bain/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update caddy and landing page config

Browse source
This commit is contained in:
bain 2023-08-05 14:24:42 +02:00
parent f05125f313
commit 917ce3bf0a
5 changed files with 74 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
scripts/caddy/Caddyfile.templ
View file

@ -2,8 +2,14 @@
acme_dns hetzner $hetzner_secret acme_dns hetzner $hetzner_secret
} }
https://$domain { (blocked_matcher) {
respond "Hello world" @blocked not remote_ip 10.0.0.0/24 10.0.89.0/24 127.0.0.1
}
(internal_only) {
import blocked_matcher
handle @blocked {
abort
}
} }
import /etc/caddy/conf.d/* import /etc/caddy/conf.d/*

1
scripts/caddy/caddy.service → scripts/caddy/caddy.service.templ
View file

@ -32,6 +32,7 @@ PrivateDevices=yes
PrivateTmp=true PrivateTmp=true
ProtectSystem=full ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment="DOMAIN=$domain"
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

34
scripts/caddy/index.html Normal file
View file

@ -0,0 +1,34 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>hangar.in</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
body {
background: #1a1a1a;
font-family: monospace;
color: #fefefe;
}
h1 {
font-size: large;
}
.container {
position: absolute;
top: 50%;
left: 50%;
width: min(50ch, 95vw);
transform: translate(-50%, -50%);
}
</style>
</head>
<body>
<div class="container">
<h1>
Welcome to the hangar! Your connection does not come from inside our network.
Please turn on the VPN, or hop on the next train to Prague :)
</h1>
<p>~ Admins, with ❤️</p>
</div>
</body>
</html>

10
scripts/caddy/landing.Caddyfile Normal file
View file

@ -0,0 +1,10 @@
https://{$DOMAIN} {
import blocked_matcher
handle @blocked {
file_server {
root /var/www
status 403
}
}
respond "Hello from the inside!"
}

36
scripts/caddy/script.sh
View file

@ -10,19 +10,8 @@ _ch_001-download_binary() {
sudo chmod +x /usr/bin/caddy; sudo chmod +x /usr/bin/caddy;
} }
# fill and copy config
_ch_002-add_config() {
sudo mkdir -p /etc/caddy/conf.d;
sudo cp $(_fill Caddyfile.templ) /etc/caddy/Caddyfile;
sudo chmod a+rx /etc/caddy;
sudo chgrp $USER /etc/caddy/Caddyfile;
sudo chmod a+r,g+w /etc/caddy/Caddyfile;
sudo chgrp $USER /etc/caddy/conf.d;
sudo chmod a+rx,g+w /etc/caddy/conf.d;
}
# create data folder with correct perms # create data folder with correct perms
_ch_003-create_user() { _ch_002-create_user() {
sudo groupadd --system caddy; sudo groupadd --system caddy;
sudo useradd --system \ sudo useradd --system \
--gid caddy \ --gid caddy \
@ -33,13 +22,30 @@ _ch_003-create_user() {
caddy; caddy;
} }
_ch_004-create_service() { # fill and copy default config
sudo cp caddy.service /etc/systemd/system/caddy.service; _ch_003-add_config() {
# create configuration directories and make sure
# only caddy and we have access to them
sudo mkdir -p /etc/caddy/conf.d;
sudo chown -R $USER:caddy /etc/caddy;
chmod g+s a-rwx /etc/caddy /etc/caddy/conf.d;
cp $(_fill Caddyfile.templ) /etc/caddy/Caddyfile;
}
_ch_004-add_default_landing_page() {
sudo mkdir -p /var/www;
sudo cp index.html /var/www;
cp landing.Caddyfile /etc/caddy/conf.d;
}
_ch_005-create_service() {
sudo cp $(_fill caddy.service.templ) /etc/systemd/system/caddy.service;
sudo systemctl daemon-reload; sudo systemctl daemon-reload;
sudo systemctl enable --now caddy; sudo systemctl enable --now caddy;
} }
_ch_005-allow_firewall() { _ch_006-allow_firewall() {
if command -v ufw &> /dev/null; then if command -v ufw &> /dev/null; then
sudo ufw allow 80; sudo ufw allow 80;
sudo ufw allow 443; sudo ufw allow 443;