'[CREATED] config/caddy/Caddyfile  (subnet={ip_range}  domain={domain})')
+    else:
+        print(f'[WARN]    Could not write Caddyfile')
+
+
 def _read_existing_ip_range() -> str:
     """Read ip_range from existing cell_config.json if present, else return None."""
     cfg_path = os.path.join(ROOT, 'config', 'api', 'cell_config.json')
@@ -237,6 +247,7 @@ def main():
     write_wg0_conf(priv, vpn_address, wg_port)
     write_cell_config(cell_name, domain, wg_port)
     write_compose_env(ip_range)
+    write_caddy_config(ip_range, cell_name, domain)
 
     print()
     print('--- Setup complete! Run: make start ---')