diff --git a/.bash_history.secret b/.bash_history.secret deleted file mode 100644 index 5c1b6b5..0000000 Binary files a/.bash_history.secret and /dev/null differ diff --git a/.gitignore b/.gitignore index b42437d..dad52a6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,13 +1,11 @@ -/.config/ -/.local/ -/.step/ -.gitsecret/keys/random_seed !*.secret -env/AWS -env/aws.sh -.bash_history -/bin/caddy -conf/238lights.conf -conf/645lights.conf -conf/trantor.conf -conf/nadal.conf +!build/builds.txt +!build/plugins.txt +!conf/example.conf +.gitsecret/keys/random_seed +env/ +user/ +caddy +conf/ +build/ +user/ diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg index 3994d09..3765e1c 100644 --- a/.gitsecret/paths/mapping.cfg +++ b/.gitsecret/paths/mapping.cfg @@ -1,7 +1,5 @@ -env/AWS:02b947b25fe0dc38bbfba5fc66ead3d5b9b4f8d9000ccd9e4661a9ef81167ec5 -env/aws.sh:3ecd809bd40066028fe08307be8de28c4ffe4f65b2d4041e9b69f6e00172b688 -.bash_history:a33f4bf632fecde92b533ce06c80e71afeb8ffd242ee0f6cdc9cac73a5114348 conf/238lights.conf:f7ac34b98b3beb05fd90a462aa3c80b957dec0476ece0e742ca8ba1fd6edfec1 conf/645lights.conf:e37404eb092cb174edabc80f4a52e8deb04db6e86597ece99aa26dfc2a5d87ff conf/trantor.conf:7e3bffc96f071aa70ed554f16a5e53ec4b5fc3a81c51d5e53754c6dadbca00f5 conf/nadal.conf:de7deabe33ffc65ca7a9e92fce59190f96bed294098830adae8203bf7f5a4d45 +env/AWS.env:53160933303095f14fc41747fc9e36d4743e54ec1347239f47017fd6ce5fec3e diff --git a/README.md b/README.md index e80e228..767af8d 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,27 @@ Caddy Web Server ===== -Clone this repo to /opt/caddy +Clone this repo to /opt/caddy or your favorite location `git clone https://git.kebler.net/kebler.net/caddy.git /opt/caddy` -## Install +## Install run these scripts -`/opt/caddy/scripts/mkuser && /opt/caddy/scripts/own` +`/opt/caddy/scripts/mkuser` -Set the architecture binary (either amd64 or arm64) +Fetch or Build and Install a Caddy Binary `/opt/caddy/scripts/arch ` -Reveal the aws credentials +## git secrets + +[see git secret docs](https://git-secret.io/) + +pre-commit hook + +Reveal any secrets open terminal on giskard in mounted caddy directory. @@ -23,16 +29,19 @@ Run `git secret reveal` -it will ask for passphrase. See entry in keepass `kebler.net repo secret keys` +it will ask for passphrase used when creating git secrets for repo. if can't mount the directory then will have to move a copy of the keyring in `~/.gnupg` to remote machine ## conf -To make a new conf file to edit +To make a new conf file run `/opt/caddy/scripts/newconf` +which will create conf of the correct ownership/permissions. +you will need to add an + @@ -42,4 +51,4 @@ To make a new conf file to edit ``` -``` \ No newline at end of file +``` diff --git a/bin/linux-arm64 b/bin/linux-arm64 new file mode 100755 index 0000000..764926a Binary files /dev/null and b/bin/linux-arm64 differ diff --git a/conf/238lights.conf.secret b/conf/238lights.conf.secret index 4b9af1b..0d6f9b0 100644 Binary files a/conf/238lights.conf.secret and b/conf/238lights.conf.secret differ diff --git a/conf/645lights.conf.secret b/conf/645lights.conf.secret index 211a857..3aa25d7 100644 Binary files a/conf/645lights.conf.secret and b/conf/645lights.conf.secret differ diff --git a/conf/nadal.conf.secret b/conf/nadal.conf.secret index bf606b4..a0da17d 100644 Binary files a/conf/nadal.conf.secret and b/conf/nadal.conf.secret differ diff --git a/conf/trantor.conf.secret b/conf/trantor.conf.secret index 724be66..de3f1b3 100644 Binary files a/conf/trantor.conf.secret and b/conf/trantor.conf.secret differ diff --git a/example-web/css/default.css b/example-web/css/default.css index d628be7..8d3667d 100644 --- a/example-web/css/default.css +++ b/example-web/css/default.css @@ -4,12 +4,14 @@ body { color: red; background-color: blue; line-height: 14pt; - display: block; + /* display: block; */ + display: flex; } main { margin: 100px; font-size: 2em; + flex-direction: column } @@ -20,16 +22,22 @@ h1 { } p { + color: white; margin-bottom: 1em; line-height: 1.2em; } code { padding: .3em; - background-color: yellow !important; + background-color: yellow; color: blue; } +pre#_markdown { + background-color: black; + color: white; +} + a { text-decoration: none; } diff --git a/example-web/example.md b/example-web/example.md index ba0e7b2..c557be4 100644 --- a/example-web/example.md +++ b/example-web/example.md @@ -1,13 +1,9 @@ ---- -title: Example ---- # Example Rendered Markdown + This is an example markdown file rendered via a template by Caddy2 `some code` - +``` diff --git a/scripts/build b/scripts/build index ce0e586..b58f35a 100755 --- a/scripts/build +++ b/scripts/build @@ -21,7 +21,7 @@ echo deleting any old executable $BIN_NAME echo Building binary $BIN_PATH export GOOS=$GOOS export GOARCH=$GOARCH -export CGO_ENABLED=1 +export CGO_ENABLED=0 [ $GOARM ] && export GOARM=$GOARM echo GO environment before running xcaddy go env diff --git a/scripts/library b/scripts/library new file mode 100755 index 0000000..8a27683 --- /dev/null +++ b/scripts/library @@ -0,0 +1,52 @@ +#!/bin/bash +echo loading caddy script library of functions +function show-ver () { +if [ -f "$1" ]; then + CUR_VER=$("$1" version) + if [ "$CUR_VER" ]; then + echo Installed Version for $1 is $CUR_VER + else + echo WARNING unable to determine version for $1. Maybe wrong os/arch binary was installed + fi +else + echo No executable file at $1, unable to check version +fi +} + +# sets global $OS +function get-OS () { + case "$OSTYPE" in + darwin*) OS=mac ;; + linux*) OS=linux ;; + bsd*) OS=freebsd ;; + msys*) OS=windows ;; + *) + echo "no caddy release for : $OSTYPE" + exit 0 + ;; + esac +} + +# sets global $ARCH +function get-architecture () { +echo determining system architecture +declare -A ARCHES +ARCHES=( ["arm64"]="arm64" ["aarch64"]="arm64" ["x86_64"]="amd64" ["armv61"]="armv6" ["armv71"]="armv7" ["arm32"]="armv7" ["armhf"]="armv7" ) +ARCH=${ARCHES[$(uname -m)]} + if [ ! $ARCH ]; then + echo Your machine kernel architecture $(uname -m) has no caddy release + echo see https://github.com/caddyserver/caddy/releases + exit 1 + fi +} + +function get-caddy-name () { + get-OS + get-architecture + echo caddy binary name is $OS-$ARCH + CADDY_BIN=$OS-$ARCH +} + +function set-env () { +for f in $1/*.env; do source $f; done +} diff --git a/scripts/mkuser b/scripts/mkuser index 5bdf7ed..c562109 100755 --- a/scripts/mkuser +++ b/scripts/mkuser @@ -1,23 +1,29 @@ #!/bin/bash DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit -UID=${1:-937} +echo $DIR +CID=${1:-937} sudo userdel caddy sudo groupadd caddy -# change uid to your liking. Best if same on all instances -sudo groupmod --gid $UID caddy +# change CID to your liking. Best if same on all instances +sudo groupmod --gid $CID caddy sudo mkdir -p $DIR/user sudo useradd --system \ -m \ - --uid 937 \ + --uid $CID \ --gid caddy \ --create-home \ --home-dir "$DIR/user" \ --shell /bin/bash \ --comment "Caddy web server user" \ caddy -sudo passwd caddy -# add current user to caddy group for rw access +echo 'caddy:caddy' | sudo chpasswd +sudo chown -R caddy:caddy $DIR/user +echo adding current user $USER to caddy group for rw access sudo usermod -a -G caddy $USER cat /etc/passwd | grep caddy -cat /etc/passwd | grep sysadmin -$DIR/scripts/own +PER="caddy ALL=NOPASSWD: ALL" +echo $PER | sudo tee /etc/sudoers.d/99_caddy +ls -la /etc/sudoers.d/*caddy +echo added: $(cat /etc/sudoers.d/99_caddy) to sudoers.d/99_caddy +echo checking file.... $(sudo visudo -cf /etc/sudoers.d/99_caddy) +# $DIR/scripts/own diff --git a/scripts/pre-commit b/scripts/pre-commit old mode 100644 new mode 100755 diff --git a/scripts/run b/scripts/run deleted file mode 100755 index a666b13..0000000 --- a/scripts/run +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# one off run command for testing without systemd -DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit -CONF=${1:-caddy} -$DIR/env/AWS.env -sudo -E /usr/bin/env | grep AWS -sudo -E $DIR/caddy run --config $DIR/conf/$CONF.conf --adapter caddyfile