#!/bin/bash
set -euo pipefail;

source "$HL_LIB";

_assert_vars HL_HETZNER_SECRET HL_DOMAIN;

_ch_001-download_binary() {
    sudo curl -L "https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fhetzner&idempotency=76765041209660" -o /usr/bin/caddy;
    sudo chmod +x /usr/bin/caddy;
}

# create data folder with correct perms
_ch_002-create_user() {
    sudo groupadd --system caddy;
    sudo useradd --system \
        --gid caddy \
        --create-home \
        --home-dir /var/lib/caddy \
        --shell /usr/sbin/nologin \
        --comment "Caddy web server" \
        caddy;
}

# fill and copy default config
_ch_003-add_config() {
    # create configuration directories and make sure
    # only caddy and we have access to them
    sudo mkdir -p /etc/caddy/conf.d;
    sudo chown -R $USER:caddy /etc/caddy;
    chmod g+s a-rwx /etc/caddy /etc/caddy/conf.d;

    cp $(_fill Caddyfile.templ) /etc/caddy/Caddyfile;
}

_ch_004-add_default_landing_page() {
    sudo mkdir -p /var/www;
    sudo cp index.html /var/www;
    cp landing.Caddyfile /etc/caddy/conf.d;
}

_ch_005-create_service() {
    sudo cp $(_fill caddy.service.templ) /etc/systemd/system/caddy.service;
    sudo systemctl daemon-reload;
    sudo systemctl enable --now caddy;
}

_ch_006-allow_firewall() {
    if command -v ufw &> /dev/null; then
        sudo ufw allow 80;
        sudo ufw allow 443;
    fi;
}

_run_checkpoints;