first commit

2020-05-12 14:51:19 -07:00 · 2020-05-12 14:51:19 -07:00 · 8de0f0914c
parent bb5203345c
commit 8de0f0914c
20 changed files with 148 additions and 0 deletions
--- a/bin/amd64/caddy
+++ b/bin/amd64/caddy
--- a/bin/arm64/caddy
+++ b/bin/arm64/caddy
--- a/1
+++ b/1
@ -0,0 +1 @@
+/opt/caddy/bin/arm64/caddy
--- a/conf/caddy.conf
+++ b/conf/caddy.conf
@ -0,0 +1,22 @@
+#!/bin/bash
+(r53) {
+   tls {
+      dns lego_deprecated route53
+    }
+}
+# Main http/https redirect for anything arriving on port 80/http
+*.kebler.net:80 {
+   redir https://{label1}.kebler.net{uri}
+}
+
+# Git Server
+https://git.238.kebler.net {
+    import r53
+    reverse_proxy http://nas.kebler.net:3000
+    }
+
+# Home Assistant Server
+https://ha.238.kebler.net {
+    import r53
+    reverse_proxy /* hassio.kebler.net:8123
+    }
--- a/env/.gitignore
+++ b/env/.gitignore
@ -0,0 +1,2 @@
+/AWS
+/aws.sh
--- a/filter/GeoLite2-Country.mmdb
+++ b/filter/GeoLite2-Country.mmdb
--- a/scripts/arch
+++ b/scripts/arch
@ -0,0 +1,6 @@
+#!/bin/bash
+ARCH=${1:-amd64}
+DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
+echo Making Link to $ARCH binary in $DIR/bin/$ARCH/caddy
+rm $DIR/caddy
+ln -s $DIR/bin/$ARCH/caddy $DIR/caddy
--- a/scripts/convert
+++ b/scripts/convert
@ -0,0 +1,2 @@
+#!/bin/bash
+/opt/caddy/caddy adapt --config /opt/caddy/caddy.conf --adapter caddyfile > caddy.json
--- a/scripts/deploy
+++ b/scripts/deploy
@ -0,0 +1,4 @@
+#!/bin/bash
+HOST=${1:-rrock64}
+# run as root
+sudo rsync -chavzP  -e 'ssh -p22  -i /home/david/.ssh/privatekeys/sysadmin.kebler.net' /opt/caddy/ root@${HOST}:/opt/caddy
--- a/scripts/mkuser
+++ b/scripts/mkuser
@ -0,0 +1,20 @@
+#!/bin/bash
+#!/bin/bash
+sudo userdel caddy
+sudo groupadd caddy
+sudo groupmod --gid 937 caddy
+sudo useradd --system \
+  -m \
+  --uid 937 \
+	--gid caddy \
+	--create-home \
+	--home-dir /opt/caddy \
+	--shell /bin/bash \
+	--comment "Caddy web server" \
+	caddy
+sudo passwd caddy
+sudo chown caddy:caddy -R /opt/caddy
+sudo usermod -a -G caddy sysadmin
+sudo chmod g+rw -R /opt/caddy
+cat /etc/passwd | grep caddy
+cat /etc/passwd | grep sysadmin
--- a/scripts/run
+++ b/scripts/run
@ -0,0 +1,5 @@
+#!/bin/bash
+# one off run command for testing without systemd
+source /opt/caddy/env/aws.sh
+sudo -E /usr/bin/env | grep AWS
+sudo -E /opt/caddy/caddy run --config /opt/caddy/conf/caddy.conf --adapter caddyfile
--- a/scripts/stop
+++ b/scripts/stop
@ -0,0 +1,2 @@
+#!/bin/bash
+sudo /opt/caddy/caddy stop
--- a/scripts/updatebin
+++ b/scripts/updatebin
@ -0,0 +1,6 @@
+#!/bin/bash
+# TODO needs work
+SERVER="download.kebler.net"
+DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit
+echo Getting updated binary
+wget
--- a/systemd/caddy-api.service
+++ b/systemd/caddy-api.service
@ -0,0 +1,25 @@
+# caddy-api.service
+#
+# For using Caddy with its API.
+#
+# This unit is "durable" in that it will automatically resume
+# the last active configuration if the service is restarted.
+
+[Unit]
+Description=Caddy
+Documentation=https://caddyserver.com/docs/
+After=network.target
+
+[Service]
+User=caddy
+Group=caddy
+ExecStart=/usr/bin/caddy run --environ --resume
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/caddy.service
+++ b/systemd/caddy.service
@ -0,0 +1,34 @@
+# caddy.service
+#
+# For using Caddy with a config file.
+#
+# Make sure the ExecStart and ExecReload commands are correct
+# for your installation.
+#
+# WARNING: This service does not use the --resume flag, so if you
+# use the API to make changes, they will be overwritten by the
+# Caddyfile next time the service is restarted. If you intend to
+# use Caddy's API to configure it, add the --resume flag to the
+# `caddy run` command or use the caddy-api.service file instead.
+
+[Unit]
+Description=Caddy
+Documentation=https://caddyserver.com/docs/
+After=network.target
+
+[Service]
+User=caddy
+Group=caddy
+EnvironmentFile=/opt/caddy/env/AWS
+WorkingDirectory=/opt/caddy
+ExecStart=/opt/caddy/caddy run --environ --config /opt/caddy/conf/caddy.conf --adapter=caddyfile
+ExecReload=/opt/caddy/caddy reload --config /opt/caddy/conf/caddy.conf --adapter=caddyfile
+TimeoutStopSec=5s
+LimitNOFILE=1048576
+LimitNPROC=512
+PrivateTmp=true
+ProtectSystem=full
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
--- a/systemd/install
+++ b/systemd/install
@ -0,0 +1,5 @@
+#!/bin/bash
+# makes link to this service file
+DIR="$(dirname "$(readlink -f "$0")")"
+sudo rm /etc/systemd/system/caddy.service
+sudo ln -s $DIR/caddy.service /etc/systemd/system/
--- a/systemd/log
+++ b/systemd/log
@ -0,0 +1,3 @@
+#!/bin/bash
+sudo journalctl --unit=caddy.service -n 50 --no-pager
+exit 1
--- a/systemd/persist
+++ b/systemd/persist
@ -0,0 +1,2 @@
+#!/bin/bash
+sudo systemctl enable caddy
--- a/systemd/start
+++ b/systemd/start
@ -0,0 +1,5 @@
+#!/bin/bash
+sudo systemctl daemon-reload
+sudo systemctl stop caddy
+sudo systemctl start caddy
+sudo systemctl status caddy
--- a/systemd/stop
+++ b/systemd/stop
@ -0,0 +1,4 @@
+#!/bin/bash
+sudo systemctl stop caddy
+sudo systemctl status caddy
+sudo journalctl --unit=caddy.service -n 100 --no-pager