From e24be310ae8e5dfbfc3f179c0ef05c32049696ea Mon Sep 17 00:00:00 2001 From: David Kebler Date: Fri, 27 Nov 2020 14:42:53 -0800 Subject: [PATCH] reworked caddy script - removed cmdline support for netbind systemd service install now uses sed to insert the repo directory into the call service script before deploying. renamed install script to fetch as to avoid confusion as it fetches the basic binary. --- .gitignore | 2 +- scripts/caddy | 26 +++++++------------------- scripts/delete/arch | 8 -------- scripts/{install => fetch} | 0 scripts/library | 2 +- scripts/mkuser | 3 ++- scripts/own | 1 - systemd/caddy@.service | 23 ++++++----------------- systemd/install | 10 +++++++--- 9 files changed, 24 insertions(+), 51 deletions(-) delete mode 100755 scripts/delete/arch rename scripts/{install => fetch} (100%) diff --git a/.gitignore b/.gitignore index ebbcadd..a9e50fd 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,4 @@ env/ conf/ user/ build/ -user/ +/archive/ diff --git a/scripts/caddy b/scripts/caddy index 97b06d1..9671ed5 100755 --- a/scripts/caddy +++ b/scripts/caddy @@ -1,28 +1,16 @@ #!/bin/bash SDIR=$(dirname "$(readlink -f "$0")") || exit DIR=$(dirname "$SDIR") || exit +echo Caddy Reposity Root: $DIR source $SDIR/library CONF=$DIR/conf/${1:-caddy}.conf -get-caddy-name # this sets $CADDY_BIN +CMD=${2:-run} +get-caddy-bin # this sets $CADDY_BIN BIN=$DIR/bin/$CADDY_BIN -echo running caddy $BIN [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1 -if [ $INVOCATION_ID ]; then -echo running under systemd service -else - CAP="cap_net_bind_service+eip" - ISSET=$(getcap $BIN | grep $CAP ) - echo before $ISSET - if [ ! "$ISSET" ]; then - echo binary not set for binding port 80 by non-root users, attempting to set - sudo setcap $CAP $BIN - ISSET=$(getcap $BIN | grep $CAP) - echo after $ISSET - [ ! "$ISSET" ] && echo unable to set port binding && exit 1 -fi -fi -echo $BIN run --config $CONF --adapter caddyfile -set-env $DIR/env -su -c "for f in $DIR/env/*.env; do source $f; done && $BIN run --config $CONF --adapter caddyfile" - caddy +# source any need environment files in $DIR/env +for f in $DIR/env/*.env; do source $f; done +echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER +$BIN $CMD --config $CONF --adapter caddyfile diff --git a/scripts/delete/arch b/scripts/delete/arch deleted file mode 100755 index 7021407..0000000 --- a/scripts/delete/arch +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -ARCH=${1:-amd64} -DIR=$(dirname "$(dirname "$(readlink -f "$0")")") || exit -echo Making Link to $ARCH binary in $DIR/bin/$ARCH/caddy -rm $DIR/caddy -ln -s $DIR/bin/$ARCH/caddy $DIR/caddy -sudo chown caddy:sysadmin $DIR/bin/$ARCH/caddy -sudo chown -h caddy:sysadmin $DIR/caddy diff --git a/scripts/install b/scripts/fetch similarity index 100% rename from scripts/install rename to scripts/fetch diff --git a/scripts/library b/scripts/library index 8a27683..f57baa0 100755 --- a/scripts/library +++ b/scripts/library @@ -40,7 +40,7 @@ ARCH=${ARCHES[$(uname -m)]} fi } -function get-caddy-name () { +function get-caddy-bin () { get-OS get-architecture echo caddy binary name is $OS-$ARCH diff --git a/scripts/mkuser b/scripts/mkuser index c562109..0ab6796 100755 --- a/scripts/mkuser +++ b/scripts/mkuser @@ -16,7 +16,8 @@ sudo useradd --system \ --shell /bin/bash \ --comment "Caddy web server user" \ caddy -echo 'caddy:caddy' | sudo chpasswd +echo 'caddy:caddy' | sudo chpasswd # user:password +echo "set caddy user password to \'caddy\'" sudo chown -R caddy:caddy $DIR/user echo adding current user $USER to caddy group for rw access sudo usermod -a -G caddy $USER diff --git a/scripts/own b/scripts/own index a6ed8d3..386930a 100755 --- a/scripts/own +++ b/scripts/own @@ -6,6 +6,5 @@ sudo chown -R caddy:caddy $DIR sudo chmod -R ug=rw,o=r,a+X $DIR sudo chmod ug+x -R $DIR/scripts sudo chmod ug+x -R $DIR/env -sudo chmod ug+x -R $DIR/caddy sudo chmod ug+x -R $DIR/bin sudo chmod ug+x -R $DIR/build/bin diff --git a/systemd/caddy@.service b/systemd/caddy@.service index 5bec525..b655168 100644 --- a/systemd/caddy@.service +++ b/systemd/caddy@.service @@ -1,16 +1,6 @@ -# caddy.service -# -# For using Caddy with a config file. -# -# Make sure the ExecStart and ExecReload commands are correct -# for your installation. -# -# WARNING: This service does not use the --resume flag, so if you -# use the API to make changes, they will be overwritten by the -# Caddyfile next time the service is restarted. If you intend to -# use Caddy's API to configure it, add the --resume flag to the -# `caddy run` command or use the caddy-api.service file instead. -# use sed to get caddy directory at install +# caddy@.service +# For using Caddy2 and a caddyfile. +# Using caddy repository at @d see @d/README.md [Unit] Description=Caddy @@ -21,10 +11,9 @@ After=network.target # base directory must be hard coded User=caddy Group=caddy -WorkingDirectory=/opt/caddy -ExecStart= - -ExecReload=/opt/caddy/scripts/caddy reload --config /opt/caddy/conf/%.conf --adapter=caddyfile +WorkingDirectory=@d +ExecStart=@d/scripts/caddy %i +ExecReload=@d/scripts/caddy %i reload TimeoutStopSec=5s LimitNOFILE=1048576 LimitNPROC=512 diff --git a/systemd/install b/systemd/install index 339bce8..442d52f 100755 --- a/systemd/install +++ b/systemd/install @@ -1,5 +1,9 @@ #!/bin/bash # copies template to systemd -DIR="$(dirname "$(readlink -f "$0")")" -sudo rm /etc/systemd/system/caddy@.service -sudo cp $DIR/caddy@.service /etc/systemd/system/ +SDIR=$(dirname "$(readlink -f "$0")") || exit +DIR=$(dirname "$SDIR") || exit +SDDIR="/etc/systemd/system" +echo Caddy Reposity Root: $DIR +echo "Installing Template Service file at $SDIR/caddy@.service" +echo ---- Service file as written to $SDDIR ---- +cat $SDIR/caddy@.service | sed 's:@d:'$DIR':'g | sudo tee $SDDIR/caddy@.service