From 52fc271b710ee1ae371c1fe89ee38eae0238841f Mon Sep 17 00:00:00 2001
From: Rik Veenboer <rik.veenboer@gmail.com>
Date: Sat, 7 Dec 2024 11:38:09 +0100
Subject: [PATCH] use env vars for subdomain and domain in caddy

---
 caddy/Caddyfile              | 4 ++--
 caddy/conf/auth.caddy        | 9 ++++-----
 caddy/conf/dynamic_dns.caddy | 2 +-
 caddy/sites/authentik.caddy  | 2 +-
 caddy/sites/geo.caddy        | 2 +-
 caddy/sites/ha.caddy         | 2 +-
 caddy/sites/root.caddy       | 4 ++--
 caddy/sites/test.caddy       | 4 ++--
 docker-compose.caddy.yml     | 2 ++
 9 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 59408fe..7eb66c9 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -8,7 +8,7 @@ import conf/*.caddy
 }
 
 (unprotected) {
-	{args[0]}.rik.veenboer.xyz {
+	{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
 		log {
 			output file /var/log/{args[0]}.log
 		}
@@ -17,7 +17,7 @@ import conf/*.caddy
 }
 
 (protected) {
-	{args[0]}.rik.veenboer.xyz {
+	{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
 		import authentik
 		reverse_proxy {args[1]}
 	}
diff --git a/caddy/conf/auth.caddy b/caddy/conf/auth.caddy
index 614fb8d..46c9670 100644
--- a/caddy/conf/auth.caddy
+++ b/caddy/conf/auth.caddy
@@ -13,13 +13,12 @@
 			retry_attempts 3
 			retry_interval 10
 
-			base_auth_url https://authentik.rik.veenboer.xyz
-			metadata_url https://authentik.rik.veenboer.xyz/application/o/caddy/.well-known/openid-configuration
-			# metadata_url http://192.168.2.200:15000/caddy/.well-known/openid-configuration
+			base_auth_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}
+			metadata_url https://authentik.{$SUBDOMAIN}.{$DOMAIN}/application/o/caddy/.well-known/openid-configuration
 		}
 		authentication portal myportal {
 			enable identity provider generic
-			cookie domain veenboer.xyz
+			cookie domain {$DOMAIN}
 			ui {
 				links {
 					"My Identity" "/whoami" icon "las la-user"
@@ -40,7 +39,7 @@
 			}
 		}
 		authorization policy mypolicy {
-			set auth url https://auth.rik.veenboer.xyz/oauth2/generic
+			set auth url https://auth.{$SUBDOMAIN}.{$DOMAIN}/oauth2/generic
 			allow roles authp/admin authp/user
 			validate bearer header
 			inject headers with claims
diff --git a/caddy/conf/dynamic_dns.caddy b/caddy/conf/dynamic_dns.caddy
index 35212c6..2f0c89b 100644
--- a/caddy/conf/dynamic_dns.caddy
+++ b/caddy/conf/dynamic_dns.caddy
@@ -2,7 +2,7 @@
 	dynamic_dns {
 		provider route53
 		domains {
-			veenboer.xyz. rik
+			{$DOMAIN}. {$SUBDOMAIN}
 		}
 		versions ipv4
 	}
diff --git a/caddy/sites/authentik.caddy b/caddy/sites/authentik.caddy
index eda3dd8..b540d4b 100644
--- a/caddy/sites/authentik.caddy
+++ b/caddy/sites/authentik.caddy
@@ -1,4 +1,4 @@
-authentik.veenboer.xyz {
+authentik.{$DOMAIN} {
 	log {
 		output file /var/log/authentik-root.log
 	}
diff --git a/caddy/sites/geo.caddy b/caddy/sites/geo.caddy
index 50140dd..722aeb6 100644
--- a/caddy/sites/geo.caddy
+++ b/caddy/sites/geo.caddy
@@ -1,4 +1,4 @@
-geo.rik.veenboer.xyz {
+geo.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/geo.log
 	}
diff --git a/caddy/sites/ha.caddy b/caddy/sites/ha.caddy
index 75e6d50..5fbfcdb 100644
--- a/caddy/sites/ha.caddy
+++ b/caddy/sites/ha.caddy
@@ -1,4 +1,4 @@
-ha.rik.veenboer.xyz {
+ha.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/ha.log
 	}
diff --git a/caddy/sites/root.caddy b/caddy/sites/root.caddy
index 143055a..4ef75ab 100644
--- a/caddy/sites/root.caddy
+++ b/caddy/sites/root.caddy
@@ -1,5 +1,5 @@
-rik.veenboer.xyz \
-*.rik.veenboer.xyz \
+{$SUBDOMAIN}.{$DOMAIN} \
+*.{$SUBDOMAIN}.{$DOMAIN} \
  {
 	handle_path /test/* {
 		reverse_proxy host:12345
diff --git a/caddy/sites/test.caddy b/caddy/sites/test.caddy
index d8739b3..10fab7c 100644
--- a/caddy/sites/test.caddy
+++ b/caddy/sites/test.caddy
@@ -1,4 +1,4 @@
-test.rik.veenboer.xyz {
+test.{$SUBDOMAIN}.{$DOMAIN} {
 	log {
 		output file /var/log/test.log
 	}
@@ -7,7 +7,7 @@ test.rik.veenboer.xyz {
 	reverse_proxy host:15000
 }
 
-auth.rik.veenboer.xyz {
+auth.{$SUBDOMAIN}.{$DOMAIN} {
 	route {
 		authenticate with myportal
 	}
diff --git a/docker-compose.caddy.yml b/docker-compose.caddy.yml
index c004bad..79a4591 100644
--- a/docker-compose.caddy.yml
+++ b/docker-compose.caddy.yml
@@ -4,6 +4,8 @@ services:
             context: /opt/caddy/
         container_name: caddy
         environment:
+        - DOMAIN=veenboer.xyz
+        - SUBDOMAIN=rik
         - AWS_REGION=eu-west-1
         - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}
         - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}