Caddy v2.4.4

8 files changed, 166 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..fb7c426ce2b8
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,23 @@
+pkgbase = caddy-naiveproxy
+	pkgdesc = Caddy web server
+	pkgver = 2.4.4
+	pkgrel = 1
+	url = https://github.com/caddyserver/caddy
+	arch = any
+	license = Apache-2.0
+	makedepends = go
+	makedepends = xcaddy
+	provides = caddy
+	conflicts = caddy
+	source = Caddyfile
+	source = caddy.service
+	source = caddy.sysusers
+	source = caddy.tmpfiles
+	source = Caddyfile-example
+	sha256sums = SKIP
+	sha256sums = SKIP
+	sha256sums = SKIP
+	sha256sums = SKIP
+	sha256sums = SKIP
+
+pkgname = caddy-naiveproxy
diff --git a/Caddyfile b/Caddyfile
new file mode 100644
index 000000000000..fc2144456cd1
--- /dev/null
+++ b/Caddyfile
@@ -0,0 +1 @@
+import /etc/caddy/conf.d/*
diff --git a/Caddyfile-example b/Caddyfile-example
new file mode 100644
index 000000000000..f3d5e64d520e
--- /dev/null
+++ b/Caddyfile-example
@@ -0,0 +1,16 @@
+# For the "reverse-proxy with auto TLS certificate", add entries as follows.
+# Don't forget to set `CLOUDFLARE_API_TOKEN`, e.g., in /var/lib/caddy/envfile
+#
+# example.com {
+# 	reverse_proxy localhost:8080
+# 	tls {
+# 		dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+# 	}
+# }
+#
+# example.net {
+# 	reverse_proxy localhost:8800
+# 	tls {
+# 		dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+# 	}
+# }
diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000000..5f786153790e
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,18 @@
+PKG := caddy-cloudflare
+
+build:
+	makepkg -f
+
+install:
+	yes | makepkg -i
+
+clean:
+	rm -rf pkg src
+	rm -rf $(PKG)*
+
+update-srcinfo:
+update-srcinfo:
+	makepkg --printsrcinfo > .SRCINFO
+
+generate-checksums:
+	makepkg -g -f -p PKGBUILD
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..670a9f44549c
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,46 @@
+# Maintainer: Nicolas Stalder <n+archlinux@stalder.io>
+# Maintainer: Shi Liang <shiliang2008@msn.com>
+pkgname=caddy-naiveproxy
+pkgver=2.4.4
+pkgrel=1
+pkgdesc="Caddy web server"
+arch=('any')
+url="https://github.com/caddyserver/caddy"
+license=('Apache-2.0')
+makedepends=('go' 'xcaddy')
+provides=("caddy")
+conflicts=("caddy")
+source=(
+  "Caddyfile"
+  "caddy.service"
+  "caddy.sysusers"
+  "caddy.tmpfiles"
+  "Caddyfile-example"
+)
+sha256sums=(
+  "SKIP"
+  "SKIP"
+  "SKIP"
+  "SKIP"
+  "SKIP"
+)
+
+build() {
+  xcaddy build v2.4.4 --with github.com/caddy-dns/cloudflare --with github.com/caddyserver/forwardproxy@caddy2=github.com/klzgrad/forwardproxy@naive
+}
+
+package() {
+  # Install the executables
+  install -d "$pkgdir"/usr/bin/
+  install -m 755 caddy "$pkgdir"/usr/bin/
+
+  # Basic configuration with example
+  install -Dm 644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/Caddyfile"
+  install -d "${pkgdir}/etc/caddy/conf.d"
+  install -Dm 644 "${srcdir}/Caddyfile-example" -t "${pkgdir}/etc/caddy/conf.d"
+
+  # Systemd service setup
+  install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system"
+  install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
+  install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
+}
diff --git a/caddy.service b/caddy.service
new file mode 100644
index 000000000000..5742eccac0f3
--- /dev/null
+++ b/caddy.service
@@ -0,0 +1,60 @@
+[Unit]
+Description=Caddy webserver
+Documentation=https://caddyserver.com/docs/
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+StartLimitIntervalSec=14400
+StartLimitBurst=10
+
+[Service]
+User=caddy
+Group=caddy
+
+# environment: store secrets here such as API tokens
+EnvironmentFile=-/var/lib/caddy/envfile
+# data directory: uses $XDG_DATA_HOME/caddy
+# TLS certificates and other assets are stored here
+Environment=XDG_DATA_HOME=/var/lib
+# config directory: uses $XDG_CONFIG_HOME/caddy
+Environment=XDG_CONFIG_HOME=/etc
+
+# do not print --environ here, as it may contain API tokens!!
+ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile
+ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
+
+# Do not allow the process to be restarted in a tight loop.
+Restart=on-abnormal
+
+# Use graceful shutdown with a reasonable timeout
+KillMode=mixed
+KillSignal=SIGQUIT
+TimeoutStopSec=5s
+
+# Sufficient resource limits
+LimitNOFILE=1048576
+LimitNPROC=512
+
+# Grants binding to port 443...
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+# ...and limits potentially inherited capabilities to this
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+
+# Hardening options
+LockPersonality=true
+NoNewPrivileges=true
+
+PrivateTmp=true
+PrivateDevices=true
+
+ProtectControlGroups=true
+ProtectHome=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectSystem=strict
+
+ReadWritePaths=/var/lib/caddy
+ReadOnlyPaths=/etc/caddy
+ReadOnlyPaths=-/var/lib/caddy/envfile
+
+[Install]
+WantedBy=multi-user.target
diff --git a/caddy.sysusers b/caddy.sysusers
new file mode 100644
index 000000000000..6fb563371e7e
--- /dev/null
+++ b/caddy.sysusers
@@ -0,0 +1 @@
+u caddy - "caddy daemon" /var/lib/caddy
diff --git a/caddy.tmpfiles b/caddy.tmpfiles
new file mode 100644
index 000000000000..c340b73cb649
--- /dev/null
+++ b/caddy.tmpfiles
@@ -0,0 +1 @@
+d /var/lib/caddy 0750 caddy caddy