I have finally got my selfhost wiki up to a satisfying shape. Its here: https://wiki.gardiol.org
Take a look i hope it can help somebody.
I am open to any suggestions about it.
Note: the most original part is the one about multi-homed routing and failbacks and advanced routing.
You are right and I would add that this is even a privacy and security measure, to make use of wildcard certificates. The reason is, those subdomains will be public because of websites like crt.sh which show all subdomains which have their dedicated certificate. Obfuscation can be helpful in not disclosing which are some services or naming schemes you use for yourself even if it is only meant to be for internal use.
Obfuscation can be helpful in not disclosing which are some services or naming schemes
The “obfuscation” benefits of wildcard certificates are very limited (public DNS records can still easily be found with tools such as sublist3r), and they’re definitely a security liability (get the private key of the cert stolen from a single server -> TLS potentially compromised on all your servers using the wildcard cert)