From 8721fcb2780b687669b3772e3283aebf0a8688b7 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Sat, 14 Mar 2020 00:00:50 +0100 Subject: [PATCH 01/29] placeholder, dev wipe --- placeholder | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 placeholder diff --git a/placeholder b/placeholder new file mode 100644 index 00000000..e69de29b From a1cdb585f2be51bee087cc88f559b355ba8a0ce1 Mon Sep 17 00:00:00 2001 From: Matt Coleman Date: Mon, 6 Apr 2020 08:00:13 -0400 Subject: [PATCH 02/29] Add InfluxDB (#45) Add influxDB jail Co-authored-by: colemamd --- config.yml.example | 8 +- jails/influxdb/includes/influxdb.conf | 586 ++++++++++++++++++++++++++ jails/influxdb/install.sh | 46 ++ jails/influxdb/readme.md | 262 ++++++++++++ jails/influxdb/update.sh | 6 + 5 files changed, 907 insertions(+), 1 deletion(-) create mode 100644 jails/influxdb/includes/influxdb.conf create mode 100755 jails/influxdb/install.sh create mode 100644 jails/influxdb/readme.md create mode 100644 jails/influxdb/update.sh diff --git a/config.yml.example b/config.yml.example index 55cda37a..f3404be2 100644 --- a/config.yml.example +++ b/config.yml.example @@ -19,7 +19,7 @@ global: # Example configuration, showing how to customise network config. -# Ese the same jailname on both sides of this variable example: example +# Use the same jailname on both sides of this variable example: example example: example #interfaces is optional and will be autmatically replace with vnet0:bridge0 if not present interfaces: vnet0:bridge0 @@ -92,3 +92,9 @@ bitwarden: bitwarden db_password: "YourDBPasswordHerePLEASE" type: mariadb admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" + +influxdb: influxdb + ip4_addr: 192.168.1.250/24 + gateway: 192.168.1.1 + pkgs: influxdb + database: influxdb diff --git a/jails/influxdb/includes/influxdb.conf b/jails/influxdb/includes/influxdb.conf new file mode 100644 index 00000000..ad9533b0 --- /dev/null +++ b/jails/influxdb/includes/influxdb.conf @@ -0,0 +1,586 @@ +### Welcome to the InfluxDB configuration file. + +# The values in this file override the default values used by the system if +# a config option is not specified. The commented out lines are the configuration +# field and the default value used. Uncommenting a line and changing the value +# will change the value used at runtime when the process is restarted. + +# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com +# The data includes a random ID, os, arch, version, the number of series and other +# usage data. No data from user databases is ever transmitted. +# Change this option to true to disable reporting. +# reporting-disabled = false + +# Bind address to use for the RPC service for backup and restore. +# bind-address = "127.0.0.1:8088" + +### +### [meta] +### +### Controls the parameters for the Raft consensus group that stores metadata +### about the InfluxDB cluster. +### + +[meta] + # Where the metadata/raft database is stored + dir = "/config/influxdb/database/meta" + + # Automatically create a default retention policy when creating a database. + # retention-autocreate = true + + # If log messages are printed for the meta service + # logging-enabled = true + +### +### [data] +### +### Controls where the actual shard data for InfluxDB lives and how it is +### flushed from the WAL. "dir" may need to be changed to a suitable place +### for your system, but the WAL settings are an advanced configuration. The +### defaults should work for most systems. +### + +[data] + # The directory where the TSM storage engine stores TSM files. + dir = "/config/influxdb/database/data" + + # The directory where the TSM storage engine stores WAL files. + wal-dir = "/config/influxdb/database/wal" + + # The amount of time that a write will wait before fsyncing. A duration + # greater than 0 can be used to batch up multiple fsync calls. This is useful for slower + # disks or when WAL write contention is seen. A value of 0s fsyncs every write to the WAL. + # Values in the range of 0-100ms are recommended for non-SSD disks. + # wal-fsync-delay = "0s" + + + # The type of shard index to use for new shards. The default is an in-memory index that is + # recreated at startup. A value of "tsi1" will use a disk based index that supports higher + # cardinality datasets. + # index-version = "inmem" + + # Trace logging provides more verbose output around the tsm engine. Turning + # this on can provide more useful output for debugging tsm engine issues. + # trace-logging-enabled = false + + # Whether queries should be logged before execution. Very useful for troubleshooting, but will + # log any sensitive data contained within a query. + # query-log-enabled = true + + # Validates incoming writes to ensure keys only have valid unicode characters. + # This setting will incur a small overhead because every key must be checked. + # validate-keys = false + + # Settings for the TSM engine + + # CacheMaxMemorySize is the maximum size a shard's cache can + # reach before it starts rejecting writes. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-max-memory-size = "1g" + + # CacheSnapshotMemorySize is the size at which the engine will + # snapshot the cache and write it to a TSM file, freeing up memory + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-snapshot-memory-size = "25m" + + # CacheSnapshotWriteColdDuration is the length of time at + # which the engine will snapshot the cache and write it to + # a new TSM file if the shard hasn't received writes or deletes + # cache-snapshot-write-cold-duration = "10m" + + # CompactFullWriteColdDuration is the duration at which the engine + # will compact all TSM files in a shard if it hasn't received a + # write or delete + # compact-full-write-cold-duration = "4h" + + # The maximum number of concurrent full and level compactions that can run at one time. A + # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime. Any number greater + # than 0 limits compactions to that value. This setting does not apply + # to cache snapshotting. + # max-concurrent-compactions = 0 + + # CompactThroughput is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. Note that short bursts are allowed + # to happen at a possibly larger value, set by CompactThroughputBurst + # compact-throughput = "48m" + + # CompactThroughputBurst is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. + # compact-throughput-burst = "48m" + + # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to + # TSM files. This setting has been found to be problematic on some kernels, and defaults to off. + # It might help users who have slow disks in some cases. + # tsm-use-madv-willneed = false + + # Settings for the inmem index + + # The maximum series allowed per database before writes are dropped. This limit can prevent + # high cardinality issues at the database level. This limit can be disabled by setting it to + # 0. + # max-series-per-database = 1000000 + + # The maximum number of tag values per tag that are allowed before writes are dropped. This limit + # can prevent high cardinality tag values from being written to a measurement. This limit can be + # disabled by setting it to 0. + # max-values-per-tag = 100000 + + # Settings for the tsi1 index + + # The threshold, in bytes, when an index write-ahead log file will compact + # into an index file. Lower sizes will cause log files to be compacted more + # quickly and result in lower heap usage at the expense of write throughput. + # Higher sizes will be compacted less frequently, store more series in-memory, + # and provide higher write throughput. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # max-index-log-file-size = "1m" + + # The size of the internal cache used in the TSI index to store previously + # calculated series results. Cached results will be returned quickly from the cache rather + # than needing to be recalculated when a subsequent query with a matching tag key/value + # predicate is executed. Setting this value to 0 will disable the cache, which may + # lead to query performance issues. + # This value should only be increased if it is known that the set of regularly used + # tag key/value predicates across all measurements for a database is larger than 100. An + # increase in cache size may lead to an increase in heap usage. + series-id-set-cache-size = 100 + +### +### [coordinator] +### +### Controls the clustering service configuration. +### + +[coordinator] + # The default time a write request will wait until a "timeout" error is returned to the caller. + # write-timeout = "10s" + + # The maximum number of concurrent queries allowed to be executing at one time. If a query is + # executed and exceeds this limit, an error is returned to the caller. This limit can be disabled + # by setting it to 0. + # max-concurrent-queries = 0 + + # The maximum time a query will is allowed to execute before being killed by the system. This limit + # can help prevent run away queries. Setting the value to 0 disables the limit. + # query-timeout = "0s" + + # The time threshold when a query will be logged as a slow query. This limit can be set to help + # discover slow or resource intensive queries. Setting the value to 0 disables the slow query logging. + # log-queries-after = "0s" + + # The maximum number of points a SELECT can process. A value of 0 will make + # the maximum point count unlimited. This will only be checked every second so queries will not + # be aborted immediately when hitting the limit. + # max-select-point = 0 + + # The maximum number of series a SELECT can run. A value of 0 will make the maximum series + # count unlimited. + # max-select-series = 0 + + # The maximum number of group by time bucket a SELECT can create. A value of zero will max the maximum + # number of buckets unlimited. + # max-select-buckets = 0 + +### +### [retention] +### +### Controls the enforcement of retention policies for evicting old data. +### + +[retention] + # Determines whether retention policy enforcement enabled. + # enabled = true + + # The interval of time when retention policy enforcement checks run. + # check-interval = "30m" + +### +### [shard-precreation] +### +### Controls the precreation of shards, so they are available before data arrives. +### Only shards that, after creation, will have both a start- and end-time in the +### future, will ever be created. Shards are never precreated that would be wholly +### or partially in the past. + +[shard-precreation] + # Determines whether shard pre-creation service is enabled. + # enabled = true + + # The interval of time when the check to pre-create new shards runs. + # check-interval = "10m" + + # The default period ahead of the endtime of a shard group that its successor + # group is created. + # advance-period = "30m" + +### +### Controls the system self-monitoring, statistics and diagnostics. +### +### The internal database for monitoring data is created automatically if +### if it does not already exist. The target retention within this database +### is called 'monitor' and is also created with a retention period of 7 days +### and a replication factor of 1, if it does not exist. In all cases the +### this retention policy is configured as the default for the database. + +[monitor] + # Whether to record statistics internally. + # store-enabled = true + + # The destination database for recorded statistics + # store-database = "_internal" + + # The interval at which to record statistics + # store-interval = "10s" + +### +### [http] +### +### Controls how the HTTP endpoints are configured. These are the primary +### mechanism for getting data into and out of InfluxDB. +### + +[http] + # Determines whether HTTP endpoint is enabled. + # enabled = true + + # Determines whether the Flux query endpoint is enabled. + # flux-enabled = false + + # Determines whether the Flux query logging is enabled. + # flux-log-enabled = false + + # The bind address used by the HTTP service. + # bind-address = ":8086" + + # Determines whether user authentication is enabled over HTTP/HTTPS. + # auth-enabled = false + + # The default realm sent back when issuing a basic auth challenge. + # realm = "InfluxDB" + + # Determines whether HTTP request logging is enabled. + # log-enabled = true + + # Determines whether the HTTP write request logs should be suppressed when the log is enabled. + # suppress-write-log = false + + # When HTTP request logging is enabled, this option specifies the path where + # log entries should be written. If unspecified, the default is to write to stderr, which + # intermingles HTTP logs with internal InfluxDB logging. + # + # If influxd is unable to access the specified path, it will log an error and fall back to writing + # the request log to stderr. + # access-log-path = "" + + # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is + # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx. + # If multiple filters are used, then only one has to match. The default is to have no filters which + # will cause every request to be printed. + # access-log-status-filters = [] + + # Determines whether detailed write logging is enabled. + # write-tracing = false + + # Determines whether the pprof endpoint is enabled. This endpoint is used for + # troubleshooting and monitoring. + # pprof-enabled = true + + # Enables authentication on pprof endpoints. Users will need admin permissions + # to access the pprof endpoints when this setting is enabled. This setting has + # no effect if either auth-enabled or pprof-enabled are set to false. + # pprof-auth-enabled = false + + # Enables a pprof endpoint that binds to localhost:6060 immediately on startup. + # This is only needed to debug startup issues. + # debug-pprof-enabled = false + + # Enables authentication on the /ping, /metrics, and deprecated /status + # endpoints. This setting has no effect if auth-enabled is set to false. + # ping-auth-enabled = false + + # Determines whether HTTPS is enabled. + # https-enabled = false + + # The SSL certificate to use when HTTPS is enabled. + # https-certificate = "/config/ssl/influxdb.pem" + + # Use a separate private key location. + # https-private-key = "" + + # The JWT auth shared secret to validate requests using JSON web tokens. + # shared-secret = "" + + # The default chunk size for result sets that should be chunked. + # max-row-limit = 0 + + # The maximum number of HTTP connections that may be open at once. New connections that + # would exceed this limit are dropped. Setting this value to 0 disables the limit. + # max-connection-limit = 0 + + # Enable http service over unix domain socket + # unix-socket-enabled = false + + # The path of the unix domain socket. + # bind-socket = "/var/run/influxdb.sock" + + # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit. + # max-body-size = 25000000 + + # The maximum number of writes processed concurrently. + # Setting this to 0 disables the limit. + # max-concurrent-write-limit = 0 + + # The maximum number of writes queued for processing. + # Setting this to 0 disables the limit. + # max-enqueued-write-limit = 0 + + # The maximum duration for a write to wait in the queue to be processed. + # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit. + # enqueued-write-timeout = 0 + +### +### [logging] +### +### Controls how the logger emits logs to the output. +### + +[logging] + # Determines which log encoder to use for logs. Available options + # are auto, logfmt, and json. auto will use a more a more user-friendly + # output format if the output terminal is a TTY, but the format is not as + # easily machine-readable. When the output is a non-TTY, auto will use + # logfmt. + # format = "auto" + + # Determines which level of logs will be emitted. The available levels + # are error, warn, info, and debug. Logs that are equal to or above the + # specified level will be emitted. + # level = "info" + + # Suppresses the logo output that is printed when the program is started. + # The logo is always suppressed if STDOUT is not a TTY. + # suppress-logo = false + +### +### [subscriber] +### +### Controls the subscriptions, which can be used to fork a copy of all data +### received by the InfluxDB host. +### + +[subscriber] + # Determines whether the subscriber service is enabled. + # enabled = true + + # The default timeout for HTTP writes to subscribers. + # http-timeout = "30s" + + # Allows insecure HTTPS connections to subscribers. This is useful when testing with self- + # signed certificates. + # insecure-skip-verify = false + + # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used + # ca-certs = "" + + # The number of writer goroutines processing the write channel. + # write-concurrency = 40 + + # The number of in-flight writes buffered in the write channel. + # write-buffer-size = 1000 + + +### +### [[graphite]] +### +### Controls one or many listeners for Graphite data. +### + +[[graphite]] + # Determines whether the graphite endpoint is enabled. + # enabled = false + # database = "graphite" + # retention-policy = "" + # bind-address = ":2003" + # protocol = "tcp" + # consistency-level = "one" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # udp-read-buffer = 0 + + ### This string joins multiple matching 'measurement' values providing more control over the final measurement name. + # separator = "." + + ### Default tags that will be added to all metrics. These can be overridden at the template level + ### or by tags extracted from metric + # tags = ["region=us-east", "zone=1c"] + + ### Each template line requires a template pattern. It can have an optional + ### filter before the template and separated by spaces. It can also have optional extra + ### tags following the template. Multiple tags should be separated by commas and no spaces + ### similar to the line protocol format. There can be only one default template. + # templates = [ + # "*.app env.service.resource.measurement", + # # Default template + # "server.*", + # ] + +### +### [collectd] +### +### Controls one or many listeners for collectd data. +### + +[[collectd]] + # enabled = false + # bind-address = ":25826" + # database = "collectd" + # retention-policy = "" + # + # The collectd service supports either scanning a directory for multiple types + # db files, or specifying a single db file. + # typesdb = "/usr/local/share/collectd" + # + # security-level = "none" + # auth-file = "/etc/collectd/auth_file" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "10s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + + # Multi-value plugins can be handled two ways. + # "split" will parse and store the multi-value plugin data into separate measurements + # "join" will parse and store the multi-value plugin as a single multi-value measurement. + # "split" is the default behavior for backward compatibility with previous versions of influxdb. + # parse-multivalue-plugin = "split" +### +### [opentsdb] +### +### Controls one or many listeners for OpenTSDB data. +### + +[[opentsdb]] + # enabled = false + # bind-address = ":4242" + # database = "opentsdb" + # retention-policy = "" + # consistency-level = "one" + # tls-enabled = false + # certificate= "/config/ssl/influxdb.pem" + + # Log an error for every malformed point. + # log-point-errors = true + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Only points + # metrics received over the telnet protocol undergo batching. + + # Flush if this many points get buffered + # batch-size = 1000 + + # Number of batches that may be pending in memory + # batch-pending = 5 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + +### +### [[udp]] +### +### Controls the listeners for InfluxDB line protocol data via UDP. +### + +[[udp]] + # enabled = false + # bind-address = ":8089" + # database = "udp" + # retention-policy = "" + + # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h") + # precision = "" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Will flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + +### +### [continuous_queries] +### +### Controls how continuous queries are run within InfluxDB. +### + +[continuous_queries] + # Determines whether the continuous query service is enabled. + # enabled = true + + # Controls whether queries are logged when executed by the CQ service. + # log-enabled = true + + # Controls whether queries are logged to the self-monitoring data store. + # query-stats-enabled = false + + # interval for how often continuous queries will be checked if they need to run + # run-interval = "1s" + +### +### [tls] +### +### Global configuration settings for TLS in InfluxDB. +### + +[tls] + # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants + # for a list of available ciphers, which depends on the version of Go (use the query + # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses + # the default settings from Go's crypto/tls package. + # ciphers = [ + # "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + # ] + + # Minimum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # min-version = "tls1.2" + + # Maximum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # max-version = "tls1.2" diff --git a/jails/influxdb/install.sh b/jails/influxdb/install.sh new file mode 100755 index 00000000..7efdff7b --- /dev/null +++ b/jails/influxdb/install.sh @@ -0,0 +1,46 @@ +#!/usr/local/bin/bash +# This script installs the current release of InfluxDB + +##### +# +# Init and Mounts +# +##### + +# Initialise defaults +JAIL_NAME="influxdb" +JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${influxdb_ip4_addr}" )" +INCLUDES_PATH="${SCRIPT_DIR}/jails/influxdb/includes" +DATABASE=${influxdb_database} + +# Enable influxdb +iocage exec "${JAIL_NAME}" sysrc influxd_enable="YES" + +# Copy and edit pre-written config files +echo "Copying default config file" +iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc +cp ${INCLUDES_PATH}/influxdb.conf /mnt/${GLOBAL_DATASET_IOCAGE}/jails/${JAIL_NAME}/root/usr/local/etc/ + +# Start influxdb and wait for it to startup +iocage exec "${JAIL_NAME}" service influxd start +sleep 15 + +# Create database and restart +iocage exec "${JAIL_NAME}" "curl -i -XPOST http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DATABASE}'" +iocage exec "${JAIL_NAME}" service influxd restart + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "" +echo "Database Information" +echo "--------------------" +echo "Database = ${DATABASE} at http://${JAIL_IP}:8086." +echo "" +echo "Configuration Information" +echo "-------------------------" +echo "The configuration file is located at /usr/local/etc/influxdb.conf" +echo "" \ No newline at end of file diff --git a/jails/influxdb/readme.md b/jails/influxdb/readme.md new file mode 100644 index 00000000..588bfbfe --- /dev/null +++ b/jails/influxdb/readme.md @@ -0,0 +1,262 @@ +** Note: This jail is configured with a default configuration located in /usr/local/etc/influxdb.conf, along with a sample default configuration. + +# Original README from the influxdb github: + +https://github.com/influxdata/influxdb + +# InfluxDB [![CircleCI](https://circleci.com/gh/influxdata/influxdb.svg?style=svg)](https://circleci.com/gh/influxdata/influxdb) +[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://www.influxdata.com/slack) + + +InfluxDB is an open source time series platform. This includes APIs for storing and querying data, processing it in the background for ETL or monitoring and alerting purposes, user dashboards, and visualizing and exploring the data and more. The master branch on this repo now represents the latest InfluxDB, which now includes functionality for Kapacitor (background processing) and Chronograf (the UI) all in a single binary. + +The list of InfluxDB Client Libraries that are compatible with the latest version can be found in [our documentation](https://v2.docs.influxdata.com/v2.0/reference/api/client-libraries/). + +If you are looking for the 1.x line of releases, there are branches for each minor version as well as a `master-1.x` branch that will contain the code for the next 1.x release. The master-1.x [working branch is here](https://github.com/influxdata/influxdb/tree/master-1.x). The [InfluxDB 1.x Go Client can be found here](https://github.com/influxdata/influxdb1-client). + +## State of the Project + +The latest InfluxDB 1.x is the stable release and recommended for production use. The InfluxDB that is on the master branch is currently in the beta stage. This means that it is still **NOT** recommended for production usage. There may be breaking API changes, breaking changes in the [Flux language](https://github.com/influxdata/flux), changes in the underlying storage format that will require you to delete all your data, and significant changes to the UI. The beta is intended for feature exploration and gathering feedback on the available feature set. It **SHOULD NOT** be used for performance testing, benchmarks, or other stress tests. + +Additional features will arrive during the beta period until we reach general availability (GA). We will be cutting versioned releases at least every two weeks starting in the first release. There will also be nightly builds based off the latest code in master. + +Once we close on the final feature set of what will be in the first GA release of InfluxDB in the 2.x line, we will move into the release candidate (RC) phase. At that point, we do not expect there to be breaking changes to the API or Flux language. We may still need to make a breaking change prior to GA due to some unforseen circumstance, but it would need to be extremely important and will be clearly communicated via the changelog and all available channels. + +Our current plans are to release RCs suitable for production usage, but we will re-evaluate in consultation with the community as the cycle progresses. During the RC period, we will focus on feedback from users, bug fixes, performance, and additive features (where time permits). + +### What you can expect in the Beta and RC Phases + +#### Beta +**Releases every two weeks or as needed** + +Planned additions include: +- Compatibility layer with 1.x including: 1.x HTTP Write API and HTTP Read API support for InfluxQL +- Import Bulk Data from 1.x - convert TSM from 1.x to 2.x +- Performance tuning, stability improvements, and fine tuning based on community feedback. +- Finalization of supported client libraries starting with JavaScript and Go. + +#### RC +**As needed** + +Planned activities include: +- Performance tuning, stability improvements, and fine-tuning based on community feedback. + +### What is **NOT** planned? +- Migration of users/security permissions from InfluxDB v1.x to 2.x. ACTION REQUIRED: Re-establish users and permissions within the new unified security model which now spans the underlying database and user interface. +- Migration of Continuous Queries. ACTION REQUIRED: These will need to be re-implemented as Flux tasks. +- Direct support by InfluxDB for CollectD, StatsD, Graphite, or UDP. ACTION REQUIRED: Leverage Telegraf 1.9+ along with the InfluxDB v2.0 output plugin to translate these protocols/formats. + +## Installing from Source + +We have nightly and weekly versioned Docker images, Debian packages, RPM packages, and tarballs of InfluxDB available at the [InfluxData downloads page](https://portal.influxdata.com/downloads/). + +## Building From Source + +This project requires Go 1.13 and Go module support. + +Set `GO111MODULE=on` or build the project outside of your `GOPATH` for it to succeed. + +The project also requires a recent stable version of Rust. We recommend using [rustup](https://rustup.rs/) to install Rust. + +If you are getting an `error loading module requirements` error with `bzr executable file not found in $PATH”` on `make`, then you need to ensure you have `bazaar`, `protobuf`, and `yarn` installed. + +- OSX: `brew install bazaar yarn` +- Linux (Arch): `pacman -S bzr protobuf yarn` +- Linux (Ubuntu): `apt install bzr protobuf-compiler yarnpkg` + +**NB:** For RedHat, there are some extra steps: + +1. You must enable the [EPEL](https://fedoraproject.org/wiki/EPEL) +2. You must add the `yarn` [repository](https://yarnpkg.com/lang/en/docs/install/#centos-stable) + +For information about modules, please refer to the [wiki](https://github.com/golang/go/wiki/Modules). + +A successful `make` run results in two binaries, with platform-dependent paths: + +``` +$ make +... +env GO111MODULE=on go build -tags 'assets ' -o bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx ./cmd/influx +env GO111MODULE=on go build -tags 'assets ' -o bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influxd ./cmd/influxd +``` + +`influxd` is the InfluxDB service. +`influx` is the CLI management tool. + +Start the service. +Logs to stdout by default: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influxd +``` + +## Getting Started + +For a complete getting started guide, please see our full [online documentation site](https://v2.docs.influxdata.com/v2.0/). + +To write and query data or use the API in any way, you'll need to first create a user, credentials, organization and bucket. +Everything in InfluxDB is organized under a concept of an organization. The API is designed to be multi-tenant. +Buckets represent where you store time series data. +They're synonymous with what was previously in InfluxDB 1.x a database and retention policy. + +The simplest way to get set up is to point your browser to [http://localhost:9999](http://localhost:9999) and go through the prompts. + +**Note**: Port 9999 will be used during the beta phases of development of InfluxDB v2.0. +This should allow a v2.0-beta instance to be run alongside a v1.x instance without interfering on port 8086. +InfluxDB will thereafter continue to use 8086. + +You can also get set up from the CLI using the subcommands `influx user`, `influx auth`, `influx org` and `influx bucket`, +or do it all in one breath with `influx setup`: + + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx setup +Welcome to InfluxDB 2.0! +Please type your primary username: marty + +Please type your password: + +Please type your password again: + +Please type your primary organization name.: InfluxData + +Please type your primary bucket name.: telegraf + +Please type your retention period in hours. +Or press ENTER for infinite.: 72 + + +You have entered: + Username: marty + Organization: InfluxData + Bucket: telegraf + Retention Period: 72 hrs +Confirm? (y/n): y + +UserID Username Organization Bucket +033a3f2c5ccaa000 marty InfluxData Telegraf +Your token has been stored in /Users/marty/.influxdbv2/credentials +``` + +You may get into a development loop where `influx setup` becomes tedious. +Some added flags can help: +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx setup --username marty --password F1uxKapacit0r85 --org InfluxData --bucket telegraf --retention 168 --token where-were-going-we-dont-need-roads --force +``` + +`~/.influxdbv2/credentials` contains your auth token. +Most `influx` commands read the token from this file path by default. + +You may need the organization ID and bucket ID later: + +``` +$ influx org find +ID Name +033a3f2c708aa000 InfluxData +``` + +``` +$ influx bucket find +ID Name Retention Organization OrganizationID +033a3f2c710aa000 telegraf 72h0m0s InfluxData 033a3f2c708aa000 +``` + +Write to measurement `m`, with tag `v=2`, in bucket `telegraf`, which belongs to organization `InfluxData`: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx write --org InfluxData --bucket telegraf --precision s "m v=2 $(date +%s)" +``` + +Write the same point using `curl`: + +``` +curl --header "Authorization: Token $(cat ~/.influxdbv2/credentials)" --data-raw "m v=2 $(date +%s)" "http://localhost:9999/api/v2/write?org=InfluxData&bucket=telegraf&precision=s" +``` + +Read that back with a simple Flux query: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx query -o InfluxData 'from(bucket:"telegraf") |> range(start:-1h)' +Result: _result +Table: keys: [_start, _stop, _field, _measurement] + _start:time _stop:time _field:string _measurement:string _time:time _value:float +------------------------------ ------------------------------ ---------------------- ---------------------- ------------------------------ ---------------------------- +2019-12-30T22:19:39.043918000Z 2019-12-30T23:19:39.043918000Z v m 2019-12-30T23:17:02.000000000Z 2 +``` + +Use the fancy REPL: + +``` +$ bin/$(uname -s | tr '[:upper:]' '[:lower:]')/influx repl -o InfluxData +> from(bucket:"telegraf") |> range(start:-1h) +Result: _result +Table: keys: [_start, _stop, _field, _measurement] + _start:time _stop:time _field:string _measurement:string _time:time _value:float +------------------------------ ------------------------------ ---------------------- ---------------------- ------------------------------ ---------------------------- +2019-12-30T22:22:44.776351000Z 2019-12-30T23:22:44.776351000Z v m 2019-12-30T23:17:02.000000000Z 2 +> +``` + + +## Introducing Flux + +Flux is an MIT-licensed data scripting language (previously named IFQL) used for querying time series data from InfluxDB. The source for Flux is [available on GitHub](https://github.com/influxdata/flux). Learn more about Flux from [CTO Paul Dix's presentation](https://speakerdeck.com/pauldix/flux-number-fluxlang-a-new-time-series-data-scripting-language). + +## Contributing to the Project + +InfluxDB is an [MIT licensed](LICENSE) open source project and we love our community. The fastest way to get something fixed is to open a PR. Check out our [contributing](CONTRIBUTING.md) guide if you're interested in helping out. Also, join us on our [Community Slack Workspace](https://influxdata.com/slack) if you have questions or comments for our engineering teams. + +## CI and Static Analysis + +### CI + +All pull requests will run through CI, which is currently hosted by Circle. +Community contributors should be able to see the outcome of this process by looking at the checks on their PR. +Please fix any issues to ensure a prompt review from members of the team. + +The InfluxDB project is used internally in a number of proprietary InfluxData products, and as such, PRs and changes need to be tested internally. +This can take some time, and is not really visible to community contributors. + +### Static Analysis + +This project uses the following static analysis tools. +Failure during the running of any of these tools results in a failed build. +Generally, code must be adjusted to satisfy these tools, though there are exceptions. + +- [go vet](https://golang.org/cmd/vet/) checks for Go code that should be considered incorrect. +- [go fmt](https://golang.org/cmd/gofmt/) checks that Go code is correctly formatted. +- [go mod tidy](https://tip.golang.org/cmd/go/#hdr-Add_missing_and_remove_unused_modules) ensures that the source code and go.mod agree. +- [staticcheck](http://next.staticcheck.io/docs/) checks for things like: unused code, code that can be simplified, code that is incorrect and code that will have performance issues. + +### staticcheck + +If your PR fails `staticcheck` it is easy to dig into why it failed, and also to fix the problem. +First, take a look at the error message in Circle under the `staticcheck` build section, e.g., + +``` +tsdb/tsm1/encoding.gen.go:1445:24: func BooleanValues.assertOrdered is unused (U1000) +tsdb/tsm1/encoding.go:172:7: receiver name should not be an underscore, omit the name if it is unused (ST1006) +``` + +Next, go and take a [look here](http://next.staticcheck.io/docs/checks) for some clarification on the error code that you have received, e.g., `U1000`. +The docs will tell you what's wrong, and often what you need to do to fix the issue. + +#### Generated Code + +Sometimes generated code will contain unused code or occasionally that will fail a different check. +`staticcheck` allows for [entire files](http://next.staticcheck.io/docs/#ignoring-problems) to be ignored, though it's not ideal. +A linter directive, in the form of a comment, must be placed within the generated file. +This is problematic because it will be erased if the file is re-generated. +Until a better solution comes about, below is the list of generated files that need an ignores comment. +If you re-generate a file and find that `staticcheck` has failed, please see this list below for what you need to put back: + +| File | Comment | +| :--------------------: | :--------------------------------------------------------------: | +| query/promql/promql.go | //lint:file-ignore SA6001 Ignore all unused code, it's generated | + +#### End-to-End Tests + +CI also runs end-to-end tests. These test the integration between the influx server the ui. You can run them locally in two steps: + +- Start the server in "testing mode" by running `make run-e2e`. +- Run the tests with `make e2e`. diff --git a/jails/influxdb/update.sh b/jails/influxdb/update.sh new file mode 100644 index 00000000..a216ec27 --- /dev/null +++ b/jails/influxdb/update.sh @@ -0,0 +1,6 @@ +#!/usr/local/bin/bash +# This file contains the update script for influxdb + +iocage exec influxdb service influxd stop +# InfluxDB is updated during PKG update, this file is mostly just a placeholder +iocage exec influxdb service influxd restart \ No newline at end of file From 77f1589701c3c9ec8e7e031c9ac41dede1090231 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 7 Apr 2020 01:24:18 +0200 Subject: [PATCH 03/29] Add right packages to example config for *arr --- config.yml.example | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config.yml.example b/config.yml.example index f3404be2..a9fdb1f7 100644 --- a/config.yml.example +++ b/config.yml.example @@ -33,13 +33,13 @@ jackett: jackett pkgs: mono radarr: radarr - pkgs: mono + pkgs: mono mediainfo sqlite3 libgdiplus sonarr: sonarr - pkgs: mono + pkgs: mono mediainfo sqlite3 lidarr: lidarr - pkgs: mono + pkgs: mono mediainfo sqlite3 transmission: transmission pkgs: bash unzip unrar transmission From 3193319d2c91f6c76d3b00dfd6995f2c8b71b4b0 Mon Sep 17 00:00:00 2001 From: Thorsten Behrens Date: Mon, 6 Apr 2020 22:27:24 -0400 Subject: [PATCH 04/29] Fixed destroyjails so it can destroy multiple jails. Minor formatting cleanup around usage code. --- jailman.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/jailman.sh b/jailman.sh index 57b232cb..c20c433b 100755 --- a/jailman.sh +++ b/jailman.sh @@ -46,24 +46,24 @@ while getopts ":i:r:u:d:g:h" opt ;; u ) updatejails=("$OPTARG") until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do - updateljails+=($(eval "echo \${$OPTIND}")) + updatejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; d ) destroyjails=("$OPTARG") until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do - deletejails+=($(eval "echo \${$OPTIND}")) + destroyjails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; - g ) upgradejails=("$OPTARG") + g ) upgradejails=("$OPTARG") until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do upgradejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; - h ) - echo "Usage:" + h ) + echo "Usage:" echo "$0 -i " echo "$0 -r " echo "$0 -u " @@ -72,15 +72,15 @@ while getopts ":i:r:u:d:g:h" opt echo "" echo " -i to install jails, listed by name, space seperated like this: jackett plex sonarr" echo " -r to reinstall jails, listed by name, space seperated like this: jackett plex sonarr" - echo " -u to update jails, listed by name, space seperated like this: jackett plex sonarr" + echo " -u to update jails, listed by name, space seperated like this: jackett plex sonarr" echo " -d to destroy jails, listed by name, space seperated like this: jackett plex sonarrt" echo " -g to upgrade jails, listed by name, space seperated like this: jackett plex sonarr" echo " -h help (this output)" - exit 0 + exit 0 + ;; + ? ) echo "Error: Invalid option was specified -$OPTARG" + exit 0 ;; - ? ) echo "Error: Invalid option was specified -$OPTARG" - exit 0 - ;; esac done From 839abbe8ff73baed2e0c1e53b763b1a3d468211a Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Mon, 6 Apr 2020 23:40:09 +0200 Subject: [PATCH 05/29] Add restart warning after update --- global.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global.sh b/global.sh index f59ca2b6..1c01e980 100755 --- a/global.sh +++ b/global.sh @@ -31,7 +31,7 @@ then git reset --hard git checkout $1 git pull - echo "script updated" + echo "script updated, please restart the script manually" exit 1 else echo "script up-to-date" From b24a7c153a1ea0e7c4675889cc5f0373ae2dddff Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 7 Apr 2020 13:28:51 +0200 Subject: [PATCH 06/29] Add central ports mount for all jails (#58) * Add central ports mount for all jails, auto fetch, extract and auto update on install. * Some verbosity cleanup --- global.sh | 8 ++++++++ jails/nextcloud/install.sh | 7 ------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/global.sh b/global.sh index 1c01e980..d8cae689 100755 --- a/global.sh +++ b/global.sh @@ -88,6 +88,14 @@ else createmount $1 ${global_dataset_config} createmount $1 ${global_dataset_config}/$1 /config + # Create and Mount portsnap + echo "Mounting and fetching ports" + createmount $1 ${global_dataset_config}/portsnap + createmount $1 ${global_dataset_config}/portsnap/db /var/db/portsnap + createmount $1 ${global_dataset_config}/portsnap/ports /usr/ports + + iocage exec "$1" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" + echo "Jail creation completed for $1" fi diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh index 73738743..ce825510 100755 --- a/jails/nextcloud/install.sh +++ b/jails/nextcloud/install.sh @@ -134,11 +134,6 @@ fi # ##### -# Create and Mount portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap/db /var/db/portsnap -createmount ${JAIL_NAME} ${global_dataset_config}/portsnap/ports /usr/ports - # Create and Mount Nextcloud, Config and Files createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/config /usr/local/www/nextcloud/config createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes @@ -159,8 +154,6 @@ iocage exec "${JAIL_NAME}" chmod -R 770 /config/files # ##### -iocage exec "${JAIL_NAME}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" - if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli elif [ "${DATABASE}" = "pgsql-external" ]; then From 520597485a50064f33eabfdf5ad76b9e8d329ede Mon Sep 17 00:00:00 2001 From: Thorsten Behrens Date: Fri, 10 Apr 2020 07:20:17 -0400 Subject: [PATCH 07/29] Changed jail creation to always create base jails (#57) --- global.sh | 4 ++-- jails/jackett/install.sh | 1 - jails/lidarr/install.sh | 3 +-- jails/radarr/install.sh | 3 +-- jails/sonarr/install.sh | 3 +-- 5 files changed, 5 insertions(+), 9 deletions(-) diff --git a/global.sh b/global.sh index d8cae689..13458a39 100755 --- a/global.sh +++ b/global.sh @@ -68,13 +68,13 @@ else echo '{"pkgs":['${pkgs}']}' > /tmp/pkg.json if [ "${setdhcp}" == "on" ] then - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" + if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b then echo "Failed to create jail" exit 1 fi else - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" + if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b then echo "Failed to create jail" exit 1 diff --git a/jails/jackett/install.sh b/jails/jackett/install.sh index 3af8a978..60115ab8 100755 --- a/jails/jackett/install.sh +++ b/jails/jackett/install.sh @@ -1,7 +1,6 @@ #!/usr/local/bin/bash # This file contains the install script for jackett -iocage exec jackett ln -s /usr/local/bin/mono /usr/bin/mono iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz diff --git a/jails/lidarr/install.sh b/jails/lidarr/install.sh index 8fe19d76..f9308024 100755 --- a/jails/lidarr/install.sh +++ b/jails/lidarr/install.sh @@ -10,7 +10,6 @@ createmount lidarr ${global_dataset_media} createmount lidarr ${global_dataset_media}/music /mnt/music -iocage exec lidarr ln -s /usr/local/bin/mono /usr/bin/mono iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" @@ -20,4 +19,4 @@ iocage exec lidarr mkdir /usr/local/etc/rc.d cp ${SCRIPT_DIR}/jails/lidarr/includes/lidarr.rc /mnt/${global_dataset_iocage}/jails/lidarr/root/usr/local/etc/rc.d/lidarr iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr iocage exec lidarr sysrc "lidarr_enable=YES" -iocage exec lidarr service lidarr start \ No newline at end of file +iocage exec lidarr service lidarr start diff --git a/jails/radarr/install.sh b/jails/radarr/install.sh index 1d71fb94..06e6e1f0 100755 --- a/jails/radarr/install.sh +++ b/jails/radarr/install.sh @@ -9,7 +9,6 @@ createmount radarr ${global_dataset_downloads}/complete /mnt/fetched createmount radarr ${global_dataset_media} createmount radarr ${global_dataset_media}/movies /mnt/movies -iocage exec radarr ln -s /usr/local/bin/mono /usr/bin/mono iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" iocage exec radarr "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" iocage exec radarr rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz @@ -19,4 +18,4 @@ iocage exec radarr mkdir /usr/local/etc/rc.d cp ${SCRIPT_DIR}/jails/radarr/includes/radarr.rc /mnt/${global_dataset_iocage}/jails/radarr/root/usr/local/etc/rc.d/radarr iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr iocage exec radarr sysrc "radarr_enable=YES" -iocage exec radarr service radarr restart \ No newline at end of file +iocage exec radarr service radarr restart diff --git a/jails/sonarr/install.sh b/jails/sonarr/install.sh index 7e28487a..ccc2048e 100755 --- a/jails/sonarr/install.sh +++ b/jails/sonarr/install.sh @@ -9,7 +9,6 @@ createmount sonarr ${global_dataset_downloads}/complete /mnt/fetched createmount sonarr ${global_dataset_media} createmount sonarr ${global_dataset_media}/shows /mnt/shows -iocage exec sonarr ln -s /usr/local/bin/mono /usr/bin/mono iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz @@ -19,4 +18,4 @@ iocage exec sonarr mkdir /usr/local/etc/rc.d cp ${SCRIPT_DIR}/jails/sonarr/includes/sonarr.rc /mnt/${global_dataset_iocage}/jails/sonarr/root/usr/local/etc/rc.d/sonarr iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr iocage exec sonarr sysrc "sonarr_enable=YES" -iocage exec sonarr service sonarr restart \ No newline at end of file +iocage exec sonarr service sonarr restart From 11b66e9711950e2c455f98ca2cce84b727650eeb Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 14 Mar 2020 00:06:09 +0100 Subject: [PATCH 08/29] fix persistence, update readme --- jails/influxdb/includes/influxd.conf | 586 +++++++++++++++++++++++++++ jails/influxdb/install.sh | 29 +- jails/influxdb/readme.md | 2 - 3 files changed, 599 insertions(+), 18 deletions(-) create mode 100644 jails/influxdb/includes/influxd.conf diff --git a/jails/influxdb/includes/influxd.conf b/jails/influxdb/includes/influxd.conf new file mode 100644 index 00000000..fb0f9fa1 --- /dev/null +++ b/jails/influxdb/includes/influxd.conf @@ -0,0 +1,586 @@ +### Welcome to the InfluxDB configuration file. + +# The values in this file override the default values used by the system if +# a config option is not specified. The commented out lines are the configuration +# field and the default value used. Uncommenting a line and changing the value +# will change the value used at runtime when the process is restarted. + +# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com +# The data includes a random ID, os, arch, version, the number of series and other +# usage data. No data from user databases is ever transmitted. +# Change this option to true to disable reporting. +# reporting-disabled = false + +# Bind address to use for the RPC service for backup and restore. +# bind-address = "127.0.0.1:8088" + +### +### [meta] +### +### Controls the parameters for the Raft consensus group that stores metadata +### about the InfluxDB cluster. +### + +[meta] + # Where the metadata/raft database is stored + dir = "/config/db/meta" + + # Automatically create a default retention policy when creating a database. + # retention-autocreate = true + + # If log messages are printed for the meta service + # logging-enabled = true + +### +### [data] +### +### Controls where the actual shard data for InfluxDB lives and how it is +### flushed from the WAL. "dir" may need to be changed to a suitable place +### for your system, but the WAL settings are an advanced configuration. The +### defaults should work for most systems. +### + +[data] + # The directory where the TSM storage engine stores TSM files. + dir = "/config/db/data" + + # The directory where the TSM storage engine stores WAL files. + wal-dir = "/config/db/wal" + + # The amount of time that a write will wait before fsyncing. A duration + # greater than 0 can be used to batch up multiple fsync calls. This is useful for slower + # disks or when WAL write contention is seen. A value of 0s fsyncs every write to the WAL. + # Values in the range of 0-100ms are recommended for non-SSD disks. + # wal-fsync-delay = "0s" + + + # The type of shard index to use for new shards. The default is an in-memory index that is + # recreated at startup. A value of "tsi1" will use a disk based index that supports higher + # cardinality datasets. + # index-version = "inmem" + + # Trace logging provides more verbose output around the tsm engine. Turning + # this on can provide more useful output for debugging tsm engine issues. + # trace-logging-enabled = false + + # Whether queries should be logged before execution. Very useful for troubleshooting, but will + # log any sensitive data contained within a query. + # query-log-enabled = true + + # Validates incoming writes to ensure keys only have valid unicode characters. + # This setting will incur a small overhead because every key must be checked. + # validate-keys = false + + # Settings for the TSM engine + + # CacheMaxMemorySize is the maximum size a shard's cache can + # reach before it starts rejecting writes. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-max-memory-size = "1g" + + # CacheSnapshotMemorySize is the size at which the engine will + # snapshot the cache and write it to a TSM file, freeing up memory + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # cache-snapshot-memory-size = "25m" + + # CacheSnapshotWriteColdDuration is the length of time at + # which the engine will snapshot the cache and write it to + # a new TSM file if the shard hasn't received writes or deletes + # cache-snapshot-write-cold-duration = "10m" + + # CompactFullWriteColdDuration is the duration at which the engine + # will compact all TSM files in a shard if it hasn't received a + # write or delete + # compact-full-write-cold-duration = "4h" + + # The maximum number of concurrent full and level compactions that can run at one time. A + # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime. Any number greater + # than 0 limits compactions to that value. This setting does not apply + # to cache snapshotting. + # max-concurrent-compactions = 0 + + # CompactThroughput is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. Note that short bursts are allowed + # to happen at a possibly larger value, set by CompactThroughputBurst + # compact-throughput = "48m" + + # CompactThroughputBurst is the rate limit in bytes per second that we + # will allow TSM compactions to write to disk. + # compact-throughput-burst = "48m" + + # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to + # TSM files. This setting has been found to be problematic on some kernels, and defaults to off. + # It might help users who have slow disks in some cases. + # tsm-use-madv-willneed = false + + # Settings for the inmem index + + # The maximum series allowed per database before writes are dropped. This limit can prevent + # high cardinality issues at the database level. This limit can be disabled by setting it to + # 0. + # max-series-per-database = 1000000 + + # The maximum number of tag values per tag that are allowed before writes are dropped. This limit + # can prevent high cardinality tag values from being written to a measurement. This limit can be + # disabled by setting it to 0. + # max-values-per-tag = 100000 + + # Settings for the tsi1 index + + # The threshold, in bytes, when an index write-ahead log file will compact + # into an index file. Lower sizes will cause log files to be compacted more + # quickly and result in lower heap usage at the expense of write throughput. + # Higher sizes will be compacted less frequently, store more series in-memory, + # and provide higher write throughput. + # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). + # Values without a size suffix are in bytes. + # max-index-log-file-size = "1m" + + # The size of the internal cache used in the TSI index to store previously + # calculated series results. Cached results will be returned quickly from the cache rather + # than needing to be recalculated when a subsequent query with a matching tag key/value + # predicate is executed. Setting this value to 0 will disable the cache, which may + # lead to query performance issues. + # This value should only be increased if it is known that the set of regularly used + # tag key/value predicates across all measurements for a database is larger than 100. An + # increase in cache size may lead to an increase in heap usage. + series-id-set-cache-size = 100 + +### +### [coordinator] +### +### Controls the clustering service configuration. +### + +[coordinator] + # The default time a write request will wait until a "timeout" error is returned to the caller. + # write-timeout = "10s" + + # The maximum number of concurrent queries allowed to be executing at one time. If a query is + # executed and exceeds this limit, an error is returned to the caller. This limit can be disabled + # by setting it to 0. + # max-concurrent-queries = 0 + + # The maximum time a query will is allowed to execute before being killed by the system. This limit + # can help prevent run away queries. Setting the value to 0 disables the limit. + # query-timeout = "0s" + + # The time threshold when a query will be logged as a slow query. This limit can be set to help + # discover slow or resource intensive queries. Setting the value to 0 disables the slow query logging. + # log-queries-after = "0s" + + # The maximum number of points a SELECT can process. A value of 0 will make + # the maximum point count unlimited. This will only be checked every second so queries will not + # be aborted immediately when hitting the limit. + # max-select-point = 0 + + # The maximum number of series a SELECT can run. A value of 0 will make the maximum series + # count unlimited. + # max-select-series = 0 + + # The maximum number of group by time bucket a SELECT can create. A value of zero will max the maximum + # number of buckets unlimited. + # max-select-buckets = 0 + +### +### [retention] +### +### Controls the enforcement of retention policies for evicting old data. +### + +[retention] + # Determines whether retention policy enforcement enabled. + # enabled = true + + # The interval of time when retention policy enforcement checks run. + # check-interval = "30m" + +### +### [shard-precreation] +### +### Controls the precreation of shards, so they are available before data arrives. +### Only shards that, after creation, will have both a start- and end-time in the +### future, will ever be created. Shards are never precreated that would be wholly +### or partially in the past. + +[shard-precreation] + # Determines whether shard pre-creation service is enabled. + # enabled = true + + # The interval of time when the check to pre-create new shards runs. + # check-interval = "10m" + + # The default period ahead of the endtime of a shard group that its successor + # group is created. + # advance-period = "30m" + +### +### Controls the system self-monitoring, statistics and diagnostics. +### +### The internal database for monitoring data is created automatically if +### if it does not already exist. The target retention within this database +### is called 'monitor' and is also created with a retention period of 7 days +### and a replication factor of 1, if it does not exist. In all cases the +### this retention policy is configured as the default for the database. + +[monitor] + # Whether to record statistics internally. + # store-enabled = true + + # The destination database for recorded statistics + # store-database = "_internal" + + # The interval at which to record statistics + # store-interval = "10s" + +### +### [http] +### +### Controls how the HTTP endpoints are configured. These are the primary +### mechanism for getting data into and out of InfluxDB. +### + +[http] + # Determines whether HTTP endpoint is enabled. + # enabled = true + + # Determines whether the Flux query endpoint is enabled. + # flux-enabled = false + + # Determines whether the Flux query logging is enabled. + # flux-log-enabled = false + + # The bind address used by the HTTP service. + # bind-address = ":8086" + + # Determines whether user authentication is enabled over HTTP/HTTPS. + # auth-enabled = false + + # The default realm sent back when issuing a basic auth challenge. + # realm = "InfluxDB" + + # Determines whether HTTP request logging is enabled. + # log-enabled = true + + # Determines whether the HTTP write request logs should be suppressed when the log is enabled. + # suppress-write-log = false + + # When HTTP request logging is enabled, this option specifies the path where + # log entries should be written. If unspecified, the default is to write to stderr, which + # intermingles HTTP logs with internal InfluxDB logging. + # + # If influxd is unable to access the specified path, it will log an error and fall back to writing + # the request log to stderr. + # access-log-path = "" + + # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is + # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx. + # If multiple filters are used, then only one has to match. The default is to have no filters which + # will cause every request to be printed. + # access-log-status-filters = [] + + # Determines whether detailed write logging is enabled. + # write-tracing = false + + # Determines whether the pprof endpoint is enabled. This endpoint is used for + # troubleshooting and monitoring. + # pprof-enabled = true + + # Enables authentication on pprof endpoints. Users will need admin permissions + # to access the pprof endpoints when this setting is enabled. This setting has + # no effect if either auth-enabled or pprof-enabled are set to false. + # pprof-auth-enabled = false + + # Enables a pprof endpoint that binds to localhost:6060 immediately on startup. + # This is only needed to debug startup issues. + # debug-pprof-enabled = false + + # Enables authentication on the /ping, /metrics, and deprecated /status + # endpoints. This setting has no effect if auth-enabled is set to false. + # ping-auth-enabled = false + + # Determines whether HTTPS is enabled. + # https-enabled = false + + # The SSL certificate to use when HTTPS is enabled. + # https-certificate = "/config/ssl/influxdb.pem" + + # Use a separate private key location. + # https-private-key = "" + + # The JWT auth shared secret to validate requests using JSON web tokens. + # shared-secret = "" + + # The default chunk size for result sets that should be chunked. + # max-row-limit = 0 + + # The maximum number of HTTP connections that may be open at once. New connections that + # would exceed this limit are dropped. Setting this value to 0 disables the limit. + # max-connection-limit = 0 + + # Enable http service over unix domain socket + # unix-socket-enabled = false + + # The path of the unix domain socket. + # bind-socket = "/var/run/influxdb.sock" + + # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit. + # max-body-size = 25000000 + + # The maximum number of writes processed concurrently. + # Setting this to 0 disables the limit. + # max-concurrent-write-limit = 0 + + # The maximum number of writes queued for processing. + # Setting this to 0 disables the limit. + # max-enqueued-write-limit = 0 + + # The maximum duration for a write to wait in the queue to be processed. + # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit. + # enqueued-write-timeout = 0 + +### +### [logging] +### +### Controls how the logger emits logs to the output. +### + +[logging] + # Determines which log encoder to use for logs. Available options + # are auto, logfmt, and json. auto will use a more a more user-friendly + # output format if the output terminal is a TTY, but the format is not as + # easily machine-readable. When the output is a non-TTY, auto will use + # logfmt. + # format = "auto" + + # Determines which level of logs will be emitted. The available levels + # are error, warn, info, and debug. Logs that are equal to or above the + # specified level will be emitted. + # level = "info" + + # Suppresses the logo output that is printed when the program is started. + # The logo is always suppressed if STDOUT is not a TTY. + # suppress-logo = false + +### +### [subscriber] +### +### Controls the subscriptions, which can be used to fork a copy of all data +### received by the InfluxDB host. +### + +[subscriber] + # Determines whether the subscriber service is enabled. + # enabled = true + + # The default timeout for HTTP writes to subscribers. + # http-timeout = "30s" + + # Allows insecure HTTPS connections to subscribers. This is useful when testing with self- + # signed certificates. + # insecure-skip-verify = false + + # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used + # ca-certs = "" + + # The number of writer goroutines processing the write channel. + # write-concurrency = 40 + + # The number of in-flight writes buffered in the write channel. + # write-buffer-size = 1000 + + +### +### [[graphite]] +### +### Controls one or many listeners for Graphite data. +### + +[[graphite]] + # Determines whether the graphite endpoint is enabled. + # enabled = false + # database = "graphite" + # retention-policy = "" + # bind-address = ":2003" + # protocol = "tcp" + # consistency-level = "one" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # udp-read-buffer = 0 + + ### This string joins multiple matching 'measurement' values providing more control over the final measurement name. + # separator = "." + + ### Default tags that will be added to all metrics. These can be overridden at the template level + ### or by tags extracted from metric + # tags = ["region=us-east", "zone=1c"] + + ### Each template line requires a template pattern. It can have an optional + ### filter before the template and separated by spaces. It can also have optional extra + ### tags following the template. Multiple tags should be separated by commas and no spaces + ### similar to the line protocol format. There can be only one default template. + # templates = [ + # "*.app env.service.resource.measurement", + # # Default template + # "server.*", + # ] + +### +### [collectd] +### +### Controls one or many listeners for collectd data. +### + +[[collectd]] + # enabled = false + # bind-address = ":25826" + # database = "collectd" + # retention-policy = "" + # + # The collectd service supports either scanning a directory for multiple types + # db files, or specifying a single db file. + # typesdb = "/usr/local/share/collectd" + # + # security-level = "none" + # auth-file = "/etc/collectd/auth_file" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "10s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + + # Multi-value plugins can be handled two ways. + # "split" will parse and store the multi-value plugin data into separate measurements + # "join" will parse and store the multi-value plugin as a single multi-value measurement. + # "split" is the default behavior for backward compatibility with previous versions of influxdb. + # parse-multivalue-plugin = "split" +### +### [opentsdb] +### +### Controls one or many listeners for OpenTSDB data. +### + +[[opentsdb]] + # enabled = false + # bind-address = ":4242" + # database = "opentsdb" + # retention-policy = "" + # consistency-level = "one" + # tls-enabled = false + # certificate= "/config/ssl/influxdb.pem" + + # Log an error for every malformed point. + # log-point-errors = true + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Only points + # metrics received over the telnet protocol undergo batching. + + # Flush if this many points get buffered + # batch-size = 1000 + + # Number of batches that may be pending in memory + # batch-pending = 5 + + # Flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + +### +### [[udp]] +### +### Controls the listeners for InfluxDB line protocol data via UDP. +### + +[[udp]] + # enabled = false + # bind-address = ":8089" + # database = "udp" + # retention-policy = "" + + # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h") + # precision = "" + + # These next lines control how batching works. You should have this enabled + # otherwise you could get dropped metrics or poor performance. Batching + # will buffer points in memory if you have many coming in. + + # Flush if this many points get buffered + # batch-size = 5000 + + # Number of batches that may be pending in memory + # batch-pending = 10 + + # Will flush at least this often even if we haven't hit buffer limit + # batch-timeout = "1s" + + # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. + # read-buffer = 0 + +### +### [continuous_queries] +### +### Controls how continuous queries are run within InfluxDB. +### + +[continuous_queries] + # Determines whether the continuous query service is enabled. + # enabled = true + + # Controls whether queries are logged when executed by the CQ service. + # log-enabled = true + + # Controls whether queries are logged to the self-monitoring data store. + # query-stats-enabled = false + + # interval for how often continuous queries will be checked if they need to run + # run-interval = "1s" + +### +### [tls] +### +### Global configuration settings for TLS in InfluxDB. +### + +[tls] + # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants + # for a list of available ciphers, which depends on the version of Go (use the query + # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses + # the default settings from Go's crypto/tls package. + # ciphers = [ + # "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", + # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + # ] + + # Minimum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # min-version = "tls1.2" + + # Maximum version of the tls protocol that will be negotiated. If not specified, uses the + # default settings from Go's crypto/tls package. + # max-version = "tls1.2" diff --git a/jails/influxdb/install.sh b/jails/influxdb/install.sh index 7efdff7b..a1104a97 100755 --- a/jails/influxdb/install.sh +++ b/jails/influxdb/install.sh @@ -7,40 +7,37 @@ # ##### -# Initialise defaults +# Initialise variables JAIL_NAME="influxdb" JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${influxdb_ip4_addr}" )" INCLUDES_PATH="${SCRIPT_DIR}/jails/influxdb/includes" DATABASE=${influxdb_database} -# Enable influxdb +# Mount and configure proper configuration location +cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${JAIL_NAME}/influxd.conf" +iocage exec "${JAIL_NAME}" mkdir -p /config/db/data /config/db/meta /config/db/wal +iocage exec "${JAIL_NAME}" chown -R influxd:influxd /config/db +iocage exec "${JAIL_NAME}" sysrc influxd_conf="/config/influxd.conf" iocage exec "${JAIL_NAME}" sysrc influxd_enable="YES" -# Copy and edit pre-written config files -echo "Copying default config file" -iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc -cp ${INCLUDES_PATH}/influxdb.conf /mnt/${GLOBAL_DATASET_IOCAGE}/jails/${JAIL_NAME}/root/usr/local/etc/ - # Start influxdb and wait for it to startup iocage exec "${JAIL_NAME}" service influxd start sleep 15 # Create database and restart -iocage exec "${JAIL_NAME}" "curl -i -XPOST http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DATABASE}'" -iocage exec "${JAIL_NAME}" service influxd restart - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 +if iocage exec "${JAIL_NAME}" curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE ${DATABASE}"; then + echo "Database created." +else + echo "Database creation failed. Please attempt to create the database manually." + exit 1 +fi # Done! echo "Installation complete!" +echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." echo "" echo "Database Information" echo "--------------------" echo "Database = ${DATABASE} at http://${JAIL_IP}:8086." -echo "" -echo "Configuration Information" -echo "-------------------------" -echo "The configuration file is located at /usr/local/etc/influxdb.conf" echo "" \ No newline at end of file diff --git a/jails/influxdb/readme.md b/jails/influxdb/readme.md index 588bfbfe..446c9c9f 100644 --- a/jails/influxdb/readme.md +++ b/jails/influxdb/readme.md @@ -1,5 +1,3 @@ -** Note: This jail is configured with a default configuration located in /usr/local/etc/influxdb.conf, along with a sample default configuration. - # Original README from the influxdb github: https://github.com/influxdata/influxdb From 52509f9912eda15b1ed0a256bd019ffdd4276645 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 15:41:39 +0200 Subject: [PATCH 09/29] Jail-Specific config.yml (#61) * - Move pkgs to per-jail config file - Remove pkgs from main example-config file - edit gitignore to include jail config files * prototype for loop to grab jail configs * update *arr pkgs --- .gitignore | 2 +- config.yml.example | 30 ------------------------------ jailman.sh | 1 + jails/bitwarden/config.yml | 2 ++ jails/influxdb/config.yml | 2 ++ jails/jackett/config.yml | 2 ++ jails/kms/config.yml | 2 ++ jails/lidarr/config.yml | 2 ++ jails/mariadb/config.yml | 2 ++ jails/nextcloud/config.yml | 2 ++ jails/organizr/config.yml | 2 ++ jails/plex/config.yml | 2 ++ jails/radarr/config.yml | 2 ++ jails/sonarr/config.yml | 2 ++ jails/tautulli/config.yml | 2 ++ jails/transmission/config.yml | 2 ++ 16 files changed, 28 insertions(+), 31 deletions(-) create mode 100644 jails/bitwarden/config.yml create mode 100644 jails/influxdb/config.yml create mode 100644 jails/jackett/config.yml create mode 100644 jails/kms/config.yml create mode 100644 jails/lidarr/config.yml create mode 100644 jails/mariadb/config.yml create mode 100644 jails/nextcloud/config.yml create mode 100644 jails/organizr/config.yml create mode 100644 jails/plex/config.yml create mode 100644 jails/radarr/config.yml create mode 100644 jails/sonarr/config.yml create mode 100644 jails/tautulli/config.yml create mode 100644 jails/transmission/config.yml diff --git a/.gitignore b/.gitignore index e9abc7f6..9fc8384e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -config.yml \ No newline at end of file +/config.yml \ No newline at end of file diff --git a/config.yml.example b/config.yml.example index a9fdb1f7..d648f631 100644 --- a/config.yml.example +++ b/config.yml.example @@ -28,42 +28,15 @@ example: example # Jail specific pkgs. # Please use standard space delimited pkg install syntax. pkgs: mono - -jackett: jackett - pkgs: mono - -radarr: radarr - pkgs: mono mediainfo sqlite3 libgdiplus - -sonarr: sonarr - pkgs: mono mediainfo sqlite3 - -lidarr: lidarr - pkgs: mono mediainfo sqlite3 - -transmission: transmission - pkgs: bash unzip unrar transmission plex: plex plexpass: false - pkgs: plexmediaserver - -tautulli: tautulli - pkgs: python2 py27-sqlite3 py27-openssl git - -organizr: organizr - pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git - -kms: kms - pkgs: bash py37-tkinter py37-pip py37-sqlite3 git - nextcloud: nextcloud ip4_addr: 192.168.1.99/24 gateway: 192.168.1.1 time_zone: Europe/Amsterdam host_name: cloud.example.com - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick perl5 p5-Locale-gettext help2man texinfo m4 autoconf database: mariadb standalone_cert: 0 selfsigned_cert: 0 @@ -81,14 +54,12 @@ nextcloud: nextcloud mariadb: mariadb ip4_addr: 192.168.1.98/24 gateway: 192.168.1.1 - pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 db_root_password: ReplaceThisWithYourOwnRootPAssword host_name: mariadb.local.example bitwarden: bitwarden ip4_addr: 192.168.1.97/24 gateway: 192.168.1.1 - pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client db_password: "YourDBPasswordHerePLEASE" type: mariadb admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" @@ -96,5 +67,4 @@ bitwarden: bitwarden influxdb: influxdb ip4_addr: 192.168.1.250/24 gateway: 192.168.1.1 - pkgs: influxdb database: influxdb diff --git a/jailman.sh b/jailman.sh index c20c433b..d7ee700b 100755 --- a/jailman.sh +++ b/jailman.sh @@ -85,6 +85,7 @@ while getopts ":i:r:u:d:g:h" opt done # Parse the Config YAML +for configpath in ${SCRIPT_DIR}/jails/*/config.yml; do ! eval $(parse_yaml ${configpath}); done eval $(parse_yaml config.yml) # Check and Execute requested jail destructions diff --git a/jails/bitwarden/config.yml b/jails/bitwarden/config.yml new file mode 100644 index 00000000..6214896e --- /dev/null +++ b/jails/bitwarden/config.yml @@ -0,0 +1,2 @@ +bitwarden: bitwarden + pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/influxdb/config.yml b/jails/influxdb/config.yml new file mode 100644 index 00000000..2ced3a1c --- /dev/null +++ b/jails/influxdb/config.yml @@ -0,0 +1,2 @@ +influxdb: influxdb + pkgs: influxdb \ No newline at end of file diff --git a/jails/jackett/config.yml b/jails/jackett/config.yml new file mode 100644 index 00000000..01cd737f --- /dev/null +++ b/jails/jackett/config.yml @@ -0,0 +1,2 @@ +jackett: jackett + pkgs: mono \ No newline at end of file diff --git a/jails/kms/config.yml b/jails/kms/config.yml new file mode 100644 index 00000000..ca31811d --- /dev/null +++ b/jails/kms/config.yml @@ -0,0 +1,2 @@ +kms: kms + pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/lidarr/config.yml b/jails/lidarr/config.yml new file mode 100644 index 00000000..c9bc00a2 --- /dev/null +++ b/jails/lidarr/config.yml @@ -0,0 +1,2 @@ +lidarr: lidarr + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/mariadb/config.yml b/jails/mariadb/config.yml new file mode 100644 index 00000000..bbe68e55 --- /dev/null +++ b/jails/mariadb/config.yml @@ -0,0 +1,2 @@ +mariadb: mariadb + pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/nextcloud/config.yml b/jails/nextcloud/config.yml new file mode 100644 index 00000000..77618d02 --- /dev/null +++ b/jails/nextcloud/config.yml @@ -0,0 +1,2 @@ +nextcloud: nextcloud + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick perl5 p5-Locale-gettext help2man texinfo m4 autoconf \ No newline at end of file diff --git a/jails/organizr/config.yml b/jails/organizr/config.yml new file mode 100644 index 00000000..887c1645 --- /dev/null +++ b/jails/organizr/config.yml @@ -0,0 +1,2 @@ +organizr: organizr + pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/plex/config.yml b/jails/plex/config.yml new file mode 100644 index 00000000..8206391a --- /dev/null +++ b/jails/plex/config.yml @@ -0,0 +1,2 @@ +plex: plex + pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/radarr/config.yml b/jails/radarr/config.yml new file mode 100644 index 00000000..789ec723 --- /dev/null +++ b/jails/radarr/config.yml @@ -0,0 +1,2 @@ +radarr: radarr + pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/sonarr/config.yml b/jails/sonarr/config.yml new file mode 100644 index 00000000..1197e640 --- /dev/null +++ b/jails/sonarr/config.yml @@ -0,0 +1,2 @@ +sonarr: sonarr + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/tautulli/config.yml b/jails/tautulli/config.yml new file mode 100644 index 00000000..34256990 --- /dev/null +++ b/jails/tautulli/config.yml @@ -0,0 +1,2 @@ +tautulli: tautulli + pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/jails/transmission/config.yml b/jails/transmission/config.yml new file mode 100644 index 00000000..efec5ece --- /dev/null +++ b/jails/transmission/config.yml @@ -0,0 +1,2 @@ +transmission: transmission + pkgs: bash unzip unrar transmission \ No newline at end of file From 5119ba51205c0aee160f5ac360f495a3d8cbc05b Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 15:45:34 +0200 Subject: [PATCH 10/29] - Adds documentation for config.yml options (fixes: #70) (#76) - Describes the dataset structure, included auto-generated datasets (fixes: #68) --- docs/config options.md | 44 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 docs/config options.md diff --git a/docs/config options.md b/docs/config options.md new file mode 100644 index 00000000..8c0c4b93 --- /dev/null +++ b/docs/config options.md @@ -0,0 +1,44 @@ +## Config Options + +There are a lot of possibly configuration options in config.yml. +For jail specific config options, please see the wiki documentation for your specific jail. This page only list general and global config options, that are the same for every jail. + +## Global config options + +Global options apply to every jail. Use and change with caution. + +### dataset + +All config options under "dataset" change dataset creation and linking. The indentation and "dataset" flag are not optional. +All Datasets are auto-created if they do not exist already, no need to worry about creating them! + +- config: The dataset that is going to contain the persistant data for every jail. For example: Nextcloud user files for nextcloud or the actual database for mariadb. +- iocage: The dataset containing the iocage config. In FreeNAS often `poolname/iocage` +- media: The dataset that is going to contain all media files for plex, Sonarr, Radarr etc. Such as movies and music. Music, Movie etc. sub-datasets are auto-created. +- downloads: The dataset containging temporary download files. These are moved to media when finished. complete, incomplete etc. sub-datasets are auto-created. + +## jails +All config options under "jails" change default jail settings that are the same for every created jail. The indentation and "jails" flag are not optional. +- version: the current to-be-installed version for jails +- pkgs: packages that are installed to all created jails + +## (hidden) Auto created datasets + +Some datasets are auto created and can not be changed from the config file. This is done to ease troubleshooting. + +- `media/music` created as a sub-dataset of media, contains music +- `media/movies` created as a sub-dataset of media, contains movies +- `media/shows` created as a sub-dataset of media, contains tv-shows +- `downloads/complete` created as a sub-dataset of downloads, contains completed downloads +- `downloads/incomplete` created as a sub-dataset of downloads, contains not-yet-completed downloads + +## General config options + +### Networking +- ip4_addr: To set a static IP (recommended), enter the desired ip address here. Leave blank (or remove the line) for DHCP. +- gateway: Set the gateway IP for static IP setup. Leave blank (or remove the line) for DHCP. + +### Advanced +- interfaces: Set the "interfaces" flag for iocage. Example: `vnet0:bridge0` (optional) +- dhcp: Set to force DHCP (not required for DHCP, see above) +- pkgs: Override the to-be-install packages for this jail (might break now or break updates) From a60518e02e67f8f7afc9b3ef29d868c8d3255b83 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 15:51:18 +0200 Subject: [PATCH 11/29] Update nextcloud (#81) * Implement freenas-iocage-nextcloud#105 * Implement freenas-iocage-nextcloud#106 --- jails/nextcloud/config.yml | 2 +- jails/nextcloud/install.sh | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/jails/nextcloud/config.yml b/jails/nextcloud/config.yml index 77618d02..dfe6c31d 100644 --- a/jails/nextcloud/config.yml +++ b/jails/nextcloud/config.yml @@ -1,2 +1,2 @@ nextcloud: nextcloud - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick perl5 p5-Locale-gettext help2man texinfo m4 autoconf \ No newline at end of file + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf \ No newline at end of file diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh index ce825510..2b3168a6 100755 --- a/jails/nextcloud/install.sh +++ b/jails/nextcloud/install.sh @@ -275,6 +275,8 @@ else iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' + iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${HOST_NAME}\"" + iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" if [ $NO_CERT -eq 1 ]; then iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\"" else From d877424c8ccee4ebbb428b8cc8d7044ef5c02e29 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 15:55:59 +0200 Subject: [PATCH 12/29] Rename plexpass to beta and document the beta flag (#77) * Rename plexpass to beta and document the beta flag (Fixes: #54) * Comment cleanup --- config.yml.example | 2 +- jails/plex/install.sh | 8 ++++---- jails/plex/readme.md | 3 +++ jails/plex/update.sh | 6 +++--- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/config.yml.example b/config.yml.example index d648f631..f9cc0adf 100644 --- a/config.yml.example +++ b/config.yml.example @@ -30,7 +30,7 @@ example: example pkgs: mono plex: plex - plexpass: false + beta: false nextcloud: nextcloud ip4_addr: 192.168.1.99/24 diff --git a/jails/plex/install.sh b/jails/plex/install.sh index e5bc94ba..77cad59b 100755 --- a/jails/plex/install.sh +++ b/jails/plex/install.sh @@ -21,15 +21,15 @@ iocage exec plex chown -R plex:plex /config iocage exec plex pkg update iocage exec plex pkg upgrade -y -# Run different install procedures depending on Plex vs Plexpass -if [ "$plex_plexpass" == "true" ]; then - echo "plexpass enabled in config.yml... using plexpass for install" +# Run different install procedures depending on Plex vs Plex Beta +if [ "$plex_beta" == "true" ]; then + echo "beta enabled in config.yml... using plex beta for install" iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES" iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config" iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ iocage exec plex service plexmediaserver_plexpass restart else - echo "plexpass disabled in config.yml... NOT using plexpass for install" + echo "beta disabled in config.yml... NOT using plex beta for install" iocage exec plex sysrc "plexmediaserver_enable=YES" iocage exec plex sysrc plexmediaserver_support_path="/config" iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ diff --git a/jails/plex/readme.md b/jails/plex/readme.md index 2cac133d..4d5b5046 100755 --- a/jails/plex/readme.md +++ b/jails/plex/readme.md @@ -1,5 +1,8 @@ # Plex +### Config Parameters: +- beta: set to `true` if you want to run the plex beta (previously known as "plexpass"). Please note: This is not required for plexpass features + For more information about plex, please see the Plex website: # Original plex install script guide diff --git a/jails/plex/update.sh b/jails/plex/update.sh index 4f1d62c5..a9f7b7d4 100755 --- a/jails/plex/update.sh +++ b/jails/plex/update.sh @@ -1,15 +1,15 @@ #!/usr/local/bin/bash # This file contains the update script for Plex -# Run different update procedures depending on Plex vs Plexpass +# Run different update procedures depending on Plex vs Plex Beta if [ "$plex_plexpass" == "true" ]; then - echo "plexpass enabled in config.yml... using plexpass for update..." + echo "beta enabled in config.yml... using plex beta for update..." iocage exec plex service plexmediaserver_plexpass stop # Plex is updated using PKG already, this is mostly a placeholder iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ iocage exec plex service plexmediaserver_plexpass restart else - echo "plexpass disabled in config.yml... NOT using plexpass for update..." + echo "beta disabled in config.yml... NOT using plex beta for update..." iocage exec plex service plexmediaserver stop # Plex is updated using PKG already, this is mostly a placeholder iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ From f0437b87c8a8699354269af60afc52eb972977ca Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 15:59:04 +0200 Subject: [PATCH 13/29] add plex user to video group to enable future hardware encoding jail side. (#78) --- jails/plex/install.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jails/plex/install.sh b/jails/plex/install.sh index 77cad59b..2e3af92a 100755 --- a/jails/plex/install.sh +++ b/jails/plex/install.sh @@ -21,6 +21,9 @@ iocage exec plex chown -R plex:plex /config iocage exec plex pkg update iocage exec plex pkg upgrade -y +# Add plex user to video group for future hw-encoding support +iocage exec plex pw groupmod -n video -m plex + # Run different install procedures depending on Plex vs Plex Beta if [ "$plex_beta" == "true" ]; then echo "beta enabled in config.yml... using plex beta for install" From dc6eb4a4b737050956763cb0925f5c9ee8b62e70 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 16:34:41 +0200 Subject: [PATCH 14/29] Update shellcheck.yml --- .github/workflows/shellcheck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 0da492dd..533096fd 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,6 +11,7 @@ on: jobs: shellcheck: + runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 - name: Shell Linter From 759da942d2b297b7c2973441cde8f1a83682e702 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 19:47:11 +0200 Subject: [PATCH 15/29] Automatically detect mountpoint for iocage (#80) * automate grabbing iocage dataset instead of hardcoding * move iocage dataset define to jailman.sh instead of config.yml It can still be overriden by config.yml --- config.yml.example | 2 -- jailman.sh | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/config.yml.example b/config.yml.example index f9cc0adf..50b4b9a8 100644 --- a/config.yml.example +++ b/config.yml.example @@ -3,8 +3,6 @@ global: dataset: # dataset for internal jail config files config: tank/apps - # Iocage root dataset - iocage: tank/iocage # Media library dataset media: tank/media # Parent downloads dataset diff --git a/jailman.sh b/jailman.sh index d7ee700b..67f79d6d 100755 --- a/jailman.sh +++ b/jailman.sh @@ -84,6 +84,9 @@ while getopts ":i:r:u:d:g:h" opt esac done +global_dataset_iocage=$(zfs get -H -o value mountpoint $(iocage get -p)/iocage) +global_dataset_iocage=${global_dataset_iocage#/mnt/} + # Parse the Config YAML for configpath in ${SCRIPT_DIR}/jails/*/config.yml; do ! eval $(parse_yaml ${configpath}); done eval $(parse_yaml config.yml) From 46d148719109bf15d65b2816d143eb6fdd75b6a8 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 25 Apr 2020 19:47:21 +0200 Subject: [PATCH 16/29] Add plex transcoding ramdisk creation (#79) --- jails/plex/install.sh | 6 ++++++ jails/plex/readme.md | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/jails/plex/install.sh b/jails/plex/install.sh index 2e3af92a..460784bf 100755 --- a/jails/plex/install.sh +++ b/jails/plex/install.sh @@ -14,6 +14,12 @@ createmount plex ${global_dataset_media}/movies /mnt/media/movies createmount plex ${global_dataset_media}/music /mnt/media/music createmount plex ${global_dataset_media}/shows /mnt/media/shows +# Create plex ramdisk if specified +if [ -z "${plex_ramdisk}" ]; then + echo "no ramdisk specified for plex, continuing without randisk" +else + iocage fstab -a plex tmpfs /tmp_transcode tmpfs rw,size=${plex_ramdisk},mode=1777 0 0 +fi iocage exec plex chown -R plex:plex /config diff --git a/jails/plex/readme.md b/jails/plex/readme.md index 4d5b5046..171874af 100755 --- a/jails/plex/readme.md +++ b/jails/plex/readme.md @@ -5,6 +5,10 @@ For more information about plex, please see the Plex website: +### Config Parameters: + +- ramdisk: Specify the `size` parameter to create a transcoding ramdisk under /tmp_transcode. Requires manual setting it un plex to be used for transcoding. (optional) + # Original plex install script guide https://www.ixsystems.com/community/resources/fn11-3-iocage-jails-plex-tautulli-sonarr-radarr-lidarr-jackett-transmission-organizr.58/ \ No newline at end of file From c32ea280da2a28a6e8991b6f4f0ab84d32b3a299 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sun, 26 Apr 2020 14:55:22 +0200 Subject: [PATCH 17/29] Linter cleanup (#84) * Fix all Scriptcheck errors on current dev code * clean recent plex changes --- global.sh | 52 ++++++++++++++++++--------------- jailman.sh | 48 +++++++++++++++++++++--------- jails/bitwarden/install.sh | 22 +++++++++----- jails/bitwarden/update.sh | 19 +++++++----- jails/influxdb/install.sh | 7 +++-- jails/jackett/install.sh | 3 +- jails/jackett/update.sh | 3 +- jails/kms/install.sh | 3 +- jails/kms/update.sh | 3 +- jails/lidarr/install.sh | 13 +++++---- jails/lidarr/update.sh | 3 +- jails/mariadb/includes/caddy | 1 + jails/mariadb/install.sh | 14 +++++---- jails/mariadb/update.sh | 4 ++- jails/nextcloud/includes/caddy | 1 + jails/nextcloud/install.sh | 53 ++++++++++++++++++++++------------ jails/organizr/install.sh | 11 +++---- jails/organizr/update.sh | 4 +-- jails/plex/install.sh | 16 ++++++---- jails/plex/update.sh | 1 + jails/radarr/install.sh | 13 +++++---- jails/radarr/update.sh | 3 +- jails/sonarr/install.sh | 13 +++++---- jails/sonarr/update.sh | 3 +- jails/transmission/install.sh | 7 +++-- placeholder | 0 26 files changed, 205 insertions(+), 115 deletions(-) delete mode 100644 placeholder diff --git a/global.sh b/global.sh index 13458a39..d9d7a9eb 100755 --- a/global.sh +++ b/global.sh @@ -3,12 +3,15 @@ # yml Parser function # Based on https://gist.github.com/pkuczynski/8665367 +# shellcheck disable=SC2086 parse_yaml() { - local prefix=$2 - local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') + prefix=${2} + s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') + local prefix + local s w fs sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \ - -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 | - awk -F$fs '{ + -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" "${1}" | + awk -F"${fs}" '{ indent = length($1)/2; vname[indent] = $2; for (i in vname) {if (i > indent) {delete vname[i]}} @@ -24,12 +27,12 @@ gitupdate() { echo "checking for updates using Branch: $1" git fetch git update-index -q --refresh -CHANGED=$(git diff --name-only origin/$1) -if [ ! -z "$CHANGED" ]; +CHANGED=$(git diff --name-only origin/"$1") +if [ -n "$CHANGED" ]; then echo "script requires update" git reset --hard - git checkout $1 + git checkout "${1}" git pull echo "script updated, please restart the script manually" exit 1 @@ -64,17 +67,20 @@ if [ -z "${!jailname}" ]; then exit 1 else echo "Creating jail for $1" + # shellcheck disable=SC2154 pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!jailpkgs}")" - echo '{"pkgs":['${pkgs}']}' > /tmp/pkg.json + echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json if [ "${setdhcp}" == "on" ] then - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b + # shellcheck disable=SC2154 + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b then echo "Failed to create jail" exit 1 fi else - if ! iocage create -n "${1}" -p /tmp/pkg.json -r ${global_jails_version} interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b + # shellcheck disable=SC2154 + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b then echo "Failed to create jail" exit 1 @@ -84,19 +90,19 @@ else rm /tmp/pkg.json echo "creating jail config directory" - - createmount $1 ${global_dataset_config} - createmount $1 ${global_dataset_config}/$1 /config + # shellcheck disable=SC2154 + createmount "${1}" "${global_dataset_config}" + createmount "${1}" "${global_dataset_config}"/"${1}" /config # Create and Mount portsnap echo "Mounting and fetching ports" - createmount $1 ${global_dataset_config}/portsnap - createmount $1 ${global_dataset_config}/portsnap/db /var/db/portsnap - createmount $1 ${global_dataset_config}/portsnap/ports /usr/ports + createmount "${1}" "${global_dataset_config}"/portsnap + createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap + createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports - iocage exec "$1" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" + iocage exec "${1}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" - echo "Jail creation completed for $1" + echo "Jail creation completed for ${1}" fi } @@ -112,17 +118,17 @@ createmount() { else if [ ! -d "/mnt/$2" ]; then echo "Dataset does not exist... Creating... $2" - zfs create $2 + zfs create "${2}" else echo "Dataset already exists, skipping creation of $2" fi if [ -n "$1" ] && [ -n "$3" ]; then - iocage exec $1 mkdir -p $3 - if [ -n "$4" ]; then - iocage fstab -a $1 /mnt/$2 $3 $4 + iocage exec "${1}" mkdir -p "${3}" + if [ -n "${4}" ]; then + iocage fstab -a "${1}" /mnt/"${2}" "${3}" "${4}" else - iocage fstab -a $1 /mnt/$2 $3 nullfs rw 0 0 + iocage fstab -a "${1}" /mnt/"${2}" "${3}" nullfs rw 0 0 fi else echo "No Jail Name or Mount target specified, not mounting dataset" diff --git a/jailman.sh b/jailman.sh index 67f79d6d..49465707 100755 --- a/jailman.sh +++ b/jailman.sh @@ -1,15 +1,20 @@ #!/usr/local/bin/bash # Important defines: -export SCRIPT_NAME=$(basename $(test -L "${BASH_SOURCE[0]}" && readlink "${BASH_SOURCE[0]}" || echo "${BASH_SOURCE[0]}")); -export SCRIPT_DIR=$(cd $(dirname "${BASH_SOURCE[0]}") && pwd); +# shellcheck disable=SC2046 +SCRIPT_NAME=$(basename $(test -L "${BASH_SOURCE[0]}" && readlink "${BASH_SOURCE[0]}" || echo "${BASH_SOURCE[0]}")); +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd); +export SCRIPT_NAME +export SCRIPT_DIR + echo "Working directory for jailman.sh is: ${SCRIPT_DIR}" #Includes -source ${SCRIPT_DIR}/global.sh +# shellcheck source=global.sh +source "${SCRIPT_DIR}/global.sh" # Check for root privileges -if ! [ $(id -u) = 0 ]; then +if ! [ "$(id -u)" = 0 ]; then echo "This script must be run with root privileges" exit 1 fi @@ -31,33 +36,44 @@ fi unset -v sub while getopts ":i:r:u:d:g:h" opt do + #Shellcheck on wordsplitting will be disabled. Wordsplitting can't happen, because it's already split using OPTIND. case $opt in i ) installjails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 installjails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; r ) redojails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 redojails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; u ) updatejails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 updatejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; d ) destroyjails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 destroyjails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done ;; g ) upgradejails=("$OPTARG") + # shellcheck disable=SC2046 until [[ $(eval "echo \${$OPTIND}") =~ ^-.* ]] || [ -z $(eval "echo \${$OPTIND}") ]; do + # shellcheck disable=SC2207 upgradejails+=($(eval "echo \${$OPTIND}")) OPTIND=$((OPTIND + 1)) done @@ -88,18 +104,20 @@ global_dataset_iocage=$(zfs get -H -o value mountpoint $(iocage get -p)/iocage) global_dataset_iocage=${global_dataset_iocage#/mnt/} # Parse the Config YAML -for configpath in ${SCRIPT_DIR}/jails/*/config.yml; do ! eval $(parse_yaml ${configpath}); done -eval $(parse_yaml config.yml) +# shellcheck disable=SC2046 +for configpath in "${SCRIPT_DIR}"/jails/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done +eval "$(parse_yaml config.yml)" # Check and Execute requested jail destructions if [ ${#destroyjails[@]} -eq 0 ]; then echo "No jails to destroy" else + # shellcheck disable=SC2124,SC2145 echo "jails to destroy ${destroyjails[@]}" for jail in "${destroyjails[@]}" do echo "destroying $jail" - iocage destroy -f $jail + iocage destroy -f "${jail}" done fi @@ -108,13 +126,14 @@ fi if [ ${#installjails[@]} -eq 0 ]; then echo "No jails to install" else + # shellcheck disable=SC2124,SC2145 echo "jails to install ${installjails[@]}" for jail in "${installjails[@]}" do if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] then echo "Installing $jail" - jailcreate $jail && ${SCRIPT_DIR}/jails/$jail/install.sh + jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh else echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/install.sh" fi @@ -125,13 +144,14 @@ fi if [ ${#redojails[@]} -eq 0 ]; then echo "No jails to ReInstall" else + # shellcheck disable=SC2124,SC2145 echo "jails to reinstall ${redojails[@]}" for jail in "${redojails[@]}" do if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] then echo "Reinstalling $jail" - iocage destroy -f $jail && jailcreate $jail && ${SCRIPT_DIR}/jails/$jail/install.sh + iocage destroy -f "${jail}" && jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh else echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" fi @@ -143,16 +163,17 @@ fi if [ ${#updatejails[@]} -eq 0 ]; then echo "No jails to Update" else + # shellcheck disable=SC2124,SC2145 echo "jails to update ${updatejails[@]}" for jail in "${updatejails[@]}" do if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] then echo "Updating $jail" - iocage update $jail - iocage exec $jail "pkg update && pkg upgrade -y" && ${SCRIPT_DIR}/jails/$jail/update.sh - iocage restart $jail - iocage start $jail + iocage update "${jail}" + iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${jail}"/update.sh + iocage restart "${jail}" + iocage start "${jail}" else echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" fi @@ -163,6 +184,7 @@ fi if [ ${#upgradejails[@]} -eq 0 ]; then echo "No jails to Upgrade" else + # shellcheck disable=SC2124,SC2145 echo "jails to update ${upgradejails[@]}" for jail in "${upgradejails[@]}" do diff --git a/jails/bitwarden/install.sh b/jails/bitwarden/install.sh index 5a8dffa8..11d445f0 100755 --- a/jails/bitwarden/install.sh +++ b/jails/bitwarden/install.sh @@ -5,10 +5,14 @@ JAIL_NAME="bitwarden" DB_DATABASE=${JAIL_NAME} DB_USER=${JAIL_NAME} +# shellcheck disable=SC2154 INSTALL_TYPE=${bitwarden_type} -DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" +# shellcheck disable=SC2154 +DB_HOST="${mariadb_ip4_addr%/*}:3306" +# shellcheck disable=SC2154 DB_PASSWORD="${bitwarden_db_password}" DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" +# shellcheck disable=SC2154 ADMIN_TOKEN=${bitwarden_admin_token} if [ -z "${ADMIN_TOKEN}" ]; then @@ -36,12 +40,13 @@ fi iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin # Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) WEB_TAG="${WEB_RELEASE_URL##*/}" iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz +iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz +# shellcheck disable=SC2154 if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt" ]; then echo "certificate exist... Skipping cert generation" else @@ -50,7 +55,7 @@ else echo "cert folder not existing... creating..." iocage exec ${JAIL_NAME} mkdir /config/ssl fi - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.key -out /mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.crt fi if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/bitwarden.log" ]; then @@ -67,10 +72,11 @@ fi iocage exec ${JAIL_NAME} "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config iocage exec ${JAIL_NAME} mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'${DB_STRING}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'${ADMIN_TOKEN}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden if [ "${ADMIN_TOKEN}" == "NONE" ]; then echo "Admin_token set to NONE, disabling admin portal" diff --git a/jails/bitwarden/update.sh b/jails/bitwarden/update.sh index 746df014..15e51002 100755 --- a/jails/bitwarden/update.sh +++ b/jails/bitwarden/update.sh @@ -7,10 +7,14 @@ JAIL_NAME="bitwarden" DB_DATABASE=${JAIL_NAME} DB_USER=${JAIL_NAME} +# shellcheck disable=SC2154 INSTALL_TYPE=${bitwarden_type} -DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" +# shellcheck disable=SC2154 +DB_HOST="${mariadb_ip4_addr%/*}:3306" +# shellcheck disable=SC2154 DB_PASSWORD="${bitwarden_db_password}" DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" +# shellcheck disable=SC2154 ADMIN_TOKEN=${bitwarden_admin_token} if [ -z "${ADMIN_TOKEN}" ]; then @@ -39,17 +43,18 @@ fi iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin # Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w %{url_effective} https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) WEB_TAG="${WEB_RELEASE_URL##*/}" iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz +iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp ${SCRIPT_DIR}/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'${DB_STRING}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'${ADMIN_TOKEN}'"' >> /mnt/${global_dataset_iocage}/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden if [ "${ADMIN_TOKEN}" == "NONE" ]; then echo "Admin_token set to NONE, disabling admin portal" diff --git a/jails/influxdb/install.sh b/jails/influxdb/install.sh index a1104a97..9fe6886a 100755 --- a/jails/influxdb/install.sh +++ b/jails/influxdb/install.sh @@ -9,11 +9,14 @@ # Initialise variables JAIL_NAME="influxdb" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${influxdb_ip4_addr}" )" +# shellcheck disable=SC2154 +JAIL_IP="${influxdb_ip4_addr%/*}" INCLUDES_PATH="${SCRIPT_DIR}/jails/influxdb/includes" -DATABASE=${influxdb_database} +# shellcheck disable=SC2154 +DATABASE="${influxdb_database}" # Mount and configure proper configuration location +# shellcheck disable=SC2154 cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${JAIL_NAME}/influxd.conf" iocage exec "${JAIL_NAME}" mkdir -p /config/db/data /config/db/meta /config/db/wal iocage exec "${JAIL_NAME}" chown -R influxd:influxd /config/db diff --git a/jails/jackett/install.sh b/jails/jackett/install.sh index 60115ab8..954d59c5 100755 --- a/jails/jackett/install.sh +++ b/jails/jackett/install.sh @@ -7,7 +7,8 @@ iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config iocage exec jackett mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/jackett/includes/jackett.rc /mnt/${global_dataset_iocage}/jails/jackett/root/usr/local/etc/rc.d/jackett +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/jackett/root/usr/local/etc/rc.d/jackett iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett iocage exec jackett sysrc "jackett_enable=YES" iocage exec jackett service jackett restart diff --git a/jails/jackett/update.sh b/jails/jackett/update.sh index df7d983e..b5ad1679 100755 --- a/jails/jackett/update.sh +++ b/jails/jackett/update.sh @@ -4,6 +4,7 @@ iocage exec jackett service jackett stop #TODO insert code to update jacket itself here iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -cp ${SCRIPT_DIR}/jails/test10/includes/jackett.rc /mnt/${global_dataset_iocage}/jails/test10/root/usr/local/etc/rc.d/jackett +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/test10/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/test10/root/usr/local/etc/rc.d/jackett iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett iocage exec jackett service jackett restart diff --git a/jails/kms/install.sh b/jails/kms/install.sh index 6e8148c0..c7dffa88 100755 --- a/jails/kms/install.sh +++ b/jails/kms/install.sh @@ -6,7 +6,8 @@ iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms / iocage exec kms "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config iocage exec kms mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/kms/includes/py_kms.rc /mnt/${global_dataset_iocage}/jails/kms/root/usr/local/etc/rc.d/py_kms +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms iocage exec kms sysrc "py_kms_enable=YES" iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/kms/update.sh b/jails/kms/update.sh index 0f556a5e..e953f084 100755 --- a/jails/kms/update.sh +++ b/jails/kms/update.sh @@ -4,6 +4,7 @@ iocage exec kms service py_kms stop iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -cp ${SCRIPT_DIR}/jails/kms/includes/py_kms.rc /mnt/${global_dataset_iocage}/jails/kms/root/usr/local/etc/rc.d/py_kms +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/lidarr/install.sh b/jails/lidarr/install.sh index f9308024..702d3603 100755 --- a/jails/lidarr/install.sh +++ b/jails/lidarr/install.sh @@ -2,12 +2,14 @@ # This file contains the install script for lidarr # Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount lidarr ${global_dataset_downloads} -createmount lidarr ${global_dataset_downloads}/complete /mnt/fetched +# shellcheck disable=SC2154 +createmount lidarr "${global_dataset_downloads}" +createmount lidarr "${global_dataset_downloads}"/complete /mnt/fetched # Check if dataset for media library and the dataset for movies exist, create if they do not. -createmount lidarr ${global_dataset_media} -createmount lidarr ${global_dataset_media}/music /mnt/music +# shellcheck disable=SC2154 +createmount lidarr "${global_dataset_media}" +createmount lidarr "${global_dataset_media}"/music /mnt/music iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" @@ -16,7 +18,8 @@ iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" iocage exec lidarr "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/Lidarr /config iocage exec lidarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/lidarr/includes/lidarr.rc /mnt/${global_dataset_iocage}/jails/lidarr/root/usr/local/etc/rc.d/lidarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr iocage exec lidarr sysrc "lidarr_enable=YES" iocage exec lidarr service lidarr start diff --git a/jails/lidarr/update.sh b/jails/lidarr/update.sh index f85fefbe..a1990a7a 100755 --- a/jails/lidarr/update.sh +++ b/jails/lidarr/update.sh @@ -4,6 +4,7 @@ iocage exec lidarr service lidarr stop #TODO insert code to update lidarr itself here iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/lidarr /config -cp ${SCRIPT_DIR}/jails/lidarr/includes/lidarr.rc /mnt/${global_dataset_iocage}/jails/lidarr/root/usr/local/etc/rc.d/lidarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr iocage exec lidarr service lidarr restart \ No newline at end of file diff --git a/jails/mariadb/includes/caddy b/jails/mariadb/includes/caddy index 9c087c47..5f8df19d 100755 --- a/jails/mariadb/includes/caddy +++ b/jails/mariadb/includes/caddy @@ -1,4 +1,5 @@ #!/bin/sh +# shellcheck disable=1091,2223,2154,2034 # # PROVIDE: caddy # REQUIRE: networking diff --git a/jails/mariadb/install.sh b/jails/mariadb/install.sh index 6c9d9e7d..9bf39b4e 100755 --- a/jails/mariadb/install.sh +++ b/jails/mariadb/install.sh @@ -8,9 +8,12 @@ # Initialise defaults JAIL_NAME="mariadb" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )" +# shellcheck disable=SC2154 +JAIL_IP="${mariadb_ip4_addr%/*}" INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" +# shellcheck disable=SC2154 CERT_EMAIL=${mariadb_cert_email} +# shellcheck disable=SC2154 DB_ROOT_PASSWORD=${mariadb_db_root_password} DB_NAME="MariaDB" DL_FLAGS="" @@ -23,16 +26,16 @@ if [ -z "${mariadb_ip4_addr}" ]; then fi # Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke - +# shellcheck disable=SC2154 if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/db")" ]; then echo "Reinstall of mariadb detected... Continuing" REINSTALL="true" fi # Mount database dataset and set zfs preferences -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/db /var/db/mysql -zfs set recordsize=16K ${global_dataset_config}/${JAIL_NAME}/db -zfs set primarycache=metadata ${global_dataset_config}/${JAIL_NAME}/db +createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/db /var/db/mysql +zfs set recordsize=16K "${global_dataset_config}"/${JAIL_NAME}/db +zfs set primarycache=metadata "${global_dataset_config}"/${JAIL_NAME}/db iocage exec "${JAIL_NAME}" chown -R 88:88 /var/db/mysql @@ -62,6 +65,7 @@ iocage exec "${JAIL_NAME}" sysrc mysql_enable="YES" echo "Copying Caddyfile for no SSL" iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile diff --git a/jails/mariadb/update.sh b/jails/mariadb/update.sh index 2cb9fe25..c3d8ad2f 100755 --- a/jails/mariadb/update.sh +++ b/jails/mariadb/update.sh @@ -2,7 +2,8 @@ # This file contains the update script for mariadb JAIL_NAME="mariadb" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )" +# shellcheck disable=SC2154 +JAIL_IP="${mariadb_ip4_addr%/*}" INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" # Install includes fstab @@ -24,6 +25,7 @@ fi echo "Copying Caddyfile for no SSL" iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile diff --git a/jails/nextcloud/includes/caddy b/jails/nextcloud/includes/caddy index f7a9b1e4..d6e9ad35 100755 --- a/jails/nextcloud/includes/caddy +++ b/jails/nextcloud/includes/caddy @@ -1,4 +1,5 @@ #!/bin/sh +# shellcheck disable=1091,2223,2154,2034 # # PROVIDE: caddy # REQUIRE: networking diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh index 2b3168a6..a519faea 100755 --- a/jails/nextcloud/install.sh +++ b/jails/nextcloud/install.sh @@ -5,16 +5,26 @@ # Initialise defaults JAIL_NAME="nextcloud" -JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${nextcloud_ip4_addr}" )" +# shellcheck disable=SC2154 +JAIL_IP="${nextcloud_ip4_addr%/*}" +# shellcheck disable=SC2154 DATABASE="$nextcloud_database" INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes" +# shellcheck disable=SC2154 STANDALONE_CERT=${nextcloud_standalone_cert} +# shellcheck disable=SC2154 SELFSIGNED_CERT=${nextcloud_selfsigned_cert} +# shellcheck disable=SC2154 DNS_CERT=${nextcloud_dns_cert} +# shellcheck disable=SC2154 NO_CERT=${nextcloud_no_cert} +# shellcheck disable=SC2154 DL_FLAGS=${nextcloud_dl_flags} +# shellcheck disable=SC2154 DNS_SETTING=${nextcloud_dns_settings} +# shellcheck disable=SC2154 CERT_EMAIL=${nextcloud_cert_email} +# shellcheck disable=SC2154 HOST_NAME=${nextcloud_host_name} # Only generate new DB passwords when using buildin database @@ -22,9 +32,13 @@ HOST_NAME=${nextcloud_host_name} if [ "${DATABASE}" = "pgsql-external" ]; then DB_NAME="PostgreSQL" + # shellcheck disable=SC2154 DB_HOST="${nextcloud_db_host}" + # shellcheck disable=SC2154 DB_DATABASE="${nextcloud_db_database}" + # shellcheck disable=SC2154 DB_USER="${nextcloud_db_user}" + # shellcheck disable=SC2154 DB_PASSWORD="${nextcloud_db_password}" elif [ "${DATABASE}" = "mariadb-external" ]; then DB_NAME="MariaDB" @@ -35,7 +49,8 @@ elif [ "${DATABASE}" = "mariadb-external" ]; then elif [ "${DATABASE}" = "mariadb-jail" ]; then DB_DATABASE="nextcloud" DB_USER="nextcloud" - DB_HOST="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}"):3306" + # shellcheck disable=SC2154 + DB_HOST="${mariadb_ip4_addr%/*}:3306" DB_PASSWORD="${nextcloud_db_password}" else echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:" @@ -84,6 +99,7 @@ if [ -z "${DB_DATABASE}" ]; then exit 1 fi +# shellcheck disable=SC2154 if [ -z "${nextcloud_time_zone}" ]; then echo 'Configuration error: TIME_ZONE must be set' exit 1 @@ -92,35 +108,36 @@ if [ -z "${HOST_NAME}" ]; then echo 'Configuration error: HOST_NAME must be set' exit 1 fi -if [ $STANDALONE_CERT -eq 0 ] && [ $DNS_CERT -eq 0 ] && [ $NO_CERT -eq 0 ] && [ $SELFSIGNED_CERT -eq 0 ]; then +if [ "$STANDALONE_CERT" -eq 0 ] && [ "$DNS_CERT" -eq 0 ] && [ "$NO_CERT" -eq 0 ] && [ "$SELFSIGNED_CERT" -eq 0 ]; then echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,' echo 'or SELFSIGNED_CERT must be set to 1.' exit 1 fi -if [ $STANDALONE_CERT -eq 1 ] && [ $DNS_CERT -eq 1 ] ; then +if [ "$STANDALONE_CERT" -eq 1 ] && [ "$DNS_CERT" -eq 1 ] ; then echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT' echo 'may be set to 1.' exit 1 fi -if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then +if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then echo "DNS_PLUGIN must be set to a supported DNS provider." echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." echo "Be sure to omit the prefix of \"tls.dns.\"." exit 1 fi -if [ $DNS_CERT -eq 1 ] && [ -z "${DNS_ENV}" ] ; then +if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_ENV}" ] ; then echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." exit 1 fi -if [ $DNS_CERT -eq 1 ] ; then +if [ "$DNS_CERT" -eq 1 ] ; then DL_FLAGS="tls.dns.${DNS_PLUGIN}" DNS_SETTING="dns ${DNS_PLUGIN}" fi # Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke +# shellcheck disable=SC2154 if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then echo "Reinstall of Nextcloud detected... " echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing" @@ -135,9 +152,9 @@ fi ##### # Create and Mount Nextcloud, Config and Files -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/config /usr/local/www/nextcloud/config -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes -createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/files /config/files +createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/config /usr/local/www/nextcloud/config +createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes +createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/files /config/files # Install includes fstab iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes @@ -197,7 +214,7 @@ iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/ # Generate and install self-signed cert, if necessary -if [ $SELFSIGNED_CERT -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then +if [ "$SELFSIGNED_CERT" -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then echo "No ssl certificate present, generating self signed certificate" if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then echo "cert folder not existing... creating..." @@ -212,13 +229,13 @@ fi iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ -if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then +if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/ fi -if [ $NO_CERT -eq 1 ]; then +if [ "$NO_CERT" -eq 1 ]; then echo "Copying Caddyfile for no SSL" iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile -elif [ $SELFSIGNED_CERT -eq 1 ]; then +elif [ "$SELFSIGNED_CERT" -eq 1 ]; then echo "Copying Caddyfile for self-signed cert" iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile else @@ -277,7 +294,7 @@ else iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${HOST_NAME}\"" iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" - if [ $NO_CERT -eq 1 ]; then + if [ "$NO_CERT" -eq 1 ]; then iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\"" else iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\"" @@ -303,7 +320,7 @@ iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 # Done! echo "Installation complete!" -if [ $NO_CERT -eq 1 ]; then +if [ "$NO_CERT" -eq 1 ]; then echo "Using your web browser, go to http://${HOST_NAME} to log in" else echo "Using your web browser, go to https://${HOST_NAME} to log in" @@ -325,14 +342,14 @@ else fi echo "" -if [ $STANDALONE_CERT -eq 1 ] || [ $DNS_CERT -eq 1 ]; then +if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then echo "You have obtained your Let's Encrypt certificate using the staging server." echo "This certificate will not be trusted by your browser and will cause SSL errors" echo "when you connect. Once you've verified that everything else is working" echo "correctly, you should issue a trusted certificate. To do this, run:" echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh" echo "" -elif [ $SELFSIGNED_CERT -eq 1 ]; then +elif [ "$SELFSIGNED_CERT" -eq 1 ]; then echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" echo "installation. This certificate will not be trusted by your browser and" echo "will cause SSL errors when you connect. If you wish to replace this certificate" diff --git a/jails/organizr/install.sh b/jails/organizr/install.sh index 4f5e55ed..951ff0d8 100755 --- a/jails/organizr/install.sh +++ b/jails/organizr/install.sh @@ -8,10 +8,11 @@ iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' / iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini -mv /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak -cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf -cp -Rf ${SCRIPT_DIR}/jails/organizr/includes/custom /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/custom - +# shellcheck disable=SC2154 +mv /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak +cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf +cp -Rf "${SCRIPT_DIR}"/jails/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/custom +# shellcheck disable=SC2154 if [ ! -d "/mnt/${global_dataset_config}/organizr/ssl" ]; then echo "cert folder doesn't exist... creating..." iocage exec organizr mkdir /config/ssl @@ -21,7 +22,7 @@ if [ -f "/mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt" ]; then echo "certificate exists... Skipping cert generation" else echo "No ssl certificate present, generating self signed certificate" - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.key -out /mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.crt fi iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr diff --git a/jails/organizr/update.sh b/jails/organizr/update.sh index 173c47e9..b24f1154 100755 --- a/jails/organizr/update.sh +++ b/jails/organizr/update.sh @@ -1,11 +1,11 @@ #!/usr/local/bin/bash # This file contains the update script for Organizr - iocage exec organizr service nginx stop iocage exec organizr service php-fpm stop # TODO setup cli update for Organizr here. -cp ${SCRIPT_DIR}/jails/organizr/includes/nginx.conf /mnt/${global_dataset_iocage}/jails/organizr/root/usr/local/etc/nginx/nginx.conf +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf iocage exec organizr "cd /usr/local/www/Organizr && git pull" iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom iocage exec organizr service nginx start diff --git a/jails/plex/install.sh b/jails/plex/install.sh index 460784bf..cdeb3803 100755 --- a/jails/plex/install.sh +++ b/jails/plex/install.sh @@ -5,20 +5,23 @@ iocage exec plex mkdir -p /usr/local/etc/pkg/repos # Change to to more frequent FreeBSD repo to stay up-to-date with plex more. -cp ${SCRIPT_DIR}/jails/plex/includes/FreeBSD.conf /mnt/${global_dataset_iocage}/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf # Check if datasets for media librarys exist, create them if they do not. -createmount plex ${global_dataset_media} /mnt/media -createmount plex ${global_dataset_media}/movies /mnt/media/movies -createmount plex ${global_dataset_media}/music /mnt/media/music -createmount plex ${global_dataset_media}/shows /mnt/media/shows +# shellcheck disable=SC2154 +createmount plex "${global_dataset_media}" /mnt/media +createmount plex "${global_dataset_media}"/movies /mnt/media/movies +createmount plex "${global_dataset_media}"/music /mnt/media/music +createmount plex "${global_dataset_media}"/shows /mnt/media/shows # Create plex ramdisk if specified +# shellcheck disable=SC2154 if [ -z "${plex_ramdisk}" ]; then echo "no ramdisk specified for plex, continuing without randisk" else - iocage fstab -a plex tmpfs /tmp_transcode tmpfs rw,size=${plex_ramdisk},mode=1777 0 0 + iocage fstab -a plex tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 fi iocage exec plex chown -R plex:plex /config @@ -31,6 +34,7 @@ iocage exec plex pkg upgrade -y iocage exec plex pw groupmod -n video -m plex # Run different install procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 if [ "$plex_beta" == "true" ]; then echo "beta enabled in config.yml... using plex beta for install" iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES" diff --git a/jails/plex/update.sh b/jails/plex/update.sh index a9f7b7d4..ca01432a 100755 --- a/jails/plex/update.sh +++ b/jails/plex/update.sh @@ -2,6 +2,7 @@ # This file contains the update script for Plex # Run different update procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 if [ "$plex_plexpass" == "true" ]; then echo "beta enabled in config.yml... using plex beta for update..." iocage exec plex service plexmediaserver_plexpass stop diff --git a/jails/radarr/install.sh b/jails/radarr/install.sh index 06e6e1f0..d8305480 100755 --- a/jails/radarr/install.sh +++ b/jails/radarr/install.sh @@ -2,12 +2,14 @@ # This file contains the install script for radarr # Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount radarr ${global_dataset_downloads} -createmount radarr ${global_dataset_downloads}/complete /mnt/fetched +# shellcheck disable=SC2154 +createmount radarr "${global_dataset_downloads}" +createmount radarr "${global_dataset_downloads}"/complete /mnt/fetched # Check if dataset for media library and the dataset for movies exist, create if they do not. -createmount radarr ${global_dataset_media} -createmount radarr ${global_dataset_media}/movies /mnt/movies +# shellcheck disable=SC2154 +createmount radarr "${global_dataset_media}" +createmount radarr "${global_dataset_media}"/movies /mnt/movies iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" iocage exec radarr "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" @@ -15,7 +17,8 @@ iocage exec radarr rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config iocage exec radarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/radarr/includes/radarr.rc /mnt/${global_dataset_iocage}/jails/radarr/root/usr/local/etc/rc.d/radarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr iocage exec radarr sysrc "radarr_enable=YES" iocage exec radarr service radarr restart diff --git a/jails/radarr/update.sh b/jails/radarr/update.sh index 9b3afca0..b527d0ce 100755 --- a/jails/radarr/update.sh +++ b/jails/radarr/update.sh @@ -4,6 +4,7 @@ iocage exec radarr service radarr stop #TODO insert code to update radarr itself here iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -cp ${SCRIPT_DIR}/jails/radarr/includes/radarr.rc /mnt/${global_dataset_iocage}/jails/radarr/root/usr/local/etc/rc.d/radarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr iocage exec radarr service radarr restart \ No newline at end of file diff --git a/jails/sonarr/install.sh b/jails/sonarr/install.sh index ccc2048e..b63614b9 100755 --- a/jails/sonarr/install.sh +++ b/jails/sonarr/install.sh @@ -2,12 +2,14 @@ # This file contains the install script for sonarr # Check if dataset for completed download and it parent dataset exist, create if they do not. -createmount sonarr ${global_dataset_downloads} -createmount sonarr ${global_dataset_downloads}/complete /mnt/fetched +# shellcheck disable=SC2154 +createmount sonarr "${global_dataset_downloads}" +createmount sonarr "${global_dataset_downloads}"/complete /mnt/fetched # Check if dataset for media library and the dataset for tv shows exist, create if they do not. -createmount sonarr ${global_dataset_media} -createmount sonarr ${global_dataset_media}/shows /mnt/shows +# shellcheck disable=SC2154 +createmount sonarr "${global_dataset_media}" +createmount sonarr "${global_dataset_media}"/shows /mnt/shows iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" @@ -15,7 +17,8 @@ iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz iocage exec sonarr "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config iocage exec sonarr mkdir /usr/local/etc/rc.d -cp ${SCRIPT_DIR}/jails/sonarr/includes/sonarr.rc /mnt/${global_dataset_iocage}/jails/sonarr/root/usr/local/etc/rc.d/sonarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr iocage exec sonarr sysrc "sonarr_enable=YES" iocage exec sonarr service sonarr restart diff --git a/jails/sonarr/update.sh b/jails/sonarr/update.sh index 7774c866..47f94384 100755 --- a/jails/sonarr/update.sh +++ b/jails/sonarr/update.sh @@ -4,6 +4,7 @@ iocage exec sonarr service sonarr stop #TODO insert code to update sonarr itself here iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -cp ${SCRIPT_DIR}/jails/sonarr/includes/sonarr.rc /mnt/${global_dataset_iocage}/jails/sonarr/root/usr/local/etc/rc.d/sonarr +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr iocage exec sonarr service sonarr restart \ No newline at end of file diff --git a/jails/transmission/install.sh b/jails/transmission/install.sh index f2af7b55..43c298c5 100755 --- a/jails/transmission/install.sh +++ b/jails/transmission/install.sh @@ -2,13 +2,14 @@ # This file contains the install script for transmission # Check if dataset Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads} /mnt/downloads +# shellcheck disable=SC2154 +createmount transmission "${global_dataset_downloads}" /mnt/downloads # Check if dataset Complete Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads}/complete /mnt/downloads/complete +createmount transmission "${global_dataset_downloads}"/complete /mnt/downloads/complete # Check if dataset InComplete Downloads dataset exist, create if they do not. -createmount transmission ${global_dataset_downloads}/incomplete /mnt/downloads/incomplete +createmount transmission "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete iocage exec transmission chown -R transmission:transmission /config diff --git a/placeholder b/placeholder deleted file mode 100644 index e69de29b..00000000 From 2c75cfe0ea0556aab1329259da985e84542fe6dc Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sun, 26 Apr 2020 16:00:47 +0200 Subject: [PATCH 18/29] Wiki replacement and CI update (#86) * dhcp uses on, not true (because iocage syntax) * Documentation updates * Add gh-pages wiki generator using mkdocs * Update shellcheck.yml * Update wiki.yml * Add filecheck * readme case correction1 * readme case correction2 * Update filecheck.yml --- .github/workflows/filecheck.yml | 21 ++++++ .github/workflows/shellcheck.yml | 4 +- .github/workflows/wiki.yml | 26 +++++++ docs/LICENSE => LICENSE | 0 docs/CONTRIBUTING.md | 90 ++++++++++++++++++++++++ docs/ISSUE_TEMPLATE.md | 13 ++++ docs/PULL_REQUEST_TEMPLATE.md | 16 +++++ docs/Readme.md | 2 +- docs/config options.md | 10 ++- docs/index.md | 5 ++ docs/jails/jails.md | 1 + docs/test.md | 1 + jails/bitwarden/readme.md | 5 +- jails/influxdb/readme.md | 4 +- jails/kms/readme.md | 3 +- jails/lidarr/readme.md | 4 +- jails/mariadb/readme.md | 4 +- jails/nextcloud/{README.md => readme.md} | 4 +- jails/organizr/readme.md | 4 +- jails/radarr/readme.md | 4 +- jails/sonarr/readme.md | 4 +- jails/tautulli/readme.md | 4 +- jails/transmission/readme.md | 4 +- mkdocs.yml | 23 ++++++ wiki/Home.md | 3 - wiki/test.md | 1 - 26 files changed, 239 insertions(+), 21 deletions(-) create mode 100644 .github/workflows/filecheck.yml create mode 100644 .github/workflows/wiki.yml rename docs/LICENSE => LICENSE (100%) create mode 100644 docs/CONTRIBUTING.md create mode 100644 docs/ISSUE_TEMPLATE.md create mode 100644 docs/PULL_REQUEST_TEMPLATE.md create mode 100644 docs/index.md create mode 100644 docs/jails/jails.md create mode 100644 docs/test.md rename jails/nextcloud/{README.md => readme.md} (99%) mode change 100755 => 100644 create mode 100644 mkdocs.yml delete mode 100644 wiki/Home.md delete mode 100644 wiki/test.md diff --git a/.github/workflows/filecheck.yml b/.github/workflows/filecheck.yml new file mode 100644 index 00000000..1ba68643 --- /dev/null +++ b/.github/workflows/filecheck.yml @@ -0,0 +1,21 @@ +name: File Presence QC +on: + pull_request: + branches: + - master + - dev + +jobs: + build: + name: Check Files + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: check existance + run: | + for pathname in jails/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done + for pathname in jails/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done + for pathname in jails/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done + for pathname in jails/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done + if [ "${error}" == "true" ]; then echo "Missing files detected" && exit 1; fi + shell: bash diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 533096fd..e5d12b6f 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -1,5 +1,5 @@ # This is a workflow to run shellcheck on all scripts -name: Shellcheck Workflow +name: Shell Linter QC # Controls when the action will run. Triggers the workflow on push or pull request # events but only for the master branch @@ -10,7 +10,7 @@ on: - dev jobs: - shellcheck: + Shellcheck: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml new file mode 100644 index 00000000..d87b3899 --- /dev/null +++ b/.github/workflows/wiki.yml @@ -0,0 +1,26 @@ +name: Publish docs via GitHub Pages +on: + push: + branches: + - master + +jobs: + build: + name: Deploy docs + runs-on: ubuntu-latest + steps: + - name: Checkout master + uses: actions/checkout@v1 + with: + ref: 'master' + - name: rename-readme + run: | + for pathname in jails/*/README.MD; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + for pathname in jails/*/README.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + for pathname in jails/*/readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + for pathname in jails/*/Readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + shell: bash + - name: Deploy docs + uses: mhausenblas/mkdocs-deploy-gh-pages@master + env: + GITHUB_TOKEN: ${{ secrets.WIKI_GH_PAT }} diff --git a/docs/LICENSE b/LICENSE similarity index 100% rename from docs/LICENSE rename to LICENSE diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md new file mode 100644 index 00000000..b42eac40 --- /dev/null +++ b/docs/CONTRIBUTING.md @@ -0,0 +1,90 @@ +# Contribution and Review Guidelines + +This project welcomes any and all input, but we need to have a few quality guidelines. These guidelines will be examplained here, in this document. + +### GIT Guidelines +*** +#### New to GIT + +If you have never used git before, you can look up our general reference on our wiki. + +#### Git and You + +GIT is a fantastic system, but while using it we have a few guidelines to keep it fantastic for everyone. + +* Submit complete PR's. +* Add [DNM] if you do not want your PR merged yet. +* Always try and fill in the whole form, even for small PR's. +* Don't close when a reviewer requests changes (just push the changes or ask for help). +* Explain what you did in your PR. +* Be thorough. +* If you can add screenshots to clarify. +* Always try to add "Fixes #000" (where 000 is the Issue your PR fixes) +* found something you want to fix yourself? Please do make an issue too. + +### Structure Guidelines +*** +#### Naming scheme + +File and folder names are important and making mistakes in them may give conflicts an/or annoyance in the future. Remember, your garbage needs to be cleaned by someone sometime in the future! For that reason, we have a few guidelines in regards to naming files and folder. + +* Always start files and folders WITHOUT a Capital. + +#### Inclusion of files and folders + +Although GIT is quite friendly in what it accepts in terms of files and folder changes in a commit, a reviewer's or bugfixer's time is not unlimited. For that reason, we have a few specific guidelines in regards to the inclusion of files and folders in your PR. + +* Only include files you actually changed. +* Try not to include multiple changes in one PR +* Want to change the formatting of multiple files too? Make a separate PR. + +*Always include the following files when creating a new jail* + +- install.sh +- update.sh +- readme.md +- config.yml + + +### Code Guidelines +*** +#### Your code, your style, my review + +Here at jailman, we value people having their own style. But your code needs to be reviewable and editable by others too. For that reason, we have a few basic coding guidelines + +* **Always** explain regex in a comment within your code. +* Write simple code and don't try to impress. +* We will run (Basic) automated reformating of code once in a while. +* Document your changes in your code and if need be, on the wiki. +* All PR's should be able to pass our automated shellcheck. +* It's okey to add shellcheck ignores, but only AFTER you checked the warning! + +#### jail requirements + +- Jails should always save user-specific data in a persistant location. Which is the location specified in the config.yml file under "config:", which is automatically mounted to every jail under /config. There should be no user specific data in the jail itself +- Jails should not require the user to edit any config file themselves. All config changes should be automated +- Jails should not use default passwords, the user should always be forced(!) to put credentials in config.yml manually + + +### Review Guidelines +*** +Even us review gods need some guidelines once in a while. + +* Let people learn from their mistakes +* Review instead of merging without comments +* Abide by these guidelines in your review +* Tests exist for a reason. Don't merge with test-failures + + + +### Todo vs Feature vs bug: +*** +Please take note of the difference between a TODO and Feature + +* Bug: An unexpected behavior of the script or a crash. Including, but not limited to, errors and warnings. +* Todo: When you come across something that needs tweaking/adding during development, is not an unexpected behavior +* Feature: When you, out of personal preference, want something added or changed. + +### That's it! +*** +Someone will come along and review the changes. If everything looks good then they will merge it with the main repo. If you need any help don't be afraid to ask in the discord channel: [https://discord.gg/tFcTpBp](https://discord.gg/tFcTpBp) diff --git a/docs/ISSUE_TEMPLATE.md b/docs/ISSUE_TEMPLATE.md new file mode 100644 index 00000000..89fb703e --- /dev/null +++ b/docs/ISSUE_TEMPLATE.md @@ -0,0 +1,13 @@ +# Issue Template + +## Description + +### Detailed Bug Report +It helps if you include any relevant code / config (for describing how new features should work), images, gifs, or youtube videos! + +### Steps to Reproduce +Please enter the steps to reproduce the bug or behaviour: + +1. +2. +3. \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATE.md b/docs/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 00000000..ed2f76f0 --- /dev/null +++ b/docs/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +# Pull Request Template + +### Purpose +_Describe the problem the PR fixes or the feature it introduces_
+_Don't forget to use "Fixes #issuenumber" to select issues and auto close them on merge_ + +### Notes: +_Please enter any other relevant information here_ + +### Please make sure you have followed the self checks below before submitting a PR: + +- [ ] Code is sufficiently commented +- [ ] Code is indented with tabs and not spaces +- [ ] The PR does not bring up any new errors +- [ ] The PR has been tested +- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) diff --git a/docs/Readme.md b/docs/Readme.md index 6b48c6a6..b7df9438 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -5,7 +5,7 @@ --- -[![GitHub last commit](https://img.shields.io/github/last-commit/ornias1993/jailman/dev.svg)](https://github.com/ornias1993/jailman/commits/dev) [![Krihelimeter](http://www.krihelinator.xyz/badge/ornias1993/jailman)](http://www.krihelinator.xyz/repositories/ornias1993/jailman) [![GitHub Release](https://img.shields.io/github/release/ornias1993/jailman.svg)](https://github.com/ornias1993/jailman/releases/latest) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.GPLV2) [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.BSD2) +[![GitHub last commit](https://img.shields.io/github/last-commit/ornias1993/jailman/dev.svg)](https://github.com/ornias1993/jailman/commits/dev) [![GitHub Release](https://img.shields.io/github/release/ornias1993/jailman.svg)](https://github.com/ornias1993/jailman/releases/latest) [![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-blue.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.GPLV2) [![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://github.com/ornias1993/jailman/blob/master/docs/LICENSE.BSD2) ## Intro diff --git a/docs/config options.md b/docs/config options.md index 8c0c4b93..111ba452 100644 --- a/docs/config options.md +++ b/docs/config options.md @@ -35,10 +35,14 @@ Some datasets are auto created and can not be changed from the config file. This ## General config options ### Networking + +Please be aware that dhcp is not actively supported, many of the jails depend on having a fixed IP-adress in the config file. +Some also depend on other jails having a fixed IP in the config file. Use of DHCP is on your own risk and might not work. + - ip4_addr: To set a static IP (recommended), enter the desired ip address here. Leave blank (or remove the line) for DHCP. -- gateway: Set the gateway IP for static IP setup. Leave blank (or remove the line) for DHCP. +- gateway: Set the gateway IP for static IP setup. Leave blank (or remove the line) for DHCP. ### Advanced - interfaces: Set the "interfaces" flag for iocage. Example: `vnet0:bridge0` (optional) -- dhcp: Set to force DHCP (not required for DHCP, see above) -- pkgs: Override the to-be-install packages for this jail (might break now or break updates) +- dhcp: Set to "on" to force DHCP (not required for DHCP, see above) +- pkgs: Override the to-be-install packages for this jail (might break now or break updates) \ No newline at end of file diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 00000000..f2dbf1aa --- /dev/null +++ b/docs/index.md @@ -0,0 +1,5 @@ +# Introduction +Welcome to Jailam. An open source effort to create an easy management tool for Freenas Jails. + +As this project is in its early stages, this wiki will serve the purpose of providing a foundation and a almost (not) up-to-date scripting reference to the underlying structure of jailman. + diff --git a/docs/jails/jails.md b/docs/jails/jails.md new file mode 100644 index 00000000..9daeafb9 --- /dev/null +++ b/docs/jails/jails.md @@ -0,0 +1 @@ +test diff --git a/docs/test.md b/docs/test.md new file mode 100644 index 00000000..e440e5c8 --- /dev/null +++ b/docs/test.md @@ -0,0 +1 @@ +3 \ No newline at end of file diff --git a/jails/bitwarden/readme.md b/jails/bitwarden/readme.md index b698d7fc..4438ddc8 100755 --- a/jails/bitwarden/readme.md +++ b/jails/bitwarden/readme.md @@ -1,4 +1,7 @@ -# Original README from the Bitwarden_rs github: +# Bitwarden_RS + + +## Original README from the Bitwarden_rs github: https://github.com/dani-garcia/bitwarden_rs diff --git a/jails/influxdb/readme.md b/jails/influxdb/readme.md index 446c9c9f..dd4c5003 100644 --- a/jails/influxdb/readme.md +++ b/jails/influxdb/readme.md @@ -1,4 +1,6 @@ -# Original README from the influxdb github: +# InfluxDB + +## Original README from the influxdb github: https://github.com/influxdata/influxdb diff --git a/jails/kms/readme.md b/jails/kms/readme.md index 7c55dd7f..298e6987 100755 --- a/jails/kms/readme.md +++ b/jails/kms/readme.md @@ -1,5 +1,6 @@ +# Py-KMS -# Original README from the py-kms github: +## Original README from the py-kms github: https://github.com/SystemRage/py-kms diff --git a/jails/lidarr/readme.md b/jails/lidarr/readme.md index d73b6bff..6347fad9 100755 --- a/jails/lidarr/readme.md +++ b/jails/lidarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the lidarr github: +# Lidarr + +## Original README from the lidarr github: https://github.com/lidarr/Lidarr diff --git a/jails/mariadb/readme.md b/jails/mariadb/readme.md index 532bf0b6..d486c586 100755 --- a/jails/mariadb/readme.md +++ b/jails/mariadb/readme.md @@ -1,4 +1,6 @@ -# Original README from the mariadb github: +# MariaDB + +## Original README from the mariadb github: https://github.com/MariaDB/server/ diff --git a/jails/nextcloud/README.md b/jails/nextcloud/readme.md old mode 100755 new mode 100644 similarity index 99% rename from jails/nextcloud/README.md rename to jails/nextcloud/readme.md index aa4ee344..c8dc67db --- a/jails/nextcloud/README.md +++ b/jails/nextcloud/readme.md @@ -1,4 +1,6 @@ -# Original README from the Upstream Nextcloud-iocage install script: +# Nextcloud + +## Original README from the Upstream Nextcloud-iocage install script: https://github.com/danb35/freenas-iocage-nextcloud diff --git a/jails/organizr/readme.md b/jails/organizr/readme.md index 19525226..675769af 100755 --- a/jails/organizr/readme.md +++ b/jails/organizr/readme.md @@ -1,4 +1,6 @@ -# Original README from the Organizr github repo: +# Organizr + +## Original README from the Organizr github repo: https://github.com/causefx/Organizr diff --git a/jails/radarr/readme.md b/jails/radarr/readme.md index 14337343..9dc41df9 100755 --- a/jails/radarr/readme.md +++ b/jails/radarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the radarr github: +# Radarr + +## Original README from the radarr github: https://github.com/Radarr/Radarr diff --git a/jails/sonarr/readme.md b/jails/sonarr/readme.md index b6f379b6..0edcb9cb 100755 --- a/jails/sonarr/readme.md +++ b/jails/sonarr/readme.md @@ -1,4 +1,6 @@ -# Original README from the sonarr github: +# Sonarr + +## Original README from the sonarr github: https://github.com/Sonarr/Sonarr diff --git a/jails/tautulli/readme.md b/jails/tautulli/readme.md index db612709..6d4c4855 100755 --- a/jails/tautulli/readme.md +++ b/jails/tautulli/readme.md @@ -1,4 +1,6 @@ -# Original README from the tautulli github: +# Tautulli + +## Original README from the tautulli github: https://github.com/Tautulli/Tautulli diff --git a/jails/transmission/readme.md b/jails/transmission/readme.md index a2573b3d..55f50f47 100755 --- a/jails/transmission/readme.md +++ b/jails/transmission/readme.md @@ -1,4 +1,6 @@ -# Original README from the transmission github: +# Transmission + +## Original README from the transmission github: https://github.com/transmission/transmission diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 00000000..8bccf8b0 --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,23 @@ +# Project Information +site_name: JailMan +site_description: 'Project Design and Documentation for development' +site_author: 'Ornias1993' +site_url: 'https://ornias1993.github.io/jailman/' + +# Repository +repo_name: 'ornias1993/jailman' +repo_url: 'https://github.com/Ornias1993/jailman/' +edit_uri: 'edit/dev/docs/' + +theme: + name: 'material' + features: + - tabs + language: 'en' + +markdown_extensions: + - admonition + - codehilite: + guess_lang: false + - toc: + permalink: true \ No newline at end of file diff --git a/wiki/Home.md b/wiki/Home.md deleted file mode 100644 index ae97c2b6..00000000 --- a/wiki/Home.md +++ /dev/null @@ -1,3 +0,0 @@ -Welcome to the jailman wiki! - -This wiki is automatically generated from the .md files located in either the /wiki or the /jails// directories. diff --git a/wiki/test.md b/wiki/test.md deleted file mode 100644 index 45c0a5a8..00000000 --- a/wiki/test.md +++ /dev/null @@ -1 +0,0 @@ -wiki test placeholder From 8659f2c25294380f95d3040b92e212a75a735af1 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sun, 26 Apr 2020 17:56:13 +0200 Subject: [PATCH 19/29] Fixes for recent changes (#87) * some fixes * set fixes * some rest * add shellcheck ignore and explaination * fix iocage install dir not being exported * reset branch to dev --- config.yml.example | 35 +++++++++++++++++++++++++++++++++++ global.sh | 12 ++++++------ jailman.sh | 2 ++ 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/config.yml.example b/config.yml.example index 50b4b9a8..81372f11 100644 --- a/config.yml.example +++ b/config.yml.example @@ -28,8 +28,43 @@ example: example pkgs: mono plex: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 beta: false +lidarr: lidarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +sonarr: sonarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +radarr: radarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +kms: kms + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +jackett: jackett + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +organizr: organizr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +tautulli: tautulli + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + +transmission: transmission + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + nextcloud: nextcloud ip4_addr: 192.168.1.99/24 gateway: 192.168.1.1 diff --git a/global.sh b/global.sh index d9d7a9eb..4a9f1359 100755 --- a/global.sh +++ b/global.sh @@ -3,15 +3,15 @@ # yml Parser function # Based on https://gist.github.com/pkuczynski/8665367 -# shellcheck disable=SC2086 +# +# This function is very picky and complex. Ignore with shellcheck for now. +# shellcheck disable=SC2086,SC2155 parse_yaml() { - prefix=${2} - s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') - local prefix - local s w fs + local prefix=${2} + local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034') sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \ -e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" "${1}" | - awk -F"${fs}" '{ + awk -F$fs '{ indent = length($1)/2; vname[indent] = $2; for (i in vname) {if (i > indent) {delete vname[i]}} diff --git a/jailman.sh b/jailman.sh index 49465707..2111951f 100755 --- a/jailman.sh +++ b/jailman.sh @@ -100,8 +100,10 @@ while getopts ":i:r:u:d:g:h" opt esac done +# auto detect iocage install location global_dataset_iocage=$(zfs get -H -o value mountpoint $(iocage get -p)/iocage) global_dataset_iocage=${global_dataset_iocage#/mnt/} +export global_dataset_iocage # Parse the Config YAML # shellcheck disable=SC2046 From 616eb2a43243314e150e4590567f6a23d1a0feb6 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Wed, 29 Apr 2020 16:57:15 +0200 Subject: [PATCH 20/29] Create .shellcheckrc Ignore SC2034 for ever. It's a known issue with how the scripts are designed to work, isn't really an issue and leads to MANY bloated disable=SC2034 flags everywhere. --- .shellcheckrc | 1 + 1 file changed, 1 insertion(+) create mode 100644 .shellcheckrc diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 00000000..d5a471e7 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC2034 From 66e997069a22217c7ffe3d6550b87e21f73e70ba Mon Sep 17 00:00:00 2001 From: Matt Coleman Date: Wed, 29 Apr 2020 12:40:14 -0400 Subject: [PATCH 21/29] Add Unifi Controller with integrated Unifi-Poller (#75) * Add Unifi Controller with integrated Unifi-Poller Install & Update uses 'latest' release. Persistent data using influxdb. Unifi Poller now optional * fix global dataset refs * move unifi_poller bootscript into rc folder * Apply suggestions from code review * Update jails/unifi/includes/rc/mongod Forgot to add one suggestion from review. * Added shellcheck ignores for all RC scripts Shellcheck doesn't play nice with RC scripts, those advices are often either wrong, or very hard (not worth it) to change enough to get it to pass and work. * Last rc ignores for shellcheck * Update jails/unifi/install.sh * Shellcheck to shellcheck Making shellcheck lowercase for parsing Co-authored-by: Kjeld Schouten-Lebbing --- config.yml.example | 11 ++ docs/Readme.md | 1 + jails/unifi/config.yml | 2 + jails/unifi/includes/mongodb.conf | 45 ++++++++ jails/unifi/includes/rc/mongod | 64 +++++++++++ jails/unifi/includes/rc/unifi | 87 +++++++++++++++ jails/unifi/includes/rc/unifi_poller | 36 +++++++ jails/unifi/includes/up.conf | 106 +++++++++++++++++++ jails/unifi/install.sh | 91 ++++++++++++++++ jails/unifi/readme.md | 153 +++++++++++++++++++++++++++ jails/unifi/update.sh | 22 ++++ 11 files changed, 618 insertions(+) create mode 100644 jails/unifi/config.yml create mode 100644 jails/unifi/includes/mongodb.conf create mode 100644 jails/unifi/includes/rc/mongod create mode 100644 jails/unifi/includes/rc/unifi create mode 100644 jails/unifi/includes/rc/unifi_poller create mode 100644 jails/unifi/includes/up.conf create mode 100644 jails/unifi/install.sh create mode 100644 jails/unifi/readme.md create mode 100644 jails/unifi/update.sh diff --git a/config.yml.example b/config.yml.example index 81372f11..1f78d862 100644 --- a/config.yml.example +++ b/config.yml.example @@ -101,3 +101,14 @@ influxdb: influxdb ip4_addr: 192.168.1.250/24 gateway: 192.168.1.1 database: influxdb + +unifi: unifi + ip4_addr: 192.168.1.251/24 + gateway: 192.168.1.1 + unifi_poller: true + db_jail: influxdb + up_db_name: unifi + up_db_user: unifi-poller + up_db_password: unifi-poller + up_user: upoller + up_password: upoller diff --git a/docs/Readme.md b/docs/Readme.md index b7df9438..5ebff60c 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -72,6 +72,7 @@ Basic means: The same setup as a FreeNAS plugin would've, DHCP on bridge0. - py-kms - nextcloud - bitwarden +- unifi controller #### Backend - mariadb diff --git a/jails/unifi/config.yml b/jails/unifi/config.yml new file mode 100644 index 00000000..3d74c1ae --- /dev/null +++ b/jails/unifi/config.yml @@ -0,0 +1,2 @@ +unifi: unifi + pkgs: jq unifi5 \ No newline at end of file diff --git a/jails/unifi/includes/mongodb.conf b/jails/unifi/includes/mongodb.conf new file mode 100644 index 00000000..a245b8c1 --- /dev/null +++ b/jails/unifi/includes/mongodb.conf @@ -0,0 +1,45 @@ +# mongod.conf + +# for documentation of all options, see: +# http://docs.mongodb.org/manual/reference/configuration-options/ + +# where to write logging data. +systemLog: + destination: file + logAppend: true + path: /var/db/mongodb/mongod.log + +# Where and how to store data. +storage: + dbPath: /config/mongodb + journal: + enabled: true +# engine: +# mmapv1: +# wiredTiger: + +# how the process runs +processManagement: + fork: true # fork and run in background + pidFilePath: /var/db/mongodb/mongod.lock # location of pidfile + timeZoneInfo: /usr/share/zoneinfo + +# network interfaces +net: + port: 27017 + bindIp: 127.0.0.1 # Listen to local interface only, comment to listen on all interfaces. + + +#security: + +#operationProfiling: + +#replication: + +#sharding: + +## Enterprise-Only Options + +#auditLog: + +#snmp: diff --git a/jails/unifi/includes/rc/mongod b/jails/unifi/includes/rc/mongod new file mode 100644 index 00000000..8e06aeb1 --- /dev/null +++ b/jails/unifi/includes/rc/mongod @@ -0,0 +1,64 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2181,SC2006 + +# PROVIDE: mongod +# REQUIRE: NETWORK ldconfig +# KEYWORD: shutdown +# +# Add the following lines to /etc/rc.conf.local or /etc/rc.conf +# to enable this service: +# +# mongod_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable mongod. +# mongod_limits (bool): Set to "NO" by default. +# Set it to yes to run `limits -e -U mongodb` +# just before mongod starts. +# mongod_dbpath (str): Default to "/var/db/mongodb" +# Base database directory. +# mongod_flags (str): Custom additional arguments to be passed to mongod. +# Default to "--logpath ${mongod_dbpath}/mongod.log --logappend". +# mongod_config (str): Default to "/usr/local/etc/mongodb.conf" +# Path to config file +# + +. /etc/rc.subr + +name="mongod" +rcvar=mongod_enable + +load_rc_config $name + +: ${mongod_enable="NO"} +: ${mongod_limits="NO"} +: ${mongod_dbpath="/config/mongodb"} +: ${mongod_flags="--logpath ${mongod_dbpath}/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=\*"} +: ${mongod_user="mongodb"} +: ${mongod_group="mongodb"} +: ${mongod_config="/usr/local/etc/mongodb.conf"} + +pidfile="${mongod_dbpath}/mongod.lock" +command=/usr/local/bin/${name} +command_args="--config $mongod_config --dbpath $mongod_dbpath --fork >/dev/null 2>/dev/null" +start_precmd="${name}_prestart" + +mongod_create_dbpath() +{ + mkdir "${mongod_dbpath}" >/dev/null 2>/dev/null + [ $? -eq 0 ] && chown -R "${mongod_user}":"${mongod_group}" "${mongod_dbpath}" +} + +mongod_prestart() +{ + if [ ! -d "${mongod_dbpath}" ]; then + mongod_create_dbpath || return 1 + fi + if checkyesno mongod_limits; then + # TODO check this and clean this up + # Shellcheck disable=SC2046,SC2006 + eval `/usr/bin/limits -e -U ${mongod_user}` 2>/dev/null + else + return 0 + fi +} + +run_rc_command "$1" diff --git a/jails/unifi/includes/rc/unifi b/jails/unifi/includes/rc/unifi new file mode 100644 index 00000000..eeaa7eb9 --- /dev/null +++ b/jails/unifi/includes/rc/unifi @@ -0,0 +1,87 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2237 +# +# Created by: Mark Felder +# $FreeBSD: branches/2020Q2/net-mgmt/unifi5/files/unifi.in 512281 2019-09-18 17:37:59Z feld $ +# + +# PROVIDE: unifi +# REQUIRE: LOGIN +# KEYWORD: shutdown + +# +# Add the following line to /etc/rc.conf to enable `unifi': +# +# unifi_enable="YES" +# +# Other configuration settings for unifi that can be set in /etc/rc.conf: +# +# unifi_user (str) +# This is the user that unifi runs as +# Set to unifi by default +# +# unifi_group (str) +# This is the group that unifi runs as +# Set to unifi by default +# +# unifi_chdir (str) +# This is the directory that unifi chdirs into before starting +# Set to /usr/local/share/java/unifi by default +# +# unifi_java_home (str) +# The path to the base directory for the Java to use to run unifi +# Defaults to /usr/local/openjdk8 +# +# unifi_javaflags (str) +# Flags passed to Java to run unifi +# Set to "-Djava.awt.headless=true -Xmx1024M" by default +# + +. /etc/rc.subr +name=unifi + +rcvar=unifi_enable +load_rc_config ${name} + +: ${unifi_enable:=NO} +: ${unifi_user:=unifi} +: ${unifi_group:=unifi} +: ${unifi_chdir=/config/controller/unifi} +: ${unifi_java_home=/usr/local/openjdk8} +: ${unifi_javaflags="-Djava.awt.headless=true -Xmx1024M"} + +pidfile="/var/run/unifi/${name}.pid" +procname=${unifi_java_home}/bin/java +command=/usr/sbin/daemon +command_args="-f -p ${pidfile} ${unifi_java_home}/bin/java ${unifi_javaflags} com.ubnt.ace.Launcher start" +start_precmd=start_precmd +stop_precmd=stop_precmd +stop_postcmd=stop_postcmd + +export CLASSPATH=$(echo ${unifi_chdir}/lib/*.jar | tr ' ' ':') + +start_precmd() +{ + if [ ! -e /var/run/unifi ] ; then + install -d -o unifi -g unifi /var/run/unifi; + fi +} + +stop_precmd() +{ + if [ -r ${pidfile} ]; then + _UNIFIPID=$(check_pidfile ${pidfile} ${procname}) + export _UNIFI_CHILDREN=$(pgrep -P ${_UNIFIPID}) + fi +} + +stop_postcmd() +{ + if ! [ -z ${_UNIFI_CHILDREN} ]; then + echo "Cleaning up leftover child processes." + kill $sig_stop ${_UNIFI_CHILDREN} + wait_for_pids ${_UNIFI_CHILDREN} + fi +} + +run_rc_command "$1" diff --git a/jails/unifi/includes/rc/unifi_poller b/jails/unifi/includes/rc/unifi_poller new file mode 100644 index 00000000..ff1ee599 --- /dev/null +++ b/jails/unifi/includes/rc/unifi_poller @@ -0,0 +1,36 @@ +#!/bin/sh +# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046 +# +# FreeBSD rc.d startup script for unifi-poller. +# +# PROVIDE: unifi-poller +# REQUIRE: networking syslog +# KEYWORD: + +. /etc/rc.subr + +name="unifi_poller" +real_name="unifi-poller" +rcvar="unifi_poller_enable" +unifi_poller_command="/usr/local/bin/${real_name}" +unifi_poller_user="nobody" +unifi_poller_config="/config/up.conf" +pidfile="/var/run/${real_name}/pid" + +# This runs `daemon` as the `unifi_poller_user` user. +command="/usr/sbin/daemon" +command_args="-P ${pidfile} -r -t ${real_name} -T ${real_name} -l daemon ${unifi_poller_command} -c ${unifi_poller_config}" + +load_rc_config ${name} +: ${unifi_poller_enable:=no} + +# Make a place for the pid file. +mkdir -p $(dirname ${pidfile}) +chown -R $unifi_poller_user $(dirname ${pidfile}) + +# Suck in optional exported override variables. +# ie. add something like the following to this file: export UP_POLLER_DEBUG=true +[ -f "/usr/local/etc/defaults/${real_name}" ] && . "/usr/local/etc/defaults/${real_name}" + +# Go! +run_rc_command "$1" diff --git a/jails/unifi/includes/up.conf b/jails/unifi/includes/up.conf new file mode 100644 index 00000000..9ecb7f0b --- /dev/null +++ b/jails/unifi/includes/up.conf @@ -0,0 +1,106 @@ +# UniFi Poller v2 primary configuration file. TOML FORMAT # +########################################################### + +[poller] + # Turns on line numbers, microsecond logging, and a per-device log. + # The default is false, but I personally leave this on at home (four devices). + # This may be noisy if you have a lot of devices. It adds one line per device. + debug = false + + # Turns off per-interval logs. Only startup and error logs will be emitted. + # Recommend enabling debug with this setting for better error logging. + quiet = true + + # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default. + plugins = [] + +#### OUTPUTS + + # If you don't use an output, you can disable it. + +[prometheus] + disable = true + # This controls on which ip and port /metrics is exported when mode is "prometheus". + # This has no effect in other modes. Must contain a colon and port. + http_listen = "0.0.0.0:9130" + report_errors = false + +[influxdb] + disable = false + # InfluxDB does not require auth by default, so the user/password are probably unimportant. + url = "dbip" + user = "influxdbuser" + pass = "influxdbpass" + # Be sure to create this database. + db = "unifidb" + # If your InfluxDB uses a valid SSL cert, set this to true. + verify_ssl = false + # The UniFi Controller only updates traffic stats about every 30 seconds. + # Setting this to something lower may lead to "zeros" in your data. + # If you're getting zeros now, set this to "1m" + interval = "30s" + +#### INPUTS + +[unifi] + # Setting this to true and providing default credentials allows you to skip + # configuring controllers in this config file. Instead you configure them in + # your prometheus.yml config. Prometheus then sends the controller URL to + # unifi-poller when it performs the scrape. This is useful if you have many, + # or changing controllers. Most people can leave this off. See wiki for more. + dynamic = false + +# The following section contains the default credentials/configuration for any +# dynamic controller (see above section), or the primary controller if you do not +# provide one and dynamic is disabled. In other words, you can just add your +# controller here and delete the following section. +[unifi.defaults] + #role = "main controller" + url = "https://127.0.0.1:8443" + user = "unifiuser" + pass = "unifipassword" + sites = ["all"] + save_ids = false + save_dpi = false + save_sites = true + verify_ssl = false + +# The following is optional and used for configurations with multiple controllers. + +# You may repeat the following section to poll multiple controllers. +#[[unifi.controller]] + # Friendly name used in dashboards. Uses URL if left empty; which is fine. + # Avoid changing this later because it will live forever in your database. + # Multiple controllers may share a role. This allows grouping during scrapes. + #role = "" + #url = "https://127.0.0.1:8443" + + # Make a read-only user in the UniFi Admin Settings, allow it access to all sites. + #user = "unifipoller" + #pass = "4BB9345C-2341-48D7-99F5-E01B583FF77F" + + # If the controller has more than one site, specify which sites to poll here. + # Set this to ["default"] to poll only the first site on the controller. + # A setting of ["all"] will poll all sites; this works if you only have 1 site too. + #sites = ["all"] + + # Enable collection of Intrusion Detection System Data (InfluxDB only). + # Only useful if IDS or IPS are enabled on one of the sites. + #save_ids = false + + # Enable collection of Deep Packet Inspection data. This data breaks down traffic + # types for each client and site, it powers a dedicated DPI dashboard. + # Enabling this adds roughly 150 data points per client. That's 6000 metrics for + # 40 clients. This adds a little bit of poller run time per interval and causes + # more API requests to your controller(s). Don't let these "cons" sway you: + # it's cool data. Please provide feedback on your experience with this feature. + #save_dpi = false + + # Enable collection of site data. This data powers the Network Sites dashboard. + # It's not valuable to everyone and setting this to false will save resources. + #save_sites = true + + # If your UniFi controller has a valid SSL certificate (like lets encrypt), + # you can enable this option to validate it. Otherwise, any SSL certificate is + # valid. If you don't know if you have a valid SSL cert, then you don't have one. + #verify_ssl = false diff --git a/jails/unifi/install.sh b/jails/unifi/install.sh new file mode 100644 index 00000000..7d810792 --- /dev/null +++ b/jails/unifi/install.sh @@ -0,0 +1,91 @@ +#!/usr/local/bin/bash +# This file contains the install script for unifi-controller & unifi-poller + +# Initialize variables +JAIL_NAME="unifi" +# shellcheck disable=SC2154 +JAIL_IP="${unifi_ip4_addr%/*}" +# shellcheck disable=SC2154 +DB_IP="${influxdb_ip4_addr%/*}" +# shellcheck disable=SC2154 +DB_JAIL="${unifi_db_jail}" +# shellcheck disable=SC2154 +DB_NAME="${unifi_up_db_name:-unifi}" +# shellcheck disable=SC2154 +DB_USER="${unifi_up_db_user}" +# shellcheck disable=SC2154 +DB_PASS="${unifi_up_db_password}" +# shellcheck disable=SC2154 +UP_USER="${unifi_up_user}" +# shellcheck disable=SC2154 +UP_PASS="${unifi_up_password}" +INCLUDES_PATH="${SCRIPT_DIR}/jails/unifi/includes" + +# Enable persistent Unifi Controller data +iocage exec "${JAIL_NAME}" mkdir -p /config/controller/mongodb +iocage exec "${JAIL_NAME}" cp -Rp /usr/local/share/java/unifi /config/controller +iocage exec "${JAIL_NAME}" chown -R mongodb:mongodb /config/controller/mongodb +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/mongod /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/unifi /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ +iocage exec "${JAIL_NAME}" sysrc unifi_enable=YES +iocage exec "${JAIL_NAME}" service unifi start + +# shellcheck disable=SC2154 +if [[ ! "${unifi_unifi_poller}" ]]; then + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." +else + # Check if influxdb container exists, create unifi database if it does, error if it is not. + echo "Checking if the database jail and database exist..." + if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${DB_JAIL}" ]]; then + DB_EXISTING=$(iocage exec "${DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') + if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then + echo "${DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " + else + echo "${DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." + if [[ -z "${DB_USER}" ]] || [[ -z "${DB_PASS}" ]]; then + echo "Database username and password not provided. Cannot create database without credentials. Exiting..." + exit 1 + else + iocage exec "${DB_JAIL}" "curl -XPOST -u ${DB_USER}:${DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" + echo "Database ${DB_NAME} created with username ${DB_USER} with password ${DB_PASS}." + fi + fi + else + echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." + exit 1 + fi + + # Download and install Unifi-Poller + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" + + # Install downloaded Unifi-Poller package, configure and enable + iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${JAIL_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/up.conf.example /mnt/"${global_dataset_config}"/"${JAIL_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/rc/unifi_poller /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/unifi_poller + iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf + iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbpass|${DB_PASS}|" /config/up.conf + iocage exec "${JAIL_NAME}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf + iocage exec "${JAIL_NAME}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf + iocage exec "${JAIL_NAME}" sed -i '' "s|unifipassword|${UP_PASS}|" /config/up.conf + iocage exec "${JAIL_NAME}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf + + + iocage exec "${JAIL_NAME}" sysrc unifi_poller_enable=YES + iocage exec "${JAIL_NAME}" service unifi_poller start + + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." + echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." + echo "In Grafana, add Unifi-Poller as a data source." +fi diff --git a/jails/unifi/readme.md b/jails/unifi/readme.md new file mode 100644 index 00000000..e9f3e1c8 --- /dev/null +++ b/jails/unifi/readme.md @@ -0,0 +1,153 @@ +# Unifi Controller + +### Installation: + +- This jail requires an existing InfluxDB jail. InfluxDB may be created using the same install command, as long as influxdb is listed first. +- Once the script runs, a user must be created in the Unifi Controller software for your Unifi-Poller user. +- To view the data from Unifi-Poller, Grafana is required. Add the unifi InfluxDB database as a data source in Grafana. + +### Config Description + +- unifi_poller: boolean, true if you want to also install unifi-poller +- db_jail: This is the name of your influxdb database jail, should be influxdb. +- unifi_db_name: The name of the database that will be created in influxdb for Unifi Poller. +- unifi_db_user & unifi_db_password: The created database's credentials for Unifi Poller. +- up_user & up_password: The Unifi-Poller user credentials. This user must be created in the Unifi Controller web gui after install matching these credentials. This is for the connection between Unifi Controller & Unifi Poller + +### Unifi-Controller Post-Install + +After the script runs and the unifi jail is running, open the web gui of the unifi jail at port 8443 (i.e. https://192.168.2.250:8443). After completing the initial setup wizard, go to Admins --> Add New Admin. Select "Manually set and share the password", enter the username and password used for up_user & up_password. Uncheck 'Require the user to change their password'. Verify "Role" is set to 'Read Only'. Click Create. + + +## Unifi Controller documentation can be found at https://www.ui.com/download/unifi/default/default/unifi-controller-v5-user-guide + + +## Original README from the upstream Unifi-Poller Github. + +https://github.com/unifi-poller/unifi-poller + + + +[![discord](https://badgen.net/badge/icon/Discord?color=0011ff&label&icon=https://simpleicons.now.sh/discord/eee "Ubiquiti Discord")](https://discord.gg/KnyKYt2) +[![twitter](https://badgen.net/twitter/follow/TwitchCaptain?icon=https://simpleicons.now.sh/twitter/0099ff&label=TwitchCaptain&color=0116ff "TwitchCaptain @ Twitter")](https://twitter.com/TwitchCaptain) +[![grafana](https://badgen.net/https/golift.io/bd/grafana/dashboard-downloads/11310,10419,10414,10415,10416,10417,10418,11311,11312,11313,11314,11315?icon=https://simpleicons.now.sh/grafana/ED7F38&color=0011ff "Grafana Dashboard Downloads")](http://grafana.com/dashboards?search=unifi-poller) +[![pulls](https://badgen.net/docker/pulls/golift/unifi-poller?icon=https://simpleicons.now.sh/docker/38B1ED&label=pulls&color=0011ff "Docker Pulls")](https://hub.docker.com/r/golift/unifi-poller) +[![DLs](https://img.shields.io/github/downloads/unifi-poller/unifi-poller/total.svg?logo=github&color=0116ff "GitHub Downloads")](https://www.somsubhra.com/github-release-stats/?username=unifi-poller&repository=unifi-poller) + +[![unifi](https://badgen.net/badge/UniFi/5.12.x,5.13.x,UAP,USG,USW,UDM?list=|&icon=https://docs.golift.io/svg/ubiquiti_color.svg&color=0099ee "UniFi Products Supported")](https://github.com/golift/unifi) +[![builer](https://badgen.net/badge/go/Application%20Builder?label=&icon=https://docs.golift.io/svg/go.svg&color=0099ee "Go Application Builder")](https://github.com/golift/application-builder) +[![stars](https://badgen.net/github/stars/unifi-poller/unifi-poller?icon=https://simpleicons.now.sh/macys/fab&label=&color=0099ee "GitHub Stars")](https://github.com/unifi-poller/unifi-poller) +[![travis](https://badgen.net/travis/unifi-poller/unifi-poller?icon=travis&label=build "Travis Build")](https://travis-ci.org/unifi-poller/unifi-poller) + +Collect your UniFi controller data and report it to an InfluxDB instance, +or export it for Prometheus collection. +[Twelve Grafana Dashboards](http://grafana.com/dashboards?search=unifi-poller) +included; with screenshots. Six for InfluxDB and six for Prometheus. + +## Installation + +[See the Wiki!](https://github.com/unifi-poller/unifi-poller/wiki/Installation) +We have a special place for [Docker Users](https://github.com/unifi-poller/unifi-poller/wiki/Docker). +I'm willing to help if you have troubles. +Open an [Issue](https://github.com/unifi-poller/unifi-poller/issues) and +we'll figure out how to get things working for you. You can also get help in +the #unifi-poller channel on the [Ubiquiti Discord server](https://discord.gg/KnyKYt2). I've also +[provided a forum post](https://community.ui.com/questions/Unifi-Poller-Store-Unifi-Controller-Metrics-in-InfluxDB-without-SNMP/58a0ea34-d2b3-41cd-93bb-d95d3896d1a1) +you may use to get additional help. + +## Description + +[Ubiquiti](https://www.ui.com) makes networking devices like switches, gateways +(routers) and wireless access points. They have a line of equipment named +[UniFi](https://www.ui.com/products/#unifi) that uses a +[controller](https://www.ui.com/download/unifi/) to keep stats and simplify network +device configuration. This controller can be installed on Windows, macOS, FreeBSD, +Linux or Docker. Ubiquiti also provides a dedicated hardware device called a +[CloudKey](https://www.ui.com/unifi/unifi-cloud-key/) that runs the controller software. +More recently they've developed the Dream Machine; it's still in +beta / early access, but UniFi Poller can collect its data! + +UniFi Poller is a small Golang application that runs on Windows, macOS, FreeBSD, +Linux or Docker. In Influx-mode it polls a UniFi controller every 30 seconds for +measurements and exports the data to an Influx database. In Prometheus mode the +poller opens a web port and accepts Prometheus polling. It converts the UniFi +Controller API data into Prometheus exports on the fly. + +This application requires your controller to be running all the time. If you run +a UniFi controller, there's no excuse not to install +[Influx](https://github.com/unifi-poller/unifi-poller/wiki/InfluxDB) or +[Prometheus](https://prometheus.io), +[Grafana](https://github.com/unifi-poller/unifi-poller/wiki/Grafana) and this app. +You'll have a plethora of data at your fingertips and the ability to craft custom +graphs to slice the data any way you choose. Good luck! + +## Backstory + +I found a simple piece of code on GitHub that sorta did what I needed; +we all know that story. I wanted more data, so I added more data collection. +I probably wouldn't have made it this far if [Garrett](https://github.com/dewski/unifi) +hadn't written the original code I started with. Many props my man. +The original code pulled only the client data. This app now pulls data +for clients, access points, security gateways, dream machines and switches. + +I've been trying to get my UAP data into Grafana. Sure, google search that. +You'll find [this](https://community.ubnt.com/t5/UniFi-Wireless/Grafana-dashboard-for-UniFi-APs-now-available/td-p/1833532). +What if you don't want to deal with SNMP? +Well, here you go. I've replicated 400% of what you see on those SNMP-powered +dashboards with this Go app running on the same mac as my UniFi controller. +All without enabling SNMP nor trying to understand those OIDs. Mad props +to [waterside](https://community.ubnt.com/t5/user/viewprofilepage/user-id/303058) +for making this dashboard; it gave me a fantastic start to making my own dashboards. + +## Operation + +You can control this app with puppet, chef, saltstack, homebrew or a simple bash +script if you needed to. Packages are available for macOS, Linux, FreeBSD and Docker. +It works just fine on [Windows](https://github.com/unifi-poller/unifi-poller/wiki/Windows) too. +Most people prefer Docker, and this app is right at home in that environment. + +## What's it look like? + +There are 12 total dashboards available; the 6 InfluxDB dashboards are very similar +to the 6 Prometheus dashboards. Below you'll find screenshots of the first four dashboards. + +##### Client Dashboard (InfluxDB) + +![UniFi Clients Dashboard Image](https://grafana.com/api/dashboards/10418/images/7540/image) + +##### USG Dashboard (InfluxDB) + +![USG Dashboard Image](https://grafana.com/api/dashboards/10416/images/7543/image) + +##### UAP Dashboard (InfluxDB) + +![UAP Dashboard Image](https://grafana.com/api/dashboards/10415/images/7542/image) + +##### USW / Switch Dashboard (InfluxDB) + +You can drill down into specific sites, switches, and ports. Compare ports in different +sites side-by-side. So easy! This screenshot barely does it justice. +![USW Dashboard Image](https://grafana.com/api/dashboards/10417/images/7544/image) + +## Integrations + +The following fine folks are providing their services, completely free! These service +integrations are used for things like storage, building, compiling, distribution and +documentation support. This project succeeds because of them. Thank you! + +

+ + + + + + + +

+ +## Copyright & License + + + +- Copyright © 2018-2020 David Newhall II. +- See [LICENSE](LICENSE) for license information. diff --git a/jails/unifi/update.sh b/jails/unifi/update.sh new file mode 100644 index 00000000..f554e205 --- /dev/null +++ b/jails/unifi/update.sh @@ -0,0 +1,22 @@ +#!/usr/local/bin/bash +# This file contains the update script for unifi +# Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller + +JAIL_NAME="unifi" +FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") +DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + +# Check to see if there is an update. +# shellcheck disable=SC2154 +if [[ -f /mnt/"${global_dataset_config}"/"${JAIL_NAME}"/"${FILE_NAME}" ]]; then + echo "Unifi-Poller is up to date." + exit 1 +else + # Download and install the package + iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" + iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" + iocage exec "${JAIL_NAME}" service unifi restart + iocage exec "${JAIL_NAME}" service unifi_poller restart +fi + +echo "Update complete!" From dbfbd489fa2cf4906f99fa126e3302ea211121e4 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 2 May 2020 17:45:13 +0200 Subject: [PATCH 22/29] [WIP] Allow multiple installations of same blueprint (#88) * Multi-install support, Blueprints and config changes. Initial commit * Migrating jails to blueprints, first steps. Tested Working: - Transmission - Lidarr - Sonarr - Radarr fix lidarr config (+10 squashed commit) Squashed commit: [5f14653] always link ports folders [f18f2f0] Optional (blueprint) ports mount Fixes #89 [96ef7e7] chmod all the things [129e707] same mistake... again... [e1596dc] missing reference [6da3567] Forgot one reference [d78b5b6] Update wiki.yml [cecc53a] Update filecheck.yml [5244abd] basic settings changed. More involved blueprints still need changes, such as: Bitwarden, nextcloud, Mariadb [6568e92] jails -> blueprints * Added Tested Working: - KMS - Plex - Tautulli - Organizr - InfluxDB - MariaDB Many squashed small fixes included: Make *.rc executable (+13 squashed commit) Squashed commit: [b28aa83] use .rc for rc.d config files [e940a48] some mariadb cleanup [dc27aff] testing another way [83bd91b] Mariadb root password alter instead of update, initial config for unifi [0ca3074] some light config cleanup [a0d4352] also remove database from influxdb example config (db should be created when required) [2c218cc] Prepare influxdb and remove unneeded content [1b34109] more shellcheck fixups [c96566c] Some shellcheck cleanup [8969ca7] bitwarden mostly done, some work on nextcloud and unifi [7f89bfa] initial mariadb patch [dd7e85f] missed one problem [f814cb7] Initial pseudo-compatibility patch for unifi * Enable Bitwarden support and some small fixes/tweaks Fixes #95 more bugs and typo's (+3 squashed commit) Squashed commit: [3b5213e] Bitwarden not correctly installing db [b7438a5] yeah thats not gonna cut it... >.< [e7987c2] some slight bitwarden tweaks * Enable Unifi support and some small fixes/tweaks small unifi cleanup. Unifi is working (+3 squashed commit) Squashed commit: [d906d2d] chmod unifi [545e999] Add extra sanity, remove unneeded variables from example [b8c0b24] Some small Unifi Tweaks * Nextcloud Cleanup, Some fixes, Initial support for blueprintsystem Fixes #96 Fixes #97 Fixes #98 some bloat and syntax fixes (+5 squashed commit) Squashed commit: [78f6428] Some more nextcloud cleanup and tweaks - combines multiple variables for cert system selection (Fixes #98 ) - Default to self signed cert - Force manual admin password [7cacae4] slight fixes [3d81cda] More cleanup [50496cc] small mariadb fix and more nextcloud cleanup [c1b2c20] Cleaning nextcloud - Remove external DB (Fixes #97 ) - Remove Postgresql (Fixes #96 ) - Some preparation for blueprint * Nextcloud done and.. another... (+5 squashed commit) Squashed commit: [c65751b] caddy not installed right. [e5da66b] more fixes [a33300e] Damnit, two typo's same scentence [4292a7a] another typo [1b820cf] typo and example hotfix * Introduce version checking for config file --- .github/workflows/filecheck.yml | 8 +- .github/workflows/wiki.yml | 5 +- blueprints/bitwarden/config.yml | 3 + .../bitwarden/includes/bitwarden.rc | 0 .../bitwarden/includes/bitwarden.rc.conf | 0 blueprints/bitwarden/install.sh | 119 ++++ {jails => blueprints}/bitwarden/readme.md | 0 blueprints/bitwarden/update.sh | 100 +++ blueprints/influxdb/config.yml | 3 + .../influxdb/includes/influxd.conf | 0 blueprints/influxdb/install.sh | 32 + {jails => blueprints}/influxdb/readme.md | 0 {jails => blueprints}/influxdb/update.sh | 4 +- blueprints/jackett/config.yml | 3 + .../jackett/includes/jackett.rc | 0 blueprints/jackett/install.sh | 14 + {jails => blueprints}/jackett/readme.md | 0 blueprints/jackett/update.sh | 10 + blueprints/kms/config.yml | 3 + .../kms/includes/Activate_Office_2019_Pro.bat | 0 .../kms/includes/Activate_Windows_10_Pro.bat | 0 .../Activate_Windows_Server_2019_Standard.bat | 0 .../includes/Office-2019-Pro-VLK-Config.xml | 0 {jails => blueprints}/kms/includes/Readme.md | 0 .../kms/includes/Setup_Office_2019_Pro.txt | 0 {jails => blueprints}/kms/includes/py_kms.rc | 0 blueprints/kms/install.sh | 12 + {jails => blueprints}/kms/readme.md | 0 blueprints/kms/update.sh | 10 + blueprints/lidarr/config.yml | 3 + .../lidarr/includes/lidarr.rc | 0 blueprints/lidarr/install.sh | 25 + {jails => blueprints}/lidarr/readme.md | 0 blueprints/lidarr/update.sh | 10 + blueprints/mariadb/config.yml | 3 + .../mariadb/includes/Caddyfile | 0 .../mariadb/includes/caddy.rc | 0 .../mariadb/includes/my-system.cnf | 0 {jails => blueprints}/mariadb/includes/my.cnf | 0 blueprints/mariadb/install.sh | 117 ++++ {jails => blueprints}/mariadb/readme.md | 0 blueprints/mariadb/update.sh | 37 ++ {jails => blueprints}/nextcloud/LICENSE | 0 blueprints/nextcloud/config.yml | 4 + .../nextcloud/includes/Caddyfile | 0 .../nextcloud/includes/Caddyfile-nossl | 0 .../nextcloud/includes/Caddyfile-selfsigned | 0 .../nextcloud/includes/caddy.rc | 0 .../nextcloud/includes/my-system.cnf | 0 .../nextcloud/includes/my.cnf | 0 .../nextcloud/includes/pgpass | 0 .../nextcloud/includes/php.ini | 0 .../nextcloud/includes/redis.conf | 0 .../nextcloud/includes/remove-staging.sh | 0 .../nextcloud/includes/www-crontab | 0 .../nextcloud/includes/www.conf | 0 blueprints/nextcloud/install.sh | 321 ++++++++++ {jails => blueprints}/nextcloud/readme.md | 0 {jails => blueprints}/nextcloud/update.sh | 0 blueprints/organizr/config.yml | 3 + .../organizr/includes/custom/organizr.conf | 0 .../organizr/includes/custom/phpblock.conf | 0 .../organizr/includes/nginx.conf | 0 blueprints/organizr/install.sh | 34 + {jails => blueprints}/organizr/readme.md | 0 blueprints/organizr/update.sh | 12 + blueprints/plex/config.yml | 3 + .../plex/includes/FreeBSD.conf | 0 blueprints/plex/install.sh | 51 ++ {jails => blueprints}/plex/readme.md | 0 {jails => blueprints}/plex/update.sh | 12 +- blueprints/radarr/config.yml | 3 + .../radarr/includes/radarr.rc | 0 blueprints/radarr/install.sh | 24 + {jails => blueprints}/radarr/readme.md | 0 blueprints/radarr/update.sh | 10 + blueprints/sonarr/config.yml | 3 + .../sonarr/includes/sonarr.rc | 0 blueprints/sonarr/install.sh | 24 + {jails => blueprints}/sonarr/readme.md | 0 blueprints/sonarr/update.sh | 10 + blueprints/tautulli/config.yml | 3 + blueprints/tautulli/install.sh | 11 + {jails => blueprints}/tautulli/readme.md | 0 blueprints/tautulli/update.sh | 9 + blueprints/transmission/config.yml | 3 + blueprints/transmission/install.sh | 19 + {jails => blueprints}/transmission/readme.md | 0 blueprints/transmission/update.sh | 7 + blueprints/unifi/config.yml | 3 + .../unifi/includes/mongodb.conf | 0 .../unifi/includes/rc/mongod.rc | 0 .../unifi/includes/rc/unifi.rc | 0 .../unifi/includes/rc/unifi_poller.rc | 0 {jails => blueprints}/unifi/includes/up.conf | 0 blueprints/unifi/install.sh | 117 ++++ {jails => blueprints}/unifi/readme.md | 0 {jails => blueprints}/unifi/update.sh | 11 +- config.yml.example | 169 +++-- global.sh | 84 ++- jailman.sh | 57 +- jails/bitwarden/config.yml | 2 - jails/bitwarden/install.sh | 92 --- jails/bitwarden/update.sh | 70 --- jails/influxdb/config.yml | 2 - jails/influxdb/includes/influxdb.conf | 586 ------------------ jails/influxdb/install.sh | 46 -- jails/jackett/config.yml | 2 - jails/jackett/install.sh | 14 - jails/jackett/update.sh | 10 - jails/kms/config.yml | 2 - jails/kms/install.sh | 13 - jails/kms/update.sh | 10 - jails/lidarr/config.yml | 2 - jails/lidarr/install.sh | 25 - jails/lidarr/update.sh | 10 - jails/mariadb/config.yml | 2 - jails/mariadb/install.sh | 115 ---- jails/mariadb/update.sh | 36 -- jails/nextcloud/config.yml | 2 - jails/nextcloud/install.sh | 362 ----------- jails/organizr/config.yml | 2 - jails/organizr/install.sh | 34 - jails/organizr/update.sh | 12 - jails/plex/config.yml | 2 - jails/plex/install.sh | 52 -- jails/radarr/config.yml | 2 - jails/radarr/install.sh | 24 - jails/radarr/update.sh | 10 - jails/sonarr/config.yml | 2 - jails/sonarr/install.sh | 24 - jails/sonarr/update.sh | 10 - jails/tautulli/config.yml | 2 - jails/tautulli/install.sh | 12 - jails/tautulli/update.sh | 9 - jails/transmission/config.yml | 2 - jails/transmission/install.sh | 19 - jails/transmission/update.sh | 7 - jails/unifi/config.yml | 2 - jails/unifi/install.sh | 91 --- 140 files changed, 1361 insertions(+), 1888 deletions(-) create mode 100644 blueprints/bitwarden/config.yml rename {jails => blueprints}/bitwarden/includes/bitwarden.rc (100%) rename {jails => blueprints}/bitwarden/includes/bitwarden.rc.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/bitwarden/install.sh rename {jails => blueprints}/bitwarden/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/bitwarden/update.sh create mode 100644 blueprints/influxdb/config.yml rename {jails => blueprints}/influxdb/includes/influxd.conf (100%) create mode 100755 blueprints/influxdb/install.sh rename {jails => blueprints}/influxdb/readme.md (100%) rename {jails => blueprints}/influxdb/update.sh (64%) mode change 100644 => 100755 create mode 100644 blueprints/jackett/config.yml rename {jails => blueprints}/jackett/includes/jackett.rc (100%) create mode 100755 blueprints/jackett/install.sh rename {jails => blueprints}/jackett/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/jackett/update.sh create mode 100644 blueprints/kms/config.yml rename {jails => blueprints}/kms/includes/Activate_Office_2019_Pro.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Activate_Windows_10_Pro.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Activate_Windows_Server_2019_Standard.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Office-2019-Pro-VLK-Config.xml (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Readme.md (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Setup_Office_2019_Pro.txt (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/py_kms.rc (100%) create mode 100755 blueprints/kms/install.sh rename {jails => blueprints}/kms/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/kms/update.sh create mode 100644 blueprints/lidarr/config.yml rename {jails => blueprints}/lidarr/includes/lidarr.rc (100%) create mode 100755 blueprints/lidarr/install.sh rename {jails => blueprints}/lidarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/lidarr/update.sh create mode 100644 blueprints/mariadb/config.yml rename {jails => blueprints}/mariadb/includes/Caddyfile (100%) mode change 100755 => 100644 rename jails/mariadb/includes/caddy => blueprints/mariadb/includes/caddy.rc (100%) rename {jails => blueprints}/mariadb/includes/my-system.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/mariadb/includes/my.cnf (100%) mode change 100755 => 100644 create mode 100755 blueprints/mariadb/install.sh rename {jails => blueprints}/mariadb/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/mariadb/update.sh rename {jails => blueprints}/nextcloud/LICENSE (100%) mode change 100755 => 100644 create mode 100644 blueprints/nextcloud/config.yml rename {jails => blueprints}/nextcloud/includes/Caddyfile (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/Caddyfile-nossl (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/Caddyfile-selfsigned (100%) mode change 100755 => 100644 rename jails/nextcloud/includes/caddy => blueprints/nextcloud/includes/caddy.rc (100%) rename {jails => blueprints}/nextcloud/includes/my-system.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/my.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/pgpass (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/php.ini (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/redis.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/remove-staging.sh (100%) rename {jails => blueprints}/nextcloud/includes/www-crontab (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/www.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/nextcloud/install.sh rename {jails => blueprints}/nextcloud/readme.md (100%) rename {jails => blueprints}/nextcloud/update.sh (100%) create mode 100644 blueprints/organizr/config.yml rename {jails => blueprints}/organizr/includes/custom/organizr.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/organizr/includes/custom/phpblock.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/organizr/includes/nginx.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/organizr/install.sh rename {jails => blueprints}/organizr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/organizr/update.sh create mode 100644 blueprints/plex/config.yml rename {jails => blueprints}/plex/includes/FreeBSD.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/plex/install.sh rename {jails => blueprints}/plex/readme.md (100%) mode change 100755 => 100644 rename {jails => blueprints}/plex/update.sh (60%) create mode 100644 blueprints/radarr/config.yml rename {jails => blueprints}/radarr/includes/radarr.rc (100%) create mode 100755 blueprints/radarr/install.sh rename {jails => blueprints}/radarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/radarr/update.sh create mode 100644 blueprints/sonarr/config.yml rename {jails => blueprints}/sonarr/includes/sonarr.rc (100%) create mode 100755 blueprints/sonarr/install.sh rename {jails => blueprints}/sonarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/sonarr/update.sh create mode 100644 blueprints/tautulli/config.yml create mode 100755 blueprints/tautulli/install.sh rename {jails => blueprints}/tautulli/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/tautulli/update.sh create mode 100644 blueprints/transmission/config.yml create mode 100755 blueprints/transmission/install.sh rename {jails => blueprints}/transmission/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/transmission/update.sh create mode 100644 blueprints/unifi/config.yml rename {jails => blueprints}/unifi/includes/mongodb.conf (100%) rename jails/unifi/includes/rc/mongod => blueprints/unifi/includes/rc/mongod.rc (100%) mode change 100644 => 100755 rename jails/unifi/includes/rc/unifi => blueprints/unifi/includes/rc/unifi.rc (100%) mode change 100644 => 100755 rename jails/unifi/includes/rc/unifi_poller => blueprints/unifi/includes/rc/unifi_poller.rc (100%) mode change 100644 => 100755 rename {jails => blueprints}/unifi/includes/up.conf (100%) create mode 100755 blueprints/unifi/install.sh rename {jails => blueprints}/unifi/readme.md (100%) rename {jails => blueprints}/unifi/update.sh (67%) mode change 100644 => 100755 delete mode 100644 jails/bitwarden/config.yml delete mode 100755 jails/bitwarden/install.sh delete mode 100755 jails/bitwarden/update.sh delete mode 100644 jails/influxdb/config.yml delete mode 100644 jails/influxdb/includes/influxdb.conf delete mode 100755 jails/influxdb/install.sh delete mode 100644 jails/jackett/config.yml delete mode 100755 jails/jackett/install.sh delete mode 100755 jails/jackett/update.sh delete mode 100644 jails/kms/config.yml delete mode 100755 jails/kms/install.sh delete mode 100755 jails/kms/update.sh delete mode 100644 jails/lidarr/config.yml delete mode 100755 jails/lidarr/install.sh delete mode 100755 jails/lidarr/update.sh delete mode 100644 jails/mariadb/config.yml delete mode 100755 jails/mariadb/install.sh delete mode 100755 jails/mariadb/update.sh delete mode 100644 jails/nextcloud/config.yml delete mode 100755 jails/nextcloud/install.sh delete mode 100644 jails/organizr/config.yml delete mode 100755 jails/organizr/install.sh delete mode 100755 jails/organizr/update.sh delete mode 100644 jails/plex/config.yml delete mode 100755 jails/plex/install.sh delete mode 100644 jails/radarr/config.yml delete mode 100755 jails/radarr/install.sh delete mode 100755 jails/radarr/update.sh delete mode 100644 jails/sonarr/config.yml delete mode 100755 jails/sonarr/install.sh delete mode 100755 jails/sonarr/update.sh delete mode 100644 jails/tautulli/config.yml delete mode 100755 jails/tautulli/install.sh delete mode 100755 jails/tautulli/update.sh delete mode 100644 jails/transmission/config.yml delete mode 100755 jails/transmission/install.sh delete mode 100755 jails/transmission/update.sh delete mode 100644 jails/unifi/config.yml delete mode 100644 jails/unifi/install.sh diff --git a/.github/workflows/filecheck.yml b/.github/workflows/filecheck.yml index 1ba68643..59cba21b 100644 --- a/.github/workflows/filecheck.yml +++ b/.github/workflows/filecheck.yml @@ -13,9 +13,9 @@ jobs: - uses: actions/checkout@v1 - name: check existance run: | - for pathname in jails/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done if [ "${error}" == "true" ]; then echo "Missing files detected" && exit 1; fi shell: bash diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index d87b3899..e5f4a432 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -15,10 +15,7 @@ jobs: ref: 'master' - name: rename-readme run: | - for pathname in jails/*/README.MD; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/README.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/Readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + for pathname in blueprints/*/readme.md; do ! cp "$pathname" "docs/blueprints/$( basename "$( dirname "$pathname" )" ).md"; done shell: bash - name: Deploy docs uses: mhausenblas/mkdocs-deploy-gh-pages@master diff --git a/blueprints/bitwarden/config.yml b/blueprints/bitwarden/config.yml new file mode 100644 index 00000000..c79bd93c --- /dev/null +++ b/blueprints/bitwarden/config.yml @@ -0,0 +1,3 @@ +blueprint: + bitwarden: + pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/bitwarden/includes/bitwarden.rc b/blueprints/bitwarden/includes/bitwarden.rc similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc rename to blueprints/bitwarden/includes/bitwarden.rc diff --git a/jails/bitwarden/includes/bitwarden.rc.conf b/blueprints/bitwarden/includes/bitwarden.rc.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc.conf rename to blueprints/bitwarden/includes/bitwarden.rc.conf diff --git a/blueprints/bitwarden/install.sh b/blueprints/bitwarden/install.sh new file mode 100755 index 00000000..9c38e44b --- /dev/null +++ b/blueprints/bitwarden/install.sh @@ -0,0 +1,119 @@ +#!/usr/local/bin/bash +# This file contains the install script for bitwarden + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_db_type" +INSTALL_TYPE="${!INSTALL_TYPE:-mariadb}" + +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" mkdir -p /usr/local/share/bitwarden/src +iocage exec "${1}" git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +# shellcheck disable=SC2154 +if [ -f "/mnt/${global_dataset_config}/${1}/ssl/bitwarden-ssl.crt" ]; then + echo "certificate exist... Skipping cert generation" +else + "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.crt +fi + +if [ -f "/mnt/${global_dataset_config}/${1}/bitwarden.log" ]; then + echo "Reinstall of Bitwarden detected... using existing config and database" +elif [ "${INSTALL_TYPE}" == "mariadb" ]; then + echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" + iocage exec "${!DB_JAIL}" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "${!DB_JAIL}" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "${!DB_JAIL}" mysqladmin reload +else + echo "No config detected, doing clean install." +fi + +iocage exec "${1}" "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +iocage exec "${1}" mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" sysrc "bitwarden_enable=YES" +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden install." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/jails/bitwarden/readme.md b/blueprints/bitwarden/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/bitwarden/readme.md rename to blueprints/bitwarden/readme.md diff --git a/blueprints/bitwarden/update.sh b/blueprints/bitwarden/update.sh new file mode 100755 index 00000000..a2775815 --- /dev/null +++ b/blueprints/bitwarden/update.sh @@ -0,0 +1,100 @@ +#!/usr/local/bin/bash +# This file contains the update script for bitwarden +# Due to it being build from scratch or downloaded directly to execution dir, +# Update for Bitwarden is pretty similair to installation + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +DB_DATABASE="jail_${1}_db_datavase" +DB_USER="jail_${1}_db_user" +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_type" +DB_JAIL="jail_${1}_db_jail" +DB_JAIL="${!DB_JAIL}" +# shellcheck disable=SC2154 +DB_HOST="${DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${!DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${!DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_USER}" ]; then + echo "db_user can't be empty" + exit 1 +fi + +if [ -z "${!DB_DATABASE}" ]; then + echo "db_database can't be empty" + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 + fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +iocage exec "${1}" service bitwarden stop + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src fetch" +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden update." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/blueprints/influxdb/config.yml b/blueprints/influxdb/config.yml new file mode 100644 index 00000000..da7c0120 --- /dev/null +++ b/blueprints/influxdb/config.yml @@ -0,0 +1,3 @@ +blueprint: + influxdb: + pkgs: influxdb \ No newline at end of file diff --git a/jails/influxdb/includes/influxd.conf b/blueprints/influxdb/includes/influxd.conf similarity index 100% rename from jails/influxdb/includes/influxd.conf rename to blueprints/influxdb/includes/influxd.conf diff --git a/blueprints/influxdb/install.sh b/blueprints/influxdb/install.sh new file mode 100755 index 00000000..be79b3fe --- /dev/null +++ b/blueprints/influxdb/install.sh @@ -0,0 +1,32 @@ +#!/usr/local/bin/bash +# This script installs the current release of InfluxDB + +##### +# +# Init and Mounts +# +##### + +# Initialise variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/influxdb/includes" + +# Mount and configure proper configuration location +# shellcheck disable=SC2154 +cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${1}/influxd.conf" +iocage exec "${1}" mkdir -p /config/db/data /config/db/meta /config/db/wal +iocage exec "${1}" chown -R influxd:influxd /config/db +iocage exec "${1}" sysrc influxd_conf="/config/influxd.conf" +iocage exec "${1}" sysrc influxd_enable="YES" + +# Start influxdb and wait for it to startup +iocage exec "${1}" service influxd start +sleep 15 + +# Done! +echo "Installation complete!" +echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "" diff --git a/jails/influxdb/readme.md b/blueprints/influxdb/readme.md similarity index 100% rename from jails/influxdb/readme.md rename to blueprints/influxdb/readme.md diff --git a/jails/influxdb/update.sh b/blueprints/influxdb/update.sh old mode 100644 new mode 100755 similarity index 64% rename from jails/influxdb/update.sh rename to blueprints/influxdb/update.sh index a216ec27..c0b00e28 --- a/jails/influxdb/update.sh +++ b/blueprints/influxdb/update.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash # This file contains the update script for influxdb -iocage exec influxdb service influxd stop +iocage exec "$1" service influxd stop # InfluxDB is updated during PKG update, this file is mostly just a placeholder -iocage exec influxdb service influxd restart \ No newline at end of file +iocage exec "$1" service influxd restart \ No newline at end of file diff --git a/blueprints/jackett/config.yml b/blueprints/jackett/config.yml new file mode 100644 index 00000000..ef43a221 --- /dev/null +++ b/blueprints/jackett/config.yml @@ -0,0 +1,3 @@ +blueprint: + jackett: + pkgs: mono \ No newline at end of file diff --git a/jails/jackett/includes/jackett.rc b/blueprints/jackett/includes/jackett.rc similarity index 100% rename from jails/jackett/includes/jackett.rc rename to blueprints/jackett/includes/jackett.rc diff --git a/blueprints/jackett/install.sh b/blueprints/jackett/install.sh new file mode 100755 index 00000000..d5e4ede7 --- /dev/null +++ b/blueprints/jackett/install.sh @@ -0,0 +1,14 @@ +#!/usr/local/bin/bash +# This file contains the install script for jackett + +iocage exec "$1" "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Jackett.Binaries.Mono.tar.gz +iocage exec "$1" "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" sysrc "jackett_enable=YES" +iocage exec "$1" service jackett restart diff --git a/jails/jackett/readme.md b/blueprints/jackett/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/jackett/readme.md rename to blueprints/jackett/readme.md diff --git a/blueprints/jackett/update.sh b/blueprints/jackett/update.sh new file mode 100755 index 00000000..f0c700dc --- /dev/null +++ b/blueprints/jackett/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for jackett + +iocage exec "$1" service jackett stop +#TODO insert code to update jacket itself here +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" service jackett restart diff --git a/blueprints/kms/config.yml b/blueprints/kms/config.yml new file mode 100644 index 00000000..d3aa5d24 --- /dev/null +++ b/blueprints/kms/config.yml @@ -0,0 +1,3 @@ +blueprint: + kms: + pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/kms/includes/Activate_Office_2019_Pro.bat b/blueprints/kms/includes/Activate_Office_2019_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Office_2019_Pro.bat rename to blueprints/kms/includes/Activate_Office_2019_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_10_Pro.bat b/blueprints/kms/includes/Activate_Windows_10_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_10_Pro.bat rename to blueprints/kms/includes/Activate_Windows_10_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_Server_2019_Standard.bat b/blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_Server_2019_Standard.bat rename to blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat diff --git a/jails/kms/includes/Office-2019-Pro-VLK-Config.xml b/blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Office-2019-Pro-VLK-Config.xml rename to blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml diff --git a/jails/kms/includes/Readme.md b/blueprints/kms/includes/Readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Readme.md rename to blueprints/kms/includes/Readme.md diff --git a/jails/kms/includes/Setup_Office_2019_Pro.txt b/blueprints/kms/includes/Setup_Office_2019_Pro.txt old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Setup_Office_2019_Pro.txt rename to blueprints/kms/includes/Setup_Office_2019_Pro.txt diff --git a/jails/kms/includes/py_kms.rc b/blueprints/kms/includes/py_kms.rc similarity index 100% rename from jails/kms/includes/py_kms.rc rename to blueprints/kms/includes/py_kms.rc diff --git a/blueprints/kms/install.sh b/blueprints/kms/install.sh new file mode 100755 index 00000000..4ca49f7f --- /dev/null +++ b/blueprints/kms/install.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the install script for KMS + +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" sysrc "py_kms_enable=YES" +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/jails/kms/readme.md b/blueprints/kms/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/readme.md rename to blueprints/kms/readme.md diff --git a/blueprints/kms/update.sh b/blueprints/kms/update.sh new file mode 100755 index 00000000..24636602 --- /dev/null +++ b/blueprints/kms/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for KMS + +iocage exec "$1" service py_kms stop +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/blueprints/lidarr/config.yml b/blueprints/lidarr/config.yml new file mode 100644 index 00000000..08b7eec5 --- /dev/null +++ b/blueprints/lidarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + lidarr: lidarr + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/lidarr/includes/lidarr.rc b/blueprints/lidarr/includes/lidarr.rc similarity index 100% rename from jails/lidarr/includes/lidarr.rc rename to blueprints/lidarr/includes/lidarr.rc diff --git a/blueprints/lidarr/install.sh b/blueprints/lidarr/install.sh new file mode 100755 index 00000000..119f9ebc --- /dev/null +++ b/blueprints/lidarr/install.sh @@ -0,0 +1,25 @@ +#!/usr/local/bin/bash +# This file contains the install script for lidarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/music /mnt/music + + +iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" +iocage exec "$1" "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" +iocage exec "$1" "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/Lidarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" sysrc "lidarr_enable=YES" +iocage exec "$1" service lidarr start diff --git a/jails/lidarr/readme.md b/blueprints/lidarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/lidarr/readme.md rename to blueprints/lidarr/readme.md diff --git a/blueprints/lidarr/update.sh b/blueprints/lidarr/update.sh new file mode 100755 index 00000000..2e5edf9e --- /dev/null +++ b/blueprints/lidarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for lidarr + +iocage exec "$1" service lidarr stop +#TODO insert code to update lidarr itself here +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/lidarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" service lidarr restart \ No newline at end of file diff --git a/blueprints/mariadb/config.yml b/blueprints/mariadb/config.yml new file mode 100644 index 00000000..05feae35 --- /dev/null +++ b/blueprints/mariadb/config.yml @@ -0,0 +1,3 @@ +blueprint: + mariadb: + pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/mariadb/includes/Caddyfile b/blueprints/mariadb/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/Caddyfile rename to blueprints/mariadb/includes/Caddyfile diff --git a/jails/mariadb/includes/caddy b/blueprints/mariadb/includes/caddy.rc similarity index 100% rename from jails/mariadb/includes/caddy rename to blueprints/mariadb/includes/caddy.rc diff --git a/jails/mariadb/includes/my-system.cnf b/blueprints/mariadb/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my-system.cnf rename to blueprints/mariadb/includes/my-system.cnf diff --git a/jails/mariadb/includes/my.cnf b/blueprints/mariadb/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my.cnf rename to blueprints/mariadb/includes/my.cnf diff --git a/blueprints/mariadb/install.sh b/blueprints/mariadb/install.sh new file mode 100755 index 00000000..e94678b0 --- /dev/null +++ b/blueprints/mariadb/install.sh @@ -0,0 +1,117 @@ +#!/usr/local/bin/bash +# This script installs the current release of Mariadb and PhpMyAdmin into a created jail +##### +# +# Init and Mounts +# +##### + +# Initialise defaults +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" +# shellcheck disable=SC2154 +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +# shellcheck disable=SC2154 +DB_ROOT_PASSWORD="jail_${1}_db_root_password" +HOST_NAME="jail_${1}_host_name" +DL_FLAGS="" +DNS_ENV="" + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The mariadb jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then + echo "Reinstall of mariadb detected... Continuing" + REINSTALL="true" +fi + +# Mount database dataset and set zfs preferences +createmount "${1}" "${global_dataset_config}"/"${1}"/db /var/db/mysql +zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db +zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db + +iocage exec "${1}" chown -R 88:88 /var/db/mysql + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" mkdir -p /usr/local/www/phpmyadmin +iocage exec "${1}" chown -R www:www /usr/local/www/phpmyadmin + +##### +# +# Install mariadb, Caddy and PhpMyAdmin +# +##### + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc mysql_enable="YES" + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_env="${DNS_ENV}" + +iocage restart "${1}" +sleep 10 + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + iocage exec "${1}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" + iocage exec "${1}" mysql -u root -e "DROP DATABASE IF EXISTS test;" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" + iocage exec "${1}" mysqladmin --user=root password "${!DB_ROOT_PASSWORD}" + iocage exec "${1}" mysqladmin reload +fi +iocage exec "${1}" cp -f /mnt/includes/my.cnf /root/.my.cnf +iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /root/.my.cnf + +# Save passwords for later reference +iocage exec "${1}" echo "MariaDB root password is ${!DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +echo "Using your web browser, go to http://${!HOST_NAME} to log in" + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + echo "Database Information" + echo "--------------------" + echo "The MariaDB root password is ${!DB_ROOT_PASSWORD}" + fi +echo "" +echo "All passwords are saved in /root/${1}_db_password.txt" diff --git a/jails/mariadb/readme.md b/blueprints/mariadb/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/readme.md rename to blueprints/mariadb/readme.md diff --git a/blueprints/mariadb/update.sh b/blueprints/mariadb/update.sh new file mode 100755 index 00000000..8e20ef6d --- /dev/null +++ b/blueprints/mariadb/update.sh @@ -0,0 +1,37 @@ +#!/usr/local/bin/bash +# This file contains the update script for mariadb + +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" service caddy stop +iocage exec "${1}" service php-fpm stop + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" service caddy start +iocage exec "${1}" service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/LICENSE b/blueprints/nextcloud/LICENSE old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/LICENSE rename to blueprints/nextcloud/LICENSE diff --git a/blueprints/nextcloud/config.yml b/blueprints/nextcloud/config.yml new file mode 100644 index 00000000..0f8e0193 --- /dev/null +++ b/blueprints/nextcloud/config.yml @@ -0,0 +1,4 @@ +blueprint: + nextcloud: + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf + ports: true \ No newline at end of file diff --git a/jails/nextcloud/includes/Caddyfile b/blueprints/nextcloud/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile rename to blueprints/nextcloud/includes/Caddyfile diff --git a/jails/nextcloud/includes/Caddyfile-nossl b/blueprints/nextcloud/includes/Caddyfile-nossl old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-nossl rename to blueprints/nextcloud/includes/Caddyfile-nossl diff --git a/jails/nextcloud/includes/Caddyfile-selfsigned b/blueprints/nextcloud/includes/Caddyfile-selfsigned old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-selfsigned rename to blueprints/nextcloud/includes/Caddyfile-selfsigned diff --git a/jails/nextcloud/includes/caddy b/blueprints/nextcloud/includes/caddy.rc similarity index 100% rename from jails/nextcloud/includes/caddy rename to blueprints/nextcloud/includes/caddy.rc diff --git a/jails/nextcloud/includes/my-system.cnf b/blueprints/nextcloud/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my-system.cnf rename to blueprints/nextcloud/includes/my-system.cnf diff --git a/jails/nextcloud/includes/my.cnf b/blueprints/nextcloud/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my.cnf rename to blueprints/nextcloud/includes/my.cnf diff --git a/jails/nextcloud/includes/pgpass b/blueprints/nextcloud/includes/pgpass old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/pgpass rename to blueprints/nextcloud/includes/pgpass diff --git a/jails/nextcloud/includes/php.ini b/blueprints/nextcloud/includes/php.ini old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/php.ini rename to blueprints/nextcloud/includes/php.ini diff --git a/jails/nextcloud/includes/redis.conf b/blueprints/nextcloud/includes/redis.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/redis.conf rename to blueprints/nextcloud/includes/redis.conf diff --git a/jails/nextcloud/includes/remove-staging.sh b/blueprints/nextcloud/includes/remove-staging.sh similarity index 100% rename from jails/nextcloud/includes/remove-staging.sh rename to blueprints/nextcloud/includes/remove-staging.sh diff --git a/jails/nextcloud/includes/www-crontab b/blueprints/nextcloud/includes/www-crontab old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www-crontab rename to blueprints/nextcloud/includes/www-crontab diff --git a/jails/nextcloud/includes/www.conf b/blueprints/nextcloud/includes/www.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www.conf rename to blueprints/nextcloud/includes/www.conf diff --git a/blueprints/nextcloud/install.sh b/blueprints/nextcloud/install.sh new file mode 100755 index 00000000..79f56f3f --- /dev/null +++ b/blueprints/nextcloud/install.sh @@ -0,0 +1,321 @@ +#!/usr/local/bin/bash +# This script installs the current release of Nextcloud into a create jail +# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud + +# Initialise defaults +# General Defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +TIME_ZONE="jail_${1}_time_zone" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/nextcloud/includes" + +# SSL/CERT Defaults +CERT_TYPE="jail_${1}_cert_type" +CERT_TYPE="${!CERT_TYPE:-SELFSIGNED_CERT}" +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +DNS_PLUGIN="jail_${1}_dns_plugin" +DNS_ENV="jail_${1}_dns_env" + +# Database Defaults +DB_TYPE="jail_${1}_db_type" +DB_TYPE="${!DB_TYPE:-mariadb}" +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +DB_PASSWORD="jail_${1}_db_password" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +ADMIN_PASSWORD="jail_${1}_admin_password" + +##### +# +# Input Sanity Check +# +##### + + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${ADMIN_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud jail requires a admin_password' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud Jail needs a database password' + echo 'Please reinstall with a defifined: db_password' + exit 1 +fi + +# shellcheck disable=SC2154 +if [ -z "${!TIME_ZONE}" ]; then + echo 'Configuration error: !TIME_ZONE must be set' + exit 1 +fi +if [ -z "${!HOST_NAME}" ]; then + echo 'Configuration error: !HOST_NAME must be set' + exit 1 +fi + + + +if [ "$CERT_TYPE" != "STANDALONE_CERT" ] && [ "$CERT_TYPE" != "DNS_CERT" ] && [ "$CERT_TYPE" != "NO_CERT" ] && [ "$CERT_TYPE" != "SELFSIGNED_CERT" ]; then + echo 'Configuration error, cert_type options: STANDALONE_CERT, DNS_CERT, NO_CERT or SELFSIGNED_CERT' + exit 1 +fi + +if [ "$CERT_TYPE" == "DNS_CERT" ]; then + if [ -z "${!DNS_PLUGIN}" ] ; then + echo "DNS_PLUGIN must be set to a supported DNS provider." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." + echo "Be sure to omit the prefix of \"tls.dns.\"." + exit 1 + elif [ -z "${!DNS_ENV}" ] ; then + echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." + exit 1 + else + DL_FLAGS="tls.dns.${DNS_PLUGIN}" + DNS_SETTING="dns ${DNS_PLUGIN}" + fi +fi + +# Make sure DB_PATH is empty -- if not, MariaDB will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/config")" ]; then + echo "Reinstall of Nextcloud detected... " + REINSTALL="true" +fi + + +##### + # +# Fstab And Mounts +# +##### + +# Create and Mount Nextcloud, Config and Files +createmount "${1}" "${global_dataset_config}"/"${1}"/config /usr/local/www/nextcloud/config +createmount "${1}" "${global_dataset_config}"/"${1}"/themes /usr/local/www/nextcloud/themes +createmount "${1}" "${global_dataset_config}"/"${1}"/files /config/files + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" chown -R www:www /config/files +iocage exec "${1}" chmod -R 770 /config/files + + +##### +# +# Basic dependency install +# +##### + +if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli +fi + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc redis_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" +iocage exec "${1}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" + + +##### +# +# Install Nextcloud +# +##### + +FILE="latest-18.tar.bz2" +if ! iocage exec "${1}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc +then + echo "Failed to download Nextcloud" + exit 1 +fi +iocage exec "${1}" gpg --import /tmp/nextcloud.asc +if ! iocage exec "${1}" gpg --verify /tmp/"${FILE}".asc +then + echo "GPG Signature Verification Failed!" + echo "The Nextcloud download is corrupt." + exit 1 +fi +iocage exec "${1}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ +iocage exec "${1}" chown -R www:www /usr/local/www/nextcloud/ + + +# Generate and install self-signed cert, if necessary +if [ "$CERT_TYPE" == "SELFSIGNED_CERT" ] && [ ! -f "/mnt/${global_dataset_config}/${1}/ssl/privkey.pem" ]; then + echo "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${!HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem + iocage exec "${1}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem + iocage exec "${1}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem +fi + +# Copy and edit pre-written config files +iocage exec "${1}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini +iocage exec "${1}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf +iocage exec "${1}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ + + +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + iocage exec "${1}" cp -f /mnt/includes/remove-staging.sh /root/ +fi + +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Copying Caddyfile for no SSL" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "Copying Caddyfile for self-signed cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile +else + echo "Copying Caddyfile for Let's Encrypt cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/ +fi + + +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy + + +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s|mytimezone|${!TIME_ZONE}|" /usr/local/etc/php.ini + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_SNI_default="${!HOST_NAME}" +iocage exec "${1}" sysrc caddy_env="${!DNS_ENV}" + +iocage restart "${1}" + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "mariadb" mysqladmin reload + fi + + + # Save passwords for later reference + iocage exec "${1}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud database password is ${!DB_PASSWORD}" >> /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/"${1}"_db_password.txt + + # CLI installation and configuration of Nextcloud + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${!DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${!ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" + fi + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${!TIME_ZONE}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" + if [ "$CERT_TYPE" == "NO_CERT" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${!HOST_NAME}/\"" + else + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${!HOST_NAME}/\"" + fi + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' + +fi + +iocage exec "${1}" touch /var/log/nextcloud.log +iocage exec "${1}" chown www /var/log/nextcloud.log +iocage exec "${1}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' +iocage exec "${1}" crontab -u www /mnt/includes/www-crontab + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Using your web browser, go to http://${!HOST_NAME} to log in" +else + echo "Using your web browser, go to https://${!HOST_NAME} to log in" +fi + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + + echo "Default user is admin, password is ${ADMIN_PASSWORD}" + echo "" + + echo "Database Information" + echo "--------------------" + echo "Database user = ${DB_USER}" + echo "Database password = ${!DB_PASSWORD}" + echo "" + echo "All passwords are saved in /root/${1}_db_password.txt" +fi + +echo "" +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + echo "You have obtained your Let's Encrypt certificate using the staging server." + echo "This certificate will not be trusted by your browser and will cause SSL errors" + echo "when you connect. Once you've verified that everything else is working" + echo "correctly, you should issue a trusted certificate. To do this, run:" + echo "iocage exec ${1}/root/remove-staging.sh" + echo "" +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" + echo "installation. This certificate will not be trusted by your browser and" + echo "will cause SSL errors when you connect. If you wish to replace this certificate" + echo "with one obtained elsewhere, the private key is located at:" + echo "/config/ssl/privkey.pem" + echo "The full chain (server + intermediate certificates together) is at:" + echo "/config/ssl/fullchain.pem" + echo "" +fi + diff --git a/jails/nextcloud/readme.md b/blueprints/nextcloud/readme.md similarity index 100% rename from jails/nextcloud/readme.md rename to blueprints/nextcloud/readme.md diff --git a/jails/nextcloud/update.sh b/blueprints/nextcloud/update.sh similarity index 100% rename from jails/nextcloud/update.sh rename to blueprints/nextcloud/update.sh diff --git a/blueprints/organizr/config.yml b/blueprints/organizr/config.yml new file mode 100644 index 00000000..a06f8e48 --- /dev/null +++ b/blueprints/organizr/config.yml @@ -0,0 +1,3 @@ +blueprint: + organizr: + pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/organizr/includes/custom/organizr.conf b/blueprints/organizr/includes/custom/organizr.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/organizr.conf rename to blueprints/organizr/includes/custom/organizr.conf diff --git a/jails/organizr/includes/custom/phpblock.conf b/blueprints/organizr/includes/custom/phpblock.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/phpblock.conf rename to blueprints/organizr/includes/custom/phpblock.conf diff --git a/jails/organizr/includes/nginx.conf b/blueprints/organizr/includes/nginx.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/nginx.conf rename to blueprints/organizr/includes/nginx.conf diff --git a/blueprints/organizr/install.sh b/blueprints/organizr/install.sh new file mode 100755 index 00000000..c52d0538 --- /dev/null +++ b/blueprints/organizr/install.sh @@ -0,0 +1,34 @@ +#!/usr/local/bin/bash +# This file contains the install script for Organizr + +iocage exec "$1" sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini +# shellcheck disable=SC2154 +mv /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf.bak +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +cp -Rf "${SCRIPT_DIR}"/blueprints/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/custom +# shellcheck disable=SC2154 +if [ ! -d "/mnt/${global_dataset_config}/$1/ssl" ]; then + echo "cert folder doesn't exist... creating..." + iocage exec "$1" mkdir /config/ssl +fi + +if [ -f "/mnt/${global_dataset_config}/$1/ssl/Organizr-Cert.crt" ]; then + echo "certificate exists... Skipping cert generation" +else + echo "No ssl certificate present, generating self signed certificate" + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.crt +fi + +iocage exec "$1" git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php +iocage exec "$1" sysrc nginx_enable=YES +iocage exec "$1" sysrc php_fpm_enable=YES +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start diff --git a/jails/organizr/readme.md b/blueprints/organizr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/readme.md rename to blueprints/organizr/readme.md diff --git a/blueprints/organizr/update.sh b/blueprints/organizr/update.sh new file mode 100755 index 00000000..3021ec5d --- /dev/null +++ b/blueprints/organizr/update.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the update script for Organizr + +iocage exec "$1" service nginx stop +iocage exec "$1" service php-fpm stop +# TODO setup cli update for Organizr here. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +iocage exec "$1" "cd /usr/local/www/Organizr && git pull" +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start \ No newline at end of file diff --git a/blueprints/plex/config.yml b/blueprints/plex/config.yml new file mode 100644 index 00000000..bc68372a --- /dev/null +++ b/blueprints/plex/config.yml @@ -0,0 +1,3 @@ +blueprint: + plex: + pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/plex/includes/FreeBSD.conf b/blueprints/plex/includes/FreeBSD.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/plex/includes/FreeBSD.conf rename to blueprints/plex/includes/FreeBSD.conf diff --git a/blueprints/plex/install.sh b/blueprints/plex/install.sh new file mode 100755 index 00000000..54766a03 --- /dev/null +++ b/blueprints/plex/install.sh @@ -0,0 +1,51 @@ +#!/usr/local/bin/bash +# This file contains the install script for plex + +iocage exec plex mkdir -p /usr/local/etc/pkg/repos + +# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/pkg/repos/FreeBSD.conf + + +# Check if datasets for media librarys exist, create them if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" /mnt/media +createmount "$1" "${global_dataset_media}"/movies /mnt/media/movies +createmount "$1" "${global_dataset_media}"/music /mnt/media/music +createmount "$1" "${global_dataset_media}"/shows /mnt/media/shows + +# Create plex ramdisk if specified +# shellcheck disable=SC2154 +if [ -z "${plex_ramdisk}" ]; then + echo "no ramdisk specified for plex, continuing without randisk" +else + iocage fstab -a "$1" tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 +fi + +iocage exec "$1" chown -R plex:plex /config + +# Force update pkg to get latest plex version +iocage exec "$1" pkg update +iocage exec "$1" pkg upgrade -y + +# Add plex user to video group for future hw-encoding support +iocage exec "$1" pw groupmod -n video -m plex + +# Run different install procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 +if [ "$plex_beta" == "true" ]; then + echo "beta enabled in config.yml... using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_plexpass_enable=YES" + iocage exec "$1" sysrc plexmediaserver_plexpass_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart +else + echo "beta disabled in config.yml... NOT using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_enable=YES" + iocage exec "$1" sysrc plexmediaserver_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart +fi + +echo "Finished installing plex" \ No newline at end of file diff --git a/jails/plex/readme.md b/blueprints/plex/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/plex/readme.md rename to blueprints/plex/readme.md diff --git a/jails/plex/update.sh b/blueprints/plex/update.sh similarity index 60% rename from jails/plex/update.sh rename to blueprints/plex/update.sh index ca01432a..97d89491 100755 --- a/jails/plex/update.sh +++ b/blueprints/plex/update.sh @@ -5,16 +5,16 @@ # shellcheck disable=SC2154 if [ "$plex_plexpass" == "true" ]; then echo "beta enabled in config.yml... using plex beta for update..." - iocage exec plex service plexmediaserver_plexpass stop + iocage exec "$1" service plexmediaserver_plexpass stop # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart else echo "beta disabled in config.yml... NOT using plex beta for update..." - iocage exec plex service plexmediaserver stop + iocage exec "$1" service plexmediaserver stop # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart fi diff --git a/blueprints/radarr/config.yml b/blueprints/radarr/config.yml new file mode 100644 index 00000000..6125ba70 --- /dev/null +++ b/blueprints/radarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + radarr: + pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/radarr/includes/radarr.rc b/blueprints/radarr/includes/radarr.rc similarity index 100% rename from jails/radarr/includes/radarr.rc rename to blueprints/radarr/includes/radarr.rc diff --git a/blueprints/radarr/install.sh b/blueprints/radarr/install.sh new file mode 100755 index 00000000..99442692 --- /dev/null +++ b/blueprints/radarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for radarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/movies /mnt/movies + +iocage exec "$1" "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz +iocage exec "$1" "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" sysrc "radarr_enable=YES" +iocage exec "$1" service radarr restart diff --git a/jails/radarr/readme.md b/blueprints/radarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/radarr/readme.md rename to blueprints/radarr/readme.md diff --git a/blueprints/radarr/update.sh b/blueprints/radarr/update.sh new file mode 100755 index 00000000..8275b656 --- /dev/null +++ b/blueprints/radarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for radarr + +iocage exec "$1" service radarr stop +#TODO insert code to update radarr itself here +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" service radarr restart \ No newline at end of file diff --git a/blueprints/sonarr/config.yml b/blueprints/sonarr/config.yml new file mode 100644 index 00000000..ab4801ba --- /dev/null +++ b/blueprints/sonarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + sonarr: + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/sonarr/includes/sonarr.rc b/blueprints/sonarr/includes/sonarr.rc similarity index 100% rename from jails/sonarr/includes/sonarr.rc rename to blueprints/sonarr/includes/sonarr.rc diff --git a/blueprints/sonarr/install.sh b/blueprints/sonarr/install.sh new file mode 100755 index 00000000..faec9912 --- /dev/null +++ b/blueprints/sonarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for sonarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for tv shows exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/shows /mnt/shows + +iocage exec "$1" "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/NzbDrone.master.tar.gz +iocage exec "$1" "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" sysrc "sonarr_enable=YES" +iocage exec "$1" service sonarr restart diff --git a/jails/sonarr/readme.md b/blueprints/sonarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/sonarr/readme.md rename to blueprints/sonarr/readme.md diff --git a/blueprints/sonarr/update.sh b/blueprints/sonarr/update.sh new file mode 100755 index 00000000..f81fd987 --- /dev/null +++ b/blueprints/sonarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for sonarr + +iocage exec "$1" service sonarr stop +#TODO insert code to update sonarr itself here +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" service sonarr restart \ No newline at end of file diff --git a/blueprints/tautulli/config.yml b/blueprints/tautulli/config.yml new file mode 100644 index 00000000..3c6a9a2d --- /dev/null +++ b/blueprints/tautulli/config.yml @@ -0,0 +1,3 @@ +blueprint: + tautulli: + pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/blueprints/tautulli/install.sh b/blueprints/tautulli/install.sh new file mode 100755 index 00000000..c87ec954 --- /dev/null +++ b/blueprints/tautulli/install.sh @@ -0,0 +1,11 @@ +#!/usr/local/bin/bash +# This file contains the install script for Tautulli + +iocage exec "$1" git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli +iocage exec "$1" "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" sysrc "tautulli_enable=YES" +iocage exec "$1" sysrc "tautulli_flags=--datadir /config" +iocage exec "$1" service tautulli start \ No newline at end of file diff --git a/jails/tautulli/readme.md b/blueprints/tautulli/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/tautulli/readme.md rename to blueprints/tautulli/readme.md diff --git a/blueprints/tautulli/update.sh b/blueprints/tautulli/update.sh new file mode 100755 index 00000000..500aa181 --- /dev/null +++ b/blueprints/tautulli/update.sh @@ -0,0 +1,9 @@ +#!/usr/local/bin/bash +# This file contains the update script for Tautulli + +iocage exec "$1" service tautulli stop +# Tautulli is updated through pkg, this is mostly just a placeholder +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" service tautulli restart \ No newline at end of file diff --git a/blueprints/transmission/config.yml b/blueprints/transmission/config.yml new file mode 100644 index 00000000..ad770179 --- /dev/null +++ b/blueprints/transmission/config.yml @@ -0,0 +1,3 @@ +blueprint: + transmission: + pkgs: bash unzip unrar transmission \ No newline at end of file diff --git a/blueprints/transmission/install.sh b/blueprints/transmission/install.sh new file mode 100755 index 00000000..50686d9c --- /dev/null +++ b/blueprints/transmission/install.sh @@ -0,0 +1,19 @@ +#!/usr/local/bin/bash +# This file contains the install script for transmission + +# Check if dataset Downloads dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" /mnt/downloads + +# Check if dataset Complete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/complete /mnt/downloads/complete + +# Check if dataset InComplete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete + + +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" sysrc "transmission_enable=YES" +iocage exec "$1" sysrc "transmission_conf_dir=/config" +iocage exec "$1" sysrc "transmission_download_dir=/mnt/downloads/complete" +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/jails/transmission/readme.md b/blueprints/transmission/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/transmission/readme.md rename to blueprints/transmission/readme.md diff --git a/blueprints/transmission/update.sh b/blueprints/transmission/update.sh new file mode 100755 index 00000000..6c3d216e --- /dev/null +++ b/blueprints/transmission/update.sh @@ -0,0 +1,7 @@ +#!/usr/local/bin/bash +# This file contains the update script for transmission + +iocage exec "$1" service transmission stop +# Transmision is updated during PKG update, this file is mostly just a placeholder +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/blueprints/unifi/config.yml b/blueprints/unifi/config.yml new file mode 100644 index 00000000..96e874cf --- /dev/null +++ b/blueprints/unifi/config.yml @@ -0,0 +1,3 @@ +blueprint: + unifi: + pkgs: jq unifi5 \ No newline at end of file diff --git a/jails/unifi/includes/mongodb.conf b/blueprints/unifi/includes/mongodb.conf similarity index 100% rename from jails/unifi/includes/mongodb.conf rename to blueprints/unifi/includes/mongodb.conf diff --git a/jails/unifi/includes/rc/mongod b/blueprints/unifi/includes/rc/mongod.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/mongod rename to blueprints/unifi/includes/rc/mongod.rc diff --git a/jails/unifi/includes/rc/unifi b/blueprints/unifi/includes/rc/unifi.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/unifi rename to blueprints/unifi/includes/rc/unifi.rc diff --git a/jails/unifi/includes/rc/unifi_poller b/blueprints/unifi/includes/rc/unifi_poller.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/unifi_poller rename to blueprints/unifi/includes/rc/unifi_poller.rc diff --git a/jails/unifi/includes/up.conf b/blueprints/unifi/includes/up.conf similarity index 100% rename from jails/unifi/includes/up.conf rename to blueprints/unifi/includes/up.conf diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh new file mode 100755 index 00000000..2ad17799 --- /dev/null +++ b/blueprints/unifi/install.sh @@ -0,0 +1,117 @@ +#!/usr/local/bin/bash +# This file contains the install script for unifi-controller & unifi-poller + +# Initialize variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" + +# shellcheck disable=SC2154 +DB_JAIL="jail_${1}_db_jail" + +POLLER="jail_${1}_unifi_poller" + +# shellcheck disable=SC2154 +DB_IP="jail_${!DB_JAIL}_ip4_addr" +DB_IP="${!DB_IP%/*}" + +# shellcheck disable=SC2154 +DB_NAME="jail_${1}_up_db_name" +DB_NAME="${!DB_NAME:-$1}" + +# shellcheck disable=SC2154 +DB_USER="jail_${1}_up_db_user" +DB_USER="${!DB_USER:-$DB_NAME}" + +# shellcheck disable=SC2154 +DB_PASS="jail_${1}_up_db_password" + +# shellcheck disable=SC2154 +UP_USER="jail_${1}_up_user" +UP_USER="${!UP_USER:-$1}" + +# shellcheck disable=SC2154 +UP_PASS="jail_${1}_up_password" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/unifi/includes" + +if [ -z "${!DB_PASSWORD}" ]; then + echo "up_db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!UP_PASS}" ]; then + echo "up_password can't be empty" + exit 1 +fi + +# Enable persistent Unifi Controller data +iocage exec "${1}" mkdir -p /config/controller/mongodb +iocage exec "${1}" cp -Rp /usr/local/share/java/unifi /config/controller +iocage exec "${1}" chown -R mongodb:mongodb /config/controller/mongodb +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/mongod.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/mongod +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/unifi.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi +iocage exec "${1}" sysrc unifi_enable=YES +iocage exec "${1}" service unifi start + +# shellcheck disable=SC2154 +if [[ ! "${!POLLER}" ]]; then + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." +else + # Check if influxdb container exists, create unifi database if it does, error if it is not. + echo "Checking if the database jail and database exist..." + if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then + DB_EXISTING=$(iocage exec "${!DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') + if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then + echo "${!DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " + else + echo "${!DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." + if [[ -z "${DB_USER}" ]] || [[ -z "${!DB_PASS}" ]]; then + echo "Database username and password not provided. Cannot create database without credentials. Exiting..." + exit 1 + else + iocage exec "${!DB_JAIL}" "curl -XPOST -u ${DB_USER}:${!DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" + echo "Database ${DB_NAME} created with username ${DB_USER} with password ${!DB_PASS}." + fi + fi + else + echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." + exit 1 + fi + + # Download and install Unifi-Poller + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + + # Install downloaded Unifi-Poller package, configure and enable + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${1}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/rc/unifi_poller.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller + iocage exec "${1}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|influxdbpass|${!DB_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifipassword|${!UP_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf + + + iocage exec "${1}" sysrc unifi_poller_enable=YES + iocage exec "${1}" service unifi_poller start + + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." + echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." + echo "In Grafana, add Unifi-Poller as a data source." +fi diff --git a/jails/unifi/readme.md b/blueprints/unifi/readme.md similarity index 100% rename from jails/unifi/readme.md rename to blueprints/unifi/readme.md diff --git a/jails/unifi/update.sh b/blueprints/unifi/update.sh old mode 100644 new mode 100755 similarity index 67% rename from jails/unifi/update.sh rename to blueprints/unifi/update.sh index f554e205..a585afab --- a/jails/unifi/update.sh +++ b/blueprints/unifi/update.sh @@ -2,21 +2,20 @@ # This file contains the update script for unifi # Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller -JAIL_NAME="unifi" FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") # Check to see if there is an update. # shellcheck disable=SC2154 -if [[ -f /mnt/"${global_dataset_config}"/"${JAIL_NAME}"/"${FILE_NAME}" ]]; then +if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then echo "Unifi-Poller is up to date." exit 1 else # Download and install the package - iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" - iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" - iocage exec "${JAIL_NAME}" service unifi restart - iocage exec "${JAIL_NAME}" service unifi_poller restart + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + iocage exec "${1}" service unifi restart + iocage exec "${1}" service unifi_poller restart fi echo "Update complete!" diff --git a/config.yml.example b/config.yml.example index 1f78d862..6dbc916e 100644 --- a/config.yml.example +++ b/config.yml.example @@ -1,4 +1,6 @@ global: + # Config file syntax version (not same as script version) + version: 1.2 # Relevant dataset paths, please use the ZFS dataset syntax such as: tank/apps dataset: # dataset for internal jail config files @@ -15,100 +17,89 @@ global: # Please use standard space delimited pkg install syntax. pkgs: curl ca_root_nss bash - -# Example configuration, showing how to customise network config. -# Use the same jailname on both sides of this variable example: example -example: example - #interfaces is optional and will be autmatically replace with vnet0:bridge0 if not present - interfaces: vnet0:bridge0 - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - # Jail specific pkgs. - # Please use standard space delimited pkg install syntax. - pkgs: mono +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false -plex: plex - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - beta: false - -lidarr: lidarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + lidarr: + blueprint: lidarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + sonarr: + blueprint: sonarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + radarr: + blueprint: radarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + kms: + blueprint: kms + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -sonarr: sonarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + jackett: + blueprint: jackett + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + organizr: + blueprint: organizr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + tautulli: + blueprint: tautulli + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -radarr: radarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + transmission: + blueprint: transmission + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -kms: kms - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - -jackett: jackett - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 -organizr: organizr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + nextcloud: + blueprint: nextcloud + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + time_zone: Europe/Amsterdam + host_name: cloud.example.com + db_jail: "mariadb" + admin_password: "PUTYOUROWNADMINPASSWORDHERE" + db_password: "PLEASEALSOPUTYOURPASSWORDHEREADIFFERNTONE" + + mariadb: + blueprint: mariadb + ip4_addr: 192.168.1.98/24 + gateway: 192.168.1.1 + db_root_password: ReplaceThisWithYourOwnRootPAssword + host_name: mariadb.local.example -tautulli: tautulli - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + bitwarden: + blueprint: bitwarden + ip4_addr: 192.168.1.97/24 + gateway: 192.168.1.1 + db_jail: "mariadb" + db_password: "YourDBPasswordHerePLEASE" + admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" -transmission: transmission - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + influxdb: + blueprint: influxdb + ip4_addr: 192.168.1.250/24 + gateway: 192.168.1.1 - -nextcloud: nextcloud - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - time_zone: Europe/Amsterdam - host_name: cloud.example.com - database: mariadb - standalone_cert: 0 - selfsigned_cert: 0 - dns_cert: 0 - no_cert: 1 - dl_flags: "" - dns_settings: "" - cert_email: "placeholder@holdplace.org" - database: mariadb -# db_database: -# db_user: -# db_password -# db_host - -mariadb: mariadb - ip4_addr: 192.168.1.98/24 - gateway: 192.168.1.1 - db_root_password: ReplaceThisWithYourOwnRootPAssword - host_name: mariadb.local.example - -bitwarden: bitwarden - ip4_addr: 192.168.1.97/24 - gateway: 192.168.1.1 - db_password: "YourDBPasswordHerePLEASE" - type: mariadb - admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" - -influxdb: influxdb - ip4_addr: 192.168.1.250/24 - gateway: 192.168.1.1 - database: influxdb - -unifi: unifi - ip4_addr: 192.168.1.251/24 - gateway: 192.168.1.1 - unifi_poller: true - db_jail: influxdb - up_db_name: unifi - up_db_user: unifi-poller - up_db_password: unifi-poller - up_user: upoller - up_password: upoller + unifi: + blueprint: unifi + ip4_addr: 192.168.1.251/24 + gateway: 192.168.1.1 + unifi_poller: true + db_jail: influxdb + up_db_password: unifi-poller + up_password: upoller diff --git a/global.sh b/global.sh index 4a9f1359..262a72f3 100755 --- a/global.sh +++ b/global.sh @@ -43,12 +43,12 @@ fi jailcreate() { echo "Checking config..." -jailname="${1}" -jailpkgs="${1}_pkgs" -jailinterfaces="${1}_interfaces" -jailip4="${1}_ip4_addr" -jailgateway="${1}_gateway" -jaildhcp="${1}_dhcp" +blueprintpkgs="blueprint_${2}_pkgs" +blueprintports="blueprint_${2}_ports" +jailinterfaces="jail_${1}_interfaces" +jailip4="jail_${1}_ip4_addr" +jailgateway="jail_${1}_gateway" +jaildhcp="jail_${1}_dhcp" setdhcp=${!jaildhcp} if [ -z "${!jailinterfaces}" ]; then @@ -62,49 +62,47 @@ if [ -z "${setdhcp}" ] && [ -z "${!jailip4}" ] && [ -z "${!jailgateway}" ]; then setdhcp="on" fi -if [ -z "${!jailname}" ]; then - echo "ERROR, jail not defined in config.yml" - exit 1 -else - echo "Creating jail for $1" +echo "Creating jail for $1" +# shellcheck disable=SC2154 +pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!blueprintpkgs}")" +echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json +if [ "${setdhcp}" == "on" ] +then # shellcheck disable=SC2154 - pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!jailpkgs}")" - echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json - if [ "${setdhcp}" == "on" ] + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b then - # shellcheck disable=SC2154 - if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b - then - echo "Failed to create jail" - exit 1 - fi - else - # shellcheck disable=SC2154 - if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b - then - echo "Failed to create jail" - exit 1 - fi - + echo "Failed to create jail" + exit 1 fi - - rm /tmp/pkg.json - echo "creating jail config directory" +else # shellcheck disable=SC2154 - createmount "${1}" "${global_dataset_config}" - createmount "${1}" "${global_dataset_config}"/"${1}" /config - - # Create and Mount portsnap + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b + then + echo "Failed to create jail" + exit 1 + fi +fi + +rm /tmp/pkg.json +echo "creating jail config directory" +# shellcheck disable=SC2154 +createmount "${1}" "${global_dataset_config}" +createmount "${1}" "${global_dataset_config}"/"${1}" /config + +# Create and Mount portsnap +createmount "${1}" "${global_dataset_config}"/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports +if [ "${!blueprintports}" == "true" ] +then echo "Mounting and fetching ports" - createmount "${1}" "${global_dataset_config}"/portsnap - createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap - createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports - iocage exec "${1}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" - - echo "Jail creation completed for ${1}" -fi - +else + echo "Ports not enabled for blueprint, skipping" +fi + +echo "Jail creation completed for ${1}" + } # $1 = jail name diff --git a/jailman.sh b/jailman.sh index 2111951f..7db54514 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="dev" +BRANCH="multi_install" gitupdate ${BRANCH} # If no option is given, point to the help menu @@ -107,9 +107,16 @@ export global_dataset_iocage # Parse the Config YAML # shellcheck disable=SC2046 -for configpath in "${SCRIPT_DIR}"/jails/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done +for configpath in "${SCRIPT_DIR}"/blueprints/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done eval "$(parse_yaml config.yml)" +# shellcheck disable=SC2154 +if [ "${global_version}" != "1.2" ]; then + echo "You are using old config.yml synatx." + echo "Please check the wiki for required changes" + exit 1 +fi + # Check and Execute requested jail destructions if [ ${#destroyjails[@]} -eq 0 ]; then echo "No jails to destroy" @@ -132,12 +139,18 @@ else echo "jails to install ${installjails[@]}" for jail in "${installjails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Installing $jail" - jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh + jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/install.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -150,12 +163,18 @@ else echo "jails to reinstall ${redojails[@]}" for jail in "${redojails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Reinstalling $jail" - iocage destroy -f "${jail}" && jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh + iocage destroy -f "${jail}" && jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -169,15 +188,21 @@ else echo "jails to update ${updatejails[@]}" for jail in "${updatejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Updating $jail" iocage update "${jail}" - iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${jail}"/update.sh + iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${!blueprint}"/update.sh iocage restart "${jail}" iocage start "${jail}" else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -190,11 +215,17 @@ else echo "jails to update ${upgradejails[@]}" for jail in "${upgradejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Currently Upgrading is not yet included in this script." else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Currently Upgrading is not yet included in this script." + exit 1 fi done fi diff --git a/jails/bitwarden/config.yml b/jails/bitwarden/config.yml deleted file mode 100644 index 6214896e..00000000 --- a/jails/bitwarden/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -bitwarden: bitwarden - pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/bitwarden/install.sh b/jails/bitwarden/install.sh deleted file mode 100755 index 11d445f0..00000000 --- a/jails/bitwarden/install.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for bitwarden - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -# shellcheck disable=SC2154 -INSTALL_TYPE=${bitwarden_type} -# shellcheck disable=SC2154 -DB_HOST="${mariadb_ip4_addr%/*}:3306" -# shellcheck disable=SC2154 -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -# shellcheck disable=SC2154 -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} mkdir -p /usr/local/share/bitwarden/src -iocage exec ${JAIL_NAME} git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz - -# shellcheck disable=SC2154 -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt" ]; then - echo "certificate exist... Skipping cert generation" -else - "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.crt -fi - -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/bitwarden.log" ]; then - echo "Reinstall of Bitwarden detected... using existing config and database" -elif [ "${INSTALL_TYPE}" == "mariadb" ]; then - echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload -else - echo "No config detected, doing clean install." -fi - -iocage exec ${JAIL_NAME} "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -iocage exec ${JAIL_NAME} mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} sysrc "bitwarden_enable=YES" -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden install." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/bitwarden/update.sh b/jails/bitwarden/update.sh deleted file mode 100755 index 15e51002..00000000 --- a/jails/bitwarden/update.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for bitwarden -# Due to it being build from scratch or downloaded directly to execution dir, -# Update for Bitwarden is pretty similair to installation - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -# shellcheck disable=SC2154 -INSTALL_TYPE=${bitwarden_type} -# shellcheck disable=SC2154 -DB_HOST="${mariadb_ip4_addr%/*}:3306" -# shellcheck disable=SC2154 -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -# shellcheck disable=SC2154 -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -iocage exec ${JAIL_NAME} service bitwarden stop - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src fetch" -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz - -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden update." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/influxdb/config.yml b/jails/influxdb/config.yml deleted file mode 100644 index 2ced3a1c..00000000 --- a/jails/influxdb/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -influxdb: influxdb - pkgs: influxdb \ No newline at end of file diff --git a/jails/influxdb/includes/influxdb.conf b/jails/influxdb/includes/influxdb.conf deleted file mode 100644 index ad9533b0..00000000 --- a/jails/influxdb/includes/influxdb.conf +++ /dev/null @@ -1,586 +0,0 @@ -### Welcome to the InfluxDB configuration file. - -# The values in this file override the default values used by the system if -# a config option is not specified. The commented out lines are the configuration -# field and the default value used. Uncommenting a line and changing the value -# will change the value used at runtime when the process is restarted. - -# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com -# The data includes a random ID, os, arch, version, the number of series and other -# usage data. No data from user databases is ever transmitted. -# Change this option to true to disable reporting. -# reporting-disabled = false - -# Bind address to use for the RPC service for backup and restore. -# bind-address = "127.0.0.1:8088" - -### -### [meta] -### -### Controls the parameters for the Raft consensus group that stores metadata -### about the InfluxDB cluster. -### - -[meta] - # Where the metadata/raft database is stored - dir = "/config/influxdb/database/meta" - - # Automatically create a default retention policy when creating a database. - # retention-autocreate = true - - # If log messages are printed for the meta service - # logging-enabled = true - -### -### [data] -### -### Controls where the actual shard data for InfluxDB lives and how it is -### flushed from the WAL. "dir" may need to be changed to a suitable place -### for your system, but the WAL settings are an advanced configuration. The -### defaults should work for most systems. -### - -[data] - # The directory where the TSM storage engine stores TSM files. - dir = "/config/influxdb/database/data" - - # The directory where the TSM storage engine stores WAL files. - wal-dir = "/config/influxdb/database/wal" - - # The amount of time that a write will wait before fsyncing. A duration - # greater than 0 can be used to batch up multiple fsync calls. This is useful for slower - # disks or when WAL write contention is seen. A value of 0s fsyncs every write to the WAL. - # Values in the range of 0-100ms are recommended for non-SSD disks. - # wal-fsync-delay = "0s" - - - # The type of shard index to use for new shards. The default is an in-memory index that is - # recreated at startup. A value of "tsi1" will use a disk based index that supports higher - # cardinality datasets. - # index-version = "inmem" - - # Trace logging provides more verbose output around the tsm engine. Turning - # this on can provide more useful output for debugging tsm engine issues. - # trace-logging-enabled = false - - # Whether queries should be logged before execution. Very useful for troubleshooting, but will - # log any sensitive data contained within a query. - # query-log-enabled = true - - # Validates incoming writes to ensure keys only have valid unicode characters. - # This setting will incur a small overhead because every key must be checked. - # validate-keys = false - - # Settings for the TSM engine - - # CacheMaxMemorySize is the maximum size a shard's cache can - # reach before it starts rejecting writes. - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # cache-max-memory-size = "1g" - - # CacheSnapshotMemorySize is the size at which the engine will - # snapshot the cache and write it to a TSM file, freeing up memory - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # cache-snapshot-memory-size = "25m" - - # CacheSnapshotWriteColdDuration is the length of time at - # which the engine will snapshot the cache and write it to - # a new TSM file if the shard hasn't received writes or deletes - # cache-snapshot-write-cold-duration = "10m" - - # CompactFullWriteColdDuration is the duration at which the engine - # will compact all TSM files in a shard if it hasn't received a - # write or delete - # compact-full-write-cold-duration = "4h" - - # The maximum number of concurrent full and level compactions that can run at one time. A - # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime. Any number greater - # than 0 limits compactions to that value. This setting does not apply - # to cache snapshotting. - # max-concurrent-compactions = 0 - - # CompactThroughput is the rate limit in bytes per second that we - # will allow TSM compactions to write to disk. Note that short bursts are allowed - # to happen at a possibly larger value, set by CompactThroughputBurst - # compact-throughput = "48m" - - # CompactThroughputBurst is the rate limit in bytes per second that we - # will allow TSM compactions to write to disk. - # compact-throughput-burst = "48m" - - # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to - # TSM files. This setting has been found to be problematic on some kernels, and defaults to off. - # It might help users who have slow disks in some cases. - # tsm-use-madv-willneed = false - - # Settings for the inmem index - - # The maximum series allowed per database before writes are dropped. This limit can prevent - # high cardinality issues at the database level. This limit can be disabled by setting it to - # 0. - # max-series-per-database = 1000000 - - # The maximum number of tag values per tag that are allowed before writes are dropped. This limit - # can prevent high cardinality tag values from being written to a measurement. This limit can be - # disabled by setting it to 0. - # max-values-per-tag = 100000 - - # Settings for the tsi1 index - - # The threshold, in bytes, when an index write-ahead log file will compact - # into an index file. Lower sizes will cause log files to be compacted more - # quickly and result in lower heap usage at the expense of write throughput. - # Higher sizes will be compacted less frequently, store more series in-memory, - # and provide higher write throughput. - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # max-index-log-file-size = "1m" - - # The size of the internal cache used in the TSI index to store previously - # calculated series results. Cached results will be returned quickly from the cache rather - # than needing to be recalculated when a subsequent query with a matching tag key/value - # predicate is executed. Setting this value to 0 will disable the cache, which may - # lead to query performance issues. - # This value should only be increased if it is known that the set of regularly used - # tag key/value predicates across all measurements for a database is larger than 100. An - # increase in cache size may lead to an increase in heap usage. - series-id-set-cache-size = 100 - -### -### [coordinator] -### -### Controls the clustering service configuration. -### - -[coordinator] - # The default time a write request will wait until a "timeout" error is returned to the caller. - # write-timeout = "10s" - - # The maximum number of concurrent queries allowed to be executing at one time. If a query is - # executed and exceeds this limit, an error is returned to the caller. This limit can be disabled - # by setting it to 0. - # max-concurrent-queries = 0 - - # The maximum time a query will is allowed to execute before being killed by the system. This limit - # can help prevent run away queries. Setting the value to 0 disables the limit. - # query-timeout = "0s" - - # The time threshold when a query will be logged as a slow query. This limit can be set to help - # discover slow or resource intensive queries. Setting the value to 0 disables the slow query logging. - # log-queries-after = "0s" - - # The maximum number of points a SELECT can process. A value of 0 will make - # the maximum point count unlimited. This will only be checked every second so queries will not - # be aborted immediately when hitting the limit. - # max-select-point = 0 - - # The maximum number of series a SELECT can run. A value of 0 will make the maximum series - # count unlimited. - # max-select-series = 0 - - # The maximum number of group by time bucket a SELECT can create. A value of zero will max the maximum - # number of buckets unlimited. - # max-select-buckets = 0 - -### -### [retention] -### -### Controls the enforcement of retention policies for evicting old data. -### - -[retention] - # Determines whether retention policy enforcement enabled. - # enabled = true - - # The interval of time when retention policy enforcement checks run. - # check-interval = "30m" - -### -### [shard-precreation] -### -### Controls the precreation of shards, so they are available before data arrives. -### Only shards that, after creation, will have both a start- and end-time in the -### future, will ever be created. Shards are never precreated that would be wholly -### or partially in the past. - -[shard-precreation] - # Determines whether shard pre-creation service is enabled. - # enabled = true - - # The interval of time when the check to pre-create new shards runs. - # check-interval = "10m" - - # The default period ahead of the endtime of a shard group that its successor - # group is created. - # advance-period = "30m" - -### -### Controls the system self-monitoring, statistics and diagnostics. -### -### The internal database for monitoring data is created automatically if -### if it does not already exist. The target retention within this database -### is called 'monitor' and is also created with a retention period of 7 days -### and a replication factor of 1, if it does not exist. In all cases the -### this retention policy is configured as the default for the database. - -[monitor] - # Whether to record statistics internally. - # store-enabled = true - - # The destination database for recorded statistics - # store-database = "_internal" - - # The interval at which to record statistics - # store-interval = "10s" - -### -### [http] -### -### Controls how the HTTP endpoints are configured. These are the primary -### mechanism for getting data into and out of InfluxDB. -### - -[http] - # Determines whether HTTP endpoint is enabled. - # enabled = true - - # Determines whether the Flux query endpoint is enabled. - # flux-enabled = false - - # Determines whether the Flux query logging is enabled. - # flux-log-enabled = false - - # The bind address used by the HTTP service. - # bind-address = ":8086" - - # Determines whether user authentication is enabled over HTTP/HTTPS. - # auth-enabled = false - - # The default realm sent back when issuing a basic auth challenge. - # realm = "InfluxDB" - - # Determines whether HTTP request logging is enabled. - # log-enabled = true - - # Determines whether the HTTP write request logs should be suppressed when the log is enabled. - # suppress-write-log = false - - # When HTTP request logging is enabled, this option specifies the path where - # log entries should be written. If unspecified, the default is to write to stderr, which - # intermingles HTTP logs with internal InfluxDB logging. - # - # If influxd is unable to access the specified path, it will log an error and fall back to writing - # the request log to stderr. - # access-log-path = "" - - # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is - # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx. - # If multiple filters are used, then only one has to match. The default is to have no filters which - # will cause every request to be printed. - # access-log-status-filters = [] - - # Determines whether detailed write logging is enabled. - # write-tracing = false - - # Determines whether the pprof endpoint is enabled. This endpoint is used for - # troubleshooting and monitoring. - # pprof-enabled = true - - # Enables authentication on pprof endpoints. Users will need admin permissions - # to access the pprof endpoints when this setting is enabled. This setting has - # no effect if either auth-enabled or pprof-enabled are set to false. - # pprof-auth-enabled = false - - # Enables a pprof endpoint that binds to localhost:6060 immediately on startup. - # This is only needed to debug startup issues. - # debug-pprof-enabled = false - - # Enables authentication on the /ping, /metrics, and deprecated /status - # endpoints. This setting has no effect if auth-enabled is set to false. - # ping-auth-enabled = false - - # Determines whether HTTPS is enabled. - # https-enabled = false - - # The SSL certificate to use when HTTPS is enabled. - # https-certificate = "/config/ssl/influxdb.pem" - - # Use a separate private key location. - # https-private-key = "" - - # The JWT auth shared secret to validate requests using JSON web tokens. - # shared-secret = "" - - # The default chunk size for result sets that should be chunked. - # max-row-limit = 0 - - # The maximum number of HTTP connections that may be open at once. New connections that - # would exceed this limit are dropped. Setting this value to 0 disables the limit. - # max-connection-limit = 0 - - # Enable http service over unix domain socket - # unix-socket-enabled = false - - # The path of the unix domain socket. - # bind-socket = "/var/run/influxdb.sock" - - # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit. - # max-body-size = 25000000 - - # The maximum number of writes processed concurrently. - # Setting this to 0 disables the limit. - # max-concurrent-write-limit = 0 - - # The maximum number of writes queued for processing. - # Setting this to 0 disables the limit. - # max-enqueued-write-limit = 0 - - # The maximum duration for a write to wait in the queue to be processed. - # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit. - # enqueued-write-timeout = 0 - -### -### [logging] -### -### Controls how the logger emits logs to the output. -### - -[logging] - # Determines which log encoder to use for logs. Available options - # are auto, logfmt, and json. auto will use a more a more user-friendly - # output format if the output terminal is a TTY, but the format is not as - # easily machine-readable. When the output is a non-TTY, auto will use - # logfmt. - # format = "auto" - - # Determines which level of logs will be emitted. The available levels - # are error, warn, info, and debug. Logs that are equal to or above the - # specified level will be emitted. - # level = "info" - - # Suppresses the logo output that is printed when the program is started. - # The logo is always suppressed if STDOUT is not a TTY. - # suppress-logo = false - -### -### [subscriber] -### -### Controls the subscriptions, which can be used to fork a copy of all data -### received by the InfluxDB host. -### - -[subscriber] - # Determines whether the subscriber service is enabled. - # enabled = true - - # The default timeout for HTTP writes to subscribers. - # http-timeout = "30s" - - # Allows insecure HTTPS connections to subscribers. This is useful when testing with self- - # signed certificates. - # insecure-skip-verify = false - - # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used - # ca-certs = "" - - # The number of writer goroutines processing the write channel. - # write-concurrency = 40 - - # The number of in-flight writes buffered in the write channel. - # write-buffer-size = 1000 - - -### -### [[graphite]] -### -### Controls one or many listeners for Graphite data. -### - -[[graphite]] - # Determines whether the graphite endpoint is enabled. - # enabled = false - # database = "graphite" - # retention-policy = "" - # bind-address = ":2003" - # protocol = "tcp" - # consistency-level = "one" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # number of batches that may be pending in memory - # batch-pending = 10 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # udp-read-buffer = 0 - - ### This string joins multiple matching 'measurement' values providing more control over the final measurement name. - # separator = "." - - ### Default tags that will be added to all metrics. These can be overridden at the template level - ### or by tags extracted from metric - # tags = ["region=us-east", "zone=1c"] - - ### Each template line requires a template pattern. It can have an optional - ### filter before the template and separated by spaces. It can also have optional extra - ### tags following the template. Multiple tags should be separated by commas and no spaces - ### similar to the line protocol format. There can be only one default template. - # templates = [ - # "*.app env.service.resource.measurement", - # # Default template - # "server.*", - # ] - -### -### [collectd] -### -### Controls one or many listeners for collectd data. -### - -[[collectd]] - # enabled = false - # bind-address = ":25826" - # database = "collectd" - # retention-policy = "" - # - # The collectd service supports either scanning a directory for multiple types - # db files, or specifying a single db file. - # typesdb = "/usr/local/share/collectd" - # - # security-level = "none" - # auth-file = "/etc/collectd/auth_file" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # Number of batches that may be pending in memory - # batch-pending = 10 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "10s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # read-buffer = 0 - - # Multi-value plugins can be handled two ways. - # "split" will parse and store the multi-value plugin data into separate measurements - # "join" will parse and store the multi-value plugin as a single multi-value measurement. - # "split" is the default behavior for backward compatibility with previous versions of influxdb. - # parse-multivalue-plugin = "split" -### -### [opentsdb] -### -### Controls one or many listeners for OpenTSDB data. -### - -[[opentsdb]] - # enabled = false - # bind-address = ":4242" - # database = "opentsdb" - # retention-policy = "" - # consistency-level = "one" - # tls-enabled = false - # certificate= "/config/ssl/influxdb.pem" - - # Log an error for every malformed point. - # log-point-errors = true - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Only points - # metrics received over the telnet protocol undergo batching. - - # Flush if this many points get buffered - # batch-size = 1000 - - # Number of batches that may be pending in memory - # batch-pending = 5 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - -### -### [[udp]] -### -### Controls the listeners for InfluxDB line protocol data via UDP. -### - -[[udp]] - # enabled = false - # bind-address = ":8089" - # database = "udp" - # retention-policy = "" - - # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h") - # precision = "" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # Number of batches that may be pending in memory - # batch-pending = 10 - - # Will flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # read-buffer = 0 - -### -### [continuous_queries] -### -### Controls how continuous queries are run within InfluxDB. -### - -[continuous_queries] - # Determines whether the continuous query service is enabled. - # enabled = true - - # Controls whether queries are logged when executed by the CQ service. - # log-enabled = true - - # Controls whether queries are logged to the self-monitoring data store. - # query-stats-enabled = false - - # interval for how often continuous queries will be checked if they need to run - # run-interval = "1s" - -### -### [tls] -### -### Global configuration settings for TLS in InfluxDB. -### - -[tls] - # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants - # for a list of available ciphers, which depends on the version of Go (use the query - # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses - # the default settings from Go's crypto/tls package. - # ciphers = [ - # "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", - # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - # ] - - # Minimum version of the tls protocol that will be negotiated. If not specified, uses the - # default settings from Go's crypto/tls package. - # min-version = "tls1.2" - - # Maximum version of the tls protocol that will be negotiated. If not specified, uses the - # default settings from Go's crypto/tls package. - # max-version = "tls1.2" diff --git a/jails/influxdb/install.sh b/jails/influxdb/install.sh deleted file mode 100755 index 9fe6886a..00000000 --- a/jails/influxdb/install.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of InfluxDB - -##### -# -# Init and Mounts -# -##### - -# Initialise variables -JAIL_NAME="influxdb" -# shellcheck disable=SC2154 -JAIL_IP="${influxdb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/influxdb/includes" -# shellcheck disable=SC2154 -DATABASE="${influxdb_database}" - -# Mount and configure proper configuration location -# shellcheck disable=SC2154 -cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${JAIL_NAME}/influxd.conf" -iocage exec "${JAIL_NAME}" mkdir -p /config/db/data /config/db/meta /config/db/wal -iocage exec "${JAIL_NAME}" chown -R influxd:influxd /config/db -iocage exec "${JAIL_NAME}" sysrc influxd_conf="/config/influxd.conf" -iocage exec "${JAIL_NAME}" sysrc influxd_enable="YES" - -# Start influxdb and wait for it to startup -iocage exec "${JAIL_NAME}" service influxd start -sleep 15 - -# Create database and restart -if iocage exec "${JAIL_NAME}" curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE ${DATABASE}"; then - echo "Database created." -else - echo "Database creation failed. Please attempt to create the database manually." - exit 1 -fi - -# Done! -echo "Installation complete!" -echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." -echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." -echo "" -echo "Database Information" -echo "--------------------" -echo "Database = ${DATABASE} at http://${JAIL_IP}:8086." -echo "" \ No newline at end of file diff --git a/jails/jackett/config.yml b/jails/jackett/config.yml deleted file mode 100644 index 01cd737f..00000000 --- a/jails/jackett/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -jackett: jackett - pkgs: mono \ No newline at end of file diff --git a/jails/jackett/install.sh b/jails/jackett/install.sh deleted file mode 100755 index 954d59c5..00000000 --- a/jails/jackett/install.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for jackett - -iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" -iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" -iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz -iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -iocage exec jackett mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/jackett/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett sysrc "jackett_enable=YES" -iocage exec jackett service jackett restart diff --git a/jails/jackett/update.sh b/jails/jackett/update.sh deleted file mode 100755 index b5ad1679..00000000 --- a/jails/jackett/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for jackett - -iocage exec jackett service jackett stop -#TODO insert code to update jacket itself here -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/test10/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/test10/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett service jackett restart diff --git a/jails/kms/config.yml b/jails/kms/config.yml deleted file mode 100644 index ca31811d..00000000 --- a/jails/kms/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -kms: kms - pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/kms/install.sh b/jails/kms/install.sh deleted file mode 100755 index c7dffa88..00000000 --- a/jails/kms/install.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for KMS - - -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -iocage exec kms mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms sysrc "py_kms_enable=YES" -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/kms/update.sh b/jails/kms/update.sh deleted file mode 100755 index e953f084..00000000 --- a/jails/kms/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for KMS - -iocage exec kms service py_kms stop -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/lidarr/config.yml b/jails/lidarr/config.yml deleted file mode 100644 index c9bc00a2..00000000 --- a/jails/lidarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -lidarr: lidarr - pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/lidarr/install.sh b/jails/lidarr/install.sh deleted file mode 100755 index 702d3603..00000000 --- a/jails/lidarr/install.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for lidarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount lidarr "${global_dataset_downloads}" -createmount lidarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -# shellcheck disable=SC2154 -createmount lidarr "${global_dataset_media}" -createmount lidarr "${global_dataset_media}"/music /mnt/music - - -iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" -iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" -iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" -iocage exec lidarr "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/Lidarr /config -iocage exec lidarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr sysrc "lidarr_enable=YES" -iocage exec lidarr service lidarr start diff --git a/jails/lidarr/update.sh b/jails/lidarr/update.sh deleted file mode 100755 index a1990a7a..00000000 --- a/jails/lidarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for lidarr - -iocage exec lidarr service lidarr stop -#TODO insert code to update lidarr itself here -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/lidarr /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr service lidarr restart \ No newline at end of file diff --git a/jails/mariadb/config.yml b/jails/mariadb/config.yml deleted file mode 100644 index bbe68e55..00000000 --- a/jails/mariadb/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -mariadb: mariadb - pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/mariadb/install.sh b/jails/mariadb/install.sh deleted file mode 100755 index 9bf39b4e..00000000 --- a/jails/mariadb/install.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Mariadb and PhpMyAdmin into a created jail -##### -# -# Init and Mounts -# -##### - -# Initialise defaults -JAIL_NAME="mariadb" -# shellcheck disable=SC2154 -JAIL_IP="${mariadb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" -# shellcheck disable=SC2154 -CERT_EMAIL=${mariadb_cert_email} -# shellcheck disable=SC2154 -DB_ROOT_PASSWORD=${mariadb_db_root_password} -DB_NAME="MariaDB" -DL_FLAGS="" - -# Check that necessary variables were set by nextcloud-config -if [ -z "${mariadb_ip4_addr}" ]; then - echo 'Configuration error: The mariadb jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke -# shellcheck disable=SC2154 -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/db")" ]; then - echo "Reinstall of mariadb detected... Continuing" - REINSTALL="true" -fi - -# Mount database dataset and set zfs preferences -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/db /var/db/mysql -zfs set recordsize=16K "${global_dataset_config}"/${JAIL_NAME}/db -zfs set primarycache=metadata "${global_dataset_config}"/${JAIL_NAME}/db - -iocage exec "${JAIL_NAME}" chown -R 88:88 /var/db/mysql - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec "${JAIL_NAME}" mkdir -p /usr/local/www/phpmyadmin -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/phpmyadmin - -##### -# -# Install mariadb, Caddy and PhpMyAdmin -# -##### - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc mysql_enable="YES" - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -# shellcheck disable=SC2154 -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" -sleep 10 - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - iocage exec "${JAIL_NAME}" mysql -u root -e "DROP DATABASE IF EXISTS test;" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" - iocage exec "${JAIL_NAME}" mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('${DB_ROOT_PASSWORD}') WHERE User='root';" - iocage exec "${JAIL_NAME}" mysqladmin reload -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my.cnf /root/.my.cnf -iocage exec "${JAIL_NAME}" sed -i '' "s|mypassword|${DB_ROOT_PASSWORD}|" /root/.my.cnf - -# Save passwords for later reference -iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -echo "Using your web browser, go to http://${mariadb_host_name} to log in" - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - echo "Database Information" - echo "--------------------" - echo "The ${DB_NAME} root password is ${DB_ROOT_PASSWORD}" - fi -echo "" -echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" diff --git a/jails/mariadb/update.sh b/jails/mariadb/update.sh deleted file mode 100755 index c3d8ad2f..00000000 --- a/jails/mariadb/update.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for mariadb - -JAIL_NAME="mariadb" -# shellcheck disable=SC2154 -JAIL_IP="${mariadb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec ${JAIL_NAME} service caddy stop -iocage exec ${JAIL_NAME} service php-fpm stop - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -# shellcheck disable=SC2154 -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec ${JAIL_NAME} service caddy start -iocage exec ${JAIL_NAME} service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/config.yml b/jails/nextcloud/config.yml deleted file mode 100644 index dfe6c31d..00000000 --- a/jails/nextcloud/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -nextcloud: nextcloud - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf \ No newline at end of file diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh deleted file mode 100755 index a519faea..00000000 --- a/jails/nextcloud/install.sh +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Nextcloud into a create jail -# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud - - -# Initialise defaults -JAIL_NAME="nextcloud" -# shellcheck disable=SC2154 -JAIL_IP="${nextcloud_ip4_addr%/*}" -# shellcheck disable=SC2154 -DATABASE="$nextcloud_database" -INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes" -# shellcheck disable=SC2154 -STANDALONE_CERT=${nextcloud_standalone_cert} -# shellcheck disable=SC2154 -SELFSIGNED_CERT=${nextcloud_selfsigned_cert} -# shellcheck disable=SC2154 -DNS_CERT=${nextcloud_dns_cert} -# shellcheck disable=SC2154 -NO_CERT=${nextcloud_no_cert} -# shellcheck disable=SC2154 -DL_FLAGS=${nextcloud_dl_flags} -# shellcheck disable=SC2154 -DNS_SETTING=${nextcloud_dns_settings} -# shellcheck disable=SC2154 -CERT_EMAIL=${nextcloud_cert_email} -# shellcheck disable=SC2154 -HOST_NAME=${nextcloud_host_name} - -# Only generate new DB passwords when using buildin database -# Set DB username and database to fixed "nextcloud" - -if [ "${DATABASE}" = "pgsql-external" ]; then - DB_NAME="PostgreSQL" - # shellcheck disable=SC2154 - DB_HOST="${nextcloud_db_host}" - # shellcheck disable=SC2154 - DB_DATABASE="${nextcloud_db_database}" - # shellcheck disable=SC2154 - DB_USER="${nextcloud_db_user}" - # shellcheck disable=SC2154 - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-external" ]; then - DB_NAME="MariaDB" - DB_HOST="${nextcloud_db_host}" - DB_DATABASE="${nextcloud_db_database}" - DB_USER="${nextcloud_db_user}" - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-jail" ]; then - DB_DATABASE="nextcloud" - DB_USER="nextcloud" - # shellcheck disable=SC2154 - DB_HOST="${mariadb_ip4_addr%/*}:3306" - DB_PASSWORD="${nextcloud_db_password}" -else - echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:" - echo "mariadb-jail, mariadb-external, pgsql-external" - exit 1 -fi - - -ADMIN_PASSWORD=$(openssl rand -base64 12) - -##### -# -# Input Sanity Check -# -##### - - -# Check that necessary variables were set by nextcloud-config -if [ -z "${nextcloud_ip4_addr}" ]; then - echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -if [ -z "${DB_PASSWORD}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database password' - echo 'Please reinstall with a defifined: db_password' - exit 1 -fi - -if [ -z "${DB_USER}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database user' - echo 'Please reinstall with a defifined: db_user' - exit 1 -fi - -if [ -z "${DB_HOST}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database host' - echo 'Please reinstall with a defifined: db_host' - exit 1 -fi - -if [ -z "${DB_DATABASE}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database name' - echo 'Please reinstall with a defifined: db_database' - exit 1 -fi - -# shellcheck disable=SC2154 -if [ -z "${nextcloud_time_zone}" ]; then - echo 'Configuration error: TIME_ZONE must be set' - exit 1 -fi -if [ -z "${HOST_NAME}" ]; then - echo 'Configuration error: HOST_NAME must be set' - exit 1 -fi -if [ "$STANDALONE_CERT" -eq 0 ] && [ "$DNS_CERT" -eq 0 ] && [ "$NO_CERT" -eq 0 ] && [ "$SELFSIGNED_CERT" -eq 0 ]; then - echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,' - echo 'or SELFSIGNED_CERT must be set to 1.' - exit 1 -fi -if [ "$STANDALONE_CERT" -eq 1 ] && [ "$DNS_CERT" -eq 1 ] ; then - echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT' - echo 'may be set to 1.' - exit 1 -fi - -if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then - echo "DNS_PLUGIN must be set to a supported DNS provider." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." - echo "Be sure to omit the prefix of \"tls.dns.\"." - exit 1 -fi -if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_ENV}" ] ; then - echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." - exit 1 -fi - -if [ "$DNS_CERT" -eq 1 ] ; then - DL_FLAGS="tls.dns.${DNS_PLUGIN}" - DNS_SETTING="dns ${DNS_PLUGIN}" -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke -# shellcheck disable=SC2154 -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then - echo "Reinstall of Nextcloud detected... " - echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing" - REINSTALL="true" -fi - - -##### - # -# Fstab And Mounts -# -##### - -# Create and Mount Nextcloud, Config and Files -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/config /usr/local/www/nextcloud/config -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/files /config/files - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec "${JAIL_NAME}" chown -R www:www /config/files -iocage exec "${JAIL_NAME}" chmod -R 770 /config/files - - -##### -# -# Basic dependency install -# -##### - -if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli -elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql -fi - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc redis_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" - - -##### -# -# Install Nextcloud -# -##### - -FILE="latest-18.tar.bz2" -if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc -then - echo "Failed to download Nextcloud" - exit 1 -fi -iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc -if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc -then - echo "GPG Signature Verification Failed!" - echo "The Nextcloud download is corrupt." - exit 1 -fi -iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/ - - -# Generate and install self-signed cert, if necessary -if [ "$SELFSIGNED_CERT" -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then - echo "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem -fi - -# Copy and edit pre-written config files -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ -if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/ -fi -if [ "$NO_CERT" -eq 1 ]; then - echo "Copying Caddyfile for no SSL" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile -elif [ "$SELFSIGNED_CERT" -eq 1 ]; then - echo "Copying Caddyfile for self-signed cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile -else - echo "Copying Caddyfile for Let's Encrypt cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/ -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ - - -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${nextcloud_time_zone}|" /usr/local/etc/php.ini - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - if [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload - fi - - - # Save passwords for later reference - iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - - # CLI installation and configuration of Nextcloud - if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" - elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${HOST_NAME}\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" - if [ "$NO_CERT" -eq 1 ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\"" - else - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' - -fi - -iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' -iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -if [ "$NO_CERT" -eq 1 ]; then - echo "Using your web browser, go to http://${HOST_NAME} to log in" -else - echo "Using your web browser, go to https://${HOST_NAME} to log in" -fi - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - - echo "Default user is admin, password is ${ADMIN_PASSWORD}" - echo "" - - echo "Database Information" - echo "--------------------" - echo "Database user = ${DB_USER}" - echo "Database password = ${DB_PASSWORD}" - echo "" - echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" -fi - -echo "" -if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then - echo "You have obtained your Let's Encrypt certificate using the staging server." - echo "This certificate will not be trusted by your browser and will cause SSL errors" - echo "when you connect. Once you've verified that everything else is working" - echo "correctly, you should issue a trusted certificate. To do this, run:" - echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh" - echo "" -elif [ "$SELFSIGNED_CERT" -eq 1 ]; then - echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" - echo "installation. This certificate will not be trusted by your browser and" - echo "will cause SSL errors when you connect. If you wish to replace this certificate" - echo "with one obtained elsewhere, the private key is located at:" - echo "/config/ssl/privkey.pem" - echo "The full chain (server + intermediate certificates together) is at:" - echo "/config/ssl/fullchain.pem" - echo "" -fi - diff --git a/jails/organizr/config.yml b/jails/organizr/config.yml deleted file mode 100644 index 887c1645..00000000 --- a/jails/organizr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -organizr: organizr - pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/organizr/install.sh b/jails/organizr/install.sh deleted file mode 100755 index 951ff0d8..00000000 --- a/jails/organizr/install.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Organizr - -iocage exec organizr sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini -# shellcheck disable=SC2154 -mv /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak -cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf -cp -Rf "${SCRIPT_DIR}"/jails/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/custom -# shellcheck disable=SC2154 -if [ ! -d "/mnt/${global_dataset_config}/organizr/ssl" ]; then - echo "cert folder doesn't exist... creating..." - iocage exec organizr mkdir /config/ssl -fi - -if [ -f "/mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt" ]; then - echo "certificate exists... Skipping cert generation" -else - echo "No ssl certificate present, generating self signed certificate" - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.crt -fi - -iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php -iocage exec organizr sysrc nginx_enable=YES -iocage exec organizr sysrc php_fpm_enable=YES -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start diff --git a/jails/organizr/update.sh b/jails/organizr/update.sh deleted file mode 100755 index b24f1154..00000000 --- a/jails/organizr/update.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Organizr - -iocage exec organizr service nginx stop -iocage exec organizr service php-fpm stop -# TODO setup cli update for Organizr here. -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf -iocage exec organizr "cd /usr/local/www/Organizr && git pull" -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start \ No newline at end of file diff --git a/jails/plex/config.yml b/jails/plex/config.yml deleted file mode 100644 index 8206391a..00000000 --- a/jails/plex/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -plex: plex - pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/plex/install.sh b/jails/plex/install.sh deleted file mode 100755 index cdeb3803..00000000 --- a/jails/plex/install.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for plex - -iocage exec plex mkdir -p /usr/local/etc/pkg/repos - - -# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf - - -# Check if datasets for media librarys exist, create them if they do not. -# shellcheck disable=SC2154 -createmount plex "${global_dataset_media}" /mnt/media -createmount plex "${global_dataset_media}"/movies /mnt/media/movies -createmount plex "${global_dataset_media}"/music /mnt/media/music -createmount plex "${global_dataset_media}"/shows /mnt/media/shows - -# Create plex ramdisk if specified -# shellcheck disable=SC2154 -if [ -z "${plex_ramdisk}" ]; then - echo "no ramdisk specified for plex, continuing without randisk" -else - iocage fstab -a plex tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 -fi - -iocage exec plex chown -R plex:plex /config - -# Force update pkg to get latest plex version -iocage exec plex pkg update -iocage exec plex pkg upgrade -y - -# Add plex user to video group for future hw-encoding support -iocage exec plex pw groupmod -n video -m plex - -# Run different install procedures depending on Plex vs Plex Beta -# shellcheck disable=SC2154 -if [ "$plex_beta" == "true" ]; then - echo "beta enabled in config.yml... using plex beta for install" - iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES" - iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart -else - echo "beta disabled in config.yml... NOT using plex beta for install" - iocage exec plex sysrc "plexmediaserver_enable=YES" - iocage exec plex sysrc plexmediaserver_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart -fi - -echo "Finished installing plex" \ No newline at end of file diff --git a/jails/radarr/config.yml b/jails/radarr/config.yml deleted file mode 100644 index 789ec723..00000000 --- a/jails/radarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -radarr: radarr - pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/radarr/install.sh b/jails/radarr/install.sh deleted file mode 100755 index d8305480..00000000 --- a/jails/radarr/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for radarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount radarr "${global_dataset_downloads}" -createmount radarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -# shellcheck disable=SC2154 -createmount radarr "${global_dataset_media}" -createmount radarr "${global_dataset_media}"/movies /mnt/movies - -iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" -iocage exec radarr "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" -iocage exec radarr rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -iocage exec radarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr sysrc "radarr_enable=YES" -iocage exec radarr service radarr restart diff --git a/jails/radarr/update.sh b/jails/radarr/update.sh deleted file mode 100755 index b527d0ce..00000000 --- a/jails/radarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for radarr - -iocage exec radarr service radarr stop -#TODO insert code to update radarr itself here -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr service radarr restart \ No newline at end of file diff --git a/jails/sonarr/config.yml b/jails/sonarr/config.yml deleted file mode 100644 index 1197e640..00000000 --- a/jails/sonarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -sonarr: sonarr - pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/sonarr/install.sh b/jails/sonarr/install.sh deleted file mode 100755 index b63614b9..00000000 --- a/jails/sonarr/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for sonarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount sonarr "${global_dataset_downloads}" -createmount sonarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for tv shows exist, create if they do not. -# shellcheck disable=SC2154 -createmount sonarr "${global_dataset_media}" -createmount sonarr "${global_dataset_media}"/shows /mnt/shows - -iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" -iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" -iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz -iocage exec sonarr "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -iocage exec sonarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr sysrc "sonarr_enable=YES" -iocage exec sonarr service sonarr restart diff --git a/jails/sonarr/update.sh b/jails/sonarr/update.sh deleted file mode 100755 index 47f94384..00000000 --- a/jails/sonarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for sonarr - -iocage exec sonarr service sonarr stop -#TODO insert code to update sonarr itself here -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr service sonarr restart \ No newline at end of file diff --git a/jails/tautulli/config.yml b/jails/tautulli/config.yml deleted file mode 100644 index 34256990..00000000 --- a/jails/tautulli/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -tautulli: tautulli - pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/jails/tautulli/install.sh b/jails/tautulli/install.sh deleted file mode 100755 index eee596bb..00000000 --- a/jails/tautulli/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Tautulli - - -iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli -iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli sysrc "tautulli_enable=YES" -iocage exec tautulli sysrc "tautulli_flags=--datadir /config" -iocage exec tautulli service tautulli start \ No newline at end of file diff --git a/jails/tautulli/update.sh b/jails/tautulli/update.sh deleted file mode 100755 index 52c00a18..00000000 --- a/jails/tautulli/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Tautulli - -iocage exec tautulli service tautulli stop -# Tautulli is updated through pkg, this is mostly just a placeholder -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli service tautulli restart \ No newline at end of file diff --git a/jails/transmission/config.yml b/jails/transmission/config.yml deleted file mode 100644 index efec5ece..00000000 --- a/jails/transmission/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -transmission: transmission - pkgs: bash unzip unrar transmission \ No newline at end of file diff --git a/jails/transmission/install.sh b/jails/transmission/install.sh deleted file mode 100755 index 43c298c5..00000000 --- a/jails/transmission/install.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for transmission - -# Check if dataset Downloads dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount transmission "${global_dataset_downloads}" /mnt/downloads - -# Check if dataset Complete Downloads dataset exist, create if they do not. -createmount transmission "${global_dataset_downloads}"/complete /mnt/downloads/complete - -# Check if dataset InComplete Downloads dataset exist, create if they do not. -createmount transmission "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete - - -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission sysrc "transmission_enable=YES" -iocage exec transmission sysrc "transmission_conf_dir=/config" -iocage exec transmission sysrc "transmission_download_dir=/mnt/downloads/complete" -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/jails/transmission/update.sh b/jails/transmission/update.sh deleted file mode 100755 index a0c0e40b..00000000 --- a/jails/transmission/update.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for transmission - -iocage exec transmission service transmission stop -# Transmision is updated during PKG update, this file is mostly just a placeholder -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/jails/unifi/config.yml b/jails/unifi/config.yml deleted file mode 100644 index 3d74c1ae..00000000 --- a/jails/unifi/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -unifi: unifi - pkgs: jq unifi5 \ No newline at end of file diff --git a/jails/unifi/install.sh b/jails/unifi/install.sh deleted file mode 100644 index 7d810792..00000000 --- a/jails/unifi/install.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for unifi-controller & unifi-poller - -# Initialize variables -JAIL_NAME="unifi" -# shellcheck disable=SC2154 -JAIL_IP="${unifi_ip4_addr%/*}" -# shellcheck disable=SC2154 -DB_IP="${influxdb_ip4_addr%/*}" -# shellcheck disable=SC2154 -DB_JAIL="${unifi_db_jail}" -# shellcheck disable=SC2154 -DB_NAME="${unifi_up_db_name:-unifi}" -# shellcheck disable=SC2154 -DB_USER="${unifi_up_db_user}" -# shellcheck disable=SC2154 -DB_PASS="${unifi_up_db_password}" -# shellcheck disable=SC2154 -UP_USER="${unifi_up_user}" -# shellcheck disable=SC2154 -UP_PASS="${unifi_up_password}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/unifi/includes" - -# Enable persistent Unifi Controller data -iocage exec "${JAIL_NAME}" mkdir -p /config/controller/mongodb -iocage exec "${JAIL_NAME}" cp -Rp /usr/local/share/java/unifi /config/controller -iocage exec "${JAIL_NAME}" chown -R mongodb:mongodb /config/controller/mongodb -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/rc/mongod /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/rc/unifi /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" sysrc unifi_enable=YES -iocage exec "${JAIL_NAME}" service unifi start - -# shellcheck disable=SC2154 -if [[ ! "${unifi_unifi_poller}" ]]; then - echo "Installation complete!" - echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." -else - # Check if influxdb container exists, create unifi database if it does, error if it is not. - echo "Checking if the database jail and database exist..." - if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${DB_JAIL}" ]]; then - DB_EXISTING=$(iocage exec "${DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') - if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then - echo "${DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " - else - echo "${DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." - if [[ -z "${DB_USER}" ]] || [[ -z "${DB_PASS}" ]]; then - echo "Database username and password not provided. Cannot create database without credentials. Exiting..." - exit 1 - else - iocage exec "${DB_JAIL}" "curl -XPOST -u ${DB_USER}:${DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" - echo "Database ${DB_NAME} created with username ${DB_USER} with password ${DB_PASS}." - fi - fi - else - echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." - exit 1 - fi - - # Download and install Unifi-Poller - FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") - DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") - iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" - - # Install downloaded Unifi-Poller package, configure and enable - iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${JAIL_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/up.conf.example /mnt/"${global_dataset_config}"/"${JAIL_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/rc/unifi_poller /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/unifi_poller - iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbpass|${DB_PASS}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifipassword|${UP_PASS}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf - - - iocage exec "${JAIL_NAME}" sysrc unifi_poller_enable=YES - iocage exec "${JAIL_NAME}" service unifi_poller start - - echo "Installation complete!" - echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." - echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." - echo "In Grafana, add Unifi-Poller as a data source." -fi From 795eb809afe37de22d98baaede537b9290c09101 Mon Sep 17 00:00:00 2001 From: Matt Coleman Date: Tue, 5 May 2020 08:58:49 -0400 Subject: [PATCH 23/29] Unifi fixes (#99) * fix database creation, set rc script executable * fix lint errors * fix typo --- blueprints/unifi/install.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh index 2ad17799..66e46d16 100755 --- a/blueprints/unifi/install.sh +++ b/blueprints/unifi/install.sh @@ -34,7 +34,7 @@ UP_USER="${!UP_USER:-$1}" UP_PASS="jail_${1}_up_password" INCLUDES_PATH="${SCRIPT_DIR}/blueprints/unifi/includes" -if [ -z "${!DB_PASSWORD}" ]; then +if [ -z "${!DB_PASS}" ]; then echo "up_db_password can't be empty" exit 1 fi @@ -70,7 +70,7 @@ else # Check if influxdb container exists, create unifi database if it does, error if it is not. echo "Checking if the database jail and database exist..." if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then - DB_EXISTING=$(iocage exec "${!DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') + DB_EXISTING=$(iocage exec "${!DB_JAIL}" curl -G http://"${DB_IP}":8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then echo "${!DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " else @@ -79,7 +79,8 @@ else echo "Database username and password not provided. Cannot create database without credentials. Exiting..." exit 1 else - iocage exec "${!DB_JAIL}" "curl -XPOST -u ${DB_USER}:${!DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" + # shellcheck disable=SC2027,2086 + iocage exec "${!DB_JAIL}" "curl -XPOST -u ${DB_USER}:${!DB_PASS} http://"${DB_IP}":8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" echo "Database ${DB_NAME} created with username ${DB_USER} with password ${!DB_PASS}." fi fi @@ -99,6 +100,7 @@ else cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${1}" # shellcheck disable=SC2154 cp "${INCLUDES_PATH}"/rc/unifi_poller.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller + chmod +x /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller iocage exec "${1}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf iocage exec "${1}" sed -i '' "s|influxdbpass|${!DB_PASS}|" /config/up.conf iocage exec "${1}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf From 17714136c9011da07e53b8d1eca8f0a1368fa448 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 5 May 2020 14:57:15 +0200 Subject: [PATCH 24/29] set branch to dev --- jailman.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jailman.sh b/jailman.sh index 7db54514..0e9c6cd1 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="multi_install" +BRANCH="dev" gitupdate ${BRANCH} # If no option is given, point to the help menu From 137a25595d894dfdc4fcf24d113c7bdf7264e0c9 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 5 May 2020 15:05:44 +0200 Subject: [PATCH 25/29] plex typo fix --- blueprints/plex/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/plex/install.sh b/blueprints/plex/install.sh index 54766a03..0ea7fb20 100755 --- a/blueprints/plex/install.sh +++ b/blueprints/plex/install.sh @@ -18,7 +18,7 @@ createmount "$1" "${global_dataset_media}"/shows /mnt/media/shows # Create plex ramdisk if specified # shellcheck disable=SC2154 if [ -z "${plex_ramdisk}" ]; then - echo "no ramdisk specified for plex, continuing without randisk" + echo "no ramdisk specified for plex, continuing without ramdisk" else iocage fstab -a "$1" tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 fi From c26a4bfbc1bf92e6755d60088071dd4140aaba79 Mon Sep 17 00:00:00 2001 From: Matt Coleman Date: Tue, 5 May 2020 09:21:37 -0400 Subject: [PATCH 26/29] fix typo; add influxdb to readme (#100) --- blueprints/influxdb/install.sh | 1 - docs/Readme.md | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/influxdb/install.sh b/blueprints/influxdb/install.sh index be79b3fe..a8744d0c 100755 --- a/blueprints/influxdb/install.sh +++ b/blueprints/influxdb/install.sh @@ -27,6 +27,5 @@ sleep 15 # Done! echo "Installation complete!" -echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." echo "" diff --git a/docs/Readme.md b/docs/Readme.md index 5ebff60c..69d78a28 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -76,6 +76,7 @@ Basic means: The same setup as a FreeNAS plugin would've, DHCP on bridge0. #### Backend - mariadb +- influxdb #### Downloads From 36e2df80de83cabfdb96ed2cba9c2cd6c623b353 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Fri, 8 May 2020 00:26:20 +0200 Subject: [PATCH 27/29] Add update to readme --- docs/Readme.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/Readme.md b/docs/Readme.md index 69d78a28..ca567794 100644 --- a/docs/Readme.md +++ b/docs/Readme.md @@ -48,6 +48,11 @@ Example: Example: `./jailman.sh -r sonarr` +- Update: +`./jailman.sh -u $jailname` +Example: +`./jailman.sh -u sonarr` + - Destroy `./jailman.sh -d $jailname` Example: From f6766b3fa287d0ef5097b6cb8b9f1afc3611e4b3 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Fri, 8 May 2020 00:26:51 +0200 Subject: [PATCH 28/29] Fix bitwarden indent --- config.yml.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yml.example b/config.yml.example index 6dbc916e..89ad6c10 100644 --- a/config.yml.example +++ b/config.yml.example @@ -86,7 +86,7 @@ jail: blueprint: bitwarden ip4_addr: 192.168.1.97/24 gateway: 192.168.1.1 - db_jail: "mariadb" + db_jail: "mariadb" db_password: "YourDBPasswordHerePLEASE" admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" From 9b4bedfa48199d2dc1b2d05640284415a28ae061 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Sun, 17 May 2020 14:00:36 +0200 Subject: [PATCH 29/29] Add migration documentation --- docs/migration/v1.1.x to v1.2.x.md | 61 ++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 docs/migration/v1.1.x to v1.2.x.md diff --git a/docs/migration/v1.1.x to v1.2.x.md b/docs/migration/v1.1.x to v1.2.x.md new file mode 100644 index 00000000..e8e9947c --- /dev/null +++ b/docs/migration/v1.1.x to v1.2.x.md @@ -0,0 +1,61 @@ +## v1.1.x to v1.2.x + +With v1.2 we made it possible to run multiple jails of the same type. +This is done by seperating jails (your individual installs) from blueprints (our designs). + +Due to this change, the config file has been changed and thus you need to adapt your config file. + + +### Jails + +All your jails need to be indented by 2 spaces under a main group "jails" like this: + +` +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false +` + +Also note: +Where previously we used `plex: plex`, we can now just use `plex:` + +### Blueprints + +Every jail now requires a blueprint to be defined. for example: +v1.1.x +` + +plex: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + plexpass: false +` + +In v1.2.x becomes: +` +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false +` + +### Plex + +Due to community feedback in v1.2.x "plexpass" has been renamed to "beta". + +### pkgs + +pkgs are removed from jail config in v1.2.x and are now part of the blueprint. This way we can keep them up-to-date for you. + +### Documentation + +All jails now have wiki documentation pages and all basic jail values have been documented + +### Other changes + +Some other minor changes in config file values have been done, please refer to the example document and compare your config to the example \ No newline at end of file