update readme

added build arm64 binary for distribution
added secrets for conf files
updated example website
changed build script CGO_ENABLED=0 so cross compiling works

.gitignore

@@ -1,13 +1,11 @@
-/.config/
-/.local/
-/.step/
-.gitsecret/keys/random_seed
 !*.secret
-env/AWS
+!build/builds.txt
-env/aws.sh
+!build/plugins.txt
-.bash_history
+!conf/example.conf
-/bin/caddy
+.gitsecret/keys/random_seed
-conf/238lights.conf
+env/
-conf/645lights.conf
+user/
-conf/trantor.conf
+caddy
-conf/nadal.conf
+conf/
+build/
+user/

.gitsecret/paths/mapping.cfg

@@ -1,7 +1,5 @@
-env/AWS:02b947b25fe0dc38bbfba5fc66ead3d5b9b4f8d9000ccd9e4661a9ef81167ec5
-env/aws.sh:3ecd809bd40066028fe08307be8de28c4ffe4f65b2d4041e9b69f6e00172b688
-.bash_history:a33f4bf632fecde92b533ce06c80e71afeb8ffd242ee0f6cdc9cac73a5114348
 conf/238lights.conf:f7ac34b98b3beb05fd90a462aa3c80b957dec0476ece0e742ca8ba1fd6edfec1
 conf/645lights.conf:e37404eb092cb174edabc80f4a52e8deb04db6e86597ece99aa26dfc2a5d87ff
 conf/trantor.conf:7e3bffc96f071aa70ed554f16a5e53ec4b5fc3a81c51d5e53754c6dadbca00f5
 conf/nadal.conf:de7deabe33ffc65ca7a9e92fce59190f96bed294098830adae8203bf7f5a4d45
+env/AWS.env:53160933303095f14fc41747fc9e36d4743e54ec1347239f47017fd6ce5fec3e

README.md

@@ -1,7 +1,7 @@
 Caddy Web Server
 =====
 
-Clone this repo to /opt/caddy
+Clone this repo to /opt/caddy or your favorite location
 
 `git clone https://git.kebler.net/kebler.net/caddy.git /opt/caddy`
 
@@ -9,13 +9,19 @@ Clone this repo to /opt/caddy
 
 run these scripts
 
-`/opt/caddy/scripts/mkuser && /opt/caddy/scripts/own`
+`/opt/caddy/scripts/mkuser`
 
-Set the architecture binary  (either amd64 or arm64)
+Fetch or Build and Install a Caddy Binary
 
 `/opt/caddy/scripts/arch  <amd64|arch64>`
 
-Reveal the aws credentials
+## git secrets
+
+[see git secret docs](https://git-secret.io/)
+
+pre-commit hook
+
+Reveal any secrets
 
 open terminal on giskard in mounted caddy directory.
 
@@ -23,16 +29,19 @@ Run
 
 `git secret reveal`
 
-it will ask for passphrase.  See entry in keepass   `kebler.net repo secret keys`
+it will ask for passphrase used when creating git secrets for repo.
 
 if can't mount the directory then will have to move a copy of the keyring in `~/.gnupg` to remote machine
 
 ## conf
 
-To make a new conf file to edit
+To make a new conf file run
 
 `/opt/caddy/scripts/newconf`
 
+which will create conf of the correct ownership/permissions.
+you will need to add an
+
 
 
 

example-web/css/default.css

@@ -4,12 +4,14 @@ body {
   color: red;
   background-color: blue;
   line-height: 14pt;
-  display: block;
+  /* display: block; */
+  display: flex;
 }
 
 main {
   margin: 100px;
   font-size: 2em;
+  flex-direction: column
 }
 
 
@@ -20,16 +22,22 @@ h1 {
 }
 
 p {
+  color: white;
   margin-bottom: 1em;
   line-height: 1.2em;
 }
 
 code {
   padding: .3em;
-  background-color: yellow !important; 
+  background-color: yellow;
   color: blue;
 }
 
+pre#_markdown {
+  background-color: black;
+  color: white;
+}
+
 a {
   text-decoration: none;
 }

example-web/example.md

@@ -1,13 +1,9 @@
----
-title: Example
----
 # Example Rendered Markdown
+
 This is an example markdown file rendered via a template by Caddy2
 
 `some code`
 
-<!-- ```
+```
-
 Fenced Code Block
-
+```
-``` -->

scripts/build

@@ -21,7 +21,7 @@ echo deleting any old executable $BIN_NAME
 echo Building binary $BIN_PATH
 export GOOS=$GOOS
 export GOARCH=$GOARCH
-export CGO_ENABLED=1
+export CGO_ENABLED=0
 [ $GOARM ] && export GOARM=$GOARM
 echo GO environment before running xcaddy
 go env

scripts/library

@@ -0,0 +1,52 @@
+#!/bin/bash
+echo loading caddy script library of functions
+function show-ver () {
+if [ -f "$1" ]; then
+  CUR_VER=$("$1" version)
+  if [ "$CUR_VER" ]; then
+   echo Installed Version for $1 is $CUR_VER
+  else
+    echo WARNING unable to determine version for $1. Maybe wrong os/arch binary was installed
+  fi
+else
+  echo No executable file at $1, unable to check version
+fi
+}
+
+# sets global $OS
+function get-OS () {
+  case "$OSTYPE" in
+    darwin*)  OS=mac ;;
+    linux*)   OS=linux ;;
+    bsd*)     OS=freebsd ;;
+    msys*)    OS=windows ;;
+    *)
+     echo "no caddy release for : $OSTYPE"
+     exit 0
+    ;;
+  esac
+}
+
+# sets global $ARCH
+function get-architecture () {
+echo determining system architecture
+declare -A ARCHES
+ARCHES=( ["arm64"]="arm64" ["aarch64"]="arm64"  ["x86_64"]="amd64" ["armv61"]="armv6"  ["armv71"]="armv7"  ["arm32"]="armv7"  ["armhf"]="armv7" )
+ARCH=${ARCHES[$(uname -m)]}
+  if [ ! $ARCH ]; then
+    echo  Your machine kernel architecture $(uname -m) has no caddy release
+    echo see https://github.com/caddyserver/caddy/releases
+    exit 1
+  fi
+}
+
+function get-caddy-name () {
+  get-OS
+  get-architecture
+  echo caddy binary name is $OS-$ARCH
+  CADDY_BIN=$OS-$ARCH
+}
+
+function set-env () {
+for f in $1/*.env; do source $f; done
+}

scripts/mkuser

@@ -1,23 +1,29 @@
 #!/bin/bash
 DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
-UID=${1:-937}
+echo $DIR
+CID=${1:-937}
 sudo userdel caddy
 sudo groupadd caddy
-# change uid to your liking.  Best if same on all instances
+# change CID to your liking.  Best if same on all instances
-sudo groupmod --gid $UID caddy
+sudo groupmod --gid $CID caddy
 sudo mkdir -p $DIR/user
 sudo useradd --system \
   -m \
-  --uid 937 \
+  --uid $CID \
 	--gid caddy \
 	--create-home \
 	--home-dir "$DIR/user" \
 	--shell /bin/bash \
 	--comment "Caddy web server user" \
 	caddy
-sudo passwd caddy
+echo 'caddy:caddy' | sudo chpasswd 
-# add current user to caddy group for rw access
+sudo chown -R caddy:caddy $DIR/user
+echo adding current user $USER to caddy group for rw access
 sudo usermod -a -G caddy $USER
 cat /etc/passwd | grep caddy
-cat /etc/passwd | grep sysadmin
+PER="caddy ALL=NOPASSWD: ALL"
-$DIR/scripts/own
+echo $PER | sudo tee /etc/sudoers.d/99_caddy
+ls -la /etc/sudoers.d/*caddy
+echo added: $(cat /etc/sudoers.d/99_caddy) to sudoers.d/99_caddy
+echo checking file.... $(sudo visudo -cf /etc/sudoers.d/99_caddy)
+# $DIR/scripts/own

scripts/run

@@ -1,7 +0,0 @@
-#!/bin/bash
-# one off run command for testing without systemd
-DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
-CONF=${1:-caddy}
-$DIR/env/AWS.env
-sudo -E /usr/bin/env | grep AWS
-sudo -E $DIR/caddy run --config $DIR/conf/$CONF.conf --adapter caddyfile