Refactor out redundant logic

[EdGeraghty]

This pull request simplifies the handling of Caddy configuration in the container-entrypoint.sh script. The main improvement is the consolidation of logic for selecting and using the appropriate Caddy configuration file, reducing code duplication and making the script easier to maintain. The changes also remove some now-unnecessary helper functions.

Improvements to configuration handling:

• Introduced the caddy_config_file variable to consistently reference the correct Caddy configuration file (either HTTPS or cleartext) throughout the script, reducing repeated conditional logic. [1] [2]

• Updated the process for creating configuration files to use create_config_from_template directly with the new caddy_config_file variable, removing the dedicated create_headscale_config and create_caddyfile helper functions. [1] [2]

Simplification of Caddy startup logic:

• Refactored the start_caddy_service function to always use caddy_config_file when starting Caddy, eliminating the need for repeated conditional checks on https_enabled.

[github-actions]

🆕 New Headscale Config Options

+ v4
+ v6```

[Copilot]

Pull request overview

This PR refactors scripts/container-entrypoint.sh to reduce duplicated conditional logic around choosing the HTTPS vs cleartext Caddy configuration, by introducing a single caddy_config_file variable used for both config generation and Caddy startup.

Changes:

• Introduces caddy_config_file as the single source of truth for the chosen Caddy config path.
• Removes the dedicated create_headscale_config / create_caddyfile helpers and calls create_config_from_template directly.
• Simplifies start_caddy_service to always start Caddy with caddy_config_file.

Comments suppressed due to low confidence (1)

scripts/container-entrypoint.sh:330

• check_caddy_environment_variables currently returns early when HTTPS is enabled (the default), which skips require_env_var "ACME_ISSUANCE_EMAIL" and the ACME-related block setup. Conversely, when DISABLE_HTTPS is set it falls through and does require ACME_ISSUANCE_EMAIL, which will break the cleartext mode. The control flow looks inverted: only the cleartext/DISABLE_HTTPS path should short-circuit; the HTTPS path should continue to validate ACME settings and populate blocks.

	if env_var_is_defined "CADDY_FRONTEND" && [[ "${CADDY_FRONTEND}" = "DISABLE_HTTPS" ]]; then
		https_enabled=false
		caddy_config_file="${caddyfile_cleartext}"
	else
		caddy_config_file="${caddyfile_https}"
		return
	fi

	require_env_var "ACME_ISSUANCE_EMAIL"
	check_cloudflare_dns_api_key
	check_zerossl_eab
}

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The new log message on Caddy startup failure is less actionable than before (it no longer indicates which config file/mode was used). Consider including ${caddy_config_file} (and/or whether HTTPS is enabled) in the error to make container logs easier to troubleshoot.