mitch/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add caddy

Browse Source
This commit is contained in:
wvr
2026-02-15 16:55:33 -06:00
parent a562eb7256
commit c9d134a510
5 changed files with 88 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
caddy/edit.sh Executable file
View File

@@ -0,0 +1,4 @@
#!/bin/sh
nvim /etc/caddy/Caddyfile

9
caddy/iptables/disable_iptables.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
exit 0

67
caddy/iptables/iptables-caddy.sh Executable file
View File

@@ -0,0 +1,67 @@
#!/bin/sh
#
# mitchs iptables skeleton config
# -------------------------------------------
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
# variables
# -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUBNET=192.168.100
PIHOLE=$SUBNET.200
# =/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=/=
# flush
iptables -F
# deny all default
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
# ========================================================================
# CADDY IPTABLES CONFIG
#
# permit any traffic on local lan
iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p tcp -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $SUBNET.0/24 -p udp -m state --state NEW
# permit 443 inbound from outside
iptables -A INPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
####iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
# ========================================================================
# dns to pihole
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p tcp --dport 53 -m state --state NEW
iptables -A OUTPUT -j ACCEPT -d $PIHOLE/24 -p udp --dport 53 -m state --state NEW
# permit local ssh
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state NEW
iptables -A INPUT -s $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state NEW
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --sport ssh -m state --state ESTABLISHED
iptables -A OUTPUT -d $SUBNET.0/24 -j ACCEPT -p tcp --dport ssh -m state --state ESTABLISHED
# permit outgoing http,https,ftp as well for updates and things
iptables -A OUTPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 443 -m state --state NEW,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -p tcp --dport 21 -m state --state NEW,ESTABLISHED
# permit loopback
iptables -A OUTPUT -j ACCEPT -o lo
# permit established
iptables -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# save
if command -v systemctl >/dev/null 2>&1 ; then
# redhat
if [ -f /etc/sysconfig/iptables ] ; then
iptables-save -f /etc/sysconfig/iptables
# arch
elif [ -f /etc/iptables/iptables.rules ] ; then
iptables-save -f /etc/iptables/iptables.rules
fi
# alpine
elif command -v rc-service >/dev/null 2>&1 ; then
/etc/init.d/iptables save
fi

5
caddy/restart.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/sh
rc-service caddy stop
rc-service caddy start

3
caddy/update.sh Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/sh -e
apk update
apk upgrade --force-missing-repositories