update readme

added build arm64 binary for distribution added secrets for conf files updated example website changed build script CGO_ENABLED=0 so cross compiling works
2020-11-08 17:29:08 -08:00 · 2020-11-08 17:29:08 -08:00 · 18d6663c13
parent b3039b4c66
commit 18d6663c13
16 changed files with 108 additions and 48 deletions
--- a/.bash_history.secret
+++ b/.bash_history.secret
--- a/.gitignore
+++ b/.gitignore
@ -1,13 +1,11 @@
-/.config/
-/.local/
-/.step/
-.gitsecret/keys/random_seed
 !*.secret
-env/AWS
-env/aws.sh
-.bash_history
-/bin/caddy
-conf/238lights.conf
-conf/645lights.conf
-conf/trantor.conf
-conf/nadal.conf
+!build/builds.txt
+!build/plugins.txt
+!conf/example.conf
+.gitsecret/keys/random_seed
+env/
+user/
+caddy
+conf/
+build/
+user/
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@ -1,7 +1,5 @@
-env/AWS:02b947b25fe0dc38bbfba5fc66ead3d5b9b4f8d9000ccd9e4661a9ef81167ec5
-env/aws.sh:3ecd809bd40066028fe08307be8de28c4ffe4f65b2d4041e9b69f6e00172b688
-.bash_history:a33f4bf632fecde92b533ce06c80e71afeb8ffd242ee0f6cdc9cac73a5114348
 conf/238lights.conf:f7ac34b98b3beb05fd90a462aa3c80b957dec0476ece0e742ca8ba1fd6edfec1
 conf/645lights.conf:e37404eb092cb174edabc80f4a52e8deb04db6e86597ece99aa26dfc2a5d87ff
 conf/trantor.conf:7e3bffc96f071aa70ed554f16a5e53ec4b5fc3a81c51d5e53754c6dadbca00f5
 conf/nadal.conf:de7deabe33ffc65ca7a9e92fce59190f96bed294098830adae8203bf7f5a4d45
+env/AWS.env:53160933303095f14fc41747fc9e36d4743e54ec1347239f47017fd6ce5fec3e
--- a/README.md
+++ b/README.md
@ -1,21 +1,27 @@
 Caddy Web Server
 =====

-Clone this repo to /opt/caddy
+Clone this repo to /opt/caddy or your favorite location

 `git clone https://git.kebler.net/kebler.net/caddy.git /opt/caddy`

-## Install 
+## Install

 run these scripts

-`/opt/caddy/scripts/mkuser && /opt/caddy/scripts/own`
+`/opt/caddy/scripts/mkuser`

-Set the architecture binary  (either amd64 or arm64)
+Fetch or Build and Install a Caddy Binary

 `/opt/caddy/scripts/arch  <amd64|arch64>`

-Reveal the aws credentials
+## git secrets
+
+[see git secret docs](https://git-secret.io/)
+
+pre-commit hook
+
+Reveal any secrets

 open terminal on giskard in mounted caddy directory.

@ -23,16 +29,19 @@ Run

 `git secret reveal`

-it will ask for passphrase.  See entry in keepass   `kebler.net repo secret keys`
+it will ask for passphrase used when creating git secrets for repo.

 if can't mount the directory then will have to move a copy of the keyring in `~/.gnupg` to remote machine

 ## conf

-To make a new conf file to edit
+To make a new conf file run

 `/opt/caddy/scripts/newconf`

+which will create conf of the correct ownership/permissions.
+you will need to add an
+



@ -42,4 +51,4 @@ To make a new conf file to edit

 ```

-```
+```
--- a/bin/linux-arm64
+++ b/bin/linux-arm64
--- a/conf/238lights.conf.secret
+++ b/conf/238lights.conf.secret
--- a/conf/645lights.conf.secret
+++ b/conf/645lights.conf.secret
--- a/conf/nadal.conf.secret
+++ b/conf/nadal.conf.secret
--- a/conf/trantor.conf.secret
+++ b/conf/trantor.conf.secret
--- a/example-web/css/default.css
+++ b/example-web/css/default.css
@ -4,12 +4,14 @@ body {
  color: red;
  background-color: blue;
  line-height: 14pt;
-  display: block;
+  /* display: block; */
+  display: flex;
 }

 main {
  margin: 100px;
  font-size: 2em;
+  flex-direction: column
 }


@ -20,16 +22,22 @@ h1 {
 }

 p {
+  color: white;
  margin-bottom: 1em;
  line-height: 1.2em;
 }

 code {
  padding: .3em;
-  background-color: yellow !important; 
+  background-color: yellow;
  color: blue;
 }

+pre#_markdown {
+  background-color: black;
+  color: white;
+}
+
 a {
  text-decoration: none;
 }
--- a/example-web/example.md
+++ b/example-web/example.md
@ -1,13 +1,9 @@
---
-title: Example
---
 # Example Rendered Markdown
+
 This is an example markdown file rendered via a template by Caddy2

 `some code`

-<!-- ```
-
+```
 Fenced Code Block
-
-``` -->
+```
--- a/scripts/build
+++ b/scripts/build
@ -21,7 +21,7 @@ echo deleting any old executable $BIN_NAME
 echo Building binary $BIN_PATH
 export GOOS=$GOOS
 export GOARCH=$GOARCH
-export CGO_ENABLED=1
+export CGO_ENABLED=0
 [ $GOARM ] && export GOARM=$GOARM
 echo GO environment before running xcaddy
 go env
--- a/scripts/library
+++ b/scripts/library
@ -0,0 +1,52 @@
+#!/bin/bash
+echo loading caddy script library of functions
+function show-ver () {
+if [ -f "$1" ]; then
+  CUR_VER=$("$1" version)
+  if [ "$CUR_VER" ]; then
+   echo Installed Version for $1 is $CUR_VER
+  else
+    echo WARNING unable to determine version for $1. Maybe wrong os/arch binary was installed
+  fi
+else
+  echo No executable file at $1, unable to check version
+fi
+}
+
+# sets global $OS
+function get-OS () {
+  case "$OSTYPE" in
+    darwin*)  OS=mac ;;
+    linux*)   OS=linux ;;
+    bsd*)     OS=freebsd ;;
+    msys*)    OS=windows ;;
+    *)
+     echo "no caddy release for : $OSTYPE"
+     exit 0
+    ;;
+  esac
+}
+
+# sets global $ARCH
+function get-architecture () {
+echo determining system architecture
+declare -A ARCHES
+ARCHES=( ["arm64"]="arm64" ["aarch64"]="arm64"  ["x86_64"]="amd64" ["armv61"]="armv6"  ["armv71"]="armv7"  ["arm32"]="armv7"  ["armhf"]="armv7" )
+ARCH=${ARCHES[$(uname -m)]}
+  if [ ! $ARCH ]; then
+    echo  Your machine kernel architecture $(uname -m) has no caddy release
+    echo see https://github.com/caddyserver/caddy/releases
+    exit 1
+  fi
+}
+
+function get-caddy-name () {
+  get-OS
+  get-architecture
+  echo caddy binary name is $OS-$ARCH
+  CADDY_BIN=$OS-$ARCH
+}
+
+function set-env () {
+for f in $1/*.env; do source $f; done
+}
--- a/scripts/mkuser
+++ b/scripts/mkuser
@ -1,23 +1,29 @@
 #!/bin/bash
 DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
-UID=${1:-937}
+echo $DIR
+CID=${1:-937}
 sudo userdel caddy
 sudo groupadd caddy
-# change uid to your liking.  Best if same on all instances
-sudo groupmod --gid $UID caddy
+# change CID to your liking.  Best if same on all instances
+sudo groupmod --gid $CID caddy
 sudo mkdir -p $DIR/user
 sudo useradd --system \
  -m \
-  --uid 937 \
+  --uid $CID \
 	--gid caddy \
 	--create-home \
 	--home-dir "$DIR/user" \
 	--shell /bin/bash \
 	--comment "Caddy web server user" \
 	caddy
-sudo passwd caddy
-# add current user to caddy group for rw access
+echo 'caddy:caddy' | sudo chpasswd 
+sudo chown -R caddy:caddy $DIR/user
+echo adding current user $USER to caddy group for rw access
 sudo usermod -a -G caddy $USER
 cat /etc/passwd | grep caddy
-cat /etc/passwd | grep sysadmin
-$DIR/scripts/own
+PER="caddy ALL=NOPASSWD: ALL"
+echo $PER | sudo tee /etc/sudoers.d/99_caddy
+ls -la /etc/sudoers.d/*caddy
+echo added: $(cat /etc/sudoers.d/99_caddy) to sudoers.d/99_caddy
+echo checking file.... $(sudo visudo -cf /etc/sudoers.d/99_caddy)
+# $DIR/scripts/own
--- a/scripts/pre-commit
+++ b/scripts/pre-commit
--- a/scripts/run
+++ b/scripts/run
@ -1,7 +0,0 @@
-#!/bin/bash
-# one off run command for testing without systemd
-DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
-CONF=${1:-caddy}
-$DIR/env/AWS.env
-sudo -E /usr/bin/env | grep AWS
-sudo -E $DIR/caddy run --config $DIR/conf/$CONF.conf --adapter caddyfile