Skip to content

Instantly share code, notes, and snippets.

@steeef
Created September 20, 2016 17:33
Show Gist options
  • Save steeef/d4649aa2523a17fd53e926a188273a07 to your computer and use it in GitHub Desktop.
Save steeef/d4649aa2523a17fd53e926a188273a07 to your computer and use it in GitHub Desktop.
stp5net coreOS userdata
#cloud-config
---
coreos:
etcd2:
name: core0
advertise-client-urls: http://127.0.0.1:2379
initial-advertise-peer-urls: http://127.0.0.1:2380
initial-cluster: core0=http://127.0.0.1:2380
fleet:
public-ip: 127.0.0.1
units:
- name: etcd2.service
command: start
- name: fleet.service
command: start
- name: caddy-directory.service
command: start
content: |
[Unit]
Description=setup Caddy directory
ConditionPathExists=!/caddy/Caddyfile
[Service]
Type=oneshot
ExecStart=/root/caddy_directory_setup.sh
- name: docker-pull-stp5net.service
command: start
content: |
[Unit]
Description=fetch stp5net
Requires=network-online.target docker.service
After=network-online.target docker.service
ConditionPathExists=!/root/stp5net.fetched
[Service]
Type=oneshot
User=core
Group=core
PermissionsStartOnly=True
ExecStart=/usr/bin/docker pull steeef/stp5net:latest
ExecStartPost=/usr/bin/touch /root/stp5net.fetched
- name: docker-stp5net.service
command: start
content: |
[Unit]
Description=stp5net
Requires=network-online.target docker.service
After=network-online.target docker-pull-stp5net.service caddy-directory.service docker.service
[Service]
ExecStart=/usr/bin/docker run --cap-add NET_BIND_SERVICE \
-p 80:80 -p 443:443 \
-v /caddy/Caddyfile:/etc/Caddyfile:ro \
-v /caddy/dotcaddy:/home/caddy/.caddy:rw \
-v /etc/resolv.conf:/etc/resolv.conf:ro \
--env CLOUDFLARE_EMAIL=<cloudflare_email> \
--env CLOUDFLARE_API_KEY=<cloudflare_api_key> \
--name stp5net steeef/stp5net \
-conf /etc/Caddyfile -agree
ExecStop=/usr/bin/docker stop -t 2 stp5net
ExecStopPost=/usr/bin/docker rm -f stp5net
Restart=always
[Install]
WantedBy=default.target
users:
- name: rkt
groups:
- rkt
no-user-group: true
system: true
shell: "/sbin/nologin"
write_files:
- path: "/root/Caddyfile"
permissions: '0400'
owner: 1001:1001
content: |
https://stp5.net {
log stdout
errors {
log stdout
404 404.html
}
tls {
dns cloudflare
email webmaster@stp5.net
}
git {
repo https://github.com/steeef/stp5blog.git
hook /blogupdate "<githubkey>"
path /home/caddy/git
then hugo --destination=/srv/blog
}
}
- path: "/root/caddy_directory_setup.sh"
permissions: '0700'
owner: root:root
content: |
#!/bin/bash
umask 077
/usr/bin/mkdir -p /caddy/dotcaddy
/usr/bin/chown -R 1001:1001 /caddy
/bin/mv /root/Caddyfile /caddy/Caddyfile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment