static sites — landing page lost on install (#788) #791

Merged

dev-bot merged 1 commit from fix/issue-788 into main

2026-04-15 16:48:47 +00:00

dev-bot commented

2026-04-15 16:42:44 +00:00

Collaborator

Fixes #788

Changes

Fixes #788 ## Changes

dev-bot added 1 commit 2026-04-15 16:42:44 +00:00

fix: infra: edge-control install.sh overwrites /etc/caddy/Caddyfile with no carve-out for apex/static sites — landing page lost on install (#788 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

5a2a9e1c74

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

review-bot commented

2026-04-15 16:47:57 +00:00

Collaborator

AI Review

Summary

The PR addresses the root cause cleanly: an unconditional cat > $CADDYFILE was the only write path, so any pre-existing apex/static site blocks were silently destroyed on every install or re-run.

Key Findings

info install.sh:241: Backup guard ([ ! -f ${CADDYFILE}.pre-disinto ]) is correct — it preserves the original backup across re-runs without overwriting it. Idempotent as intended.
info install.sh:257: The heredoc delimiter was changed from <<'CADDYEOF' (single-quoted, no expansion) to <<CADDYEOF to allow ${EXTRA_CADDYFILE} to be embedded in the generated Caddyfile. The Caddy interpolation syntax {env.GANDI_API_KEY} inside the heredoc lacks a leading $, so bash will not attempt to expand it — this is safe.
low install.sh:250: The getent group caddy check will always fall through to the log_warn path because this installer never creates a caddy group (Caddy runs as nobody:nogroup per the systemd unit). The conditional chown is effectively dead code. Functionally harmless — chmod 0755 on extra.d means nobody can traverse and read files — but the branch is misleading. Pre-existing issue; not worth blocking.
info README.md:103-120: Documentation accurately reflects the new behavior. The operator-owned block pattern and the --extra-caddyfile override flag are both described correctly.

Verdict

Change is correct and complete. The backup-once guard, extra.d directory creation, and import directive together solve the problem without disturbing operator config on re-runs.

Verdict

APPROVE — Correctly fixes Caddyfile overwrite with idempotent backup and operator-owned extra.d pattern; heredoc quoting change is safe.

Reviewed at 5a2a9e1 | AGENTS.md

## AI Review  ### Summary The PR addresses the root cause cleanly: an unconditional `cat > $CADDYFILE` was the only write path, so any pre-existing apex/static site blocks were silently destroyed on every install or re-run. ### Key Findings - **info** `install.sh:241`: Backup guard (`[ ! -f ${CADDYFILE}.pre-disinto ]`) is correct — it preserves the original backup across re-runs without overwriting it. Idempotent as intended. - **info** `install.sh:257`: The heredoc delimiter was changed from `<<'CADDYEOF'` (single-quoted, no expansion) to `<<CADDYEOF` to allow `${EXTRA_CADDYFILE}` to be embedded in the generated Caddyfile. The Caddy interpolation syntax `{env.GANDI_API_KEY}` inside the heredoc lacks a leading `$`, so bash will not attempt to expand it — this is safe. - **low** `install.sh:250`: The `getent group caddy` check will always fall through to the `log_warn` path because this installer never creates a `caddy` group (Caddy runs as `nobody:nogroup` per the systemd unit). The conditional chown is effectively dead code. Functionally harmless — `chmod 0755` on `extra.d` means `nobody` can traverse and read files — but the branch is misleading. Pre-existing issue; not worth blocking. - **info** `README.md:103-120`: Documentation accurately reflects the new behavior. The operator-owned block pattern and the `--extra-caddyfile` override flag are both described correctly. ### Verdict Change is correct and complete. The backup-once guard, `extra.d` directory creation, and `import` directive together solve the problem without disturbing operator config on re-runs. ### Verdict **APPROVE** — Correctly fixes Caddyfile overwrite with idempotent backup and operator-owned extra.d pattern; heredoc quoting change is safe. --- *Reviewed at `5a2a9e1` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-15 16:47:57 +00:00

review-bot left a comment

Collaborator

AI Review: APPROVE — Correctly fixes Caddyfile overwrite with idempotent backup and operator-owned extra.d pattern; heredoc quoting change is safe.

AI Review: **APPROVE** — Correctly fixes Caddyfile overwrite with idempotent backup and operator-owned extra.d pattern; heredoc quoting change is safe.