From 6567658636f594f1db419059cf40503b62b31094 Mon Sep 17 00:00:00 2001
From: "kebler.net" <kebler.net@gmail.com>
Date: Sun, 10 Oct 2021 12:36:03 -0700
Subject: [PATCH] refactor of caddy script - put commandline option back int -
 supports instance folder in conf/ -  supports _shared conf folder -- supports
 instance script moved instance specific conf to branches moved things around
 and updated gitigonre in support of refactored script

---
 .gitignore                                |   9 +++---
 build/builds.txt                          |   1 +
 conf/_shared/aws/aws.env                  |   4 +++
 conf/_shared/aws/credentials.example      |   7 +++++
 conf/_shared/aws/readme.md                |   2 ++
 conf/example/script                       |   4 +++
 env/AWS.env.secret                        | Bin 615 -> 0 bytes
 {filter => filters}/GeoLite2-Country.mmdb | Bin
 scripts/caddy                             |  33 +++++++++++++++++-----
 9 files changed, 49 insertions(+), 11 deletions(-)
 create mode 100755 conf/_shared/aws/aws.env
 create mode 100644 conf/_shared/aws/credentials.example
 create mode 100644 conf/_shared/aws/readme.md
 create mode 100644 conf/example/script
 delete mode 100755 env/AWS.env.secret
 rename {filter => filters}/GeoLite2-Country.mmdb (100%)

diff --git a/.gitignore b/.gitignore
index a9e50fd..6fbd91e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,10 +1,11 @@
 !*.secret
 !build/builds.txt
 !build/plugins.txt
-!conf/example.conf
+!conf/_shared/example/caddy.conf
+!conf/example/
 .gitsecret/keys/random_seed
-env/
-conf/
 user/
 build/
-/archive/
+caddy.conf
+*credentials
+temp/
\ No newline at end of file
diff --git a/build/builds.txt b/build/builds.txt
index a6339a4..b1e2bfc 100644
--- a/build/builds.txt
+++ b/build/builds.txt
@@ -1 +1,2 @@
 linux arm64
+linux amd64
diff --git a/conf/_shared/aws/aws.env b/conf/_shared/aws/aws.env
new file mode 100755
index 0000000..f9aec1b
--- /dev/null
+++ b/conf/_shared/aws/aws.env
@@ -0,0 +1,4 @@
+echo setting AWS environment
+export AWS_CONFIG_FILE=$CONF_SHARED_DIR/aws/profiles
+export AWS_SHARED_CREDENTIALS_FILE=$CONF_SHARED_DIR/aws/credentials
+env | grep AWS
\ No newline at end of file
diff --git a/conf/_shared/aws/credentials.example b/conf/_shared/aws/credentials.example
new file mode 100644
index 0000000..bc66833
--- /dev/null
+++ b/conf/_shared/aws/credentials.example
@@ -0,0 +1,7 @@
+[profle1]
+aws_access_key_id = AKIASOMEKEY
+aws_secret_access_key = 9VAWosLSOMESECRET
+
+[profile2]
+aws_access_key_id = 
+aws_secret_access_key = 
diff --git a/conf/_shared/aws/readme.md b/conf/_shared/aws/readme.md
new file mode 100644
index 0000000..4ac53af
--- /dev/null
+++ b/conf/_shared/aws/readme.md
@@ -0,0 +1,2 @@
+# AWS Route 53 DNS Challenge Plugin
+### Using AWS Route53 Plugin with Caddy to authenticate subdomains for use with caddy/letsencrypt
diff --git a/conf/example/script b/conf/example/script
new file mode 100644
index 0000000..2fbf350
--- /dev/null
+++ b/conf/example/script
@@ -0,0 +1,4 @@
+#!/bin/bash
+echo running custom script for $INSTANCE
+source ${CONF_SHARED_DIR}/aws/aws.env
+
diff --git a/env/AWS.env.secret b/env/AWS.env.secret
deleted file mode 100755
index b662d341645f4aba904c61bfa6a88c16a951ed87..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 615
zcmV-t0+{`U0gMCgu7OP^x^5Ez3;?ZW%z}>xz(>fFB4_5`ShX4C0nRnc)VxETE`^C|
zOGGG)a$pObw)y5a%<q-fx3G`dw#9H4cM{iDbhChhdc(fvWW$lI!zn4nO!wj}h7c~|
zjS%%4(QaQA5cdqPOIh5|o-Q2^^J)jj8j=JFBh-7=VXL=?)av-RlX`*!cr;r%l>(vm
z$47$7nU(wES_mAXaw-jFv>QtLFkM}6E4bVz8T5Ko)HpT2cQ-tQ7NG-TTj3pLnn|xg
z&#rM9<1?BZ<q;3=im-)uXlaWp1+@O^V>7ELK{hr9wsk6V)&F6+__Qa`sjcHviUt-y
z4!RSpt7zJ+Za1H3zbCfA&6H))x3Mq`zMCS}^TvVL9$eexw|KB_{c||Kk}V&-KTekz
zxKw()hwcQpkty@u$y)#;v%jJF^6oR`xIBmoXqhPXF4*9GR0Ht^uM7{JBqc2ZVf5H4
zMq~K(&C$cjMeC=SQAU0#ewQ+r50f&vpZu^q4%&9%r80I$spY#x-$c^D6#+jS+(40+
z(^~`t(!kRRQHD=l5=U^fePuM@O@@@iu>RyX%p9NVrh+!c`p5*w1CKU=+~69Z7evhp
zEp##e1CTaA)Rj|JD>9Cd_3;>D*?p&adXuKo0vfh>_Wn|UMU;Nt>$kkRdtT9Svq9kX
z=`U@hkKHl_bRQV4Q2*2)o3_G71Y!EgFZXGX>s4FJYz@R)qPhAYM74I{K%vHCPPu(G
z?N2C^y5r_u)BX#b{x~`jiLe4c2hs(jBdbX4a32?Utqog&s<@_Jq~f}mF<*K>YLii%
BG5G)h

diff --git a/filter/GeoLite2-Country.mmdb b/filters/GeoLite2-Country.mmdb
similarity index 100%
rename from filter/GeoLite2-Country.mmdb
rename to filters/GeoLite2-Country.mmdb
diff --git a/scripts/caddy b/scripts/caddy
index 9671ed5..d04bd65 100755
--- a/scripts/caddy
+++ b/scripts/caddy
@@ -1,16 +1,35 @@
 #!/bin/bash
 SDIR=$(dirname "$(readlink -f "$0")") || exit
 DIR=$(dirname "$SDIR") || exit
-echo Caddy Reposity Root: $DIR
+INSTANCE=${1:-default}
 source $SDIR/library
-CONF=$DIR/conf/${1:-caddy}.conf
-CMD=${2:-run}
+echo $SDIR
 get-caddy-bin # this sets $CADDY_BIN
+CONF_DIR=$DIR/conf/$INSTANCE
+CONF_SHARED_DIR=$DIR/conf/_shared
+CONF=$CONF_DIR/caddy.conf
+SCRIPT=$CONF_DIR/script
 BIN=$DIR/bin/$CADDY_BIN
+echo running caddy $BIN
 [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1
 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1
 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1
-# source any need environment files in $DIR/env
-for f in $DIR/env/*.env; do source $f; done
-echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER
-$BIN $CMD --config $CONF --adapter caddyfile
+if [ -f "$SCRIPT" ]; then
+   source $SCRIPT
+fi
+if [ ! $INVOCATION_ID ]; then
+  CAP="cap_net_bind_service+eip"
+  ISSET=$(getcap $BIN | grep $CAP )
+  if [ ! "$ISSET" ]; then
+    echo binary $BIN not set for binding port 80 by non-root users, attempting to set
+    sudo setcap $CAP $BIN
+    ISSET=$(getcap $BIN | grep $CAP)
+    echo after $ISSET
+    [ ! "$ISSET" ] && echo unable to set port binding && exit 1
+  fi
+  echo running caddy from commandline, enter caddy user password
+  su -c "$BIN run --config $CONF --adapter caddyfile" caddy
+else
+  echo running caddy via systemd service
+  $BIN run --config $CONF --adapter caddyfile
+fi
\ No newline at end of file