diff --git a/.github/workflows/filecheck.yml b/.github/workflows/filecheck.yml new file mode 100644 index 00000000..59cba21b --- /dev/null +++ b/.github/workflows/filecheck.yml @@ -0,0 +1,21 @@ +name: File Presence QC +on: + pull_request: + branches: + - master + - dev + +jobs: + build: + name: Check Files + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: check existance + run: | + for pathname in blueprints/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done + if [ "${error}" == "true" ]; then echo "Missing files detected" && exit 1; fi + shell: bash diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 0da492dd..e5d12b6f 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,5 +1,5 @@ # This is a workflow to run shellcheck on all scripts -name: Shellcheck Workflow +name: Shell Linter QC # Controls when the action will run. Triggers the workflow on push or pull request # events but only for the master branch @@ -10,7 +10,8 @@ on: - dev jobs: - shellcheck: + Shellcheck: + runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Shell Linter diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml new file mode 100644 index 00000000..e5f4a432 --- /dev/null +++ b/.github/workflows/wiki.yml @@ -0,0 +1,23 @@ +name: Publish docs via GitHub Pages +on: + push: + branches: + - master + +jobs: + build: + name: Deploy docs + runs-on: ubuntu-latest + steps: + - name: Checkout master + uses: actions/checkout@v1 + with: + ref: 'master' + - name: rename-readme + run: | + for pathname in blueprints/*/readme.md; do ! cp "$pathname" "docs/blueprints/$( basename "$( dirname "$pathname" )" ).md"; done + shell: bash + - name: Deploy docs + uses: mhausenblas/mkdocs-deploy-gh-pages@master + env: + GITHUB_TOKEN: ${{ secrets.WIKI_GH_PAT }} diff --git a/.gitignore b/.gitignore index e9abc7f6..9fc8384e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -config.yml \ No newline at end of file +/config.yml \ No newline at end of file diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 00000000..d5a471e7 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC2034 diff --git a/docs/LICENSE b/LICENSE similarity index 100% rename from docs/LICENSE rename to LICENSE diff --git a/blueprints/bitwarden/config.yml b/blueprints/bitwarden/config.yml new file mode 100644 index 00000000..c79bd93c --- /dev/null +++ b/blueprints/bitwarden/config.yml @@ -0,0 +1,3 @@ +blueprint: + bitwarden: + pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/bitwarden/includes/bitwarden.rc b/blueprints/bitwarden/includes/bitwarden.rc similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc rename to blueprints/bitwarden/includes/bitwarden.rc diff --git a/jails/bitwarden/includes/bitwarden.rc.conf b/blueprints/bitwarden/includes/bitwarden.rc.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc.conf rename to blueprints/bitwarden/includes/bitwarden.rc.conf diff --git a/blueprints/bitwarden/install.sh b/blueprints/bitwarden/install.sh new file mode 100755 index 00000000..9c38e44b --- /dev/null +++ b/blueprints/bitwarden/install.sh @@ -0,0 +1,119 @@ +#!/usr/local/bin/bash +# This file contains the install script for bitwarden + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_db_type" +INSTALL_TYPE="${!INSTALL_TYPE:-mariadb}" + +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" mkdir -p /usr/local/share/bitwarden/src +iocage exec "${1}" git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +# shellcheck disable=SC2154 +if [ -f "/mnt/${global_dataset_config}/${1}/ssl/bitwarden-ssl.crt" ]; then + echo "certificate exist... Skipping cert generation" +else + "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.crt +fi + +if [ -f "/mnt/${global_dataset_config}/${1}/bitwarden.log" ]; then + echo "Reinstall of Bitwarden detected... using existing config and database" +elif [ "${INSTALL_TYPE}" == "mariadb" ]; then + echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" + iocage exec "${!DB_JAIL}" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "${!DB_JAIL}" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "${!DB_JAIL}" mysqladmin reload +else + echo "No config detected, doing clean install." +fi + +iocage exec "${1}" "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +iocage exec "${1}" mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" sysrc "bitwarden_enable=YES" +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden install." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/jails/bitwarden/readme.md b/blueprints/bitwarden/readme.md old mode 100755 new mode 100644 similarity index 98% rename from jails/bitwarden/readme.md rename to blueprints/bitwarden/readme.md index b698d7fc..4438ddc8 --- a/jails/bitwarden/readme.md +++ b/blueprints/bitwarden/readme.md @@ -1,4 +1,7 @@ -# Original README from the Bitwarden_rs github: +# Bitwarden_RS + + +## Original README from the Bitwarden_rs github: https://github.com/dani-garcia/bitwarden_rs diff --git a/blueprints/bitwarden/update.sh b/blueprints/bitwarden/update.sh new file mode 100755 index 00000000..a2775815 --- /dev/null +++ b/blueprints/bitwarden/update.sh @@ -0,0 +1,100 @@ +#!/usr/local/bin/bash +# This file contains the update script for bitwarden +# Due to it being build from scratch or downloaded directly to execution dir, +# Update for Bitwarden is pretty similair to installation + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +DB_DATABASE="jail_${1}_db_datavase" +DB_USER="jail_${1}_db_user" +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_type" +DB_JAIL="jail_${1}_db_jail" +DB_JAIL="${!DB_JAIL}" +# shellcheck disable=SC2154 +DB_HOST="${DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${!DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${!DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_USER}" ]; then + echo "db_user can't be empty" + exit 1 +fi + +if [ -z "${!DB_DATABASE}" ]; then + echo "db_database can't be empty" + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 + fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +iocage exec "${1}" service bitwarden stop + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src fetch" +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden update." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/blueprints/influxdb/config.yml b/blueprints/influxdb/config.yml new file mode 100644 index 00000000..da7c0120 --- /dev/null +++ b/blueprints/influxdb/config.yml @@ -0,0 +1,3 @@ +blueprint: + influxdb: + pkgs: influxdb \ No newline at end of file diff --git a/blueprints/influxdb/includes/influxd.conf b/blueprints/influxdb/includes/influxd.conf new file mode 100644 index 00000000..fb0f9fa1 --- /dev/null +++ b/blueprints/influxdb/includes/influxd.conf @@ -0,0 +1,586 @@ +### Welcome to the InfluxDB configuration file. + +# The values in this file override the default values used by the system if +# a config option is not specified. The commented out lines are the configuration +# field and the default value used. Uncommenting a line and changing the value +# will change the value used at runtime when the process is restarted. + +# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com +# The data includes a random ID, os, arch, version, the number of series and other +# usage data. No data from user databases is ever transmitted. +# Change this option to true to disable reporting. +# reporting-disabled = false + +# Bind address to use for the RPC service for backup and restore. +# bind-address = "127.0.0.1:8088" + +### +### [meta] +### +### Controls the parameters for the Raft consensus group that stores metadata +### about the InfluxDB cluster. +### + +[meta] + # Where the metadata/raft database is stored + dir = "/config/db/meta" + + # Automatically create a default retention policy when creating a database. + # retention-autocreate = true + + # If log messages are printed for the meta service + # logging-enabled = true + +### +### [data] +### +### Controls where the actual shard data for InfluxDB lives and how it is +### flushed from the WAL. "dir" may need to be changed to a suitable place +### for your system, but the WAL settings are an advanced configuration. The +### defaults should work for most systems. +### + +[data] + # The directory where the TSM storage engine stores TSM files. + dir = "/config/db/data" + + # The directory where the TSM storage engine stores WAL files. + wal-dir = "/config/db/wal" + + # The amount of time that a write will wait before fsyncing. A duration + # greater than 0 can be used to batch up multiple fsync calls. This is useful for slower + # disks or when WAL write contention is seen. A value of 0s fsyncs every write to the WAL. + # Values in the range of 0-100ms are recommended for non-SSD disks. + # wal-fsync-delay = "0s" + + + # The type of shard index to use for new shards. The default is an in-memory index that is + # recreated at startup. A value of "tsi1" will use a disk based index that supports higher + # cardinality datasets. + # index-version = "inmem" + + # Trace logging provides more verbose output around the tsm engine. Turning + # this on can provide more useful output for debugging tsm engine issues. + # trace-logging-enabled = false + + # Whether queries should be logged before execution. Very useful for troubleshooting, but will + # log any sensitive data contained within a query. + # query-log-enabled = true + + # Validates incoming writes to ensure keys only have valid unicode characters. + # This setting will incur a small overhead because every key must be checked. + # validate-keys = false + + # Settings for the TSM engine + + # CacheMaxMemorySize is the maximum size a shard's cache can + # reach before it starts rejecting writes. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-max-memory-size = "1g" + + # CacheSnapshotMemorySize is the size at which the engine will + # snapshot the cache and write it to a TSM file, freeing up memory + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-snapshot-memory-size = "25m" + + # CacheSnapshotWriteColdDuration is the length of time at + # which the engine will snapshot the cache and write it to + # a new TSM file if the shard hasn't received writes or deletes + # cache-snapshot-write-cold-duration = "10m" + + # CompactFullWriteColdDuration is the duration at which the engine + # will compact all TSM files in a shard if it hasn't received a + # write or delete + # compact-full-write-cold-duration = "4h" + + # The maximum number of concurrent full and level compactions that can run at one time. A + # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime. Any number greater + # than 0 limits compactions to that value. This setting does not apply + # to cache snapshotting. + # max-concurrent-compactions = 0 + + # CompactThroughput is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. Note that short bursts are allowed + # to happen at a possibly larger value, set by CompactThroughputBurst + # compact-throughput = "48m" + + # CompactThroughputBurst is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. + # compact-throughput-burst = "48m" + + # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to + # TSM files. This setting has been found to be problematic on some kernels, and defaults to off. + # It might help users who have slow disks in some cases. + # tsm-use-madv-willneed = false + + # Settings for the inmem index + + # The maximum series allowed per database before writes are dropped. This limit can prevent + # high cardinality issues at the database level. This limit can be disabled by setting it to + # 0. + # max-series-per-database = 1000000 + + # The maximum number of tag values per tag that are allowed before writes are dropped. This limit + # can prevent high cardinality tag values from being written to a measurement. This limit can be + # disabled by setting it to 0. + # max-values-per-tag = 100000 + + # Settings for the tsi1 index + + # The threshold, in bytes, when an index write-ahead log file will compact + # into an index file. Lower sizes will cause log files to be compacted more + # quickly and result in lower heap usage at the expense of write throughput. + # Higher sizes will be compacted less frequently, store more series in-memory, + # and provide higher write throughput. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # max-index-log-file-size = "1m" + + # The size of the internal cache used in the TSI index to store previously + # calculated series results. Cached results will be returned quickly from the cache rather + # than needing to be recalculated when a subsequent query with a matching tag key/value + # predicate is executed. Setting this value to 0 will disable the cache, which may + # lead to query performance issues. + # This value should only be increased if it is known that the set of regularly used + # tag key/value predicates across all measurements for a database is larger than 100. An + # increase in cache size may lead to an increase in heap usage. + series-id-set-cache-size = 100 + +### +### [coordinator] +### +### Controls the clustering service configuration. +### + +[coordinator] + # The default time a write request will wait until a "timeout" error is returned to the caller. + # write-timeout = "10s" + + # The maximum number of concurrent queries allowed to be executing at one time. If a query is + # executed and exceeds this limit, an error is returned to the caller. This limit can be disabled + # by setting it to 0. + # max-concurrent-queries = 0 + + # The maximum time a query will is allowed to execute before being killed by the system. This limit + # can help prevent run away queries. Setting the value to 0 disables the limit. + # query-timeout = "0s" + + # The time threshold when a query will be logged as a slow query. This limit can be set to help + # discover slow or resource intensive queries. Setting the value to 0 disables the slow query logging. + # log-queries-after = "0s" + + # The maximum number of points a SELECT can process. A value of 0 will make + # the maximum point count unlimited. This will only be checked every second so queries will not + # be aborted immediately when hitting the limit. + # max-select-point = 0 + + # The maximum number of series a SELECT can run. A value of 0 will make the maximum series + # count unlimited. + # max-select-series = 0 + + # The maximum number of group by time bucket a SELECT can create. A value of zero will max the maximum + # number of buckets unlimited. + # max-select-buckets = 0 + +### +### [retention] +### +### Controls the enforcement of retention policies for evicting old data. +### + +[retention] + # Determines whether retention policy enforcement enabled. + # enabled = true + + # The interval of time when retention policy enforcement checks run. + # check-interval = "30m" + +### +### [shard-precreation] +### +### Controls the precreation of shards, so they are available before data arrives. +### Only shards that, after creation, will have both a start- and end-time in the +### future, will ever be created. Shards are never precreated that would be wholly +### or partially in the past. + +[shard-precreation] + # Determines whether shard pre-creation service is enabled. + # enabled = true + + # The interval of time when the check to pre-create new shards runs. + # check-interval = "10m" + + # The default period ahead of the endtime of a shard group that its successor + # group is created. + # advance-period = "30m" + +### +### Controls the system self-monitoring, statistics and diagnostics. +### +### The internal database for monitoring data is created automatically if +### if it does not already exist. The target retention within this database +### is called 'monitor' and is also created with a retention period of 7 days +### and a replication factor of 1, if it does not exist. In all cases the +### this retention policy is configured as the default for the database. + +[monitor] + # Whether to record statistics internally. + # store-enabled = true + + # The destination database for recorded statistics + # store-database = "_internal" + + # The interval at which to record statistics + # store-interval = "10s" + +### +### [http] +### +### Controls how the HTTP endpoints are configured. These are the primary +### mechanism for getting data into and out of InfluxDB. +### + +[http] + # Determines whether HTTP endpoint is enabled. + # enabled = true + + # Determines whether the Flux query endpoint is enabled. + # flux-enabled = false + + # Determines whether the Flux query logging is enabled. + # flux-log-enabled = false + + # The bind address used by the HTTP service. + # bind-address = ":8086" + + # Determines whether user authentication is enabled over HTTP/HTTPS. + # auth-enabled = false + + # The default realm sent back when issuing a basic auth challenge. + # realm = "InfluxDB" + + # Determines whether HTTP request logging is enabled. + # log-enabled = true + + # Determines whether the HTTP write request logs should be suppressed when the log is enabled. + # suppress-write-log = false + + # When HTTP request logging is enabled, this option specifies the path where + # log entries should be written. If unspecified, the default is to write to stderr, which + # intermingles HTTP logs with internal InfluxDB logging. + # + # If influxd is unable to access the specified path, it will log an error and fall back to writing + # the request log to stderr. + # access-log-path = "" + + # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is + # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx. + # If multiple filters are used, then only one has to match. The default is to have no filters which + # will cause every request to be printed. + # access-log-status-filters = [] + + # Determines whether detailed write logging is enabled. + # write-tracing = false + + # Determines whether the pprof endpoint is enabled. This endpoint is used for + # troubleshooting and monitoring. + # pprof-enabled = true + + # Enables authentication on pprof endpoints. Users will need admin permissions + # to access the pprof endpoints when this setting is enabled. This setting has + # no effect if either auth-enabled or pprof-enabled are set to false. + # pprof-auth-enabled = false + + # Enables a pprof endpoint that binds to localhost:6060 immediately on startup. + # This is only needed to debug startup issues. + # debug-pprof-enabled = false + + # Enables authentication on the /ping, /metrics, and deprecated /status + # endpoints. This setting has no effect if auth-enabled is set to false. + # ping-auth-enabled = false + + # Determines whether HTTPS is enabled. + # https-enabled = false + + # The SSL certificate to use when HTTPS is enabled. + # https-certificate = "/config/ssl/influxdb.pem" + + # Use a separate private key location. + # https-private-key = "" + + # The JWT auth shared secret to validate requests using JSON web tokens. + # shared-secret = "" + + # The default chunk size for result sets that should be chunked. + # max-row-limit = 0 + + # The maximum number of HTTP connections that may be open at once. New connections that + # would exceed this limit are dropped. Setting this value to 0 disables the limit. + # max-connection-limit = 0 + + # Enable http service over unix domain socket + # unix-socket-enabled = false + + # The path of the unix domain socket. + # bind-socket = "/var/run/influxdb.sock" + + # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit. + # max-body-size = 25000000 + + # The maximum number of writes processed concurrently. + # Setting this to 0 disables the limit. + # max-concurrent-write-limit = 0 + + # The maximum number of writes queued for processing. + # Setting this to 0 disables the limit. + # max-enqueued-write-limit = 0 + + # The maximum duration for a write to wait in the queue to be processed. + # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit. + # enqueued-write-timeout = 0 + +### +### [logging] +### +### Controls how the logger emits logs to the output. +### + +[logging] + # Determines which log encoder to use for logs. Available options + # are auto, logfmt, and json. auto will use a more a more user-friendly + # output format if the output terminal is a TTY, but the format is not as + # easily machine-readable. When the output is a non-TTY, auto will use + # logfmt. + # format = "auto" + + # Determines which level of logs will be emitted. The available levels + # are error, warn, info, and debug. Logs that are equal to or above the + # specified level will be emitted. + # level = "info" + + # Suppresses the logo output that is printed when the program is started. + # The logo is always suppressed if STDOUT is not a TTY. + # suppress-logo = false + +### +### [subscriber] +### +### Controls the subscriptions, which can be used to fork a copy of all data +### received by the InfluxDB host. +### + +[subscriber] + # Determines whether the subscriber service is enabled. + # enabled = true + + # The default timeout for HTTP writes to subscribers. + # http-timeout = "30s" + + # Allows insecure HTTPS connections to subscribers. This is useful when testing with self- + # signed certificates. + # insecure-skip-verify = false + + # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used + # ca-certs = "" + + # The number of writer goroutines processing the write channel. + # write-concurrency = 40 + + # The number of in-flight writes buffered in the write channel. + # write-buffer-size = 1000 + + +### +### [[graphite]] +### +### Controls one or many listeners for Graphite data. +### + +[[graphite]] + # Determines whether the graphite endpoint is enabled. + # enabled = false + # database = "graphite" + # retention-policy = "" + # bind-address = ":2003" + # protocol = "tcp" + # consistency-level = "one" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # udp-read-buffer = 0 + + ### This string joins multiple matching 'measurement' values providing more control over the final measurement name. + # separator = "." + + ### Default tags that will be added to all metrics. These can be overridden at the template level + ### or by tags extracted from metric + # tags = ["region=us-east", "zone=1c"] + + ### Each template line requires a template pattern. It can have an optional + ### filter before the template and separated by spaces. It can also have optional extra + ### tags following the template. Multiple tags should be separated by commas and no spaces + ### similar to the line protocol format. There can be only one default template. + # templates = [ + # "*.app env.service.resource.measurement", + # # Default template + # "server.*", + # ] + +### +### [collectd] +### +### Controls one or many listeners for collectd data. +### + +[[collectd]] + # enabled = false + # bind-address = ":25826" + # database = "collectd" + # retention-policy = "" + # + # The collectd service supports either scanning a directory for multiple types + # db files, or specifying a single db file. + # typesdb = "/usr/local/share/collectd" + # + # security-level = "none" + # auth-file = "/etc/collectd/auth_file" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "10s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + + # Multi-value plugins can be handled two ways. + # "split" will parse and store the multi-value plugin data into separate measurements + # "join" will parse and store the multi-value plugin as a single multi-value measurement. + # "split" is the default behavior for backward compatibility with previous versions of influxdb. + # parse-multivalue-plugin = "split" +### +### [opentsdb] +### +### Controls one or many listeners for OpenTSDB data. +### + +[[opentsdb]] + # enabled = false + # bind-address = ":4242" + # database = "opentsdb" + # retention-policy = "" + # consistency-level = "one" + # tls-enabled = false + # certificate= "/config/ssl/influxdb.pem" + + # Log an error for every malformed point. + # log-point-errors = true + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Only points + # metrics received over the telnet protocol undergo batching. + + # Flush if this many points get buffered + # batch-size = 1000 + + # Number of batches that may be pending in memory + # batch-pending = 5 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + +### +### [[udp]] +### +### Controls the listeners for InfluxDB line protocol data via UDP. +### + +[[udp]] + # enabled = false + # bind-address = ":8089" + # database = "udp" + # retention-policy = "" + + # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h") + # precision = "" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Will flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + +### +### [continuous_queries] +### +### Controls how continuous queries are run within InfluxDB. +### + +[continuous_queries] + # Determines whether the continuous query service is enabled. + # enabled = true + + # Controls whether queries are logged when executed by the CQ service. + # log-enabled = true + + # Controls whether queries are logged to the self-monitoring data store. + # query-stats-enabled = false + + # interval for how often continuous queries will be checked if they need to run + # run-interval = "1s" + +### +### [tls] +### +### Global configuration settings for TLS in InfluxDB. +### + +[tls] + # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants + # for a list of available ciphers, which depends on the version of Go (use the query + # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses + # the default settings from Go's crypto/tls package. + # ciphers = [ + # "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + # ] + + # Minimum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # min-version = "tls1.2" + + # Maximum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # max-version = "tls1.2" diff --git a/blueprints/influxdb/install.sh b/blueprints/influxdb/install.sh new file mode 100755 index 00000000..a8744d0c --- /dev/null +++ b/blueprints/influxdb/install.sh @@ -0,0 +1,31 @@ +#!/usr/local/bin/bash +# This script installs the current release of InfluxDB + +##### +# +# Init and Mounts +# +##### + +# Initialise variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/influxdb/includes" + +# Mount and configure proper configuration location +# shellcheck disable=SC2154 +cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${1}/influxd.conf" +iocage exec "${1}" mkdir -p /config/db/data /config/db/meta /config/db/wal +iocage exec "${1}" chown -R influxd:influxd /config/db +iocage exec "${1}" sysrc influxd_conf="/config/influxd.conf" +iocage exec "${1}" sysrc influxd_enable="YES" + +# Start influxdb and wait for it to startup +iocage exec "${1}" service influxd start +sleep 15 + +# Done! +echo "Installation complete!" +echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "" diff --git a/blueprints/influxdb/readme.md b/blueprints/influxdb/readme.md new file mode 100644 index 00000000..dd4c5003 --- /dev/null +++ b/blueprints/influxdb/readme.md @@ -0,0 +1,262 @@ +# InfluxDB + +## Original README from the influxdb github: + +https://github.com/influxdata/influxdb + +# InfluxDB [![CircleCI](https://circleci.com/gh/influxdata/influxdb.svg?style=svg)](https://circleci.com/gh/influxdata/influxdb) +[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://www.influxdata.com/slack) + + +InfluxDB is an open source time series platform. This includes APIs for storing and querying data, processing it in the background for ETL or monitoring and alerting purposes, user dashboards, and visualizing and exploring the data and more. The master branch on this repo now represents the latest InfluxDB, which now includes functionality for Kapacitor (background processing) and Chronograf (the UI) all in a single binary. + +The list of InfluxDB Client Libraries that are compatible with the latest version can be found in [our documentation](https://v2.docs.influxdata.com/v2.0/reference/api/client-libraries/). + +If you are looking for the 1.x line of releases, there are branches for each minor version as well as a `master-1.x` branch that will contain the code for the next 1.x release. The master-1.x [working branch is here](https://github.com/influxdata/influxdb/tree/master-1.x). The [InfluxDB 1.x Go Client can be found here](https://github.com/influxdata/influxdb1-client). + +## State of the Project + +The latest InfluxDB 1.x is the stable release and recommended for production use. The InfluxDB that is on the master branch is currently in the beta stage. This means that it is still **NOT** recommended for production usage. There may be breaking API changes, breaking changes in the [Flux language](https://github.com/influxdata/flux), changes in the underlying storage format that will require you to delete all your data, and significant changes to the UI. The beta is intended for feature exploration and gathering feedback on the available feature set. It **SHOULD NOT** be used for performance testing, benchmarks, or other stress tests. + +Additional features will arrive during the beta period until we reach general availability (GA). We will be cutting versioned releases at least every two weeks starting in the first release. There will also be nightly builds based off the latest code in master. + +Once we close on the final feature set of what will be in the first GA release of InfluxDB in the 2.x line, we will move into the release candidate (RC) phase. At that point, we do not expect there to be breaking changes to the API or Flux language. We may still need to make a breaking change prior to GA due to some unforseen circumstance, but it would need to be extremely important and will be clearly communicated via the changelog and all available channels. + +Our current plans are to release RCs suitable for production usage, but we will re-evaluate in consultation with the community as the cycle progresses. During the RC period, we will focus on feedback from users, bug fixes, performance, and additive features (where time permits). + +### What you can expect in the Beta and RC Phases + +#### Beta +**Releases every two weeks or as needed** + +Planned additions include: +- Compatibility layer with 1.x including: 1.x HTTP Write API and HTTP Read API support for InfluxQL +- Import Bulk Data from 1.x - convert TSM from 1.x to 2.x +- Performance tuning, stability improvements, and fine tuning based on community feedback. +- Finalization of supported client libraries starting with JavaScript and Go. + +#### RC +**As needed** + +Planned activities include: +- Performance tuning, stability improvements, and fine-tuning based on community feedback. + +### What is **NOT** planned? +- Migration of users/security permissions from InfluxDB v1.x to 2.x. ACTION REQUIRED: Re-establish users and permissions within the new unified security model which now spans the underlying database and user interface. +- Migration of Continuous Queries. ACTION REQUIRED: These will need to be re-implemented as Flux tasks. +- Direct support by InfluxDB for CollectD, StatsD, Graphite, or UDP. ACTION REQUIRED: Leverage Telegraf 1.9+ along with the InfluxDB v2.0 output plugin to translate these protocols/formats. + +## Installing from Source + +We have nightly and weekly versioned Docker images, Debian packages, RPM packages, and tarballs of InfluxDB available at the [InfluxData downloads page](https://portal.influxdata.com/downloads/). + +## Building From Source + +This project requires Go 1.13 and Go module support. + +Set `GO111MODULE=on` or build the project outside of your `GOPATH` for it to succeed. + +The project also requires a recent stable version of Rust. We recommend using [rustup](https://rustup.rs/) to install Rust. + +If you are getting an `error loading module requirements` error with `bzr executable file not found in $PATH”` on `make`, then you need to ensure you have `bazaar`, `protobuf`, and `yarn` installed. + +- OSX: `brew install bazaar yarn` +- Linux (Arch): `pacman -S bzr protobuf yarn` +- Linux (Ubuntu): `apt install bzr protobuf-compiler yarnpkg` + +**NB:** For RedHat, there are some extra steps: + +1. You must enable the [EPEL](https://fedoraproject.org/wiki/EPEL) +2. You must add the `yarn` [repository](https://yarnpkg.com/lang/en/docs/install/#centos-stable) + +For information about modules, please refer to the [wiki](https://github.com/golang/go/wiki/Modules). + +A successful `make` run results in two binaries, with platform-dependent paths: + +``` +$ make +... +env GO111MODULE=on go build -tags 'assets ' -o bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx ./cmd/influx +env GO111MODULE=on go build -tags 'assets ' -o bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influxd ./cmd/influxd +``` + +`influxd` is the InfluxDB service. +`influx` is the CLI management tool. + +Start the service. +Logs to stdout by default: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influxd +``` + +## Getting Started + +For a complete getting started guide, please see our full [online documentation site](https://v2.docs.influxdata.com/v2.0/). + +To write and query data or use the API in any way, you'll need to first create a user, credentials, organization and bucket. +Everything in InfluxDB is organized under a concept of an organization. The API is designed to be multi-tenant. +Buckets represent where you store time series data. +They're synonymous with what was previously in InfluxDB 1.x a database and retention policy. + +The simplest way to get set up is to point your browser to [http://localhost:9999](http://localhost:9999) and go through the prompts. + +**Note**: Port 9999 will be used during the beta phases of development of InfluxDB v2.0. +This should allow a v2.0-beta instance to be run alongside a v1.x instance without interfering on port 8086. +InfluxDB will thereafter continue to use 8086. + +You can also get set up from the CLI using the subcommands `influx user`, `influx auth`, `influx org` and `influx bucket`, +or do it all in one breath with `influx setup`: + + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx setup +Welcome to InfluxDB 2.0! +Please type your primary username: marty + +Please type your password: + +Please type your password again: + +Please type your primary organization name.: InfluxData + +Please type your primary bucket name.: telegraf + +Please type your retention period in hours. +Or press ENTER for infinite.: 72 + + +You have entered: + Username: marty + Organization: InfluxData + Bucket: telegraf + Retention Period: 72 hrs +Confirm? (y/n): y + +UserID Username Organization Bucket +033a3f2c5ccaa000 marty InfluxData Telegraf +Your token has been stored in /Users/marty/.influxdbv2/credentials +``` + +You may get into a development loop where `influx setup` becomes tedious. +Some added flags can help: +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx setup --username marty --password F1uxKapacit0r85 --org InfluxData --bucket telegraf --retention 168 --token where-were-going-we-dont-need-roads --force +``` + +`~/.influxdbv2/credentials` contains your auth token. +Most `influx` commands read the token from this file path by default. + +You may need the organization ID and bucket ID later: + +``` +$ influx org find +ID Name +033a3f2c708aa000 InfluxData +``` + +``` +$ influx bucket find +ID Name Retention Organization OrganizationID +033a3f2c710aa000 telegraf 72h0m0s InfluxData 033a3f2c708aa000 +``` + +Write to measurement `m`, with tag `v=2`, in bucket `telegraf`, which belongs to organization `InfluxData`: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx write --org InfluxData --bucket telegraf --precision s "m v=2 $(date +%s)" +``` + +Write the same point using `curl`: + +``` +curl --header "Authorization: Token $(cat ~/.influxdbv2/credentials)" --data-raw "m v=2 $(date +%s)" "http://localhost:9999/api/v2/write?org=InfluxData&bucket=telegraf&precision=s" +``` + +Read that back with a simple Flux query: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx query -o InfluxData 'from(bucket:"telegraf") |> range(start:-1h)' +Result: _result +Table: keys: [_start, _stop, _field, _measurement] + _start:time _stop:time _field:string _measurement:string _time:time _value:float +------------------------------ ------------------------------ ---------------------- ---------------------- ------------------------------ ---------------------------- +2019-12-30T22:19:39.043918000Z 2019-12-30T23:19:39.043918000Z v m 2019-12-30T23:17:02.000000000Z 2 +``` + +Use the fancy REPL: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx repl -o InfluxData +> from(bucket:"telegraf") |> range(start:-1h) +Result: _result +Table: keys: [_start, _stop, _field, _measurement] + _start:time _stop:time _field:string _measurement:string _time:time _value:float +------------------------------ ------------------------------ ---------------------- ---------------------- ------------------------------ ---------------------------- +2019-12-30T22:22:44.776351000Z 2019-12-30T23:22:44.776351000Z v m 2019-12-30T23:17:02.000000000Z 2 +> +``` + + +## Introducing Flux + +Flux is an MIT-licensed data scripting language (previously named IFQL) used for querying time series data from InfluxDB. The source for Flux is [available on GitHub](https://github.com/influxdata/flux). Learn more about Flux from [CTO Paul Dix's presentation](https://speakerdeck.com/pauldix/flux-number-fluxlang-a-new-time-series-data-scripting-language). + +## Contributing to the Project + +InfluxDB is an [MIT licensed](LICENSE) open source project and we love our community. The fastest way to get something fixed is to open a PR. Check out our [contributing](CONTRIBUTING.md) guide if you're interested in helping out. Also, join us on our [Community Slack Workspace](https://influxdata.com/slack) if you have questions or comments for our engineering teams. + +## CI and Static Analysis + +### CI + +All pull requests will run through CI, which is currently hosted by Circle. +Community contributors should be able to see the outcome of this process by looking at the checks on their PR. +Please fix any issues to ensure a prompt review from members of the team. + +The InfluxDB project is used internally in a number of proprietary InfluxData products, and as such, PRs and changes need to be tested internally. +This can take some time, and is not really visible to community contributors. + +### Static Analysis + +This project uses the following static analysis tools. +Failure during the running of any of these tools results in a failed build. +Generally, code must be adjusted to satisfy these tools, though there are exceptions. + +- [go vet](https://golang.org/cmd/vet/) checks for Go code that should be considered incorrect. +- [go fmt](https://golang.org/cmd/gofmt/) checks that Go code is correctly formatted. +- [go mod tidy](https://tip.golang.org/cmd/go/#hdr-Add_missing_and_remove_unused_modules) ensures that the source code and go.mod agree. +- [staticcheck](http://next.staticcheck.io/docs/) checks for things like: unused code, code that can be simplified, code that is incorrect and code that will have performance issues. + +### staticcheck + +If your PR fails `staticcheck` it is easy to dig into why it failed, and also to fix the problem. +First, take a look at the error message in Circle under the `staticcheck` build section, e.g., + +``` +tsdb/tsm1/encoding.gen.go:1445:24: func BooleanValues.assertOrdered is unused (U1000) +tsdb/tsm1/encoding.go:172:7: receiver name should not be an underscore, omit the name if it is unused (ST1006) +``` + +Next, go and take a [look here](http://next.staticcheck.io/docs/checks) for some clarification on the error code that you have received, e.g., `U1000`. +The docs will tell you what's wrong, and often what you need to do to fix the issue. + +#### Generated Code + +Sometimes generated code will contain unused code or occasionally that will fail a different check. +`staticcheck` allows for [entire files](http://next.staticcheck.io/docs/#ignoring-problems) to be ignored, though it's not ideal. +A linter directive, in the form of a comment, must be placed within the generated file. +This is problematic because it will be erased if the file is re-generated. +Until a better solution comes about, below is the list of generated files that need an ignores comment. +If you re-generate a file and find that `staticcheck` has failed, please see this list below for what you need to put back: + +| File | Comment | +| :--------------------: | :--------------------------------------------------------------: | +| query/promql/promql.go | //lint:file-ignore SA6001 Ignore all unused code, it's generated | + +#### End-to-End Tests + +CI also runs end-to-end tests. These test the integration between the influx server the ui. You can run them locally in two steps: + +- Start the server in "testing mode" by running `make run-e2e`. +- Run the tests with `make e2e`. diff --git a/blueprints/influxdb/update.sh b/blueprints/influxdb/update.sh new file mode 100755 index 00000000..c0b00e28 --- /dev/null +++ b/blueprints/influxdb/update.sh @@ -0,0 +1,6 @@ +#!/usr/local/bin/bash +# This file contains the update script for influxdb + +iocage exec "$1" service influxd stop +# InfluxDB is updated during PKG update, this file is mostly just a placeholder +iocage exec "$1" service influxd restart \ No newline at end of file diff --git a/blueprints/jackett/config.yml b/blueprints/jackett/config.yml new file mode 100644 index 00000000..ef43a221 --- /dev/null +++ b/blueprints/jackett/config.yml @@ -0,0 +1,3 @@ +blueprint: + jackett: + pkgs: mono \ No newline at end of file diff --git a/jails/jackett/includes/jackett.rc b/blueprints/jackett/includes/jackett.rc similarity index 100% rename from jails/jackett/includes/jackett.rc rename to blueprints/jackett/includes/jackett.rc diff --git a/blueprints/jackett/install.sh b/blueprints/jackett/install.sh new file mode 100755 index 00000000..d5e4ede7 --- /dev/null +++ b/blueprints/jackett/install.sh @@ -0,0 +1,14 @@ +#!/usr/local/bin/bash +# This file contains the install script for jackett + +iocage exec "$1" "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Jackett.Binaries.Mono.tar.gz +iocage exec "$1" "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" sysrc "jackett_enable=YES" +iocage exec "$1" service jackett restart diff --git a/jails/jackett/readme.md b/blueprints/jackett/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/jackett/readme.md rename to blueprints/jackett/readme.md diff --git a/blueprints/jackett/update.sh b/blueprints/jackett/update.sh new file mode 100755 index 00000000..f0c700dc --- /dev/null +++ b/blueprints/jackett/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for jackett + +iocage exec "$1" service jackett stop +#TODO insert code to update jacket itself here +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" service jackett restart diff --git a/blueprints/kms/config.yml b/blueprints/kms/config.yml new file mode 100644 index 00000000..d3aa5d24 --- /dev/null +++ b/blueprints/kms/config.yml @@ -0,0 +1,3 @@ +blueprint: + kms: + pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/kms/includes/Activate_Office_2019_Pro.bat b/blueprints/kms/includes/Activate_Office_2019_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Office_2019_Pro.bat rename to blueprints/kms/includes/Activate_Office_2019_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_10_Pro.bat b/blueprints/kms/includes/Activate_Windows_10_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_10_Pro.bat rename to blueprints/kms/includes/Activate_Windows_10_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_Server_2019_Standard.bat b/blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_Server_2019_Standard.bat rename to blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat diff --git a/jails/kms/includes/Office-2019-Pro-VLK-Config.xml b/blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Office-2019-Pro-VLK-Config.xml rename to blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml diff --git a/jails/kms/includes/Readme.md b/blueprints/kms/includes/Readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Readme.md rename to blueprints/kms/includes/Readme.md diff --git a/jails/kms/includes/Setup_Office_2019_Pro.txt b/blueprints/kms/includes/Setup_Office_2019_Pro.txt old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Setup_Office_2019_Pro.txt rename to blueprints/kms/includes/Setup_Office_2019_Pro.txt diff --git a/jails/kms/includes/py_kms.rc b/blueprints/kms/includes/py_kms.rc similarity index 100% rename from jails/kms/includes/py_kms.rc rename to blueprints/kms/includes/py_kms.rc diff --git a/blueprints/kms/install.sh b/blueprints/kms/install.sh new file mode 100755 index 00000000..4ca49f7f --- /dev/null +++ b/blueprints/kms/install.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the install script for KMS + +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" sysrc "py_kms_enable=YES" +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/jails/kms/readme.md b/blueprints/kms/readme.md old mode 100755 new mode 100644 similarity index 98% rename from jails/kms/readme.md rename to blueprints/kms/readme.md index 7c55dd7f..298e6987 --- a/jails/kms/readme.md +++ b/blueprints/kms/readme.md @@ -1,5 +1,6 @@ +# Py-KMS -# Original README from the py-kms github: +## Original README from the py-kms github: https://github.com/SystemRage/py-kms diff --git a/blueprints/kms/update.sh b/blueprints/kms/update.sh new file mode 100755 index 00000000..24636602 --- /dev/null +++ b/blueprints/kms/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for KMS + +iocage exec "$1" service py_kms stop +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/blueprints/lidarr/config.yml b/blueprints/lidarr/config.yml new file mode 100644 index 00000000..08b7eec5 --- /dev/null +++ b/blueprints/lidarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + lidarr: lidarr + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/lidarr/includes/lidarr.rc b/blueprints/lidarr/includes/lidarr.rc similarity index 100% rename from jails/lidarr/includes/lidarr.rc rename to blueprints/lidarr/includes/lidarr.rc diff --git a/blueprints/lidarr/install.sh b/blueprints/lidarr/install.sh new file mode 100755 index 00000000..119f9ebc --- /dev/null +++ b/blueprints/lidarr/install.sh @@ -0,0 +1,25 @@ +#!/usr/local/bin/bash +# This file contains the install script for lidarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/music /mnt/music + + +iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" +iocage exec "$1" "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" +iocage exec "$1" "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/Lidarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" sysrc "lidarr_enable=YES" +iocage exec "$1" service lidarr start diff --git a/jails/lidarr/readme.md b/blueprints/lidarr/readme.md old mode 100755 new mode 100644 similarity index 98% rename from jails/lidarr/readme.md rename to blueprints/lidarr/readme.md index d73b6bff..6347fad9 --- a/jails/lidarr/readme.md +++ b/blueprints/lidarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the lidarr github: +# Lidarr + +## Original README from the lidarr github: https://github.com/lidarr/Lidarr diff --git a/blueprints/lidarr/update.sh b/blueprints/lidarr/update.sh new file mode 100755 index 00000000..2e5edf9e --- /dev/null +++ b/blueprints/lidarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for lidarr + +iocage exec "$1" service lidarr stop +#TODO insert code to update lidarr itself here +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/lidarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" service lidarr restart \ No newline at end of file diff --git a/blueprints/mariadb/config.yml b/blueprints/mariadb/config.yml new file mode 100644 index 00000000..05feae35 --- /dev/null +++ b/blueprints/mariadb/config.yml @@ -0,0 +1,3 @@ +blueprint: + mariadb: + pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/mariadb/includes/Caddyfile b/blueprints/mariadb/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/Caddyfile rename to blueprints/mariadb/includes/Caddyfile diff --git a/jails/mariadb/includes/caddy b/blueprints/mariadb/includes/caddy.rc similarity index 98% rename from jails/mariadb/includes/caddy rename to blueprints/mariadb/includes/caddy.rc index 9c087c47..5f8df19d 100755 --- a/jails/mariadb/includes/caddy +++ b/blueprints/mariadb/includes/caddy.rc @@ -1,4 +1,5 @@ #!/bin/sh +# shellcheck disable=1091,2223,2154,2034 # # PROVIDE: caddy # REQUIRE: networking diff --git a/jails/mariadb/includes/my-system.cnf b/blueprints/mariadb/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my-system.cnf rename to blueprints/mariadb/includes/my-system.cnf diff --git a/jails/mariadb/includes/my.cnf b/blueprints/mariadb/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my.cnf rename to blueprints/mariadb/includes/my.cnf diff --git a/blueprints/mariadb/install.sh b/blueprints/mariadb/install.sh new file mode 100755 index 00000000..e94678b0 --- /dev/null +++ b/blueprints/mariadb/install.sh @@ -0,0 +1,117 @@ +#!/usr/local/bin/bash +# This script installs the current release of Mariadb and PhpMyAdmin into a created jail +##### +# +# Init and Mounts +# +##### + +# Initialise defaults +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" +# shellcheck disable=SC2154 +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +# shellcheck disable=SC2154 +DB_ROOT_PASSWORD="jail_${1}_db_root_password" +HOST_NAME="jail_${1}_host_name" +DL_FLAGS="" +DNS_ENV="" + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The mariadb jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then + echo "Reinstall of mariadb detected... Continuing" + REINSTALL="true" +fi + +# Mount database dataset and set zfs preferences +createmount "${1}" "${global_dataset_config}"/"${1}"/db /var/db/mysql +zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db +zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db + +iocage exec "${1}" chown -R 88:88 /var/db/mysql + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" mkdir -p /usr/local/www/phpmyadmin +iocage exec "${1}" chown -R www:www /usr/local/www/phpmyadmin + +##### +# +# Install mariadb, Caddy and PhpMyAdmin +# +##### + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc mysql_enable="YES" + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_env="${DNS_ENV}" + +iocage restart "${1}" +sleep 10 + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + iocage exec "${1}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" + iocage exec "${1}" mysql -u root -e "DROP DATABASE IF EXISTS test;" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" + iocage exec "${1}" mysqladmin --user=root password "${!DB_ROOT_PASSWORD}" + iocage exec "${1}" mysqladmin reload +fi +iocage exec "${1}" cp -f /mnt/includes/my.cnf /root/.my.cnf +iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /root/.my.cnf + +# Save passwords for later reference +iocage exec "${1}" echo "MariaDB root password is ${!DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +echo "Using your web browser, go to http://${!HOST_NAME} to log in" + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + echo "Database Information" + echo "--------------------" + echo "The MariaDB root password is ${!DB_ROOT_PASSWORD}" + fi +echo "" +echo "All passwords are saved in /root/${1}_db_password.txt" diff --git a/jails/mariadb/readme.md b/blueprints/mariadb/readme.md old mode 100755 new mode 100644 similarity index 98% rename from jails/mariadb/readme.md rename to blueprints/mariadb/readme.md index 532bf0b6..d486c586 --- a/jails/mariadb/readme.md +++ b/blueprints/mariadb/readme.md @@ -1,4 +1,6 @@ -# Original README from the mariadb github: +# MariaDB + +## Original README from the mariadb github: https://github.com/MariaDB/server/ diff --git a/blueprints/mariadb/update.sh b/blueprints/mariadb/update.sh new file mode 100755 index 00000000..8e20ef6d --- /dev/null +++ b/blueprints/mariadb/update.sh @@ -0,0 +1,37 @@ +#!/usr/local/bin/bash +# This file contains the update script for mariadb + +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" service caddy stop +iocage exec "${1}" service php-fpm stop + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" service caddy start +iocage exec "${1}" service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/LICENSE b/blueprints/nextcloud/LICENSE old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/LICENSE rename to blueprints/nextcloud/LICENSE diff --git a/blueprints/nextcloud/config.yml b/blueprints/nextcloud/config.yml new file mode 100644 index 00000000..0f8e0193 --- /dev/null +++ b/blueprints/nextcloud/config.yml @@ -0,0 +1,4 @@ +blueprint: + nextcloud: + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf + ports: true \ No newline at end of file diff --git a/jails/nextcloud/includes/Caddyfile b/blueprints/nextcloud/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile rename to blueprints/nextcloud/includes/Caddyfile diff --git a/jails/nextcloud/includes/Caddyfile-nossl b/blueprints/nextcloud/includes/Caddyfile-nossl old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-nossl rename to blueprints/nextcloud/includes/Caddyfile-nossl diff --git a/jails/nextcloud/includes/Caddyfile-selfsigned b/blueprints/nextcloud/includes/Caddyfile-selfsigned old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-selfsigned rename to blueprints/nextcloud/includes/Caddyfile-selfsigned diff --git a/jails/nextcloud/includes/caddy b/blueprints/nextcloud/includes/caddy.rc similarity index 98% rename from jails/nextcloud/includes/caddy rename to blueprints/nextcloud/includes/caddy.rc index f7a9b1e4..d6e9ad35 100755 --- a/jails/nextcloud/includes/caddy +++ b/blueprints/nextcloud/includes/caddy.rc @@ -1,4 +1,5 @@ #!/bin/sh +# shellcheck disable=1091,2223,2154,2034 # # PROVIDE: caddy # REQUIRE: networking diff --git a/jails/nextcloud/includes/my-system.cnf b/blueprints/nextcloud/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my-system.cnf rename to blueprints/nextcloud/includes/my-system.cnf diff --git a/jails/nextcloud/includes/my.cnf b/blueprints/nextcloud/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my.cnf rename to blueprints/nextcloud/includes/my.cnf diff --git a/jails/nextcloud/includes/pgpass b/blueprints/nextcloud/includes/pgpass old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/pgpass rename to blueprints/nextcloud/includes/pgpass diff --git a/jails/nextcloud/includes/php.ini b/blueprints/nextcloud/includes/php.ini old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/php.ini rename to blueprints/nextcloud/includes/php.ini diff --git a/jails/nextcloud/includes/redis.conf b/blueprints/nextcloud/includes/redis.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/redis.conf rename to blueprints/nextcloud/includes/redis.conf diff --git a/jails/nextcloud/includes/remove-staging.sh b/blueprints/nextcloud/includes/remove-staging.sh similarity index 100% rename from jails/nextcloud/includes/remove-staging.sh rename to blueprints/nextcloud/includes/remove-staging.sh diff --git a/jails/nextcloud/includes/www-crontab b/blueprints/nextcloud/includes/www-crontab old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www-crontab rename to blueprints/nextcloud/includes/www-crontab diff --git a/jails/nextcloud/includes/www.conf b/blueprints/nextcloud/includes/www.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www.conf rename to blueprints/nextcloud/includes/www.conf diff --git a/blueprints/nextcloud/install.sh b/blueprints/nextcloud/install.sh new file mode 100755 index 00000000..79f56f3f --- /dev/null +++ b/blueprints/nextcloud/install.sh @@ -0,0 +1,321 @@ +#!/usr/local/bin/bash +# This script installs the current release of Nextcloud into a create jail +# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud + +# Initialise defaults +# General Defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +TIME_ZONE="jail_${1}_time_zone" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/nextcloud/includes" + +# SSL/CERT Defaults +CERT_TYPE="jail_${1}_cert_type" +CERT_TYPE="${!CERT_TYPE:-SELFSIGNED_CERT}" +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +DNS_PLUGIN="jail_${1}_dns_plugin" +DNS_ENV="jail_${1}_dns_env" + +# Database Defaults +DB_TYPE="jail_${1}_db_type" +DB_TYPE="${!DB_TYPE:-mariadb}" +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +DB_PASSWORD="jail_${1}_db_password" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +ADMIN_PASSWORD="jail_${1}_admin_password" + +##### +# +# Input Sanity Check +# +##### + + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${ADMIN_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud jail requires a admin_password' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud Jail needs a database password' + echo 'Please reinstall with a defifined: db_password' + exit 1 +fi + +# shellcheck disable=SC2154 +if [ -z "${!TIME_ZONE}" ]; then + echo 'Configuration error: !TIME_ZONE must be set' + exit 1 +fi +if [ -z "${!HOST_NAME}" ]; then + echo 'Configuration error: !HOST_NAME must be set' + exit 1 +fi + + + +if [ "$CERT_TYPE" != "STANDALONE_CERT" ] && [ "$CERT_TYPE" != "DNS_CERT" ] && [ "$CERT_TYPE" != "NO_CERT" ] && [ "$CERT_TYPE" != "SELFSIGNED_CERT" ]; then + echo 'Configuration error, cert_type options: STANDALONE_CERT, DNS_CERT, NO_CERT or SELFSIGNED_CERT' + exit 1 +fi + +if [ "$CERT_TYPE" == "DNS_CERT" ]; then + if [ -z "${!DNS_PLUGIN}" ] ; then + echo "DNS_PLUGIN must be set to a supported DNS provider." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." + echo "Be sure to omit the prefix of \"tls.dns.\"." + exit 1 + elif [ -z "${!DNS_ENV}" ] ; then + echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." + exit 1 + else + DL_FLAGS="tls.dns.${DNS_PLUGIN}" + DNS_SETTING="dns ${DNS_PLUGIN}" + fi +fi + +# Make sure DB_PATH is empty -- if not, MariaDB will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/config")" ]; then + echo "Reinstall of Nextcloud detected... " + REINSTALL="true" +fi + + +##### + # +# Fstab And Mounts +# +##### + +# Create and Mount Nextcloud, Config and Files +createmount "${1}" "${global_dataset_config}"/"${1}"/config /usr/local/www/nextcloud/config +createmount "${1}" "${global_dataset_config}"/"${1}"/themes /usr/local/www/nextcloud/themes +createmount "${1}" "${global_dataset_config}"/"${1}"/files /config/files + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" chown -R www:www /config/files +iocage exec "${1}" chmod -R 770 /config/files + + +##### +# +# Basic dependency install +# +##### + +if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli +fi + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc redis_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" +iocage exec "${1}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" + + +##### +# +# Install Nextcloud +# +##### + +FILE="latest-18.tar.bz2" +if ! iocage exec "${1}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc +then + echo "Failed to download Nextcloud" + exit 1 +fi +iocage exec "${1}" gpg --import /tmp/nextcloud.asc +if ! iocage exec "${1}" gpg --verify /tmp/"${FILE}".asc +then + echo "GPG Signature Verification Failed!" + echo "The Nextcloud download is corrupt." + exit 1 +fi +iocage exec "${1}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ +iocage exec "${1}" chown -R www:www /usr/local/www/nextcloud/ + + +# Generate and install self-signed cert, if necessary +if [ "$CERT_TYPE" == "SELFSIGNED_CERT" ] && [ ! -f "/mnt/${global_dataset_config}/${1}/ssl/privkey.pem" ]; then + echo "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${!HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem + iocage exec "${1}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem + iocage exec "${1}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem +fi + +# Copy and edit pre-written config files +iocage exec "${1}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini +iocage exec "${1}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf +iocage exec "${1}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ + + +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + iocage exec "${1}" cp -f /mnt/includes/remove-staging.sh /root/ +fi + +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Copying Caddyfile for no SSL" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "Copying Caddyfile for self-signed cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile +else + echo "Copying Caddyfile for Let's Encrypt cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/ +fi + + +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy + + +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s|mytimezone|${!TIME_ZONE}|" /usr/local/etc/php.ini + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_SNI_default="${!HOST_NAME}" +iocage exec "${1}" sysrc caddy_env="${!DNS_ENV}" + +iocage restart "${1}" + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "mariadb" mysqladmin reload + fi + + + # Save passwords for later reference + iocage exec "${1}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud database password is ${!DB_PASSWORD}" >> /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/"${1}"_db_password.txt + + # CLI installation and configuration of Nextcloud + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${!DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${!ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" + fi + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${!TIME_ZONE}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" + if [ "$CERT_TYPE" == "NO_CERT" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${!HOST_NAME}/\"" + else + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${!HOST_NAME}/\"" + fi + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' + +fi + +iocage exec "${1}" touch /var/log/nextcloud.log +iocage exec "${1}" chown www /var/log/nextcloud.log +iocage exec "${1}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' +iocage exec "${1}" crontab -u www /mnt/includes/www-crontab + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Using your web browser, go to http://${!HOST_NAME} to log in" +else + echo "Using your web browser, go to https://${!HOST_NAME} to log in" +fi + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + + echo "Default user is admin, password is ${ADMIN_PASSWORD}" + echo "" + + echo "Database Information" + echo "--------------------" + echo "Database user = ${DB_USER}" + echo "Database password = ${!DB_PASSWORD}" + echo "" + echo "All passwords are saved in /root/${1}_db_password.txt" +fi + +echo "" +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + echo "You have obtained your Let's Encrypt certificate using the staging server." + echo "This certificate will not be trusted by your browser and will cause SSL errors" + echo "when you connect. Once you've verified that everything else is working" + echo "correctly, you should issue a trusted certificate. To do this, run:" + echo "iocage exec ${1}/root/remove-staging.sh" + echo "" +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" + echo "installation. This certificate will not be trusted by your browser and" + echo "will cause SSL errors when you connect. If you wish to replace this certificate" + echo "with one obtained elsewhere, the private key is located at:" + echo "/config/ssl/privkey.pem" + echo "The full chain (server + intermediate certificates together) is at:" + echo "/config/ssl/fullchain.pem" + echo "" +fi + diff --git a/jails/nextcloud/README.md b/blueprints/nextcloud/readme.md old mode 100755 new mode 100644 similarity index 99% rename from jails/nextcloud/README.md rename to blueprints/nextcloud/readme.md index aa4ee344..c8dc67db --- a/jails/nextcloud/README.md +++ b/blueprints/nextcloud/readme.md @@ -1,4 +1,6 @@ -# Original README from the Upstream Nextcloud-iocage install script: +# Nextcloud + +## Original README from the Upstream Nextcloud-iocage install script: https://github.com/danb35/freenas-iocage-nextcloud diff --git a/jails/nextcloud/update.sh b/blueprints/nextcloud/update.sh similarity index 100% rename from jails/nextcloud/update.sh rename to blueprints/nextcloud/update.sh diff --git a/blueprints/organizr/config.yml b/blueprints/organizr/config.yml new file mode 100644 index 00000000..a06f8e48 --- /dev/null +++ b/blueprints/organizr/config.yml @@ -0,0 +1,3 @@ +blueprint: + organizr: + pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/organizr/includes/custom/organizr.conf b/blueprints/organizr/includes/custom/organizr.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/organizr.conf rename to blueprints/organizr/includes/custom/organizr.conf diff --git a/jails/organizr/includes/custom/phpblock.conf b/blueprints/organizr/includes/custom/phpblock.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/phpblock.conf rename to blueprints/organizr/includes/custom/phpblock.conf diff --git a/jails/organizr/includes/nginx.conf b/blueprints/organizr/includes/nginx.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/nginx.conf rename to blueprints/organizr/includes/nginx.conf diff --git a/blueprints/organizr/install.sh b/blueprints/organizr/install.sh new file mode 100755 index 00000000..c52d0538 --- /dev/null +++ b/blueprints/organizr/install.sh @@ -0,0 +1,34 @@ +#!/usr/local/bin/bash +# This file contains the install script for Organizr + +iocage exec "$1" sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini +# shellcheck disable=SC2154 +mv /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf.bak +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +cp -Rf "${SCRIPT_DIR}"/blueprints/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/custom +# shellcheck disable=SC2154 +if [ ! -d "/mnt/${global_dataset_config}/$1/ssl" ]; then + echo "cert folder doesn't exist... creating..." + iocage exec "$1" mkdir /config/ssl +fi + +if [ -f "/mnt/${global_dataset_config}/$1/ssl/Organizr-Cert.crt" ]; then + echo "certificate exists... Skipping cert generation" +else + echo "No ssl certificate present, generating self signed certificate" + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.crt +fi + +iocage exec "$1" git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php +iocage exec "$1" sysrc nginx_enable=YES +iocage exec "$1" sysrc php_fpm_enable=YES +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start diff --git a/jails/organizr/readme.md b/blueprints/organizr/readme.md old mode 100755 new mode 100644 similarity index 99% rename from jails/organizr/readme.md rename to blueprints/organizr/readme.md index 19525226..675769af --- a/jails/organizr/readme.md +++ b/blueprints/organizr/readme.md @@ -1,4 +1,6 @@ -# Original README from the Organizr github repo: +# Organizr + +## Original README from the Organizr github repo: https://github.com/causefx/Organizr diff --git a/blueprints/organizr/update.sh b/blueprints/organizr/update.sh new file mode 100755 index 00000000..3021ec5d --- /dev/null +++ b/blueprints/organizr/update.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the update script for Organizr + +iocage exec "$1" service nginx stop +iocage exec "$1" service php-fpm stop +# TODO setup cli update for Organizr here. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +iocage exec "$1" "cd /usr/local/www/Organizr && git pull" +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start \ No newline at end of file diff --git a/blueprints/plex/config.yml b/blueprints/plex/config.yml new file mode 100644 index 00000000..bc68372a --- /dev/null +++ b/blueprints/plex/config.yml @@ -0,0 +1,3 @@ +blueprint: + plex: + pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/plex/includes/FreeBSD.conf b/blueprints/plex/includes/FreeBSD.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/plex/includes/FreeBSD.conf rename to blueprints/plex/includes/FreeBSD.conf diff --git a/blueprints/plex/install.sh b/blueprints/plex/install.sh new file mode 100755 index 00000000..0ea7fb20 --- /dev/null +++ b/blueprints/plex/install.sh @@ -0,0 +1,51 @@ +#!/usr/local/bin/bash +# This file contains the install script for plex + +iocage exec plex mkdir -p /usr/local/etc/pkg/repos + +# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/pkg/repos/FreeBSD.conf + + +# Check if datasets for media librarys exist, create them if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" /mnt/media +createmount "$1" "${global_dataset_media}"/movies /mnt/media/movies +createmount "$1" "${global_dataset_media}"/music /mnt/media/music +createmount "$1" "${global_dataset_media}"/shows /mnt/media/shows + +# Create plex ramdisk if specified +# shellcheck disable=SC2154 +if [ -z "${plex_ramdisk}" ]; then + echo "no ramdisk specified for plex, continuing without ramdisk" +else + iocage fstab -a "$1" tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 +fi + +iocage exec "$1" chown -R plex:plex /config + +# Force update pkg to get latest plex version +iocage exec "$1" pkg update +iocage exec "$1" pkg upgrade -y + +# Add plex user to video group for future hw-encoding support +iocage exec "$1" pw groupmod -n video -m plex + +# Run different install procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 +if [ "$plex_beta" == "true" ]; then + echo "beta enabled in config.yml... using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_plexpass_enable=YES" + iocage exec "$1" sysrc plexmediaserver_plexpass_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart +else + echo "beta disabled in config.yml... NOT using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_enable=YES" + iocage exec "$1" sysrc plexmediaserver_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart +fi + +echo "Finished installing plex" \ No newline at end of file diff --git a/blueprints/plex/readme.md b/blueprints/plex/readme.md new file mode 100644 index 00000000..171874af --- /dev/null +++ b/blueprints/plex/readme.md @@ -0,0 +1,14 @@ +# Plex + +### Config Parameters: +- beta: set to `true` if you want to run the plex beta (previously known as "plexpass"). Please note: This is not required for plexpass features + +For more information about plex, please see the Plex website: + +### Config Parameters: + +- ramdisk: Specify the `size` parameter to create a transcoding ramdisk under /tmp_transcode. Requires manual setting it un plex to be used for transcoding. (optional) + +# Original plex install script guide + +https://www.ixsystems.com/community/resources/fn11-3-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.58/ \ No newline at end of file diff --git a/blueprints/plex/update.sh b/blueprints/plex/update.sh new file mode 100755 index 00000000..97d89491 --- /dev/null +++ b/blueprints/plex/update.sh @@ -0,0 +1,23 @@ +#!/usr/local/bin/bash +# This file contains the update script for Plex + +# Run different update procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 +if [ "$plex_plexpass" == "true" ]; then + echo "beta enabled in config.yml... using plex beta for update..." + iocage exec "$1" service plexmediaserver_plexpass stop + # Plex is updated using PKG already, this is mostly a placeholder + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart +else + echo "beta disabled in config.yml... NOT using plex beta for update..." + iocage exec "$1" service plexmediaserver stop + # Plex is updated using PKG already, this is mostly a placeholder + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart +fi + + + + + diff --git a/blueprints/radarr/config.yml b/blueprints/radarr/config.yml new file mode 100644 index 00000000..6125ba70 --- /dev/null +++ b/blueprints/radarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + radarr: + pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/radarr/includes/radarr.rc b/blueprints/radarr/includes/radarr.rc similarity index 100% rename from jails/radarr/includes/radarr.rc rename to blueprints/radarr/includes/radarr.rc diff --git a/blueprints/radarr/install.sh b/blueprints/radarr/install.sh new file mode 100755 index 00000000..99442692 --- /dev/null +++ b/blueprints/radarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for radarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/movies /mnt/movies + +iocage exec "$1" "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz +iocage exec "$1" "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" sysrc "radarr_enable=YES" +iocage exec "$1" service radarr restart diff --git a/jails/radarr/readme.md b/blueprints/radarr/readme.md old mode 100755 new mode 100644 similarity index 99% rename from jails/radarr/readme.md rename to blueprints/radarr/readme.md index 14337343..9dc41df9 --- a/jails/radarr/readme.md +++ b/blueprints/radarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the radarr github: +# Radarr + +## Original README from the radarr github: https://github.com/Radarr/Radarr diff --git a/blueprints/radarr/update.sh b/blueprints/radarr/update.sh new file mode 100755 index 00000000..8275b656 --- /dev/null +++ b/blueprints/radarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for radarr + +iocage exec "$1" service radarr stop +#TODO insert code to update radarr itself here +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" service radarr restart \ No newline at end of file diff --git a/blueprints/sonarr/config.yml b/blueprints/sonarr/config.yml new file mode 100644 index 00000000..ab4801ba --- /dev/null +++ b/blueprints/sonarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + sonarr: + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/sonarr/includes/sonarr.rc b/blueprints/sonarr/includes/sonarr.rc similarity index 100% rename from jails/sonarr/includes/sonarr.rc rename to blueprints/sonarr/includes/sonarr.rc diff --git a/blueprints/sonarr/install.sh b/blueprints/sonarr/install.sh new file mode 100755 index 00000000..faec9912 --- /dev/null +++ b/blueprints/sonarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for sonarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for tv shows exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/shows /mnt/shows + +iocage exec "$1" "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/NzbDrone.master.tar.gz +iocage exec "$1" "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" sysrc "sonarr_enable=YES" +iocage exec "$1" service sonarr restart diff --git a/jails/sonarr/readme.md b/blueprints/sonarr/readme.md old mode 100755 new mode 100644 similarity index 97% rename from jails/sonarr/readme.md rename to blueprints/sonarr/readme.md index b6f379b6..0edcb9cb --- a/jails/sonarr/readme.md +++ b/blueprints/sonarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the sonarr github: +# Sonarr + +## Original README from the sonarr github: https://github.com/Sonarr/Sonarr diff --git a/blueprints/sonarr/update.sh b/blueprints/sonarr/update.sh new file mode 100755 index 00000000..f81fd987 --- /dev/null +++ b/blueprints/sonarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for sonarr + +iocage exec "$1" service sonarr stop +#TODO insert code to update sonarr itself here +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" service sonarr restart \ No newline at end of file diff --git a/blueprints/tautulli/config.yml b/blueprints/tautulli/config.yml new file mode 100644 index 00000000..3c6a9a2d --- /dev/null +++ b/blueprints/tautulli/config.yml @@ -0,0 +1,3 @@ +blueprint: + tautulli: + pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/blueprints/tautulli/install.sh b/blueprints/tautulli/install.sh new file mode 100755 index 00000000..c87ec954 --- /dev/null +++ b/blueprints/tautulli/install.sh @@ -0,0 +1,11 @@ +#!/usr/local/bin/bash +# This file contains the install script for Tautulli + +iocage exec "$1" git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli +iocage exec "$1" "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" sysrc "tautulli_enable=YES" +iocage exec "$1" sysrc "tautulli_flags=--datadir /config" +iocage exec "$1" service tautulli start \ No newline at end of file diff --git a/jails/tautulli/readme.md b/blueprints/tautulli/readme.md old mode 100755 new mode 100644 similarity index 99% rename from jails/tautulli/readme.md rename to blueprints/tautulli/readme.md index db612709..6d4c4855 --- a/jails/tautulli/readme.md +++ b/blueprints/tautulli/readme.md @@ -1,4 +1,6 @@ -# Original README from the tautulli github: +# Tautulli + +## Original README from the tautulli github: https://github.com/Tautulli/Tautulli diff --git a/blueprints/tautulli/update.sh b/blueprints/tautulli/update.sh new file mode 100755 index 00000000..500aa181 --- /dev/null +++ b/blueprints/tautulli/update.sh @@ -0,0 +1,9 @@ +#!/usr/local/bin/bash +# This file contains the update script for Tautulli + +iocage exec "$1" service tautulli stop +# Tautulli is updated through pkg, this is mostly just a placeholder +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" service tautulli restart \ No newline at end of file diff --git a/blueprints/transmission/config.yml b/blueprints/transmission/config.yml new file mode 100644 index 00000000..ad770179 --- /dev/null +++ b/blueprints/transmission/config.yml @@ -0,0 +1,3 @@ +blueprint: + transmission: + pkgs: bash unzip unrar transmission \ No newline at end of file diff --git a/blueprints/transmission/install.sh b/blueprints/transmission/install.sh new file mode 100755 index 00000000..50686d9c --- /dev/null +++ b/blueprints/transmission/install.sh @@ -0,0 +1,19 @@ +#!/usr/local/bin/bash +# This file contains the install script for transmission + +# Check if dataset Downloads dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" /mnt/downloads + +# Check if dataset Complete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/complete /mnt/downloads/complete + +# Check if dataset InComplete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete + + +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" sysrc "transmission_enable=YES" +iocage exec "$1" sysrc "transmission_conf_dir=/config" +iocage exec "$1" sysrc "transmission_download_dir=/mnt/downloads/complete" +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/jails/transmission/readme.md b/blueprints/transmission/readme.md old mode 100755 new mode 100644 similarity index 97% rename from jails/transmission/readme.md rename to blueprints/transmission/readme.md index a2573b3d..55f50f47 --- a/jails/transmission/readme.md +++ b/blueprints/transmission/readme.md @@ -1,4 +1,6 @@ -# Original README from the transmission github: +# Transmission + +## Original README from the transmission github: https://github.com/transmission/transmission diff --git a/blueprints/transmission/update.sh b/blueprints/transmission/update.sh new file mode 100755 index 00000000..6c3d216e --- /dev/null +++ b/blueprints/transmission/update.sh @@ -0,0 +1,7 @@ +#!/usr/local/bin/bash +# This file contains the update script for transmission + +iocage exec "$1" service transmission stop +# Transmision is updated during PKG update, this file is mostly just a placeholder +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/blueprints/unifi/config.yml b/blueprints/unifi/config.yml new file mode 100644 index 00000000..96e874cf --- /dev/null +++ b/blueprints/unifi/config.yml @@ -0,0 +1,3 @@ +blueprint: + unifi: + pkgs: jq unifi5 \ No newline at end of file diff --git a/blueprints/unifi/includes/mongodb.conf b/blueprints/unifi/includes/mongodb.conf new file mode 100644 index 00000000..a245b8c1 --- /dev/null +++ b/blueprints/unifi/includes/mongodb.conf @@ -0,0 +1,45 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/db/mongodb/mongod.log + +# Where and how to store data. +storage: + dbPath: /config/mongodb + journal: + enabled: true +# engine: +# mmapv1: +# wiredTiger: + +# how the process runs +processManagement: + fork: true # fork and run in background + pidFilePath: /var/db/mongodb/mongod.lock # location of pidfile + timeZoneInfo: /usr/share/zoneinfo + +# network interfaces +net: + port: 27017 + bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces. + + +#security: + +#operationProfiling: + +#replication: + +#sharding: + +## Enterprise-Only Options + +#auditLog: + +#snmp: diff --git a/blueprints/unifi/includes/rc/mongod.rc b/blueprints/unifi/includes/rc/mongod.rc new file mode 100755 index 00000000..8e06aeb1 --- /dev/null +++ b/blueprints/unifi/includes/rc/mongod.rc @@ -0,0 +1,64 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2181,SC2006 + +# PROVIDE: mongod +# REQUIRE: NETWORK ldconfig +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# mongod_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable mongod. +# mongod_limits (bool): Set to "NO" by default. +# Set it to yes to run `limits -e -U mongodb` +# just before mongod starts. +# mongod_dbpath (str): Default to "/var/db/mongodb" +# Base database directory. +# mongod_flags (str): Custom additional arguments to be passed to mongod. +# Default to "--logpath ${mongod_dbpath}/mongod.log --logappend". +# mongod_config (str): Default to "/usr/local/etc/mongodb.conf" +# Path to config file +# + +. /etc/rc.subr + +name="mongod" +rcvar=mongod_enable + +load_rc_config $name + +: ${mongod_enable="NO"} +: ${mongod_limits="NO"} +: ${mongod_dbpath="/config/mongodb"} +: ${mongod_flags="--logpath ${mongod_dbpath}/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=\*"} +: ${mongod_user="mongodb"} +: ${mongod_group="mongodb"} +: ${mongod_config="/usr/local/etc/mongodb.conf"} + +pidfile="${mongod_dbpath}/mongod.lock" +command=/usr/local/bin/${name} +command_args="--config $mongod_config --dbpath $mongod_dbpath --fork >/dev/null 2>/dev/null" +start_precmd="${name}_prestart" + +mongod_create_dbpath() +{ + mkdir "${mongod_dbpath}" >/dev/null 2>/dev/null + [ $? -eq 0 ] && chown -R "${mongod_user}":"${mongod_group}" "${mongod_dbpath}" +} + +mongod_prestart() +{ + if [ ! -d "${mongod_dbpath}" ]; then + mongod_create_dbpath || return 1 + fi + if checkyesno mongod_limits; then + # TODO check this and clean this up + # Shellcheck disable=SC2046,SC2006 + eval `/usr/bin/limits -e -U ${mongod_user}` 2>/dev/null + else + return 0 + fi +} + +run_rc_command "$1" diff --git a/blueprints/unifi/includes/rc/unifi.rc b/blueprints/unifi/includes/rc/unifi.rc new file mode 100755 index 00000000..eeaa7eb9 --- /dev/null +++ b/blueprints/unifi/includes/rc/unifi.rc @@ -0,0 +1,87 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2237 +# +# Created by: Mark Felder +# $FreeBSD: branches/2020Q2/net-mgmt/unifi5/files/unifi.in 512281 2019-09-18 17:37:59Z feld $ +# + +# PROVIDE: unifi +# REQUIRE: LOGIN +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable `unifi': +# +# unifi_enable="YES" +# +# Other configuration settings for unifi that can be set in /etc/rc.conf: +# +# unifi_user (str) +# This is the user that unifi runs as +# Set to unifi by default +# +# unifi_group (str) +# This is the group that unifi runs as +# Set to unifi by default +# +# unifi_chdir (str) +# This is the directory that unifi chdirs into before starting +# Set to /usr/local/share/java/unifi by default +# +# unifi_java_home (str) +# The path to the base directory for the Java to use to run unifi +# Defaults to /usr/local/openjdk8 +# +# unifi_javaflags (str) +# Flags passed to Java to run unifi +# Set to "-Djava.awt.headless=true -Xmx1024M" by default +# + +. /etc/rc.subr +name=unifi + +rcvar=unifi_enable +load_rc_config ${name} + +: ${unifi_enable:=NO} +: ${unifi_user:=unifi} +: ${unifi_group:=unifi} +: ${unifi_chdir=/config/controller/unifi} +: ${unifi_java_home=/usr/local/openjdk8} +: ${unifi_javaflags="-Djava.awt.headless=true -Xmx1024M"} + +pidfile="/var/run/unifi/${name}.pid" +procname=${unifi_java_home}/bin/java +command=/usr/sbin/daemon +command_args="-f -p ${pidfile} ${unifi_java_home}/bin/java ${unifi_javaflags} com.ubnt.ace.Launcher start" +start_precmd=start_precmd +stop_precmd=stop_precmd +stop_postcmd=stop_postcmd + +export CLASSPATH=$(echo ${unifi_chdir}/lib/*.jar | tr ' ' ':') + +start_precmd() +{ + if [ ! -e /var/run/unifi ] ; then + install -d -o unifi -g unifi /var/run/unifi; + fi +} + +stop_precmd() +{ + if [ -r ${pidfile} ]; then + _UNIFIPID=$(check_pidfile ${pidfile} ${procname}) + export _UNIFI_CHILDREN=$(pgrep -P ${_UNIFIPID}) + fi +} + +stop_postcmd() +{ + if ! [ -z ${_UNIFI_CHILDREN} ]; then + echo "Cleaning up leftover child processes." + kill $sig_stop ${_UNIFI_CHILDREN} + wait_for_pids ${_UNIFI_CHILDREN} + fi +} + +run_rc_command "$1" diff --git a/blueprints/unifi/includes/rc/unifi_poller.rc b/blueprints/unifi/includes/rc/unifi_poller.rc new file mode 100755 index 00000000..ff1ee599 --- /dev/null +++ b/blueprints/unifi/includes/rc/unifi_poller.rc @@ -0,0 +1,36 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046 +# +# FreeBSD rc.d startup script for unifi-poller. +# +# PROVIDE: unifi-poller +# REQUIRE: networking syslog +# KEYWORD: + +. /etc/rc.subr + +name="unifi_poller" +real_name="unifi-poller" +rcvar="unifi_poller_enable" +unifi_poller_command="/usr/local/bin/${real_name}" +unifi_poller_user="nobody" +unifi_poller_config="/config/up.conf" +pidfile="/var/run/${real_name}/pid" + +# This runs `daemon` as the `unifi_poller_user` user. +command="/usr/sbin/daemon" +command_args="-P ${pidfile} -r -t ${real_name} -T ${real_name} -l daemon ${unifi_poller_command} -c ${unifi_poller_config}" + +load_rc_config ${name} +: ${unifi_poller_enable:=no} + +# Make a place for the pid file. +mkdir -p $(dirname ${pidfile}) +chown -R $unifi_poller_user $(dirname ${pidfile}) + +# Suck in optional exported override variables. +# ie. add something like the following to this file: export UP_POLLER_DEBUG=true +[ -f "/usr/local/etc/defaults/${real_name}" ] && . "/usr/local/etc/defaults/${real_name}" + +# Go! +run_rc_command "$1" diff --git a/blueprints/unifi/includes/up.conf b/blueprints/unifi/includes/up.conf new file mode 100644 index 00000000..9ecb7f0b --- /dev/null +++ b/blueprints/unifi/includes/up.conf @@ -0,0 +1,106 @@ +# UniFi Poller v2 primary configuration file. TOML FORMAT # +########################################################### + +[poller] + # Turns on line numbers, microsecond logging, and a per-device log. + # The default is false, but I personally leave this on at home (four devices). + # This may be noisy if you have a lot of devices. It adds one line per device. + debug = false + + # Turns off per-interval logs. Only startup and error logs will be emitted. + # Recommend enabling debug with this setting for better error logging. + quiet = true + + # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default. + plugins = [] + +#### OUTPUTS + + # If you don't use an output, you can disable it. + +[prometheus] + disable = true + # This controls on which ip and port /metrics is exported when mode is "prometheus". + # This has no effect in other modes. Must contain a colon and port. + http_listen = "0.0.0.0:9130" + report_errors = false + +[influxdb] + disable = false + # InfluxDB does not require auth by default, so the user/password are probably unimportant. + url = "dbip" + user = "influxdbuser" + pass = "influxdbpass" + # Be sure to create this database. + db = "unifidb" + # If your InfluxDB uses a valid SSL cert, set this to true. + verify_ssl = false + # The UniFi Controller only updates traffic stats about every 30 seconds. + # Setting this to something lower may lead to "zeros" in your data. + # If you're getting zeros now, set this to "1m" + interval = "30s" + +#### INPUTS + +[unifi] + # Setting this to true and providing default credentials allows you to skip + # configuring controllers in this config file. Instead you configure them in + # your prometheus.yml config. Prometheus then sends the controller URL to + # unifi-poller when it performs the scrape. This is useful if you have many, + # or changing controllers. Most people can leave this off. See wiki for more. + dynamic = false + +# The following section contains the default credentials/configuration for any +# dynamic controller (see above section), or the primary controller if you do not +# provide one and dynamic is disabled. In other words, you can just add your +# controller here and delete the following section. +[unifi.defaults] + #role = "main controller" + url = "https://127.0.0.1:8443" + user = "unifiuser" + pass = "unifipassword" + sites = ["all"] + save_ids = false + save_dpi = false + save_sites = true + verify_ssl = false + +# The following is optional and used for configurations with multiple controllers. + +# You may repeat the following section to poll multiple controllers. +#[[unifi.controller]] + # Friendly name used in dashboards. Uses URL if left empty; which is fine. + # Avoid changing this later because it will live forever in your database. + # Multiple controllers may share a role. This allows grouping during scrapes. + #role = "" + #url = "https://127.0.0.1:8443" + + # Make a read-only user in the UniFi Admin Settings, allow it access to all sites. + #user = "unifipoller" + #pass = "4BB9345C-2341-48D7-99F5-E01B583FF77F" + + # If the controller has more than one site, specify which sites to poll here. + # Set this to ["default"] to poll only the first site on the controller. + # A setting of ["all"] will poll all sites; this works if you only have 1 site too. + #sites = ["all"] + + # Enable collection of Intrusion Detection System Data (InfluxDB only). + # Only useful if IDS or IPS are enabled on one of the sites. + #save_ids = false + + # Enable collection of Deep Packet Inspection data. This data breaks down traffic + # types for each client and site, it powers a dedicated DPI dashboard. + # Enabling this adds roughly 150 data points per client. That's 6000 metrics for + # 40 clients. This adds a little bit of poller run time per interval and causes + # more API requests to your controller(s). Don't let these "cons" sway you: + # it's cool data. Please provide feedback on your experience with this feature. + #save_dpi = false + + # Enable collection of site data. This data powers the Network Sites dashboard. + # It's not valuable to everyone and setting this to false will save resources. + #save_sites = true + + # If your UniFi controller has a valid SSL certificate (like lets encrypt), + # you can enable this option to validate it. Otherwise, any SSL certificate is + # valid. If you don't know if you have a valid SSL cert, then you don't have one. + #verify_ssl = false diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh new file mode 100755 index 00000000..66e46d16 --- /dev/null +++ b/blueprints/unifi/install.sh @@ -0,0 +1,119 @@ +#!/usr/local/bin/bash +# This file contains the install script for unifi-controller & unifi-poller + +# Initialize variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" + +# shellcheck disable=SC2154 +DB_JAIL="jail_${1}_db_jail" + +POLLER="jail_${1}_unifi_poller" + +# shellcheck disable=SC2154 +DB_IP="jail_${!DB_JAIL}_ip4_addr" +DB_IP="${!DB_IP%/*}" + +# shellcheck disable=SC2154 +DB_NAME="jail_${1}_up_db_name" +DB_NAME="${!DB_NAME:-$1}" + +# shellcheck disable=SC2154 +DB_USER="jail_${1}_up_db_user" +DB_USER="${!DB_USER:-$DB_NAME}" + +# shellcheck disable=SC2154 +DB_PASS="jail_${1}_up_db_password" + +# shellcheck disable=SC2154 +UP_USER="jail_${1}_up_user" +UP_USER="${!UP_USER:-$1}" + +# shellcheck disable=SC2154 +UP_PASS="jail_${1}_up_password" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/unifi/includes" + +if [ -z "${!DB_PASS}" ]; then + echo "up_db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!UP_PASS}" ]; then + echo "up_password can't be empty" + exit 1 +fi + +# Enable persistent Unifi Controller data +iocage exec "${1}" mkdir -p /config/controller/mongodb +iocage exec "${1}" cp -Rp /usr/local/share/java/unifi /config/controller +iocage exec "${1}" chown -R mongodb:mongodb /config/controller/mongodb +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/mongod.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/mongod +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/unifi.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi +iocage exec "${1}" sysrc unifi_enable=YES +iocage exec "${1}" service unifi start + +# shellcheck disable=SC2154 +if [[ ! "${!POLLER}" ]]; then + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." +else + # Check if influxdb container exists, create unifi database if it does, error if it is not. + echo "Checking if the database jail and database exist..." + if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then + DB_EXISTING=$(iocage exec "${!DB_JAIL}" curl -G http://"${DB_IP}":8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') + if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then + echo "${!DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " + else + echo "${!DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." + if [[ -z "${DB_USER}" ]] || [[ -z "${!DB_PASS}" ]]; then + echo "Database username and password not provided. Cannot create database without credentials. Exiting..." + exit 1 + else + # shellcheck disable=SC2027,2086 + iocage exec "${!DB_JAIL}" "curl -XPOST -u ${DB_USER}:${!DB_PASS} http://"${DB_IP}":8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" + echo "Database ${DB_NAME} created with username ${DB_USER} with password ${!DB_PASS}." + fi + fi + else + echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." + exit 1 + fi + + # Download and install Unifi-Poller + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + + # Install downloaded Unifi-Poller package, configure and enable + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${1}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/rc/unifi_poller.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller + chmod +x /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller + iocage exec "${1}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|influxdbpass|${!DB_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifipassword|${!UP_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf + + + iocage exec "${1}" sysrc unifi_poller_enable=YES + iocage exec "${1}" service unifi_poller start + + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." + echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." + echo "In Grafana, add Unifi-Poller as a data source." +fi diff --git a/blueprints/unifi/readme.md b/blueprints/unifi/readme.md new file mode 100644 index 00000000..e9f3e1c8 --- /dev/null +++ b/blueprints/unifi/readme.md @@ -0,0 +1,153 @@ +# Unifi Controller + +### Installation: + +- This jail requires an existing InfluxDB jail. InfluxDB may be created using the same install command, as long as influxdb is listed first. +- Once the script runs, a user must be created in the Unifi Controller software for your Unifi-Poller user. +- To view the data from Unifi-Poller, Grafana is required. Add the unifi InfluxDB database as a data source in Grafana. + +### Config Description + +- unifi_poller: boolean, true if you want to also install unifi-poller +- db_jail: This is the name of your influxdb database jail, should be influxdb. +- unifi_db_name: The name of the database that will be created in influxdb for Unifi Poller. +- unifi_db_user & unifi_db_password: The created database's credentials for Unifi Poller. +- up_user & up_password: The Unifi-Poller user credentials. This user must be created in the Unifi Controller web gui after install matching these credentials. This is for the connection between Unifi Controller & Unifi Poller + +### Unifi-Controller Post-Install + +After the script runs and the unifi jail is running, open the web gui of the unifi jail at port 8443 (i.e. https://192.168.2.250:8443). After completing the initial setup wizard, go to Admins --> Add New Admin. Select "Manually set and share the password", enter the username and password used for up_user & up_password. Uncheck 'Require the user to change their password'. Verify "Role" is set to 'Read Only'. Click Create. + + +## Unifi Controller documentation can be found at https://www.ui.com/download/unifi/default/default/unifi-controller-v5-user-guide + + +## Original README from the upstream Unifi-Poller Github. + +https://github.com/unifi-poller/unifi-poller + + + +[![discord](https://badgen.net/badge/icon/Discord?color=0011ff&label&icon=https://simpleicons.now.sh/discord/eee "Ubiquiti Discord")](https://discord.gg/KnyKYt2) +[![twitter](https://badgen.net/twitter/follow/TwitchCaptain?icon=https://simpleicons.now.sh/twitter/0099ff&label=TwitchCaptain&color=0116ff "TwitchCaptain @ Twitter")](https://twitter.com/TwitchCaptain) +[![grafana](https://badgen.net/https/golift.io/bd/grafana/dashboard-downloads/11310,10419,10414,10415,10416,10417,10418,11311,11312,11313,11314,11315?icon=https://simpleicons.now.sh/grafana/ED7F38&color=0011ff "Grafana Dashboard Downloads")](http://grafana.com/dashboards?search=unifi-poller) +[![pulls](https://badgen.net/docker/pulls/golift/unifi-poller?icon=https://simpleicons.now.sh/docker/38B1ED&label=pulls&color=0011ff "Docker Pulls")](https://hub.docker.com/r/golift/unifi-poller) +[![DLs](https://img.shields.io/github/downloads/unifi-poller/unifi-poller/total.svg?logo=github&color=0116ff "GitHub Downloads")](https://www.somsubhra.com/github-release-stats/?username=unifi-poller&repository=unifi-poller) + +[![unifi](https://badgen.net/badge/UniFi/5.12.x,5.13.x,UAP,USG,USW,UDM?list=|&icon=https://docs.golift.io/svg/ubiquiti_color.svg&color=0099ee "UniFi Products Supported")](https://github.com/golift/unifi) +[![builer](https://badgen.net/badge/go/Application%20Builder?label=&icon=https://docs.golift.io/svg/go.svg&color=0099ee "Go Application Builder")](https://github.com/golift/application-builder) +[![stars](https://badgen.net/github/stars/unifi-poller/unifi-poller?icon=https://simpleicons.now.sh/macys/fab&label=&color=0099ee "GitHub Stars")](https://github.com/unifi-poller/unifi-poller) +[![travis](https://badgen.net/travis/unifi-poller/unifi-poller?icon=travis&label=build "Travis Build")](https://travis-ci.org/unifi-poller/unifi-poller) + +Collect your UniFi controller data and report it to an InfluxDB instance, +or export it for Prometheus collection. +[Twelve Grafana Dashboards](http://grafana.com/dashboards?search=unifi-poller) +included; with screenshots. Six for InfluxDB and six for Prometheus. + +## Installation + +[See the Wiki!](https://github.com/unifi-poller/unifi-poller/wiki/Installation) +We have a special place for [Docker Users](https://github.com/unifi-poller/unifi-poller/wiki/Docker). +I'm willing to help if you have troubles. +Open an [Issue](https://github.com/unifi-poller/unifi-poller/issues) and +we'll figure out how to get things working for you. You can also get help in +the #unifi-poller channel on the [Ubiquiti Discord server](https://discord.gg/KnyKYt2). I've also +[provided a forum post](https://community.ui.com/questions/Unifi-Poller-Store-Unifi-Controller-Metrics-in-InfluxDB-without-SNMP/58a0ea34-d2b3-41cd-93bb-d95d3896d1a1) +you may use to get additional help. + +## Description + +[Ubiquiti](https://www.ui.com) makes networking devices like switches, gateways +(routers) and wireless access points. They have a line of equipment named +[UniFi](https://www.ui.com/products/#unifi) that uses a +[controller](https://www.ui.com/download/unifi/) to keep stats and simplify network +device configuration. This controller can be installed on Windows, macOS, FreeBSD, +Linux or Docker. Ubiquiti also provides a dedicated hardware device called a +[CloudKey](https://www.ui.com/unifi/unifi-cloud-key/) that runs the controller software. +More recently they've developed the Dream Machine; it's still in +beta / early access, but UniFi Poller can collect its data! + +UniFi Poller is a small Golang application that runs on Windows, macOS, FreeBSD, +Linux or Docker. In Influx-mode it polls a UniFi controller every 30 seconds for +measurements and exports the data to an Influx database. In Prometheus mode the +poller opens a web port and accepts Prometheus polling. It converts the UniFi +Controller API data into Prometheus exports on the fly. + +This application requires your controller to be running all the time. If you run +a UniFi controller, there's no excuse not to install +[Influx](https://github.com/unifi-poller/unifi-poller/wiki/InfluxDB) or +[Prometheus](https://prometheus.io), +[Grafana](https://github.com/unifi-poller/unifi-poller/wiki/Grafana) and this app. +You'll have a plethora of data at your fingertips and the ability to craft custom +graphs to slice the data any way you choose. Good luck! + +## Backstory + +I found a simple piece of code on GitHub that sorta did what I needed; +we all know that story. I wanted more data, so I added more data collection. +I probably wouldn't have made it this far if [Garrett](https://github.com/dewski/unifi) +hadn't written the original code I started with. Many props my man. +The original code pulled only the client data. This app now pulls data +for clients, access points, security gateways, dream machines and switches. + +I've been trying to get my UAP data into Grafana. Sure, google search that. +You'll find [this](https://community.ubnt.com/t5/UniFi-Wireless/Grafana-dashboard-for-UniFi-APs-now-available/td-p/1833532). +What if you don't want to deal with SNMP? +Well, here you go. I've replicated 400% of what you see on those SNMP-powered +dashboards with this Go app running on the same mac as my UniFi controller. +All without enabling SNMP nor trying to understand those OIDs. Mad props +to [waterside](https://community.ubnt.com/t5/user/viewprofilepage/user-id/303058) +for making this dashboard; it gave me a fantastic start to making my own dashboards. + +## Operation + +You can control this app with puppet, chef, saltstack, homebrew or a simple bash +script if you needed to. Packages are available for macOS, Linux, FreeBSD and Docker. +It works just fine on [Windows](https://github.com/unifi-poller/unifi-poller/wiki/Windows) too. +Most people prefer Docker, and this app is right at home in that environment. + +## What's it look like? + +There are 12 total dashboards available; the 6 InfluxDB dashboards are very similar +to the 6 Prometheus dashboards. Below you'll find screenshots of the first four dashboards. + +##### Client Dashboard (InfluxDB) + +![UniFi Clients Dashboard Image](https://grafana.com/api/dashboards/10418/images/7540/image) + +##### USG Dashboard (InfluxDB) + +![USG Dashboard Image](https://grafana.com/api/dashboards/10416/images/7543/image) + +##### UAP Dashboard (InfluxDB) + +![UAP Dashboard Image](https://grafana.com/api/dashboards/10415/images/7542/image) + +##### USW / Switch Dashboard (InfluxDB) + +You can drill down into specific sites, switches, and ports. Compare ports in different +sites side-by-side. So easy! This screenshot barely does it justice. +![USW Dashboard Image](https://grafana.com/api/dashboards/10417/images/7544/image) + +## Integrations + +The following fine folks are providing their services, completely free! These service +integrations are used for things like storage, building, compiling, distribution and +documentation support. This project succeeds because of them. Thank you! + +

+ + + + + + + +

+ +## Copyright & License + + + +- Copyright © 2018-2020 David Newhall II. +- See [LICENSE](LICENSE) for license information. diff --git a/blueprints/unifi/update.sh b/blueprints/unifi/update.sh new file mode 100755 index 00000000..a585afab --- /dev/null +++ b/blueprints/unifi/update.sh @@ -0,0 +1,21 @@ +#!/usr/local/bin/bash +# This file contains the update script for unifi +# Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller + +FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") +DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + +# Check to see if there is an update. +# shellcheck disable=SC2154 +if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then + echo "Unifi-Poller is up to date." + exit 1 +else + # Download and install the package + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + iocage exec "${1}" service unifi restart + iocage exec "${1}" service unifi_poller restart +fi + +echo "Update complete!" diff --git a/config.yml.example b/config.yml.example index 55cda37a..89ad6c10 100644 --- a/config.yml.example +++ b/config.yml.example @@ -1,10 +1,10 @@ global: + # Config file syntax version (not same as script version) + version: 1.2 # Relevant dataset paths, please use the ZFS dataset syntax such as: tank/apps dataset: # dataset for internal jail config files config: tank/apps - # Iocage root dataset - iocage: tank/iocage # Media library dataset media: tank/media # Parent downloads dataset @@ -17,78 +17,89 @@ global: # Please use standard space delimited pkg install syntax. pkgs: curl ca_root_nss bash +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false + + lidarr: + blueprint: lidarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + sonarr: + blueprint: sonarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + radarr: + blueprint: radarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + kms: + blueprint: kms + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + jackett: + blueprint: jackett + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + organizr: + blueprint: organizr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + tautulli: + blueprint: tautulli + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + transmission: + blueprint: transmission + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + + nextcloud: + blueprint: nextcloud + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + time_zone: Europe/Amsterdam + host_name: cloud.example.com + db_jail: "mariadb" + admin_password: "PUTYOUROWNADMINPASSWORDHERE" + db_password: "PLEASEALSOPUTYOURPASSWORDHEREADIFFERNTONE" + + mariadb: + blueprint: mariadb + ip4_addr: 192.168.1.98/24 + gateway: 192.168.1.1 + db_root_password: ReplaceThisWithYourOwnRootPAssword + host_name: mariadb.local.example + + bitwarden: + blueprint: bitwarden + ip4_addr: 192.168.1.97/24 + gateway: 192.168.1.1 + db_jail: "mariadb" + db_password: "YourDBPasswordHerePLEASE" + admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" -# Example configuration, showing how to customise network config. -# Ese the same jailname on both sides of this variable example: example -example: example - #interfaces is optional and will be autmatically replace with vnet0:bridge0 if not present - interfaces: vnet0:bridge0 - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - # Jail specific pkgs. - # Please use standard space delimited pkg install syntax. - pkgs: mono - -jackett: jackett - pkgs: mono - -radarr: radarr - pkgs: mono - -sonarr: sonarr - pkgs: mono - -lidarr: lidarr - pkgs: mono - -transmission: transmission - pkgs: bash unzip unrar transmission - -plex: plex - plexpass: false - pkgs: plexmediaserver - -tautulli: tautulli - pkgs: python2 py27-sqlite3 py27-openssl git - -organizr: organizr - pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git - -kms: kms - pkgs: bash py37-tkinter py37-pip py37-sqlite3 git + influxdb: + blueprint: influxdb + ip4_addr: 192.168.1.250/24 + gateway: 192.168.1.1 - -nextcloud: nextcloud - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - time_zone: Europe/Amsterdam - host_name: cloud.example.com - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick perl5 p5-Locale-gettext help2man texinfo m4 autoconf - database: mariadb - standalone_cert: 0 - selfsigned_cert: 0 - dns_cert: 0 - no_cert: 1 - dl_flags: "" - dns_settings: "" - cert_email: "placeholder@holdplace.org" - database: mariadb -# db_database: -# db_user: -# db_password -# db_host - -mariadb: mariadb - ip4_addr: 192.168.1.98/24 - gateway: 192.168.1.1 - pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 - db_root_password: ReplaceThisWithYourOwnRootPAssword - host_name: mariadb.local.example - -bitwarden: bitwarden - ip4_addr: 192.168.1.97/24 - gateway: 192.168.1.1 - pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client - db_password: "YourDBPasswordHerePLEASE" - type: mariadb - admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" + unifi: + blueprint: unifi + ip4_addr: 192.168.1.251/24 + gateway: 192.168.1.1 + unifi_poller: true + db_jail: influxdb + up_db_password: unifi-poller + up_password: upoller diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md new file mode 100644 index 00000000..b42eac40 --- /dev/null +++ b/docs/CONTRIBUTING.md @@ -0,0 +1,90 @@ +# Contribution and Review Guidelines + +This project welcomes any and all input, but we need to have a few quality guidelines. These guidelines will be examplained here, in this document. + +### GIT Guidelines +*** +#### New to GIT + +If you have never used git before, you can look up our general reference on our wiki. + +#### Git and You + +GIT is a fantastic system, but while using it we have a few guidelines to keep it fantastic for everyone. + +* Submit complete PR's. +* Add [DNM] if you do not want your PR merged yet. +* Always try and fill in the whole form, even for small PR's. +* Don't close when a reviewer requests changes (just push the changes or ask for help). +* Explain what you did in your PR. +* Be thorough. +* If you can add screenshots to clarify. +* Always try to add "Fixes #000" (where 000 is the Issue your PR fixes) +* found something you want to fix yourself? Please do make an issue too. + +### Structure Guidelines +*** +#### Naming scheme + +File and folder names are important and making mistakes in them may give conflicts an/or annoyance in the future. Remember, your garbage needs to be cleaned by someone sometime in the future! For that reason, we have a few guidelines in regards to naming files and folder. + +* Always start files and folders WITHOUT a Capital. + +#### Inclusion of files and folders + +Although GIT is quite friendly in what it accepts in terms of files and folder changes in a commit, a reviewer's or bugfixer's time is not unlimited. For that reason, we have a few specific guidelines in regards to the inclusion of files and folders in your PR. + +* Only include files you actually changed. +* Try not to include multiple changes in one PR +* Want to change the formatting of multiple files too? Make a separate PR. + +*Always include the following files when creating a new jail* + +- install.sh +- update.sh +- readme.md +- config.yml + + +### Code Guidelines +*** +#### Your code, your style, my review + +Here at jailman, we value people having their own style. But your code needs to be reviewable and editable by others too. For that reason, we have a few basic coding guidelines + +* **Always** explain regex in a comment within your code. +* Write simple code and don't try to impress. +* We will run (Basic) automated reformating of code once in a while. +* Document your changes in your code and if need be, on the wiki. +* All PR's should be able to pass our automated shellcheck. +* It's okey to add shellcheck ignores, but only AFTER you checked the warning! + +#### jail requirements + +- Jails should always save user-specific data in a persistant location. Which is the location specified in the config.yml file under "config:", which is automatically mounted to every jail under /config. There should be no user specific data in the jail itself +- Jails should not require the user to edit any config file themselves. All config changes should be automated +- Jails should not use default passwords, the user should always be forced(!) to put credentials in config.yml manually + + +### Review Guidelines +*** +Even us review gods need some guidelines once in a while. + +* Let people learn from their mistakes +* Review instead of merging without comments +* Abide by these guidelines in your review +* Tests exist for a reason. Don't merge with test-failures + + + +### Todo vs Feature vs bug: +*** +Please take note of the difference between a TODO and Feature + +* Bug: An unexpected behavior of the script or a crash. Including, but not limited to, errors and warnings. +* Todo: When you come across something that needs tweaking/adding during development, is not an unexpected behavior +* Feature: When you, out of personal preference, want something added or changed. + +### That's it! +*** +Someone will come along and review the changes. If everything looks good then they will merge it with the main repo. If you need any help don't be afraid to ask in the discord channel: [https://discord.gg/tFcTpBp](https://discord.gg/tFcTpBp) diff --git a/docs/ISSUE_TEMPLATE.md b/docs/ISSUE_TEMPLATE.md new file mode 100644 index 00000000..89fb703e --- /dev/null +++ b/docs/ISSUE_TEMPLATE.md @@ -0,0 +1,13 @@ +# Issue Template + +## Description + +### Detailed Bug Report +It helps if you include any relevant code / config (for describing how new features should work), images, gifs, or youtube videos! + +### Steps to Reproduce +Please enter the steps to reproduce the bug or behaviour: + +1. +2. +3. \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATE.md b/docs/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..ed2f76f0 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +# Pull Request Template + +### Purpose +_Describe the problem the PR fixes or the feature it introduces_
+_Don't forget to use "Fixes #issuenumber" to select issues and auto close them on merge_ + +### Notes: +_Please enter any other relevant information here_ + +### Please make sure you have followed the self checks below before submitting a PR: + +- [ ] Code is sufficiently commented +- [ ] Code is indented with tabs and not spaces +- [ ] The PR does not bring up any new errors +- [ ] The PR has been tested +- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) diff --git a/docs/Readme.md b/docs/Readme.md index 6b48c6a6..ca567794 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -5,7 +5,7 @@ --- -[![GitHub last commit](https://img.shields.io/github/last-commit/ornias1993/jailman/dev.svg)](https://github.com/ornias1993/jailman/commits/dev) [![Krihelimeter](http://www.krihelinator.xyz/badge/ornias1993/jailman)](http://www.krihelinator.xyz/repositories/ornias1993/jailman) [![GitHub Release](https://img.shields.io/github/release/ornias1993/jailman.svg)](https://github.com/ornias1993/jailman/releases/latest) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.GPLV2) [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.BSD2) +[![GitHub last commit](https://img.shields.io/github/last-commit/ornias1993/jailman/dev.svg)](https://github.com/ornias1993/jailman/commits/dev) [![GitHub Release](https://img.shields.io/github/release/ornias1993/jailman.svg)](https://github.com/ornias1993/jailman/releases/latest) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.GPLV2) [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.BSD2) ## Intro @@ -48,6 +48,11 @@ Example: Example: `./jailman.sh -r sonarr` +- Update: +`./jailman.sh -u $jailname` +Example: +`./jailman.sh -u sonarr` + - Destroy `./jailman.sh -d $jailname` Example: @@ -72,9 +77,11 @@ Basic means: The same setup as a FreeNAS plugin would've, DHCP on bridge0. - py-kms - nextcloud - bitwarden +- unifi controller #### Backend - mariadb +- influxdb #### Downloads diff --git a/docs/config options.md b/docs/config options.md new file mode 100644 index 00000000..111ba452 --- /dev/null +++ b/docs/config options.md @@ -0,0 +1,48 @@ +## Config Options + +There are a lot of possibly configuration options in config.yml. +For jail specific config options, please see the wiki documentation for your specific jail. This page only list general and global config options, that are the same for every jail. + +## Global config options + +Global options apply to every jail. Use and change with caution. + +### dataset + +All config options under "dataset" change dataset creation and linking. The indentation and "dataset" flag are not optional. +All Datasets are auto-created if they do not exist already, no need to worry about creating them! + +- config: The dataset that is going to contain the persistant data for every jail. For example: Nextcloud user files for nextcloud or the actual database for mariadb. +- iocage: The dataset containing the iocage config. In FreeNAS often `poolname/iocage` +- media: The dataset that is going to contain all media files for plex, Sonarr, Radarr etc. Such as movies and music. Music, Movie etc. sub-datasets are auto-created. +- downloads: The dataset containging temporary download files. These are moved to media when finished. complete, incomplete etc. sub-datasets are auto-created. + +## jails +All config options under "jails" change default jail settings that are the same for every created jail. The indentation and "jails" flag are not optional. +- version: the current to-be-installed version for jails +- pkgs: packages that are installed to all created jails + +## (hidden) Auto created datasets + +Some datasets are auto created and can not be changed from the config file. This is done to ease troubleshooting. + +- `media/music` created as a sub-dataset of media, contains music +- `media/movies` created as a sub-dataset of media, contains movies +- `media/shows` created as a sub-dataset of media, contains tv-shows +- `downloads/complete` created as a sub-dataset of downloads, contains completed downloads +- `downloads/incomplete` created as a sub-dataset of downloads, contains not-yet-completed downloads + +## General config options + +### Networking + +Please be aware that dhcp is not actively supported, many of the jails depend on having a fixed IP-adress in the config file. +Some also depend on other jails having a fixed IP in the config file. Use of DHCP is on your own risk and might not work. + +- ip4_addr: To set a static IP (recommended), enter the desired ip address here. Leave blank (or remove the line) for DHCP. +- gateway: Set the gateway IP for static IP setup. Leave blank (or remove the line) for DHCP. + +### Advanced +- interfaces: Set the "interfaces" flag for iocage. Example: `vnet0:bridge0` (optional) +- dhcp: Set to "on" to force DHCP (not required for DHCP, see above) +- pkgs: Override the to-be-install packages for this jail (might break now or break updates) \ No newline at end of file diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 00000000..f2dbf1aa --- /dev/null +++ b/docs/index.md @@ -0,0 +1,5 @@ +# Introduction +Welcome to Jailam. An open source effort to create an easy management tool for Freenas Jails. + +As this project is in its early stages, this wiki will serve the purpose of providing a foundation and a almost (not) up-to-date scripting reference to the underlying structure of jailman. + diff --git a/docs/jails/jails.md b/docs/jails/jails.md new file mode 100644 index 00000000..9daeafb9 --- /dev/null +++ b/docs/jails/jails.md @@ -0,0 +1 @@ +test diff --git a/docs/migration/v1.1.x to v1.2.x.md b/docs/migration/v1.1.x to v1.2.x.md new file mode 100644 index 00000000..e8e9947c --- /dev/null +++ b/docs/migration/v1.1.x to v1.2.x.md @@ -0,0 +1,61 @@ +## v1.1.x to v1.2.x + +With v1.2 we made it possible to run multiple jails of the same type. +This is done by seperating jails (your individual installs) from blueprints (our designs). + +Due to this change, the config file has been changed and thus you need to adapt your config file. + + +### Jails + +All your jails need to be indented by 2 spaces under a main group "jails" like this: + +` +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false +` + +Also note: +Where previously we used `plex: plex`, we can now just use `plex:` + +### Blueprints + +Every jail now requires a blueprint to be defined. for example: +v1.1.x +` + +plex: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + plexpass: false +` + +In v1.2.x becomes: +` +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false +` + +### Plex + +Due to community feedback in v1.2.x "plexpass" has been renamed to "beta". + +### pkgs + +pkgs are removed from jail config in v1.2.x and are now part of the blueprint. This way we can keep them up-to-date for you. + +### Documentation + +All jails now have wiki documentation pages and all basic jail values have been documented + +### Other changes + +Some other minor changes in config file values have been done, please refer to the example document and compare your config to the example \ No newline at end of file diff --git a/docs/test.md b/docs/test.md new file mode 100644 index 00000000..e440e5c8 --- /dev/null +++ b/docs/test.md @@ -0,0 +1 @@ +3 \ No newline at end of file diff --git a/global.sh b/global.sh index f59ca2b6..262a72f3 100755 --- a/global.sh +++ b/global.sh @@ -3,11 +3,14 @@ # yml Parser function # Based on https://gist.github.com/pkuczynski/8665367 +# +# This function is very picky and complex. Ignore with shellcheck for now. +# shellcheck disable=SC2086,SC2155 parse_yaml() { - local prefix=$2 + local prefix=${2} local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \ - -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 | + -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" "${1}" | awk -F$fs '{ indent = length($1)/2; vname[indent] = $2; @@ -24,14 +27,14 @@ gitupdate() { echo "checking for updates using Branch: $1" git fetch git update-index -q --refresh -CHANGED=$(git diff --name-only origin/$1) -if [ ! -z "$CHANGED" ]; +CHANGED=$(git diff --name-only origin/"$1") +if [ -n "$CHANGED" ]; then echo "script requires update" git reset --hard - git checkout $1 + git checkout "${1}" git pull - echo "script updated" + echo "script updated, please restart the script manually" exit 1 else echo "script up-to-date" @@ -40,12 +43,12 @@ fi jailcreate() { echo "Checking config..." -jailname="${1}" -jailpkgs="${1}_pkgs" -jailinterfaces="${1}_interfaces" -jailip4="${1}_ip4_addr" -jailgateway="${1}_gateway" -jaildhcp="${1}_dhcp" +blueprintpkgs="blueprint_${2}_pkgs" +blueprintports="blueprint_${2}_ports" +jailinterfaces="jail_${1}_interfaces" +jailip4="jail_${1}_ip4_addr" +jailgateway="jail_${1}_gateway" +jaildhcp="jail_${1}_dhcp" setdhcp=${!jaildhcp} if [ -z "${!jailinterfaces}" ]; then @@ -59,38 +62,47 @@ if [ -z "${setdhcp}" ] && [ -z "${!jailip4}" ] && [ -z "${!jailgateway}" ]; then setdhcp="on" fi -if [ -z "${!jailname}" ]; then - echo "ERROR, jail not defined in config.yml" - exit 1 -else - echo "Creating jail for $1" - pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!jailpkgs}")" - echo '{"pkgs":['${pkgs}']}' > /tmp/pkg.json - if [ "${setdhcp}" == "on" ] +echo "Creating jail for $1" +# shellcheck disable=SC2154 +pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!blueprintpkgs}")" +echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json +if [ "${setdhcp}" == "on" ] +then + # shellcheck disable=SC2154 + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b then - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" - then - echo "Failed to create jail" - exit 1 - fi - else - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" - then - echo "Failed to create jail" - exit 1 - fi - + echo "Failed to create jail" + exit 1 fi +else + # shellcheck disable=SC2154 + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b + then + echo "Failed to create jail" + exit 1 + fi +fi + +rm /tmp/pkg.json +echo "creating jail config directory" +# shellcheck disable=SC2154 +createmount "${1}" "${global_dataset_config}" +createmount "${1}" "${global_dataset_config}"/"${1}" /config + +# Create and Mount portsnap +createmount "${1}" "${global_dataset_config}"/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports +if [ "${!blueprintports}" == "true" ] +then + echo "Mounting and fetching ports" + iocage exec "${1}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" +else + echo "Ports not enabled for blueprint, skipping" +fi + +echo "Jail creation completed for ${1}" - rm /tmp/pkg.json - echo "creating jail config directory" - - createmount $1 ${global_dataset_config} - createmount $1 ${global_dataset_config}/$1 /config - - echo "Jail creation completed for $1" -fi - } # $1 = jail name @@ -104,17 +116,17 @@ createmount() { else if [ ! -d "/mnt/$2" ]; then echo "Dataset does not exist... Creating... $2" - zfs create $2 + zfs create "${2}" else echo "Dataset already exists, skipping creation of $2" fi if [ -n "$1" ] && [ -n "$3" ]; then - iocage exec $1 mkdir -p $3 - if [ -n "$4" ]; then - iocage fstab -a $1 /mnt/$2 $3 $4 + iocage exec "${1}" mkdir -p "${3}" + if [ -n "${4}" ]; then + iocage fstab -a "${1}" /mnt/"${2}" "${3}" "${4}" else - iocage fstab -a $1 /mnt/$2 $3 nullfs rw 0 0 + iocage fstab -a "${1}" /mnt/"${2}" "${3}" nullfs rw 0 0 fi else echo "No Jail Name or Mount target specified, not mounting dataset" diff --git a/jailman.sh b/jailman.sh index 57b232cb..0e9c6cd1 100755 --- a/jailman.sh +++ b/jailman.sh @@ -1,15 +1,20 @@ #!/usr/local/bin/bash # Important defines: -export SCRIPT_NAME=$(basename $(test -L "${BASH_SOURCE[0]}" && readlink "${BASH_SOURCE[0]}" || echo "${BASH_SOURCE[0]}")); -export SCRIPT_DIR=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd); +# shellcheck disable=SC2046 +SCRIPT_NAME=$(basename $(test -L "${BASH_SOURCE[0]}" && readlink "${BASH_SOURCE[0]}" || echo "${BASH_SOURCE[0]}")); +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd); +export SCRIPT_NAME +export SCRIPT_DIR + echo "Working directory for jailman.sh is: ${SCRIPT_DIR}" #Includes -source ${SCRIPT_DIR}/global.sh +# shellcheck source=global.sh +source "${SCRIPT_DIR}/global.sh" # Check for root privileges -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "This script must be run with root privileges" exit 1 fi @@ -31,39 +36,50 @@ fi unset -v sub while getopts ":i:r:u:d:g:h" opt do + #Shellcheck on wordsplitting will be disabled. Wordsplitting can't happen, because it's already split using OPTIND. case $opt in i ) installjails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 installjails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; r ) redojails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 redojails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; u ) updatejails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do - updateljails+=($(eval "echo \${$OPTIND}")) + # shellcheck disable=SC2207 + updatejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; d ) destroyjails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do - deletejails+=($(eval "echo \${$OPTIND}")) + # shellcheck disable=SC2207 + destroyjails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; - g ) upgradejails=("$OPTARG") + g ) upgradejails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 upgradejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; - h ) - echo "Usage:" + h ) + echo "Usage:" echo "$0 -i " echo "$0 -r " echo "$0 -u " @@ -72,30 +88,45 @@ while getopts ":i:r:u:d:g:h" opt echo "" echo " -i to install jails, listed by name, space seperated like this: jackett plex sonarr" echo " -r to reinstall jails, listed by name, space seperated like this: jackett plex sonarr" - echo " -u to update jails, listed by name, space seperated like this: jackett plex sonarr" + echo " -u to update jails, listed by name, space seperated like this: jackett plex sonarr" echo " -d to destroy jails, listed by name, space seperated like this: jackett plex sonarrt" echo " -g to upgrade jails, listed by name, space seperated like this: jackett plex sonarr" echo " -h help (this output)" - exit 0 + exit 0 + ;; + ? ) echo "Error: Invalid option was specified -$OPTARG" + exit 0 ;; - ? ) echo "Error: Invalid option was specified -$OPTARG" - exit 0 - ;; esac done +# auto detect iocage install location +global_dataset_iocage=$(zfs get -H -o value mountpoint $(iocage get -p)/iocage) +global_dataset_iocage=${global_dataset_iocage#/mnt/} +export global_dataset_iocage + # Parse the Config YAML -eval $(parse_yaml config.yml) +# shellcheck disable=SC2046 +for configpath in "${SCRIPT_DIR}"/blueprints/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done +eval "$(parse_yaml config.yml)" + +# shellcheck disable=SC2154 +if [ "${global_version}" != "1.2" ]; then + echo "You are using old config.yml synatx." + echo "Please check the wiki for required changes" + exit 1 +fi # Check and Execute requested jail destructions if [ ${#destroyjails[@]} -eq 0 ]; then echo "No jails to destroy" else + # shellcheck disable=SC2124,SC2145 echo "jails to destroy ${destroyjails[@]}" for jail in "${destroyjails[@]}" do echo "destroying $jail" - iocage destroy -f $jail + iocage destroy -f "${jail}" done fi @@ -104,15 +135,22 @@ fi if [ ${#installjails[@]} -eq 0 ]; then echo "No jails to install" else + # shellcheck disable=SC2124,SC2145 echo "jails to install ${installjails[@]}" for jail in "${installjails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Installing $jail" - jailcreate $jail && ${SCRIPT_DIR}/jails/$jail/install.sh + jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/install.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -121,15 +159,22 @@ fi if [ ${#redojails[@]} -eq 0 ]; then echo "No jails to ReInstall" else + # shellcheck disable=SC2124,SC2145 echo "jails to reinstall ${redojails[@]}" for jail in "${redojails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Reinstalling $jail" - iocage destroy -f $jail && jailcreate $jail && ${SCRIPT_DIR}/jails/$jail/install.sh + iocage destroy -f "${jail}" && jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -139,18 +184,25 @@ fi if [ ${#updatejails[@]} -eq 0 ]; then echo "No jails to Update" else + # shellcheck disable=SC2124,SC2145 echo "jails to update ${updatejails[@]}" for jail in "${updatejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Updating $jail" - iocage update $jail - iocage exec $jail "pkg update && pkg upgrade -y" && ${SCRIPT_DIR}/jails/$jail/update.sh - iocage restart $jail - iocage start $jail + iocage update "${jail}" + iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${!blueprint}"/update.sh + iocage restart "${jail}" + iocage start "${jail}" else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -159,14 +211,21 @@ fi if [ ${#upgradejails[@]} -eq 0 ]; then echo "No jails to Upgrade" else + # shellcheck disable=SC2124,SC2145 echo "jails to update ${upgradejails[@]}" for jail in "${upgradejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Currently Upgrading is not yet included in this script." else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Currently Upgrading is not yet included in this script." + exit 1 fi done fi diff --git a/jails/bitwarden/install.sh b/jails/bitwarden/install.sh deleted file mode 100755 index 5a8dffa8..00000000 --- a/jails/bitwarden/install.sh +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for bitwarden - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -INSTALL_TYPE=${bitwarden_type} -DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} mkdir -p /usr/local/share/bitwarden/src -iocage exec ${JAIL_NAME} git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz - -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt" ]; then - echo "certificate exist... Skipping cert generation" -else - "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.key -out /mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt -fi - -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/bitwarden.log" ]; then - echo "Reinstall of Bitwarden detected... using existing config and database" -elif [ "${INSTALL_TYPE}" == "mariadb" ]; then - echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload -else - echo "No config detected, doing clean install." -fi - -iocage exec ${JAIL_NAME} "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -iocage exec ${JAIL_NAME} mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'${DB_STRING}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'${ADMIN_TOKEN}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} sysrc "bitwarden_enable=YES" -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden install." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/bitwarden/update.sh b/jails/bitwarden/update.sh deleted file mode 100755 index 746df014..00000000 --- a/jails/bitwarden/update.sh +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for bitwarden -# Due to it being build from scratch or downloaded directly to execution dir, -# Update for Bitwarden is pretty similair to installation - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -INSTALL_TYPE=${bitwarden_type} -DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -iocage exec ${JAIL_NAME} service bitwarden stop - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src fetch" -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz - -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'${DB_STRING}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'${ADMIN_TOKEN}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden update." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/jackett/install.sh b/jails/jackett/install.sh deleted file mode 100755 index 3af8a978..00000000 --- a/jails/jackett/install.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for jackett - -iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono -iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" -iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" -iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz -iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -iocage exec jackett mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/jackett/includes/jackett.rc /mnt/${global_dataset_iocage}/jails/jackett/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett sysrc "jackett_enable=YES" -iocage exec jackett service jackett restart diff --git a/jails/jackett/update.sh b/jails/jackett/update.sh deleted file mode 100755 index df7d983e..00000000 --- a/jails/jackett/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for jackett - -iocage exec jackett service jackett stop -#TODO insert code to update jacket itself here -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -cp ${SCRIPT_DIR}/jails/test10/includes/jackett.rc /mnt/${global_dataset_iocage}/jails/test10/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett service jackett restart diff --git a/jails/kms/install.sh b/jails/kms/install.sh deleted file mode 100755 index 6e8148c0..00000000 --- a/jails/kms/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for KMS - - -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -iocage exec kms mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/kms/includes/py_kms.rc /mnt/${global_dataset_iocage}/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms sysrc "py_kms_enable=YES" -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/kms/update.sh b/jails/kms/update.sh deleted file mode 100755 index 0f556a5e..00000000 --- a/jails/kms/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for KMS - -iocage exec kms service py_kms stop -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -cp ${SCRIPT_DIR}/jails/kms/includes/py_kms.rc /mnt/${global_dataset_iocage}/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/lidarr/install.sh b/jails/lidarr/install.sh deleted file mode 100755 index 8fe19d76..00000000 --- a/jails/lidarr/install.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for lidarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount lidarr ${global_dataset_downloads} -createmount lidarr ${global_dataset_downloads}/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -createmount lidarr ${global_dataset_media} -createmount lidarr ${global_dataset_media}/music /mnt/music - - -iocage exec lidarr ln -s /usr/local/bin/mono /usr/bin/mono -iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" -iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" -iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" -iocage exec lidarr "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/Lidarr /config -iocage exec lidarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/lidarr/includes/lidarr.rc /mnt/${global_dataset_iocage}/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr sysrc "lidarr_enable=YES" -iocage exec lidarr service lidarr start \ No newline at end of file diff --git a/jails/lidarr/update.sh b/jails/lidarr/update.sh deleted file mode 100755 index f85fefbe..00000000 --- a/jails/lidarr/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for lidarr - -iocage exec lidarr service lidarr stop -#TODO insert code to update lidarr itself here -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/lidarr /config -cp ${SCRIPT_DIR}/jails/lidarr/includes/lidarr.rc /mnt/${global_dataset_iocage}/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr service lidarr restart \ No newline at end of file diff --git a/jails/mariadb/install.sh b/jails/mariadb/install.sh deleted file mode 100755 index 6c9d9e7d..00000000 --- a/jails/mariadb/install.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Mariadb and PhpMyAdmin into a created jail -##### -# -# Init and Mounts -# -##### - -# Initialise defaults -JAIL_NAME="mariadb" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" -CERT_EMAIL=${mariadb_cert_email} -DB_ROOT_PASSWORD=${mariadb_db_root_password} -DB_NAME="MariaDB" -DL_FLAGS="" - -# Check that necessary variables were set by nextcloud-config -if [ -z "${mariadb_ip4_addr}" ]; then - echo 'Configuration error: The mariadb jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke - -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/db")" ]; then - echo "Reinstall of mariadb detected... Continuing" - REINSTALL="true" -fi - -# Mount database dataset and set zfs preferences -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/db /var/db/mysql -zfs set recordsize=16K ${global_dataset_config}/${JAIL_NAME}/db -zfs set primarycache=metadata ${global_dataset_config}/${JAIL_NAME}/db - -iocage exec "${JAIL_NAME}" chown -R 88:88 /var/db/mysql - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec "${JAIL_NAME}" mkdir -p /usr/local/www/phpmyadmin -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/phpmyadmin - -##### -# -# Install mariadb, Caddy and PhpMyAdmin -# -##### - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc mysql_enable="YES" - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" -sleep 10 - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - iocage exec "${JAIL_NAME}" mysql -u root -e "DROP DATABASE IF EXISTS test;" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" - iocage exec "${JAIL_NAME}" mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('${DB_ROOT_PASSWORD}') WHERE User='root';" - iocage exec "${JAIL_NAME}" mysqladmin reload -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my.cnf /root/.my.cnf -iocage exec "${JAIL_NAME}" sed -i '' "s|mypassword|${DB_ROOT_PASSWORD}|" /root/.my.cnf - -# Save passwords for later reference -iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -echo "Using your web browser, go to http://${mariadb_host_name} to log in" - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - echo "Database Information" - echo "--------------------" - echo "The ${DB_NAME} root password is ${DB_ROOT_PASSWORD}" - fi -echo "" -echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" diff --git a/jails/mariadb/update.sh b/jails/mariadb/update.sh deleted file mode 100755 index 2cb9fe25..00000000 --- a/jails/mariadb/update.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for mariadb - -JAIL_NAME="mariadb" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec ${JAIL_NAME} service caddy stop -iocage exec ${JAIL_NAME} service php-fpm stop - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec ${JAIL_NAME} service caddy start -iocage exec ${JAIL_NAME} service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh deleted file mode 100755 index 73738743..00000000 --- a/jails/nextcloud/install.sh +++ /dev/null @@ -1,350 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Nextcloud into a create jail -# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud - - -# Initialise defaults -JAIL_NAME="nextcloud" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${nextcloud_ip4_addr}" )" -DATABASE="$nextcloud_database" -INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes" -STANDALONE_CERT=${nextcloud_standalone_cert} -SELFSIGNED_CERT=${nextcloud_selfsigned_cert} -DNS_CERT=${nextcloud_dns_cert} -NO_CERT=${nextcloud_no_cert} -DL_FLAGS=${nextcloud_dl_flags} -DNS_SETTING=${nextcloud_dns_settings} -CERT_EMAIL=${nextcloud_cert_email} -HOST_NAME=${nextcloud_host_name} - -# Only generate new DB passwords when using buildin database -# Set DB username and database to fixed "nextcloud" - -if [ "${DATABASE}" = "pgsql-external" ]; then - DB_NAME="PostgreSQL" - DB_HOST="${nextcloud_db_host}" - DB_DATABASE="${nextcloud_db_database}" - DB_USER="${nextcloud_db_user}" - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-external" ]; then - DB_NAME="MariaDB" - DB_HOST="${nextcloud_db_host}" - DB_DATABASE="${nextcloud_db_database}" - DB_USER="${nextcloud_db_user}" - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-jail" ]; then - DB_DATABASE="nextcloud" - DB_USER="nextcloud" - DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" - DB_PASSWORD="${nextcloud_db_password}" -else - echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:" - echo "mariadb-jail, mariadb-external, pgsql-external" - exit 1 -fi - - -ADMIN_PASSWORD=$(openssl rand -base64 12) - -##### -# -# Input Sanity Check -# -##### - - -# Check that necessary variables were set by nextcloud-config -if [ -z "${nextcloud_ip4_addr}" ]; then - echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -if [ -z "${DB_PASSWORD}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database password' - echo 'Please reinstall with a defifined: db_password' - exit 1 -fi - -if [ -z "${DB_USER}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database user' - echo 'Please reinstall with a defifined: db_user' - exit 1 -fi - -if [ -z "${DB_HOST}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database host' - echo 'Please reinstall with a defifined: db_host' - exit 1 -fi - -if [ -z "${DB_DATABASE}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database name' - echo 'Please reinstall with a defifined: db_database' - exit 1 -fi - -if [ -z "${nextcloud_time_zone}" ]; then - echo 'Configuration error: TIME_ZONE must be set' - exit 1 -fi -if [ -z "${HOST_NAME}" ]; then - echo 'Configuration error: HOST_NAME must be set' - exit 1 -fi -if [ $STANDALONE_CERT -eq 0 ] && [ $DNS_CERT -eq 0 ] && [ $NO_CERT -eq 0 ] && [ $SELFSIGNED_CERT -eq 0 ]; then - echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,' - echo 'or SELFSIGNED_CERT must be set to 1.' - exit 1 -fi -if [ $STANDALONE_CERT -eq 1 ] && [ $DNS_CERT -eq 1 ] ; then - echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT' - echo 'may be set to 1.' - exit 1 -fi - -if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then - echo "DNS_PLUGIN must be set to a supported DNS provider." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." - echo "Be sure to omit the prefix of \"tls.dns.\"." - exit 1 -fi -if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_ENV}" ] ; then - echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." - exit 1 -fi - -if [ $DNS_CERT -eq 1 ] ; then - DL_FLAGS="tls.dns.${DNS_PLUGIN}" - DNS_SETTING="dns ${DNS_PLUGIN}" -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then - echo "Reinstall of Nextcloud detected... " - echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing" - REINSTALL="true" -fi - - -##### - # -# Fstab And Mounts -# -##### - -# Create and Mount portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap/db /var/db/portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap/ports /usr/ports - -# Create and Mount Nextcloud, Config and Files -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/config /usr/local/www/nextcloud/config -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/files /config/files - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec "${JAIL_NAME}" chown -R www:www /config/files -iocage exec "${JAIL_NAME}" chmod -R 770 /config/files - - -##### -# -# Basic dependency install -# -##### - -iocage exec "${JAIL_NAME}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" - -if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli -elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql -fi - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc redis_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" - - -##### -# -# Install Nextcloud -# -##### - -FILE="latest-18.tar.bz2" -if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc -then - echo "Failed to download Nextcloud" - exit 1 -fi -iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc -if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc -then - echo "GPG Signature Verification Failed!" - echo "The Nextcloud download is corrupt." - exit 1 -fi -iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/ - - -# Generate and install self-signed cert, if necessary -if [ $SELFSIGNED_CERT -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then - echo "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem -fi - -# Copy and edit pre-written config files -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ -if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/ -fi -if [ $NO_CERT -eq 1 ]; then - echo "Copying Caddyfile for no SSL" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile -elif [ $SELFSIGNED_CERT -eq 1 ]; then - echo "Copying Caddyfile for self-signed cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile -else - echo "Copying Caddyfile for Let's Encrypt cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/ -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ - - -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${nextcloud_time_zone}|" /usr/local/etc/php.ini - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - if [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload - fi - - - # Save passwords for later reference - iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - - # CLI installation and configuration of Nextcloud - if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" - elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' - if [ $NO_CERT -eq 1 ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\"" - else - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' - -fi - -iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' -iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -if [ $NO_CERT -eq 1 ]; then - echo "Using your web browser, go to http://${HOST_NAME} to log in" -else - echo "Using your web browser, go to https://${HOST_NAME} to log in" -fi - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - - echo "Default user is admin, password is ${ADMIN_PASSWORD}" - echo "" - - echo "Database Information" - echo "--------------------" - echo "Database user = ${DB_USER}" - echo "Database password = ${DB_PASSWORD}" - echo "" - echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" -fi - -echo "" -if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then - echo "You have obtained your Let's Encrypt certificate using the staging server." - echo "This certificate will not be trusted by your browser and will cause SSL errors" - echo "when you connect. Once you've verified that everything else is working" - echo "correctly, you should issue a trusted certificate. To do this, run:" - echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh" - echo "" -elif [ $SELFSIGNED_CERT -eq 1 ]; then - echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" - echo "installation. This certificate will not be trusted by your browser and" - echo "will cause SSL errors when you connect. If you wish to replace this certificate" - echo "with one obtained elsewhere, the private key is located at:" - echo "/config/ssl/privkey.pem" - echo "The full chain (server + intermediate certificates together) is at:" - echo "/config/ssl/fullchain.pem" - echo "" -fi - diff --git a/jails/organizr/install.sh b/jails/organizr/install.sh deleted file mode 100755 index 4f5e55ed..00000000 --- a/jails/organizr/install.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Organizr - -iocage exec organizr sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini -mv /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak -cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf -cp -Rf ${SCRIPT_DIR}/jails/organizr/includes/custom /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/custom - -if [ ! -d "/mnt/${global_dataset_config}/organizr/ssl" ]; then - echo "cert folder doesn't exist... creating..." - iocage exec organizr mkdir /config/ssl -fi - -if [ -f "/mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt" ]; then - echo "certificate exists... Skipping cert generation" -else - echo "No ssl certificate present, generating self signed certificate" - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.key -out /mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt -fi - -iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php -iocage exec organizr sysrc nginx_enable=YES -iocage exec organizr sysrc php_fpm_enable=YES -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start diff --git a/jails/organizr/update.sh b/jails/organizr/update.sh deleted file mode 100755 index 173c47e9..00000000 --- a/jails/organizr/update.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Organizr - - -iocage exec organizr service nginx stop -iocage exec organizr service php-fpm stop -# TODO setup cli update for Organizr here. -cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf -iocage exec organizr "cd /usr/local/www/Organizr && git pull" -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start \ No newline at end of file diff --git a/jails/plex/install.sh b/jails/plex/install.sh deleted file mode 100755 index e5bc94ba..00000000 --- a/jails/plex/install.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for plex - -iocage exec plex mkdir -p /usr/local/etc/pkg/repos - - -# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. -cp ${SCRIPT_DIR}/jails/plex/includes/FreeBSD.conf /mnt/${global_dataset_iocage}/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf - - -# Check if datasets for media librarys exist, create them if they do not. -createmount plex ${global_dataset_media} /mnt/media -createmount plex ${global_dataset_media}/movies /mnt/media/movies -createmount plex ${global_dataset_media}/music /mnt/media/music -createmount plex ${global_dataset_media}/shows /mnt/media/shows - - -iocage exec plex chown -R plex:plex /config - -# Force update pkg to get latest plex version -iocage exec plex pkg update -iocage exec plex pkg upgrade -y - -# Run different install procedures depending on Plex vs Plexpass -if [ "$plex_plexpass" == "true" ]; then - echo "plexpass enabled in config.yml... using plexpass for install" - iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES" - iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart -else - echo "plexpass disabled in config.yml... NOT using plexpass for install" - iocage exec plex sysrc "plexmediaserver_enable=YES" - iocage exec plex sysrc plexmediaserver_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart -fi - -echo "Finished installing plex" \ No newline at end of file diff --git a/jails/plex/readme.md b/jails/plex/readme.md deleted file mode 100755 index 2cac133d..00000000 --- a/jails/plex/readme.md +++ /dev/null @@ -1,7 +0,0 @@ -# Plex - -For more information about plex, please see the Plex website: - -# Original plex install script guide - -https://www.ixsystems.com/community/resources/fn11-3-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.58/ \ No newline at end of file diff --git a/jails/plex/update.sh b/jails/plex/update.sh deleted file mode 100755 index 4f1d62c5..00000000 --- a/jails/plex/update.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Plex - -# Run different update procedures depending on Plex vs Plexpass -if [ "$plex_plexpass" == "true" ]; then - echo "plexpass enabled in config.yml... using plexpass for update..." - iocage exec plex service plexmediaserver_plexpass stop - # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart -else - echo "plexpass disabled in config.yml... NOT using plexpass for update..." - iocage exec plex service plexmediaserver stop - # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart -fi - - - - - diff --git a/jails/radarr/install.sh b/jails/radarr/install.sh deleted file mode 100755 index 1d71fb94..00000000 --- a/jails/radarr/install.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for radarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount radarr ${global_dataset_downloads} -createmount radarr ${global_dataset_downloads}/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -createmount radarr ${global_dataset_media} -createmount radarr ${global_dataset_media}/movies /mnt/movies - -iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono -iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" -iocage exec radarr "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" -iocage exec radarr rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -iocage exec radarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/radarr/includes/radarr.rc /mnt/${global_dataset_iocage}/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr sysrc "radarr_enable=YES" -iocage exec radarr service radarr restart \ No newline at end of file diff --git a/jails/radarr/update.sh b/jails/radarr/update.sh deleted file mode 100755 index 9b3afca0..00000000 --- a/jails/radarr/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for radarr - -iocage exec radarr service radarr stop -#TODO insert code to update radarr itself here -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -cp ${SCRIPT_DIR}/jails/radarr/includes/radarr.rc /mnt/${global_dataset_iocage}/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr service radarr restart \ No newline at end of file diff --git a/jails/sonarr/install.sh b/jails/sonarr/install.sh deleted file mode 100755 index 7e28487a..00000000 --- a/jails/sonarr/install.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for sonarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount sonarr ${global_dataset_downloads} -createmount sonarr ${global_dataset_downloads}/complete /mnt/fetched - -# Check if dataset for media library and the dataset for tv shows exist, create if they do not. -createmount sonarr ${global_dataset_media} -createmount sonarr ${global_dataset_media}/shows /mnt/shows - -iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono -iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" -iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" -iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz -iocage exec sonarr "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -iocage exec sonarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/sonarr/includes/sonarr.rc /mnt/${global_dataset_iocage}/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr sysrc "sonarr_enable=YES" -iocage exec sonarr service sonarr restart \ No newline at end of file diff --git a/jails/sonarr/update.sh b/jails/sonarr/update.sh deleted file mode 100755 index 7774c866..00000000 --- a/jails/sonarr/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for sonarr - -iocage exec sonarr service sonarr stop -#TODO insert code to update sonarr itself here -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -cp ${SCRIPT_DIR}/jails/sonarr/includes/sonarr.rc /mnt/${global_dataset_iocage}/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr service sonarr restart \ No newline at end of file diff --git a/jails/tautulli/install.sh b/jails/tautulli/install.sh deleted file mode 100755 index eee596bb..00000000 --- a/jails/tautulli/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Tautulli - - -iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli -iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli sysrc "tautulli_enable=YES" -iocage exec tautulli sysrc "tautulli_flags=--datadir /config" -iocage exec tautulli service tautulli start \ No newline at end of file diff --git a/jails/tautulli/update.sh b/jails/tautulli/update.sh deleted file mode 100755 index 52c00a18..00000000 --- a/jails/tautulli/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Tautulli - -iocage exec tautulli service tautulli stop -# Tautulli is updated through pkg, this is mostly just a placeholder -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli service tautulli restart \ No newline at end of file diff --git a/jails/transmission/install.sh b/jails/transmission/install.sh deleted file mode 100755 index f2af7b55..00000000 --- a/jails/transmission/install.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for transmission - -# Check if dataset Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads} /mnt/downloads - -# Check if dataset Complete Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads}/complete /mnt/downloads/complete - -# Check if dataset InComplete Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads}/incomplete /mnt/downloads/incomplete - - -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission sysrc "transmission_enable=YES" -iocage exec transmission sysrc "transmission_conf_dir=/config" -iocage exec transmission sysrc "transmission_download_dir=/mnt/downloads/complete" -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/jails/transmission/update.sh b/jails/transmission/update.sh deleted file mode 100755 index a0c0e40b..00000000 --- a/jails/transmission/update.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for transmission - -iocage exec transmission service transmission stop -# Transmision is updated during PKG update, this file is mostly just a placeholder -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 00000000..8bccf8b0 --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,23 @@ +# Project Information +site_name: JailMan +site_description: 'Project Design and Documentation for development' +site_author: 'Ornias1993' +site_url: 'https://ornias1993.github.io/jailman/' + +# Repository +repo_name: 'ornias1993/jailman' +repo_url: 'https://github.com/Ornias1993/jailman/' +edit_uri: 'edit/dev/docs/' + +theme: + name: 'material' + features: + - tabs + language: 'en' + +markdown_extensions: + - admonition + - codehilite: + guess_lang: false + - toc: + permalink: true \ No newline at end of file diff --git a/wiki/Home.md b/wiki/Home.md deleted file mode 100644 index ae97c2b6..00000000 --- a/wiki/Home.md +++ /dev/null @@ -1,3 +0,0 @@ -Welcome to the jailman wiki! - -This wiki is automatically generated from the .md files located in either the /wiki or the /jails// directories. diff --git a/wiki/test.md b/wiki/test.md deleted file mode 100644 index 45c0a5a8..00000000 --- a/wiki/test.md +++ /dev/null @@ -1 +0,0 @@ -wiki test placeholder