set -euo pipefail
backup="/etc/caddy/Caddyfile.bak.$(date +%Y%m%d_%H%M%S)"
sudo cp /etc/caddy/Caddyfile "$backup"
HASH=$(caddy hash-password --plaintext 'Zhxc6545398@')
export HASH
python3 - <<'INNER'
from pathlib import Path
import os, re
path = Path('/etc/caddy/Caddyfile')
text = path.read_text()
pattern = re.compile(r'mac\.tap365\.org \{\n(?:\t.*\n)*?\treverse_proxy localhost:6011\n\}', re.M)
replacement = 'mac.tap365.org {\n\tbasic_auth * {\n\t\tmason ' + os.environ['HASH'] + '\n\t}\n\treverse_proxy localhost:6011\n}'
new_text, n = pattern.subn(replacement, text, count=1)
if n != 1:
    raise SystemExit(f'replace failed, matched {n} blocks')
Path('/tmp/Caddyfile.mac.tap365.org').write_text(new_text)
INNER
sudo cp /tmp/Caddyfile.mac.tap365.org /etc/caddy/Caddyfile
sudo caddy validate --config /etc/caddy/Caddyfile
sudo systemctl reload caddy
nl -ba /etc/caddy/Caddyfile | sed -n '639,644p'