stp5net coreOS userdata

userdata

#cloud-config

---
coreos:
  etcd2:
    name: core0
    advertise-client-urls: http://127.0.0.1:2379
    initial-advertise-peer-urls: http://127.0.0.1:2380
    initial-cluster: core0=http://127.0.0.1:2380
  fleet:
    public-ip: 127.0.0.1
  units:
  - name: etcd2.service
    command: start
  - name: fleet.service
    command: start
  - name: caddy-directory.service
    command: start
    content: |
      [Unit]
      Description=setup Caddy directory
      ConditionPathExists=!/caddy/Caddyfile

      [Service]
      Type=oneshot
      ExecStart=/root/caddy_directory_setup.sh
  - name: docker-pull-stp5net.service
    command: start
    content: |
      [Unit]
      Description=fetch stp5net
      Requires=network-online.target docker.service
      After=network-online.target docker.service
      ConditionPathExists=!/root/stp5net.fetched

      [Service]
      Type=oneshot
      User=core
      Group=core
      PermissionsStartOnly=True
      ExecStart=/usr/bin/docker pull steeef/stp5net:latest
      ExecStartPost=/usr/bin/touch /root/stp5net.fetched
  - name: docker-stp5net.service
    command: start
    content: |
      [Unit]
      Description=stp5net
      Requires=network-online.target docker.service
      After=network-online.target docker-pull-stp5net.service caddy-directory.service docker.service

      [Service]
      ExecStart=/usr/bin/docker run --cap-add NET_BIND_SERVICE \
                -p 80:80 -p 443:443 \
                -v /caddy/Caddyfile:/etc/Caddyfile:ro \
                -v /caddy/dotcaddy:/home/caddy/.caddy:rw \
                -v /etc/resolv.conf:/etc/resolv.conf:ro \
                --env CLOUDFLARE_EMAIL=<cloudflare_email> \
                --env CLOUDFLARE_API_KEY=<cloudflare_api_key> \
                --name stp5net steeef/stp5net \
                -conf /etc/Caddyfile -agree
      ExecStop=/usr/bin/docker stop -t 2 stp5net
      ExecStopPost=/usr/bin/docker rm -f stp5net
      Restart=always

      [Install]
      WantedBy=default.target
users:
- name: rkt
  groups:
  - rkt
  no-user-group: true
  system: true
  shell: "/sbin/nologin"
write_files:
- path: "/root/Caddyfile"
  permissions: '0400'
  owner: 1001:1001
  content: |
    https://stp5.net {
      log stdout

      errors {
        log stdout
        404 404.html
      }

      tls {
        dns cloudflare
        email webmaster@stp5.net
      }

      git {
        repo https://github.com/steeef/stp5blog.git
        hook /blogupdate "<githubkey>"
        path /home/caddy/git
        then hugo --destination=/srv/blog
      }
    }
- path: "/root/caddy_directory_setup.sh"
  permissions: '0700'
  owner: root:root
  content: |
    #!/bin/bash

    umask 077
    /usr/bin/mkdir -p /caddy/dotcaddy
    /usr/bin/chown -R 1001:1001 /caddy
    /bin/mv /root/Caddyfile /caddy/Caddyfile