diff --git a/Caddyfile b/Caddyfile
index 716f6dd..e8dda50 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -1,6 +1,40 @@
-*:80 {
-	gzip
-	root /usr/share/caddy
+# The Caddyfile is an easy way to configure your Caddy web server.
+#
+# https://caddyserver.com/docs/caddyfile
+#
+# The configuration below serves a welcome page over HTTP on port 80.
+# To use your own domain name (with automatic HTTPS), first make
+# sure your domain's A/AAAA DNS records are properly pointed to
+# this machine's public IP, then replace the line below with your
+# domain name.
+#
+# https://caddyserver.com/docs/caddyfile/concepts#addresses
+
+{
+	# Restrict the admin interface to a local unix file socket whose directory
+	# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
+	# modification for any process and user that has access to the local
+	# interface. If admin over TCP is turned on one should make sure
+	# implications are well understood.
+	admin "unix//run/caddy/admin.socket"
 }
 
-import conf.d/*.conf
+http:// {
+	# Set this path to your site's directory.
+	root * /usr/share/caddy
+
+	# Enable the static file server.
+	file_server
+
+	# Another common task is to set up a reverse proxy:
+	# reverse_proxy localhost:8080
+
+	# Or serve a PHP site through php-fpm:
+	# php_fastcgi localhost:9000
+
+	# Refer to the directive documentation for more options.
+	# https://caddyserver.com/docs/caddyfile/directives
+}
+
+# Import additional caddy config files in /etc/caddy/conf.d/
+import /etc/caddy/conf.d/*
diff --git a/PKGBUILD b/PKGBUILD
index 2cba2aa..bf38f0d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,4 +1,5 @@
 # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Maintainer: Christian Rebischke <chris.rebischke@archlinux.org>
 # Contributor: Wei Congrui < crvv.mail at gmail dot com >
 # Contributor: Carl George < arch at cgtx dot us >
 # Contributor: Eric Engeström <eric at engestrom dot ch>
@@ -6,29 +7,35 @@
 # Contributor: Akshay S Dinesh <asdofindia at gmail dot com>
 
 pkgname=caddy
-pkgver=1.0.5
-_gitcommit=11ae1aa6b88e45b077dd97cb816fe06cd91cca67
-_distcommit=9e93bfd85c97d71ab842a4a4b555d358295c914e
-pkgrel=2
-pkgdesc='HTTP/2 Web Server with Automatic HTTPS'
+pkgver=2.3.0
+_gitcommit=b4989773ebb2dff21283ee50ec667f9138bdd292
+_distcommit=e784a6dd41d1cd4f72de2a427961bfb097b72cf9
+pkgrel=1
+pkgdesc='Fast web server with automatic HTTPS'
 url='https://caddyserver.com'
 arch=('x86_64')
 license=('Apache')
 depends=('glibc')
 makedepends=('go' 'git')
-backup=('etc/caddy/caddy.conf')
-source=("git+https://github.com/caddyserver/caddy#commit=${_gitcommit}?signed"
-        caddy-${_distcommit}-index.html::https://raw.githubusercontent.com/caddyserver/dist/${_distcommit}/welcome/index.html
+backup=('etc/caddy/Caddyfile')
+source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed"
+        caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}"
         caddy.service
+        caddy-api.service
         caddy.tmpfiles
+        caddy.sysusers
         Caddyfile
-        plugins.go)
-sha256sums=('SKIP'
-            '7668022a48b0cbf459190f0bbfbfb32ae066449a95e006367cac9e1befa80c5f'
-            'c14ac8681e0434caf2c68e4a18dc59f8796fdffe9039f2e3c799ca64d37aa1ea'
-            'c8f002f5ba59985a643600dc3c871e18e110903aa945ef3f2da7c9edd39fbd7a'
-            'fb998b6de7bfe58f65c62eab37a4885e70833d19902da089766ad627a5f5a305'
-            '69956ee6a54ee0469fdee77f6d07cccee61699b1ee24e2f94ef6017c7ec1118b')
+        use-data-dir-for-autosave.patch
+        override-main-module-version.patch)
+sha512sums=('SKIP'
+            'SKIP'
+            'd162f16e16be1673f11c384b79505b82fedbecacea77c2e64303b573aa982ace5706fb74eb7d0b219c5935427459537b685832357aed5ee48345648f439bf274'
+            'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0'
+            '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742'
+            'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f'
+            '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0'
+            '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41'
+            'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b')
 validpgpkeys=(
   29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com>
 )
@@ -39,116 +46,52 @@ pkgver() {
 }
 
 prepare() {
-    cd ${pkgname}/caddy
-    sed 's|/var/www/html|/srv/http|g' -i "${srcdir}/caddy-${_distcommit}-index.html"
-    sed 's|Version: "unknown"|Version: "v'${pkgver}'"|' -i caddymain/run.go
-
-    cat > main.go <<EOF
-package main
-
-import (
-  "github.com/caddyserver/caddy/caddy/caddymain"
-EOF
-    if [ ${#_plugins[@]} -gt 0 ]; then
-        echo "enabled plugins: ${_plugins[*]}"
-        go run "${srcdir}/plugins.go" "${_plugins[@]}" >> main.go
-    fi
-    cat >> main.go <<EOF
-)
-
-func main() {
-  caddymain.EnableTelemetry = false
-  caddymain.Run()
-}
-EOF
+  cd "${pkgname}"
+  # welcome page
+  cp ../caddy-dist/welcome/index.html .
+  sed 's|/var/www/html|/srv/http|g' -i index.html
+  # do not write in /etc
+  patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch"
+  # fix version identifier if not built from a module
+  patch -Np1 < "${srcdir}/override-main-module-version.patch"
+  sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go
 }
 
 build() {
-  cd ${pkgname}/caddy
+  cd "${pkgname}/cmd/caddy/"
+  export CGO_LDFLAGS="${LDFLAGS}"
   export CGO_CPPFLAGS="${CPPFLAGS}"
   export CGO_CFLAGS="${CFLAGS}"
   export CGO_CXXFLAGS="${CXXFLAGS}"
-  export CGO_LDFLAGS="${LDFLAGS}"
-  export GOFLAGS="-buildmode=pie -trimpath -modcacherw"
-  go build -v .
+  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+  go build .
+}
+
+check() {
+  cd "${pkgname}"
+  go test ./...
+  version=$(./cmd/caddy/caddy version)
+  echo "Caddy version: ${version}"
+  if [[ $version != v$pkgver ]]; then
+    exit 1
+  fi
 }
 
 package() {
-  cd ${pkgname}/caddy
-  install -Dm 755 caddy -t "${pkgdir}/usr/bin"
-  install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system"
+  cd "${pkgname}"
+  install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin"
+
+  install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system"
   install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
-  install -Dm 644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/caddy.conf"
-  install -Dm 644 "${srcdir}/caddy-${_distcommit}-index.html" "${pkgdir}/usr/share/caddy/index.html"
+  install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
+
+  install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy"
   install -d "${pkgdir}/etc/caddy/conf.d"
+
+  install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html"
+
+  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions"
+  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy"
 }
 
-# carefully check before enabling any plugin, they are basically untrusted code
-# the enabled tls.dns plugins are built by mholt and maintained in the same space
-_plugins=(
-#    'dns'
-#    'docker'
-#    'dyndns'
-#    'hook.service'
-#    'http.authz'
-#    'http.awses'
-#    'http.awslambda'
-#    'http.cache'
-#    'http.cgi'
-#    'http.cors'
-#    'http.datadog'
-#    'http.expires'
-#    'http.filter'
-#    'http.forwardproxy'
-#    'http.geoip'
-#    'http.git'
-#    'http.gopkg'
-#    'http.grpc'
-#    'http.ipfilter'
-#    'http.jwt'
-#    'http.locale'
-#    'http.login'
-#    'http.mailout'
-#    'http.minify'
-#    'http.nobots'
-#    'http.prometheus'
-#    'http.proxyprotocol'
-#    'http.ratelimit'
-#    'http.realip'
-#    'http.reauth'
-#    'http.restic'
-#    'http.s3browser'
-#    'http.supervisor'
-#    'http.webdav'
-#    'net'
-#    'supervisor'
-    'tls.dns.auroradns'
-    'tls.dns.azure'
-    'tls.dns.cloudflare'
-    'tls.dns.cloudxns'
-    'tls.dns.digitalocean'
-    'tls.dns.dnsimple'
-    'tls.dns.dnsmadeeasy'
-    'tls.dns.dnspod'
-    'tls.dns.duckdns'
-    'tls.dns.dyn'
-    'tls.dns.exoscale'
-    'tls.dns.gandi'
-    'tls.dns.gandiv5'
-    'tls.dns.godaddy'
-    'tls.dns.googlecloud'
-    'tls.dns.lightsail'
-    'tls.dns.linode'
-    'tls.dns.namecheap'
-    'tls.dns.namedotcom'
-    'tls.dns.ns1'
-    'tls.dns.otc'
-    'tls.dns.ovh'
-    'tls.dns.powerdns'
-    'tls.dns.rackspace'
-    'tls.dns.rfc2136'
-    'tls.dns.route53'
-    'tls.dns.vultr'
-)
-
 # vim: ts=2 sw=2 et:
diff --git a/next/caddy-api.service b/caddy-api.service
similarity index 100%
rename from next/caddy-api.service
rename to caddy-api.service
diff --git a/caddy.service b/caddy.service
index a522b80..7613999 100644
--- a/caddy.service
+++ b/caddy.service
@@ -1,44 +1,70 @@
+# caddy.service
+#
+# For using Caddy with a config file.
+#
+# Make sure the ExecStart and ExecReload commands are correct
+# for your installation.
+#
+# See https://caddyserver.com/docs/install for instructions.
+#
+# WARNING: This service does not use the --resume flag, so if you
+# use the API to make changes, they will be overwritten by the
+# Caddyfile next time the service is restarted. If you intend to
+# use Caddy's API to configure it, add the --resume flag to the
+# `caddy run` command or use the caddy-api.service file instead.
+
 [Unit]
-Description=Caddy HTTP/2 web server
-Documentation=https://caddyserver.com/docs
+Description=Caddy web server
+Documentation=https://caddyserver.com/docs/
 After=network-online.target
 Wants=network-online.target systemd-networkd-wait-online.service
 StartLimitIntervalSec=14400
 StartLimitBurst=10
 
 [Service]
-User=http
-Group=http
-Environment=CADDYPATH=/var/lib/caddy
-EnvironmentFile=-/etc/caddy/envfile
-ExecStart=/usr/bin/caddy -log stdout -agree -conf /etc/caddy/caddy.conf -root=/usr/share/caddy
-ExecReload=/usr/bin/kill -USR1 $MAINPID
+User=caddy
+Group=caddy
+Environment=XDG_DATA_HOME=/var/lib
+Environment=XDG_CONFIG_HOME=/etc
+ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
+ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
 
 # Do not allow the process to be restarted in a tight loop. If the
 # process fails to start, something critical needs to be fixed.
 Restart=on-abnormal
 
 # Use graceful shutdown with a reasonable timeout
-KillMode=mixed
-KillSignal=SIGQUIT
 TimeoutStopSec=5s
 
 LimitNOFILE=1048576
 LimitNPROC=512
 
 # Hardening options
-PrivateTmp=true
-PrivateDevices=true
-ProtectHome=true
-ProtectSystem=strict
-ReadWritePaths=/var/lib/caddy /var/log/caddy
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 AmbientCapabilities=CAP_NET_BIND_SERVICE
-NoNewPrivileges=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectControlGroups=true
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+DevicePolicy=closed
 LockPersonality=true
+MemoryAccounting=true
+MemoryDenyWriteExecute=true
+NoNewPrivileges=true
+PrivateDevices=true
+PrivateTmp=true
+ProcSubset=pid
+ProtectClock=true
+ProtectControlGroups=true
+ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
+ProtectSystem=strict
+RemoveIPC=true
+ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
 
 [Install]
 WantedBy=multi-user.target
diff --git a/next/caddy.sysusers b/caddy.sysusers
similarity index 100%
rename from next/caddy.sysusers
rename to caddy.sysusers
diff --git a/caddy.tmpfiles b/caddy.tmpfiles
index 7243284..25f170f 100644
--- a/caddy.tmpfiles
+++ b/caddy.tmpfiles
@@ -1,2 +1,3 @@
-d /var/lib/caddy 0750 http http
-d /var/log/caddy 0750 http http
+d /var/lib/caddy 0750 caddy caddy
+d /var/log/caddy 0750 caddy caddy
+d /run/caddy 0750 caddy caddy
diff --git a/next/Caddyfile b/next/Caddyfile
deleted file mode 100644
index e8dda50..0000000
--- a/next/Caddyfile
+++ /dev/null
@@ -1,40 +0,0 @@
-# The Caddyfile is an easy way to configure your Caddy web server.
-#
-# https://caddyserver.com/docs/caddyfile
-#
-# The configuration below serves a welcome page over HTTP on port 80.
-# To use your own domain name (with automatic HTTPS), first make
-# sure your domain's A/AAAA DNS records are properly pointed to
-# this machine's public IP, then replace the line below with your
-# domain name.
-#
-# https://caddyserver.com/docs/caddyfile/concepts#addresses
-
-{
-	# Restrict the admin interface to a local unix file socket whose directory
-	# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
-	# modification for any process and user that has access to the local
-	# interface. If admin over TCP is turned on one should make sure
-	# implications are well understood.
-	admin "unix//run/caddy/admin.socket"
-}
-
-http:// {
-	# Set this path to your site's directory.
-	root * /usr/share/caddy
-
-	# Enable the static file server.
-	file_server
-
-	# Another common task is to set up a reverse proxy:
-	# reverse_proxy localhost:8080
-
-	# Or serve a PHP site through php-fpm:
-	# php_fastcgi localhost:9000
-
-	# Refer to the directive documentation for more options.
-	# https://caddyserver.com/docs/caddyfile/directives
-}
-
-# Import additional caddy config files in /etc/caddy/conf.d/
-import /etc/caddy/conf.d/*
diff --git a/next/PKGBUILD b/next/PKGBUILD
deleted file mode 100644
index bf38f0d..0000000
--- a/next/PKGBUILD
+++ /dev/null
@@ -1,97 +0,0 @@
-# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
-# Maintainer: Christian Rebischke <chris.rebischke@archlinux.org>
-# Contributor: Wei Congrui < crvv.mail at gmail dot com >
-# Contributor: Carl George < arch at cgtx dot us >
-# Contributor: Eric Engeström <eric at engestrom dot ch>
-# Contributor: Andreas Linz <klingt.net at gmail dot com>
-# Contributor: Akshay S Dinesh <asdofindia at gmail dot com>
-
-pkgname=caddy
-pkgver=2.3.0
-_gitcommit=b4989773ebb2dff21283ee50ec667f9138bdd292
-_distcommit=e784a6dd41d1cd4f72de2a427961bfb097b72cf9
-pkgrel=1
-pkgdesc='Fast web server with automatic HTTPS'
-url='https://caddyserver.com'
-arch=('x86_64')
-license=('Apache')
-depends=('glibc')
-makedepends=('go' 'git')
-backup=('etc/caddy/Caddyfile')
-source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed"
-        caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}"
-        caddy.service
-        caddy-api.service
-        caddy.tmpfiles
-        caddy.sysusers
-        Caddyfile
-        use-data-dir-for-autosave.patch
-        override-main-module-version.patch)
-sha512sums=('SKIP'
-            'SKIP'
-            'd162f16e16be1673f11c384b79505b82fedbecacea77c2e64303b573aa982ace5706fb74eb7d0b219c5935427459537b685832357aed5ee48345648f439bf274'
-            'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0'
-            '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742'
-            'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f'
-            '716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0'
-            '563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41'
-            'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b')
-validpgpkeys=(
-  29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com>
-)
-
-pkgver() {
-  cd ${pkgname}
-  git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
-}
-
-prepare() {
-  cd "${pkgname}"
-  # welcome page
-  cp ../caddy-dist/welcome/index.html .
-  sed 's|/var/www/html|/srv/http|g' -i index.html
-  # do not write in /etc
-  patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch"
-  # fix version identifier if not built from a module
-  patch -Np1 < "${srcdir}/override-main-module-version.patch"
-  sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go
-}
-
-build() {
-  cd "${pkgname}/cmd/caddy/"
-  export CGO_LDFLAGS="${LDFLAGS}"
-  export CGO_CPPFLAGS="${CPPFLAGS}"
-  export CGO_CFLAGS="${CFLAGS}"
-  export CGO_CXXFLAGS="${CXXFLAGS}"
-  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
-  go build .
-}
-
-check() {
-  cd "${pkgname}"
-  go test ./...
-  version=$(./cmd/caddy/caddy version)
-  echo "Caddy version: ${version}"
-  if [[ $version != v$pkgver ]]; then
-    exit 1
-  fi
-}
-
-package() {
-  cd "${pkgname}"
-  install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin"
-
-  install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system"
-  install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
-  install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
-
-  install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy"
-  install -d "${pkgdir}/etc/caddy/conf.d"
-
-  install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html"
-
-  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions"
-  install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy"
-}
-
-# vim: ts=2 sw=2 et:
diff --git a/next/caddy.service b/next/caddy.service
deleted file mode 100644
index 7613999..0000000
--- a/next/caddy.service
+++ /dev/null
@@ -1,70 +0,0 @@
-# caddy.service
-#
-# For using Caddy with a config file.
-#
-# Make sure the ExecStart and ExecReload commands are correct
-# for your installation.
-#
-# See https://caddyserver.com/docs/install for instructions.
-#
-# WARNING: This service does not use the --resume flag, so if you
-# use the API to make changes, they will be overwritten by the
-# Caddyfile next time the service is restarted. If you intend to
-# use Caddy's API to configure it, add the --resume flag to the
-# `caddy run` command or use the caddy-api.service file instead.
-
-[Unit]
-Description=Caddy web server
-Documentation=https://caddyserver.com/docs/
-After=network-online.target
-Wants=network-online.target systemd-networkd-wait-online.service
-StartLimitIntervalSec=14400
-StartLimitBurst=10
-
-[Service]
-User=caddy
-Group=caddy
-Environment=XDG_DATA_HOME=/var/lib
-Environment=XDG_CONFIG_HOME=/etc
-ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
-ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
-ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
-
-# Do not allow the process to be restarted in a tight loop. If the
-# process fails to start, something critical needs to be fixed.
-Restart=on-abnormal
-
-# Use graceful shutdown with a reasonable timeout
-TimeoutStopSec=5s
-
-LimitNOFILE=1048576
-LimitNPROC=512
-
-# Hardening options
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-DevicePolicy=closed
-LockPersonality=true
-MemoryAccounting=true
-MemoryDenyWriteExecute=true
-NoNewPrivileges=true
-PrivateDevices=true
-PrivateTmp=true
-ProcSubset=pid
-ProtectClock=true
-ProtectControlGroups=true
-ProtectHome=true
-ProtectHostname=true
-ProtectKernelLogs=true
-ProtectKernelModules=true
-ProtectKernelTunables=true
-ProtectProc=invisible
-ProtectSystem=strict
-RemoveIPC=true
-ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
-RestrictNamespaces=true
-RestrictRealtime=true
-RestrictSUIDSGID=true
-
-[Install]
-WantedBy=multi-user.target
diff --git a/next/caddy.tmpfiles b/next/caddy.tmpfiles
deleted file mode 100644
index 25f170f..0000000
--- a/next/caddy.tmpfiles
+++ /dev/null
@@ -1,3 +0,0 @@
-d /var/lib/caddy 0750 caddy caddy
-d /var/log/caddy 0750 caddy caddy
-d /run/caddy 0750 caddy caddy
diff --git a/next/override-main-module-version.patch b/override-main-module-version.patch
similarity index 100%
rename from next/override-main-module-version.patch
rename to override-main-module-version.patch
diff --git a/plugins.go b/plugins.go
deleted file mode 100644
index 1e01985..0000000
--- a/plugins.go
+++ /dev/null
@@ -1,61 +0,0 @@
-package main
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"os"
-	"sort"
-)
-
-const URL = "https://caddyserver.com/v1/api/download-page"
-
-type Plugin struct {
-	Name       string
-	ImportPath string
-}
-type PluginList struct {
-	Plugins []Plugin `json:"plugins"`
-}
-
-func getPlugins() []Plugin {
-	resp, err := http.Get(URL)
-	if err != nil {
-		log.Fatal(err)
-	}
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	list := PluginList{}
-	err = json.Unmarshal(body, &list)
-	if err != nil {
-		log.Fatal(err)
-	}
-	return list.Plugins
-}
-func main() {
-	plugins := getPlugins()
-	sort.Slice(plugins, func(i, j int) bool {
-		return plugins[i].Name < plugins[j].Name
-	})
-	if len(os.Args) == 1 {
-		fmt.Println("plugins=(")
-		for _, plugin := range plugins {
-			fmt.Printf("#    '%s'\n", plugin.Name)
-		}
-		fmt.Println(")")
-		return
-	}
-	pluginsMap := make(map[string]string)
-	for _, plugin := range plugins {
-		pluginsMap[plugin.Name] = plugin.ImportPath
-	}
-	for _, name := range os.Args[1:] {
-		path, ok := pluginsMap[name]
-		if !ok {
-			log.Fatalf("cannot find plugin %s\n", name)
-		}
-		fmt.Printf(`_ "%s"`+"\n", path)
-	}
-}
diff --git a/next/use-data-dir-for-autosave.patch b/use-data-dir-for-autosave.patch
similarity index 100%
rename from next/use-data-dir-for-autosave.patch
rename to use-data-dir-for-autosave.patch