diff options
author | Stetsed | 2022-10-26 17:17:04 +0200 |
---|---|---|
committer | Stetsed | 2022-10-26 17:17:04 +0200 |
commit | 4bf949aff799454dd19a9c38b6085e468dcaac72 (patch) | |
tree | 6cf247788145f7bcd0f75f5c7ecf0b17503cd8b1 | |
download | aur-4bf949aff799454dd19a9c38b6085e468dcaac72.tar.gz |
2.6.2
-rw-r--r-- | .SRCINFO | 23 | ||||
-rw-r--r-- | Caddyfile | 1 | ||||
-rw-r--r-- | Caddyfile-example | 16 | ||||
-rw-r--r-- | PKGBUILD | 45 | ||||
-rw-r--r-- | caddy.service | 60 | ||||
-rw-r--r-- | caddy.sysusers | 1 | ||||
-rw-r--r-- | caddy.tmpfiles | 1 |
7 files changed, 147 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..75d2fd53e636 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,23 @@ +pkgbase = caddy-hetzner + pkgdesc = Caddy web server + pkgver = 2.6.2 + pkgrel = 1 + url = https://github.com/caddyserver/caddy + arch = any + license = Apache-2.0 + makedepends = go + makedepends = xcaddy + provides = caddy + conflicts = caddy + source = Caddyfile + source = caddy.service + source = caddy.sysusers + source = caddy.tmpfiles + source = Caddyfile-example + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP + +pkgname = caddy-hetzner diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 000000000000..fc2144456cd1 --- /dev/null +++ b/Caddyfile @@ -0,0 +1 @@ +import /etc/caddy/conf.d/* diff --git a/Caddyfile-example b/Caddyfile-example new file mode 100644 index 000000000000..8c5469ee8c20 --- /dev/null +++ b/Caddyfile-example @@ -0,0 +1,16 @@ +# For the "reverse-proxy with auto TLS certificate", add entries as follows. +# Don't forget to set `NJALLA_TOKEN`, e.g., in /var/lib/caddy/envfile +# +# example.com { +# reverse_proxy localhost:8080 +# tls { +# dns njalla {env.NJALLA_TOKEN} +# } +# } +# +# example.net { +# reverse_proxy localhost:8800 +# tls { +# dns njalla {env.NJALLA_TOKEN} +# } +# } diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..0b5b0cb39fe3 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,45 @@ +# Maintainer: Stetsed <aur.arch@stetsed.xyz> +pkgname=caddy-hetzner +pkgver=2.6.2 +pkgrel=1 +pkgdesc="Caddy web server" +arch=('any') +url="https://github.com/caddyserver/caddy" +license=('Apache-2.0') +makedepends=('go' 'xcaddy') +provides=("caddy") +conflicts=("caddy") +source=( + "Caddyfile" + "caddy.service" + "caddy.sysusers" + "caddy.tmpfiles" + "Caddyfile-example" +) +sha256sums=( + "SKIP" + "SKIP" + "SKIP" + "SKIP" + "SKIP" +) + +build() { + xcaddy build v${pkgver} --with github.com/caddy-dns/hetzner +} + +package() { + # Install the executables + install -d "$pkgdir"/usr/bin/ + install -m 755 caddy "$pkgdir"/usr/bin/ + + # Basic configuration with example + install -Dm 644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/Caddyfile" + install -d "${pkgdir}/etc/caddy/conf.d" + install -Dm 644 "${srcdir}/Caddyfile-example" -t "${pkgdir}/etc/caddy/conf.d" + + # Systemd service setup + install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system" + install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf" + install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" +} diff --git a/caddy.service b/caddy.service new file mode 100644 index 000000000000..5742eccac0f3 --- /dev/null +++ b/caddy.service @@ -0,0 +1,60 @@ +[Unit] +Description=Caddy webserver +Documentation=https://caddyserver.com/docs/ +After=network-online.target +Wants=network-online.target systemd-networkd-wait-online.service +StartLimitIntervalSec=14400 +StartLimitBurst=10 + +[Service] +User=caddy +Group=caddy + +# environment: store secrets here such as API tokens +EnvironmentFile=-/var/lib/caddy/envfile +# data directory: uses $XDG_DATA_HOME/caddy +# TLS certificates and other assets are stored here +Environment=XDG_DATA_HOME=/var/lib +# config directory: uses $XDG_CONFIG_HOME/caddy +Environment=XDG_CONFIG_HOME=/etc + +# do not print --environ here, as it may contain API tokens!! +ExecStart=/usr/bin/caddy run --config /etc/caddy/Caddyfile +ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile + +# Do not allow the process to be restarted in a tight loop. +Restart=on-abnormal + +# Use graceful shutdown with a reasonable timeout +KillMode=mixed +KillSignal=SIGQUIT +TimeoutStopSec=5s + +# Sufficient resource limits +LimitNOFILE=1048576 +LimitNPROC=512 + +# Grants binding to port 443... +AmbientCapabilities=CAP_NET_BIND_SERVICE +# ...and limits potentially inherited capabilities to this +CapabilityBoundingSet=CAP_NET_BIND_SERVICE + +# Hardening options +LockPersonality=true +NoNewPrivileges=true + +PrivateTmp=true +PrivateDevices=true + +ProtectControlGroups=true +ProtectHome=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectSystem=strict + +ReadWritePaths=/var/lib/caddy +ReadOnlyPaths=/etc/caddy +ReadOnlyPaths=-/var/lib/caddy/envfile + +[Install] +WantedBy=multi-user.target diff --git a/caddy.sysusers b/caddy.sysusers new file mode 100644 index 000000000000..6fb563371e7e --- /dev/null +++ b/caddy.sysusers @@ -0,0 +1 @@ +u caddy - "caddy daemon" /var/lib/caddy diff --git a/caddy.tmpfiles b/caddy.tmpfiles new file mode 100644 index 000000000000..c340b73cb649 --- /dev/null +++ b/caddy.tmpfiles @@ -0,0 +1 @@ +d /var/lib/caddy 0750 caddy caddy |