#!/bin/bash
set -euo pipefail;

source "$HL_LIB";

_assert_vars HL_HETZNER_SECRET HL_DOMAIN;

_ch_001-download_binary() {
    sudo curl -L "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fhetzner&idempotency=76765041209660" -o /usr/bin/caddy;
    sudo chmod +x /usr/bin/caddy;
}

# fill and copy config
_ch_002-add_config() {
    sudo mkdir -p /etc/caddy/conf.d;
    sudo cp $(_fill Caddyfile.templ) /etc/caddy/Caddyfile;
    sudo chmod a+rx /etc/caddy;
    sudo chgrp $USER /etc/caddy/Caddyfile;
    sudo chmod a+r,g+w /etc/caddy/Caddyfile;
    sudo chgrp $USER /etc/caddy/conf.d;
    sudo chmod a+rx,g+w /etc/caddy/conf.d;
}

# create data folder with correct perms
_ch_003-create_user() {
    sudo groupadd --system caddy;
    sudo useradd --system \
        --gid caddy \
        --create-home \
        --home-dir /var/lib/caddy \
        --shell /usr/sbin/nologin \
        --comment "Caddy web server" \
        caddy;
}

_ch_004-create_service() {
    sudo cp caddy.service /etc/systemd/system/caddy.service;
    sudo systemctl daemon-reload;
    sudo systemctl enable --now caddy;
}

_ch_005-allow_firewall() {
    if command -v ufw &> /dev/null; then
        sudo ufw allow 80;
        sudo ufw allow 443;
    fi;
}

_run_checkpoints;