stp5net coreOS userdata
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
--- | |
coreos: | |
etcd2: | |
name: core0 | |
advertise-client-urls: http://127.0.0.1:2379 | |
initial-advertise-peer-urls: http://127.0.0.1:2380 | |
initial-cluster: core0=http://127.0.0.1:2380 | |
fleet: | |
public-ip: 127.0.0.1 | |
units: | |
- name: etcd2.service | |
command: start | |
- name: fleet.service | |
command: start | |
- name: caddy-directory.service | |
command: start | |
content: | | |
[Unit] | |
Description=setup Caddy directory | |
ConditionPathExists=!/caddy/Caddyfile | |
[Service] | |
Type=oneshot | |
ExecStart=/root/caddy_directory_setup.sh | |
- name: docker-pull-stp5net.service | |
command: start | |
content: | | |
[Unit] | |
Description=fetch stp5net | |
Requires=network-online.target docker.service | |
After=network-online.target docker.service | |
ConditionPathExists=!/root/stp5net.fetched | |
[Service] | |
Type=oneshot | |
User=core | |
Group=core | |
PermissionsStartOnly=True | |
ExecStart=/usr/bin/docker pull steeef/stp5net:latest | |
ExecStartPost=/usr/bin/touch /root/stp5net.fetched | |
- name: docker-stp5net.service | |
command: start | |
content: | | |
[Unit] | |
Description=stp5net | |
Requires=network-online.target docker.service | |
After=network-online.target docker-pull-stp5net.service caddy-directory.service docker.service | |
[Service] | |
ExecStart=/usr/bin/docker run --cap-add NET_BIND_SERVICE \ | |
-p 80:80 -p 443:443 \ | |
-v /caddy/Caddyfile:/etc/Caddyfile:ro \ | |
-v /caddy/dotcaddy:/home/caddy/.caddy:rw \ | |
-v /etc/resolv.conf:/etc/resolv.conf:ro \ | |
--env CLOUDFLARE_EMAIL=<cloudflare_email> \ | |
--env CLOUDFLARE_API_KEY=<cloudflare_api_key> \ | |
--name stp5net steeef/stp5net \ | |
-conf /etc/Caddyfile -agree | |
ExecStop=/usr/bin/docker stop -t 2 stp5net | |
ExecStopPost=/usr/bin/docker rm -f stp5net | |
Restart=always | |
[Install] | |
WantedBy=default.target | |
users: | |
- name: rkt | |
groups: | |
- rkt | |
no-user-group: true | |
system: true | |
shell: "/sbin/nologin" | |
write_files: | |
- path: "/root/Caddyfile" | |
permissions: '0400' | |
owner: 1001:1001 | |
content: | | |
https://stp5.net { | |
log stdout | |
errors { | |
log stdout | |
404 404.html | |
} | |
tls { | |
dns cloudflare | |
email webmaster@stp5.net | |
} | |
git { | |
repo https://github.com/steeef/stp5blog.git | |
hook /blogupdate "<githubkey>" | |
path /home/caddy/git | |
then hugo --destination=/srv/blog | |
} | |
} | |
- path: "/root/caddy_directory_setup.sh" | |
permissions: '0700' | |
owner: root:root | |
content: | | |
#!/bin/bash | |
umask 077 | |
/usr/bin/mkdir -p /caddy/dotcaddy | |
/usr/bin/chown -R 1001:1001 /caddy | |
/bin/mv /root/Caddyfile /caddy/Caddyfile |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment