85 lines
2.6 KiB
Bash
Executable File
85 lines
2.6 KiB
Bash
Executable File
#!/bin/sh
|
|
# ======================================
|
|
# configure.sh v1.0; job79
|
|
# Generate caddy configuration based on
|
|
# the installed services.
|
|
# ======================================
|
|
|
|
set -eu
|
|
log() { printf '\e[%sm%s\e[0m %s\n' "${3:-36}" "${2:-○}" "$1"; }
|
|
ask() { printf '\e[33m?\e[0m %s ' "$1"; read a; [ "${a,,}" = 'y' ]; }
|
|
|
|
# gen_quadlet_file generates the caddy container quadlet file
|
|
gen_quadlet_file() {
|
|
log 'start generating quadlet file'
|
|
cat > "$CADDY_QUADLET_FILE" <<- EOF
|
|
# ============================================================================
|
|
# This file is generated by caddy/configure.sh, do not edit this file manually
|
|
# ============================================================================
|
|
[Container]
|
|
Image=docker.io/caddy:2.7
|
|
AutoUpdate=registry
|
|
|
|
# storage
|
|
Volume=caddy.volume:/data/caddy
|
|
Volume=caddy-logs.volume:/data/logs
|
|
Volume=%h/services/caddy/config:/etc/caddy:Z,ro
|
|
|
|
# networking
|
|
Network=caddy.network
|
|
PublishPort=0.0.0.0:80:80
|
|
PublishPort=0.0.0.0:443:443
|
|
PublishPort=0.0.0.0:443:443/udp
|
|
EOF
|
|
|
|
log 'search for networks with caddy=true label'
|
|
podman network ls -f label=caddy=true --format "{{.Name}}" | while read -r network; do
|
|
log "found $network" '↖' 35
|
|
echo "Network=$network" >> "$CADDY_QUADLET_FILE"
|
|
done
|
|
|
|
cat >> "$CADDY_QUADLET_FILE" <<- EOF
|
|
# security
|
|
ReadOnly=true
|
|
NoNewPrivileges=true
|
|
DropCapability=ALL
|
|
AddCapability=NET_BIND_SERVICE
|
|
|
|
[Service]
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target default.target
|
|
EOF
|
|
log 'finished generating quadlet file' '✓' 32
|
|
}
|
|
|
|
# gen_config_dir generates the caddy config directory
|
|
gen_config_dir() {
|
|
log 'generate caddy config directory with *.caddy files from services'
|
|
find "$CADDY_CONFIG_DIR" -name '*.caddy' -exec rm {} \;
|
|
find "$SERVICES_DIR" -name '*.caddy' -not -path "$CADDY_CONFIG_DIR/*" | while read -r in; do
|
|
log "found $in" '↖' 35
|
|
cp "$in" "$CADDY_CONFIG_DIR"
|
|
done
|
|
log 'finished generating caddy config directory' '✓' 32
|
|
}
|
|
|
|
## MAIN ##
|
|
SERVICES_DIR="$(dirname "$(dirname "$(realpath "$0")")")"
|
|
CADDY_QUADLET_FILE="$SERVICES_DIR/caddy/caddy.container"
|
|
CADDY_CONFIG_DIR="$SERVICES_DIR/caddy/config"
|
|
|
|
gen_quadlet_file
|
|
gen_config_dir
|
|
|
|
ask "apply config changes by reloading config (y/N)?" && \
|
|
podman exec -w /etc/caddy systemd-caddy caddy reload && \
|
|
log 'successfully applied config changes' '✓' 32
|
|
|
|
ask "restart caddy? required to join new networks (y/N)?" && \
|
|
systemctl --user daemon-reload && \
|
|
systemctl --user restart caddy && \
|
|
log 'successfully restarted caddy' '✓' 32
|