balki-aur/caddy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

move next version to current root dir

Browse Source
This commit is contained in:
Levente Polyak 2021-02-13 04:19:40 +00:00
parent d1733f1e11
commit f87a41a2de
13 changed files with 144 additions and 411 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Caddyfile
View File

@ -1,6 +1,40 @@
*:80 { # The Caddyfile is an easy way to configure your Caddy web server.
gzip #
root /usr/share/caddy # https://caddyserver.com/docs/caddyfile
#
# The configuration below serves a welcome page over HTTP on port 80.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
#
# https://caddyserver.com/docs/caddyfile/concepts#addresses
{
# Restrict the admin interface to a local unix file socket whose directory
# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
# modification for any process and user that has access to the local
# interface. If admin over TCP is turned on one should make sure
# implications are well understood.
admin "unix//run/caddy/admin.socket"
} }
import conf.d/*.conf http:// {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# Refer to the directive documentation for more options.
# https://caddyserver.com/docs/caddyfile/directives
}
# Import additional caddy config files in /etc/caddy/conf.d/
import /etc/caddy/conf.d/*

171
PKGBUILD
View File

@ -1,4 +1,5 @@
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org> # Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Maintainer: Christian Rebischke <chris.rebischke@archlinux.org>
# Contributor: Wei Congrui < crvv.mail at gmail dot com > # Contributor: Wei Congrui < crvv.mail at gmail dot com >
# Contributor: Carl George < arch at cgtx dot us > # Contributor: Carl George < arch at cgtx dot us >
# Contributor: Eric Engeström <eric at engestrom dot ch> # Contributor: Eric Engeström <eric at engestrom dot ch>
@ -6,29 +7,35 @@
# Contributor: Akshay S Dinesh <asdofindia at gmail dot com> # Contributor: Akshay S Dinesh <asdofindia at gmail dot com>
pkgname=caddy pkgname=caddy
pkgver=1.0.5 pkgver=2.3.0
_gitcommit=11ae1aa6b88e45b077dd97cb816fe06cd91cca67 _gitcommit=b4989773ebb2dff21283ee50ec667f9138bdd292
_distcommit=9e93bfd85c97d71ab842a4a4b555d358295c914e _distcommit=e784a6dd41d1cd4f72de2a427961bfb097b72cf9
pkgrel=2 pkgrel=1
pkgdesc='HTTP/2 Web Server with Automatic HTTPS' pkgdesc='Fast web server with automatic HTTPS'
url='https://caddyserver.com' url='https://caddyserver.com'
arch=('x86_64') arch=('x86_64')
license=('Apache') license=('Apache')
depends=('glibc') depends=('glibc')
makedepends=('go' 'git') makedepends=('go' 'git')
backup=('etc/caddy/caddy.conf') backup=('etc/caddy/Caddyfile')
source=("git+https://github.com/caddyserver/caddy#commit=${_gitcommit}?signed" source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed"
caddy-${_distcommit}-index.html::https://raw.githubusercontent.com/caddyserver/dist/${_distcommit}/welcome/index.html caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}"
caddy.service caddy.service
caddy-api.service
caddy.tmpfiles caddy.tmpfiles
caddy.sysusers
Caddyfile Caddyfile
plugins.go) use-data-dir-for-autosave.patch
sha256sums=('SKIP' override-main-module-version.patch)
'7668022a48b0cbf459190f0bbfbfb32ae066449a95e006367cac9e1befa80c5f' sha512sums=('SKIP'
'c14ac8681e0434caf2c68e4a18dc59f8796fdffe9039f2e3c799ca64d37aa1ea' 'SKIP'
'c8f002f5ba59985a643600dc3c871e18e110903aa945ef3f2da7c9edd39fbd7a' 'd162f16e16be1673f11c384b79505b82fedbecacea77c2e64303b573aa982ace5706fb74eb7d0b219c5935427459537b685832357aed5ee48345648f439bf274'
'fb998b6de7bfe58f65c62eab37a4885e70833d19902da089766ad627a5f5a305' 'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0'
'69956ee6a54ee0469fdee77f6d07cccee61699b1ee24e2f94ef6017c7ec1118b') '55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742'
'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f'
'716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0'
'563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41'
'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b')
validpgpkeys=( validpgpkeys=(
29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com> 29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com>
) )
@ -39,116 +46,52 @@ pkgver() {
} }
prepare() { prepare() {
cd ${pkgname}/caddy cd "${pkgname}"
sed 's|/var/www/html|/srv/http|g' -i "${srcdir}/caddy-${_distcommit}-index.html" # welcome page
sed 's|Version: "unknown"|Version: "v'${pkgver}'"|' -i caddymain/run.go cp ../caddy-dist/welcome/index.html .
sed 's|/var/www/html|/srv/http|g' -i index.html
cat > main.go <<EOF # do not write in /etc
package main patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch"
# fix version identifier if not built from a module
import ( patch -Np1 < "${srcdir}/override-main-module-version.patch"
"github.com/caddyserver/caddy/caddy/caddymain" sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go
EOF
if [ ${#_plugins[@]} -gt 0 ]; then
echo "enabled plugins: ${_plugins[*]}"
go run "${srcdir}/plugins.go" "${_plugins[@]}" >> main.go
fi
cat >> main.go <<EOF
)
func main() {
caddymain.EnableTelemetry = false
caddymain.Run()
}
EOF
} }
build() { build() {
cd ${pkgname}/caddy cd "${pkgname}/cmd/caddy/"
export CGO_LDFLAGS="${LDFLAGS}"
export CGO_CPPFLAGS="${CPPFLAGS}" export CGO_CPPFLAGS="${CPPFLAGS}"
export CGO_CFLAGS="${CFLAGS}" export CGO_CFLAGS="${CFLAGS}"
export CGO_CXXFLAGS="${CXXFLAGS}" export CGO_CXXFLAGS="${CXXFLAGS}"
export CGO_LDFLAGS="${LDFLAGS}" export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
export GOFLAGS="-buildmode=pie -trimpath -modcacherw" go build .
go build -v . }
check() {
cd "${pkgname}"
go test ./...
version=$(./cmd/caddy/caddy version)
echo "Caddy version: ${version}"
if [[ $version != v$pkgver ]]; then
exit 1
fi
} }
package() { package() {
cd ${pkgname}/caddy cd "${pkgname}"
install -Dm 755 caddy -t "${pkgdir}/usr/bin" install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin"
install -Dm 644 "${srcdir}/caddy.service" -t "${pkgdir}/usr/lib/systemd/system"
install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system"
install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf" install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
install -Dm 644 "${srcdir}/Caddyfile" "${pkgdir}/etc/caddy/caddy.conf" install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
install -Dm 644 "${srcdir}/caddy-${_distcommit}-index.html" "${pkgdir}/usr/share/caddy/index.html"
install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy"
install -d "${pkgdir}/etc/caddy/conf.d" install -d "${pkgdir}/etc/caddy/conf.d"
install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html"
install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions"
install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy"
} }
# carefully check before enabling any plugin, they are basically untrusted code
# the enabled tls.dns plugins are built by mholt and maintained in the same space
_plugins=(
# 'dns'
# 'docker'
# 'dyndns'
# 'hook.service'
# 'http.authz'
# 'http.awses'
# 'http.awslambda'
# 'http.cache'
# 'http.cgi'
# 'http.cors'
# 'http.datadog'
# 'http.expires'
# 'http.filter'
# 'http.forwardproxy'
# 'http.geoip'
# 'http.git'
# 'http.gopkg'
# 'http.grpc'
# 'http.ipfilter'
# 'http.jwt'
# 'http.locale'
# 'http.login'
# 'http.mailout'
# 'http.minify'
# 'http.nobots'
# 'http.prometheus'
# 'http.proxyprotocol'
# 'http.ratelimit'
# 'http.realip'
# 'http.reauth'
# 'http.restic'
# 'http.s3browser'
# 'http.supervisor'
# 'http.webdav'
# 'net'
# 'supervisor'
'tls.dns.auroradns'
'tls.dns.azure'
'tls.dns.cloudflare'
'tls.dns.cloudxns'
'tls.dns.digitalocean'
'tls.dns.dnsimple'
'tls.dns.dnsmadeeasy'
'tls.dns.dnspod'
'tls.dns.duckdns'
'tls.dns.dyn'
'tls.dns.exoscale'
'tls.dns.gandi'
'tls.dns.gandiv5'
'tls.dns.godaddy'
'tls.dns.googlecloud'
'tls.dns.lightsail'
'tls.dns.linode'
'tls.dns.namecheap'
'tls.dns.namedotcom'
'tls.dns.ns1'
'tls.dns.otc'
'tls.dns.ovh'
'tls.dns.powerdns'
'tls.dns.rackspace'
'tls.dns.rfc2136'
'tls.dns.route53'
'tls.dns.vultr'
)
# vim: ts=2 sw=2 et: # vim: ts=2 sw=2 et:

0
next/caddy-api.service → caddy-api.service
View File

66
caddy.service
View File

@ -1,44 +1,70 @@
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit] [Unit]
Description=Caddy HTTP/2 web server Description=Caddy web server
Documentation=https://caddyserver.com/docs Documentation=https://caddyserver.com/docs/
After=network-online.target After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=14400 StartLimitIntervalSec=14400
StartLimitBurst=10 StartLimitBurst=10
[Service] [Service]
User=http User=caddy
Group=http Group=caddy
Environment=CADDYPATH=/var/lib/caddy Environment=XDG_DATA_HOME=/var/lib
EnvironmentFile=-/etc/caddy/envfile Environment=XDG_CONFIG_HOME=/etc
ExecStart=/usr/bin/caddy -log stdout -agree -conf /etc/caddy/caddy.conf -root=/usr/share/caddy ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/kill -USR1 $MAINPID ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
# Do not allow the process to be restarted in a tight loop. If the # Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed. # process fails to start, something critical needs to be fixed.
Restart=on-abnormal Restart=on-abnormal
# Use graceful shutdown with a reasonable timeout # Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s TimeoutStopSec=5s
LimitNOFILE=1048576 LimitNOFILE=1048576
LimitNPROC=512 LimitNPROC=512
# Hardening options # Hardening options
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
ReadWritePaths=/var/lib/caddy /var/log/caddy
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true CapabilityBoundingSet=CAP_NET_BIND_SERVICE
ProtectKernelTunables=true DevicePolicy=closed
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true LockPersonality=true
MemoryAccounting=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

0
next/caddy.sysusers → caddy.sysusers
View File

5
caddy.tmpfiles
View File

@ -1,2 +1,3 @@
d /var/lib/caddy 0750 http http d /var/lib/caddy 0750 caddy caddy
d /var/log/caddy 0750 http http d /var/log/caddy 0750 caddy caddy
d /run/caddy 0750 caddy caddy

40
next/Caddyfile
View File

@ -1,40 +0,0 @@
# The Caddyfile is an easy way to configure your Caddy web server.
#
# https://caddyserver.com/docs/caddyfile
#
# The configuration below serves a welcome page over HTTP on port 80.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
#
# https://caddyserver.com/docs/caddyfile/concepts#addresses
{
# Restrict the admin interface to a local unix file socket whose directory
# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
# modification for any process and user that has access to the local
# interface. If admin over TCP is turned on one should make sure
# implications are well understood.
admin "unix//run/caddy/admin.socket"
}
http:// {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# Refer to the directive documentation for more options.
# https://caddyserver.com/docs/caddyfile/directives
}
# Import additional caddy config files in /etc/caddy/conf.d/
import /etc/caddy/conf.d/*

97
next/PKGBUILD
View File

@ -1,97 +0,0 @@
# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
# Maintainer: Christian Rebischke <chris.rebischke@archlinux.org>
# Contributor: Wei Congrui < crvv.mail at gmail dot com >
# Contributor: Carl George < arch at cgtx dot us >
# Contributor: Eric Engeström <eric at engestrom dot ch>
# Contributor: Andreas Linz <klingt.net at gmail dot com>
# Contributor: Akshay S Dinesh <asdofindia at gmail dot com>
pkgname=caddy
pkgver=2.3.0
_gitcommit=b4989773ebb2dff21283ee50ec667f9138bdd292
_distcommit=e784a6dd41d1cd4f72de2a427961bfb097b72cf9
pkgrel=1
pkgdesc='Fast web server with automatic HTTPS'
url='https://caddyserver.com'
arch=('x86_64')
license=('Apache')
depends=('glibc')
makedepends=('go' 'git')
backup=('etc/caddy/Caddyfile')
source=("git+https://github.com/caddyserver/caddy#tag=${_gitcommit}?signed"
caddy-dist::"git+https://github.com/caddyserver/dist#commit=${_distcommit}"
caddy.service
caddy-api.service
caddy.tmpfiles
caddy.sysusers
Caddyfile
use-data-dir-for-autosave.patch
override-main-module-version.patch)
sha512sums=('SKIP'
'SKIP'
'd162f16e16be1673f11c384b79505b82fedbecacea77c2e64303b573aa982ace5706fb74eb7d0b219c5935427459537b685832357aed5ee48345648f439bf274'
'a4d9bbcccf3c6fe9be2b7ba98214d579ecd40991c5cc520ca1d105f307b31622f1c6b5a6cd7a4e8b32ccd2a229ed70115cba9c507baa413803897b7183f9abe0'
'55ee8d3f8b14f9adddc7a1026addcea4f85b4bae4cd512fd4da2a5e8adaae4b6fd0f486d2e3847f75518f4710a897b4fca84e48ee15700b968bad762125c4742'
'c893d88fec89e37da6596030c8dce7103e7e575371e8542a24d2a0741e877358d85219f2d8ade9d6aa0f515efe1156a4badd9fef5f65f553a5b0c72330c4728f'
'716da3f4edeb3561243aeaf5c32b01ff7a4ac810b6deba8364fb12a1f71b6a5278c34a97b289bcfdc48784679b942bf780f1f36d416a575791168c94b0d59fe0'
'563d6b45e91fc584fb5a27caaa382f59c140cb0a1b28b8d8faced4f7c7cad86d8671eb6ac10056f41518a842c8f606130d7e0c71df2b731d5eb0b4c868ea5d41'
'b06369dd976cfcc9b519782c088efa5fba25db61663112fcc4e20b108d5165cbebcf63b6fe6d1e36119a55271374bac0037a4d07af412241d6a4d2b4f4efda0b')
validpgpkeys=(
29D0817A67156E4F25DC24782A349DD577D586A5 # Matthew Holt <mholt@users.noreply.github.com>
)
pkgver() {
cd ${pkgname}
git describe --tags --match 'v*' | sed 's/^v//;s/\([^-]*-g\)/r\1/;s/-/./g'
}
prepare() {
cd "${pkgname}"
# welcome page
cp ../caddy-dist/welcome/index.html .
sed 's|/var/www/html|/srv/http|g' -i index.html
# do not write in /etc
patch -Np1 < "${srcdir}/use-data-dir-for-autosave.patch"
# fix version identifier if not built from a module
patch -Np1 < "${srcdir}/override-main-module-version.patch"
sed 's|"unknown"|"v'"${pkgver}"'"|g' -i caddy.go
}
build() {
cd "${pkgname}/cmd/caddy/"
export CGO_LDFLAGS="${LDFLAGS}"
export CGO_CPPFLAGS="${CPPFLAGS}"
export CGO_CFLAGS="${CFLAGS}"
export CGO_CXXFLAGS="${CXXFLAGS}"
export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
go build .
}
check() {
cd "${pkgname}"
go test ./...
version=$(./cmd/caddy/caddy version)
echo "Caddy version: ${version}"
if [[ $version != v$pkgver ]]; then
exit 1
fi
}
package() {
cd "${pkgname}"
install -Dm 755 cmd/caddy/caddy -t "${pkgdir}/usr/bin"
install -Dm 644 "${srcdir}/caddy.service" "${srcdir}/caddy-api.service" -t "${pkgdir}/usr/lib/systemd/system"
install -Dm 644 "${srcdir}/caddy.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/caddy.conf"
install -Dm 644 "${srcdir}/caddy.sysusers" "${pkgdir}/usr/lib/sysusers.d/caddy.conf"
install -Dm 644 "${srcdir}/Caddyfile" -t "${pkgdir}/etc/caddy"
install -d "${pkgdir}/etc/caddy/conf.d"
install -Dm 644 index.html "${pkgdir}/usr/share/caddy/index.html"
install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/_caddy" -t "${pkgdir}/usr/share/zsh/site-functions"
install -Dm 644 "${srcdir}/caddy-dist/scripts/completions/bash-completion" "${pkgdir}/usr/share/bash-completion/completions/caddy"
}
# vim: ts=2 sw=2 et:

70
next/caddy.service
View File

@ -1,70 +0,0 @@
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
StartLimitIntervalSec=14400
StartLimitBurst=10
[Service]
User=caddy
Group=caddy
Environment=XDG_DATA_HOME=/var/lib
Environment=XDG_CONFIG_HOME=/etc
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.
Restart=on-abnormal
# Use graceful shutdown with a reasonable timeout
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
# Hardening options
AmbientCapabilities=CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
DevicePolicy=closed
LockPersonality=true
MemoryAccounting=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProcSubset=pid
ProtectClock=true
ProtectControlGroups=true
ProtectHome=true
ProtectHostname=true
ProtectKernelLogs=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectProc=invisible
ProtectSystem=strict
RemoveIPC=true
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy
RestrictNamespaces=true
RestrictRealtime=true
RestrictSUIDSGID=true
[Install]
WantedBy=multi-user.target

3
next/caddy.tmpfiles
View File

@ -1,3 +0,0 @@
d /var/lib/caddy 0750 caddy caddy
d /var/log/caddy 0750 caddy caddy
d /run/caddy 0750 caddy caddy

0
next/override-main-module-version.patch → override-main-module-version.patch
View File

61
plugins.go
View File

@ -1,61 +0,0 @@
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"sort"
)
const URL = "https://caddyserver.com/v1/api/download-page"
type Plugin struct {
Name string
ImportPath string
}
type PluginList struct {
Plugins []Plugin `json:"plugins"`
}
func getPlugins() []Plugin {
resp, err := http.Get(URL)
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
list := PluginList{}
err = json.Unmarshal(body, &list)
if err != nil {
log.Fatal(err)
}
return list.Plugins
}
func main() {
plugins := getPlugins()
sort.Slice(plugins, func(i, j int) bool {
return plugins[i].Name < plugins[j].Name
})
if len(os.Args) == 1 {
fmt.Println("plugins=(")
for _, plugin := range plugins {
fmt.Printf("# '%s'\n", plugin.Name)
}
fmt.Println(")")
return
}
pluginsMap := make(map[string]string)
for _, plugin := range plugins {
pluginsMap[plugin.Name] = plugin.ImportPath
}
for _, name := range os.Args[1:] {
path, ok := pluginsMap[name]
if !ok {
log.Fatalf("cannot find plugin %s\n", name)
}
fmt.Printf(`_ "%s"`+"\n", path)
}
}

0
next/use-data-dir-for-autosave.patch → use-data-dir-for-autosave.patch
View File