steeef/userdata

## userdata
#cloud-config

---
coreos:
  etcd2:
    name: core0
    advertise-client-urls: http://127.0.0.1:2379
    initial-advertise-peer-urls: http://127.0.0.1:2380
    initial-cluster: core0=http://127.0.0.1:2380
  fleet:
    public-ip: 127.0.0.1
  units:
  - name: etcd2.service
    command: start
  - name: fleet.service
    command: start
  - name: caddy-directory.service
    command: start
    content: |
      [Unit]
      Description=setup Caddy directory
      ConditionPathExists=!/caddy/Caddyfile

      [Service]
      Type=oneshot
      ExecStart=/root/caddy_directory_setup.sh
  - name: docker-pull-stp5net.service
    command: start
    content: |
      [Unit]
      Description=fetch stp5net
      Requires=network-online.target docker.service
      After=network-online.target docker.service
      ConditionPathExists=!/root/stp5net.fetched

      [Service]
      Type=oneshot
      User=core
      Group=core
      PermissionsStartOnly=True
      ExecStart=/usr/bin/docker pull steeef/stp5net:latest
      ExecStartPost=/usr/bin/touch /root/stp5net.fetched
  - name: docker-stp5net.service
    command: start
    content: |
      [Unit]
      Description=stp5net
      Requires=network-online.target docker.service
      After=network-online.target docker-pull-stp5net.service caddy-directory.service docker.service

      [Service]
      ExecStart=/usr/bin/docker run --cap-add NET_BIND_SERVICE \
                -p 80:80 -p 443:443 \
                -v /caddy/Caddyfile:/etc/Caddyfile:ro \
                -v /caddy/dotcaddy:/home/caddy/.caddy:rw \
                -v /etc/resolv.conf:/etc/resolv.conf:ro \
                --env CLOUDFLARE_EMAIL=<cloudflare_email> \
                --env CLOUDFLARE_API_KEY=<cloudflare_api_key> \
                --name stp5net steeef/stp5net \
                -conf /etc/Caddyfile -agree
      ExecStop=/usr/bin/docker stop -t 2 stp5net
      ExecStopPost=/usr/bin/docker rm -f stp5net
      Restart=always

      [Install]
      WantedBy=default.target
users:
- name: rkt
  groups:
  - rkt
  no-user-group: true
  system: true
  shell: "/sbin/nologin"
write_files:
- path: "/root/Caddyfile"
  permissions: '0400'
  owner: 1001:1001
  content: |
    https://stp5.net {
      log stdout

      errors {
        log stdout
        404 404.html
      }

      tls {
        dns cloudflare
        email webmaster@stp5.net
      }

      git {
        repo https://github.com/steeef/stp5blog.git
        hook /blogupdate "<githubkey>"
        path /home/caddy/git
        then hugo --destination=/srv/blog
      }
    }
- path: "/root/caddy_directory_setup.sh"
  permissions: '0700'
  owner: root:root
  content: |
    #!/bin/bash

    umask 077
    /usr/bin/mkdir -p /caddy/dotcaddy
    /usr/bin/chown -R 1001:1001 /caddy
    /bin/mv /root/Caddyfile /caddy/Caddyfile
	#cloud-config

	---
	coreos:
	etcd2:
	name: core0
	advertise-client-urls: http://127.0.0.1:2379
	initial-advertise-peer-urls: http://127.0.0.1:2380
	initial-cluster: core0=http://127.0.0.1:2380
	fleet:
	public-ip: 127.0.0.1
	units:
	- name: etcd2.service
	command: start
	- name: fleet.service
	command: start
	- name: caddy-directory.service
	command: start
	content: \|
	[Unit]
	Description=setup Caddy directory
	ConditionPathExists=!/caddy/Caddyfile

	[Service]
	Type=oneshot
	ExecStart=/root/caddy_directory_setup.sh
	- name: docker-pull-stp5net.service
	command: start
	content: \|
	[Unit]
	Description=fetch stp5net
	Requires=network-online.target docker.service
	After=network-online.target docker.service
	ConditionPathExists=!/root/stp5net.fetched

	[Service]
	Type=oneshot
	User=core
	Group=core
	PermissionsStartOnly=True
	ExecStart=/usr/bin/docker pull steeef/stp5net:latest
	ExecStartPost=/usr/bin/touch /root/stp5net.fetched
	- name: docker-stp5net.service
	command: start
	content: \|
	[Unit]
	Description=stp5net
	Requires=network-online.target docker.service
	After=network-online.target docker-pull-stp5net.service caddy-directory.service docker.service

	[Service]
	ExecStart=/usr/bin/docker run --cap-add NET_BIND_SERVICE \
	-p 80:80 -p 443:443 \
	-v /caddy/Caddyfile:/etc/Caddyfile:ro \
	-v /caddy/dotcaddy:/home/caddy/.caddy:rw \
	-v /etc/resolv.conf:/etc/resolv.conf:ro \
	--env CLOUDFLARE_EMAIL=<cloudflare_email> \
	--env CLOUDFLARE_API_KEY=<cloudflare_api_key> \
	--name stp5net steeef/stp5net \
	-conf /etc/Caddyfile -agree
	ExecStop=/usr/bin/docker stop -t 2 stp5net
	ExecStopPost=/usr/bin/docker rm -f stp5net
	Restart=always

	[Install]
	WantedBy=default.target
	users:
	- name: rkt
	groups:
	- rkt
	no-user-group: true
	system: true
	shell: "/sbin/nologin"
	write_files:
	- path: "/root/Caddyfile"
	permissions: '0400'
	owner: 1001:1001
	content: \|
	https://stp5.net {
	log stdout

	errors {
	log stdout
	404 404.html
	}

	tls {
	dns cloudflare
	email webmaster@stp5.net
	}

	git {
	repo https://github.com/steeef/stp5blog.git
	hook /blogupdate "<githubkey>"
	path /home/caddy/git
	then hugo --destination=/srv/blog
	}
	}
	- path: "/root/caddy_directory_setup.sh"
	permissions: '0700'
	owner: root:root
	content: \|
	#!/bin/bash

	umask 077
	/usr/bin/mkdir -p /caddy/dotcaddy
	/usr/bin/chown -R 1001:1001 /caddy
	/bin/mv /root/Caddyfile /caddy/Caddyfile