From 0b43d76338d376ce4e0b6d7000f3008ab5f195ac Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Fri, 22 May 2020 19:15:36 +0200 Subject: [PATCH 01/25] reset to dev branch --- jailman.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/jailman.sh b/jailman.sh index f9b570ed..b797aa42 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,6 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="upstream/master" gitupdate ${BRANCH} # If no option is given, point to the help menu From 9348c3a968299c624f5d7828aaabd8d878eb74c4 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Mon, 25 May 2020 23:46:07 +0200 Subject: [PATCH 02/25] add code owners (#123) --- docs/CODEOWNERS | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/CODEOWNERS diff --git a/docs/CODEOWNERS b/docs/CODEOWNERS new file mode 100644 index 00000000..c762adab --- /dev/null +++ b/docs/CODEOWNERS @@ -0,0 +1,9 @@ +# Default code owner +* @ornias1993 + +# code owner for the docs. +/docs/ @ornias1993 + +# Code owners for individual blueprints +/blueprints/influxdb/ @colemamd +/blueprints/unifi/ @colemamd \ No newline at end of file From b82a02e3592aee053499014116b1b1745b57b529 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Mon, 25 May 2020 23:47:04 +0200 Subject: [PATCH 03/25] globaly disable shellcheck SC2154 because it isn't compatible with this repo. (#126) --- .shellcheckrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.shellcheckrc b/.shellcheckrc index d5a471e7..e70c8981 100644 --- a/.shellcheckrc +++ b/.shellcheckrc @@ -1 +1 @@ -disable=SC2034 +disable=SC2034,SC2154 From cdd5127ce61035704b12ef97678cbfbb60cbba0d Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 01:10:19 +0200 Subject: [PATCH 04/25] fix accidentel removed update function and set to dev --- jailman.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jailman.sh b/jailman.sh index b797aa42..feb5ed11 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,8 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -gitupdate ${BRANCH} +BRANCH="upstream/dev" +gitupdate "${BRANCH}" # If no option is given, point to the help menu if [ $# -eq 0 ] From 80c058070793a12629d19814c195cb812c9653ac Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 01:28:43 +0200 Subject: [PATCH 05/25] set right repo --- jailman.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jailman.sh b/jailman.sh index feb5ed11..e68a013a 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="upstream/dev" +BRANCH="upstream/minor-dev" gitupdate "${BRANCH}" # If no option is given, point to the help menu From c35208061c8b991fbd55064f55b5d934bd4316bf Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 26 May 2020 15:20:44 +0200 Subject: [PATCH 06/25] Make auto-update git aware (#133) * Make auto-update git aware Fixes #106 * Some slight tweaking and bug-fixing --- global.sh | 34 +++++++++++++++++++++------------- jailman.sh | 3 +-- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/global.sh b/global.sh index 37a1d607..1276b098 100755 --- a/global.sh +++ b/global.sh @@ -24,21 +24,29 @@ parse_yaml() { # automatic update function gitupdate() { -git remote add upstream https://github.com/jailmanager/jailman.git > /dev/null 2>&1 -echo "checking for updates using Branch: $1" -git fetch upstream > /dev/null 2>&1 -git update-index -q --refresh > /dev/null 2>&1 -CHANGED=$(git diff --name-only "$1") -if [ -n "$CHANGED" ]; +if [ "$(git config --get remote.origin.url)" = "https://github.com/Ornias1993/jailman" ] then - echo "script requires update" - git reset --hard > /dev/null 2>&1 - git checkout "${1}" > /dev/null 2>&1 - git pull > /dev/null 2>&1 - echo "script updated, please restart the script manually" - exit 1 + echo "The repository has been moved, please reinstall using the new repository: jailmanager/jailman" + exit 1 +fi +if [ "$1" = "" ] || [ "$1" = "HEAD" ]; +then + echo "Detatched or invalid GIT HEAD detected, please reinstall" else - echo "script up-to-date" + echo "checking for updates using Branch: $1" + git fetch > /dev/null 2>&1 + git update-index -q --refresh > /dev/null 2>&1 + CHANGED=$(git diff --name-only "$1") + if [ -n "$CHANGED" ]; + then + echo "script requires update" + git reset --hard > /dev/null 2>&1 + git pull > /dev/null 2>&1 + echo "script updated, please restart the script manually" + exit 1 + else + echo "script up-to-date" + fi fi } diff --git a/jailman.sh b/jailman.sh index e68a013a..1841bd53 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,8 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="upstream/minor-dev" -gitupdate "${BRANCH}" +gitupdate $(git for-each-ref --format='%(upstream:short)' "$(git symbolic-ref -q HEAD)") || exit 1 # If no option is given, point to the help menu if [ $# -eq 0 ] From 67318354ebd4fe426ad9e7239fbf2c9bcc9138ad Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 01:07:23 +0200 Subject: [PATCH 07/25] Correct datavase typo --- blueprints/bitwarden/update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/bitwarden/update.sh b/blueprints/bitwarden/update.sh index a2775815..b46e4a6e 100755 --- a/blueprints/bitwarden/update.sh +++ b/blueprints/bitwarden/update.sh @@ -7,7 +7,7 @@ JAIL_IP="jail_${1}_ip4_addr" JAIL_IP="${!JAIL_IP%/*}" HOST_NAME="jail_${1}_host_name" -DB_DATABASE="jail_${1}_db_datavase" +DB_DATABASE="jail_${1}_db_database" DB_USER="jail_${1}_db_user" # shellcheck disable=SC2154 INSTALL_TYPE="jail_${1}_type" From a23c4840e2b25d3c33393638079d730100ff2169 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 26 May 2020 16:11:18 +0200 Subject: [PATCH 08/25] Update shellcheck.yml --- .github/workflows/shellcheck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index e5d12b6f..d4e3bd5b 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -8,6 +8,7 @@ on: branches: - master - dev + - minor-dev jobs: Shellcheck: From e8acdbc16f9539c0afa2165618cb986a2028e521 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 26 May 2020 16:11:37 +0200 Subject: [PATCH 09/25] Update filecheck.yml --- .github/workflows/filecheck.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/filecheck.yml b/.github/workflows/filecheck.yml index 59cba21b..e3efcef8 100644 --- a/.github/workflows/filecheck.yml +++ b/.github/workflows/filecheck.yml @@ -4,6 +4,7 @@ on: branches: - master - dev + - minor-dev jobs: build: From f434cd612532b2be253a3d9e83fd3e4a6035355d Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 14:27:11 +0200 Subject: [PATCH 10/25] Don't try to update unifi poller if it isn't installed Fixes #111 --- blueprints/unifi/update.sh | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/blueprints/unifi/update.sh b/blueprints/unifi/update.sh index a585afab..f40a1b24 100755 --- a/blueprints/unifi/update.sh +++ b/blueprints/unifi/update.sh @@ -2,20 +2,25 @@ # This file contains the update script for unifi # Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller -FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") -DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") - -# Check to see if there is an update. -# shellcheck disable=SC2154 -if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then - echo "Unifi-Poller is up to date." - exit 1 +if [[ ! "${!POLLER}" ]]; then + echo "Skipping Unifi Poller for update, not installed" else - # Download and install the package - iocage exec "${1}" fetch -o /config "${DOWNLOAD}" - iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" - iocage exec "${1}" service unifi restart - iocage exec "${1}" service unifi_poller restart + + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + + # Check to see if there is an update. + # shellcheck disable=SC2154 + if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then + echo "Unifi-Poller is up to date." + exit 1 + else + # Download and install the package + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + + iocage exec "${1}" service unifi_poller restart + fi fi - -echo "Update complete!" +iocage exec "${1}" service unifi restart +echo "Update complete!" \ No newline at end of file From 7de49f42975b8a6377188b8519566a3eba85bd4a Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 26 May 2020 17:40:55 +0200 Subject: [PATCH 11/25] Make sure mariadb could save persistant (#135) * Make sure mariadb could save persistant Fixes #134 * Trigger checks --- blueprints/mariadb/install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/blueprints/mariadb/install.sh b/blueprints/mariadb/install.sh index e94678b0..d7d52499 100755 --- a/blueprints/mariadb/install.sh +++ b/blueprints/mariadb/install.sh @@ -35,6 +35,8 @@ if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then fi # Mount database dataset and set zfs preferences +iocage exec "${1}" service mysql-server stop +iocage exec "${1}" rm -Rf /var/db/mysql createmount "${1}" "${global_dataset_config}"/"${1}"/db /var/db/mysql zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db From 8cb1af316eb38069fcc36d9556371a1f29615d10 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 00:16:44 +0200 Subject: [PATCH 12/25] Update All The Blueprints (and remove unneeded pkgs) - add some missing nextcloud dependencies - Move the ports installs to pkg - Remove/Disable ports - update organizr php - update mariadb and phpmyadmin - update Lidarr - Update Jackett - Remove possibly useless dependancies --- blueprints/bitwarden/config.yml | 2 +- blueprints/jackett/install.sh | 2 +- blueprints/lidarr/install.sh | 6 +++--- blueprints/mariadb/config.yml | 2 +- blueprints/nextcloud/config.yml | 3 +-- blueprints/nextcloud/install.sh | 2 -- blueprints/organizr/config.yml | 2 +- blueprints/transmission/update.sh | 1 + 8 files changed, 9 insertions(+), 11 deletions(-) diff --git a/blueprints/bitwarden/config.yml b/blueprints/bitwarden/config.yml index c79bd93c..b0a293d7 100644 --- a/blueprints/bitwarden/config.yml +++ b/blueprints/bitwarden/config.yml @@ -1,3 +1,3 @@ blueprint: bitwarden: - pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file + pkgs: git sudo bash node npm mariadb104-client \ No newline at end of file diff --git a/blueprints/jackett/install.sh b/blueprints/jackett/install.sh index d5e4ede7..51f22fc5 100755 --- a/blueprints/jackett/install.sh +++ b/blueprints/jackett/install.sh @@ -1,7 +1,7 @@ #!/usr/local/bin/bash # This file contains the install script for jackett -iocage exec "$1" "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" +iocage exec "$1" "fetch https://github.com/Jackett/Jackett/releases/download/v0.16.546/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" iocage exec "$1" "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" iocage exec "$1" rm /usr/local/share/Jackett.Binaries.Mono.tar.gz iocage exec "$1" "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" diff --git a/blueprints/lidarr/install.sh b/blueprints/lidarr/install.sh index 119f9ebc..ef8b0d54 100755 --- a/blueprints/lidarr/install.sh +++ b/blueprints/lidarr/install.sh @@ -12,9 +12,9 @@ createmount "$1" "${global_dataset_media}" createmount "$1" "${global_dataset_media}"/music /mnt/music -iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" -iocage exec "$1" "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" -iocage exec "$1" "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" +iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.7.1.1381/Lidarr.master.0.7.1.1381.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf Lidarr.master.0.7.1.1381.linux.tar.gz -C /usr/local/share" +iocage exec "$1" "rm /usr/local/share/Lidarr.master.0.7.1.1381.linux.tar.gz" iocage exec "$1" "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/Lidarr /config iocage exec "$1" mkdir /usr/local/etc/rc.d diff --git a/blueprints/mariadb/config.yml b/blueprints/mariadb/config.yml index 05feae35..403cb8a9 100644 --- a/blueprints/mariadb/config.yml +++ b/blueprints/mariadb/config.yml @@ -1,3 +1,3 @@ blueprint: mariadb: - pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 + pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74 diff --git a/blueprints/nextcloud/config.yml b/blueprints/nextcloud/config.yml index 0f8e0193..edbf9d25 100644 --- a/blueprints/nextcloud/config.yml +++ b/blueprints/nextcloud/config.yml @@ -1,4 +1,3 @@ blueprint: nextcloud: - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf - ports: true \ No newline at end of file + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf php73-opcache php73-pcntl php73-bcmath php73-pecl-APCu \ No newline at end of file diff --git a/blueprints/nextcloud/install.sh b/blueprints/nextcloud/install.sh index 79f56f3f..d704d839 100755 --- a/blueprints/nextcloud/install.sh +++ b/blueprints/nextcloud/install.sh @@ -142,8 +142,6 @@ fi iocage exec "${1}" sysrc redis_enable="YES" iocage exec "${1}" sysrc php_fpm_enable="YES" -iocage exec "${1}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" -iocage exec "${1}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" ##### diff --git a/blueprints/organizr/config.yml b/blueprints/organizr/config.yml index a06f8e48..a952ad5c 100644 --- a/blueprints/organizr/config.yml +++ b/blueprints/organizr/config.yml @@ -1,3 +1,3 @@ blueprint: organizr: - pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file + pkgs: nginx php74 php74-filter php74-curl php74-hash php74-json php74-openssl php74-pdo php74-pdo_sqlite php74-session php74-simplexml php74-sqlite3 php74-zip git \ No newline at end of file diff --git a/blueprints/transmission/update.sh b/blueprints/transmission/update.sh index 6c3d216e..8b0ec710 100755 --- a/blueprints/transmission/update.sh +++ b/blueprints/transmission/update.sh @@ -2,6 +2,7 @@ # This file contains the update script for transmission iocage exec "$1" service transmission stop + # Transmision is updated during PKG update, this file is mostly just a placeholder iocage exec "$1" chown -R transmission:transmission /config iocage exec "$1" service transmission restart \ No newline at end of file From 1dd70ad50804b903ca3f404a98ade1f1351cdf47 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 26 May 2020 14:20:49 +0200 Subject: [PATCH 13/25] exit on dataset creation/mount errors Fixes #107 (and other issues) --- global.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/global.sh b/global.sh index 1276b098..f826d2ef 100755 --- a/global.sh +++ b/global.sh @@ -95,13 +95,13 @@ fi rm /tmp/pkg.json echo "creating jail config directory" # shellcheck disable=SC2154 -createmount "${1}" "${global_dataset_config}" -createmount "${1}" "${global_dataset_config}"/"${1}" /config +createmount "${1}" "${global_dataset_config}" || exit 1 +createmount "${1}" "${global_dataset_config}"/"${1}" /config || exit 1 # Create and Mount portsnap -createmount "${1}" "${global_dataset_config}"/portsnap -createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap -createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports +createmount "${1}" "${global_dataset_config}"/portsnap || exit 1 +createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap || exit 1 +createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports || exit 1 if [ "${!blueprintports}" == "true" ] then echo "Mounting and fetching ports" @@ -125,7 +125,7 @@ createmount() { else if [ ! -d "/mnt/$2" ]; then echo "Dataset does not exist... Creating... $2" - zfs create "${2}" + zfs create "${2}" || exit 1 else echo "Dataset already exists, skipping creation of $2" fi @@ -133,9 +133,9 @@ createmount() { if [ -n "$1" ] && [ -n "$3" ]; then iocage exec "${1}" mkdir -p "${3}" if [ -n "${4}" ]; then - iocage fstab -a "${1}" /mnt/"${2}" "${3}" "${4}" + iocage fstab -a "${1}" /mnt/"${2}" "${3}" "${4}" || exit 1 else - iocage fstab -a "${1}" /mnt/"${2}" "${3}" nullfs rw 0 0 + iocage fstab -a "${1}" /mnt/"${2}" "${3}" nullfs rw 0 0 || exit 1 fi else echo "No Jail Name or Mount target specified, not mounting dataset" From 558e3be0c8deed2554f2de1968112dc408b37406 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Thu, 28 May 2020 15:01:21 +0200 Subject: [PATCH 14/25] Redo all the templates and remove the old once --- .github/ISSUE_TEMPLATE/bug_report.md | 27 ++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 20 +++++++++ .github/PULL_REQUEST_TEMPLATE/bug_fix.md | 40 ++++++++++++++++++ .../general_improvement.md | 40 ++++++++++++++++++ .../PULL_REQUEST_TEMPLATE/new_blueprint.md | 41 +++++++++++++++++++ docs/ISSUE_TEMPLATE.md | 13 ------ docs/PULL_REQUEST_TEMPLATE.md | 16 -------- 7 files changed, 168 insertions(+), 29 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/bug_fix.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/general_improvement.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/new_blueprint.md delete mode 100644 docs/ISSUE_TEMPLATE.md delete mode 100644 docs/PULL_REQUEST_TEMPLATE.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..71a89b41 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,27 @@ +--- +name: Bug report +about: Create a report to help us improve JailMan +title: '' +labels: bug +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 00000000..e74cb57f --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,20 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: Feature +assignees: '' + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/PULL_REQUEST_TEMPLATE/bug_fix.md b/.github/PULL_REQUEST_TEMPLATE/bug_fix.md new file mode 100644 index 00000000..d9c6fc45 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/bug_fix.md @@ -0,0 +1,40 @@ +--- +name: Bug Fix +about: Submit a fix to help us improve JailMan +title: '' +labels: bug +assignees: '' + +--- + +**Description** + +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +**Type of change** + +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Refactor of current code +- [ ] This change requires additional documentation update + +**How Has This Been Tested?** + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + +**Notes:** +_Please enter any other relevant information here_ + +**Checklist:** + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests to this description that prove my fix is effective or that my feature works +- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE/general_improvement.md b/.github/PULL_REQUEST_TEMPLATE/general_improvement.md new file mode 100644 index 00000000..e2af3b8e --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/general_improvement.md @@ -0,0 +1,40 @@ +--- +name: General Improvement +about: Submit a fix to help us improve JailMan +title: '' +labels: enhancement +assignees: '' + +--- + +**Description** + +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +**Type of change** + +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Refactor of current code +- [ ] This change requires additional documentation update + +**How Has This Been Tested?** + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + +**Notes:** +_Please enter any other relevant information here_ + +**Checklist:** + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests to this description that prove my fix is effective or that my feature works +- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) \ No newline at end of file diff --git a/.github/PULL_REQUEST_TEMPLATE/new_blueprint.md b/.github/PULL_REQUEST_TEMPLATE/new_blueprint.md new file mode 100644 index 00000000..1c264ab0 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/new_blueprint.md @@ -0,0 +1,41 @@ +--- +name: New Blueprint +about: Submit a new blueprint to help us expand JailMan +title: '' +labels: feature +assignees: '' + +--- + +**Description** + +Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. + +Fixes # (issue) + +**Type of change** + +- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected) +- [ ] Refactor of current code +- [ ] This change requires additional documentation update + +**How Has This Been Tested?** + +Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration + +- [ ] Test A +- [ ] Test B + +**Notes:** +_Please enter any other relevant information here_ + +**Checklist:** + +- [ ] My code follows the style guidelines of this project +- [ ] I have performed a self-review of my own code +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have made corresponding changes to the documentation +- [ ] My changes generate no new warnings +- [ ] I have added tests to this description that prove my fix is effective or that my feature works +- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) +- [ ] I've added myself as a codeowner for the new blueprint in /docs/CODEOWNERS \ No newline at end of file diff --git a/docs/ISSUE_TEMPLATE.md b/docs/ISSUE_TEMPLATE.md deleted file mode 100644 index 89fb703e..00000000 --- a/docs/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,13 +0,0 @@ -# Issue Template - -## Description - -### Detailed Bug Report -It helps if you include any relevant code / config (for describing how new features should work), images, gifs, or youtube videos! - -### Steps to Reproduce -Please enter the steps to reproduce the bug or behaviour: - -1. -2. -3. \ No newline at end of file diff --git a/docs/PULL_REQUEST_TEMPLATE.md b/docs/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index ed2f76f0..00000000 --- a/docs/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,16 +0,0 @@ -# Pull Request Template - -### Purpose -_Describe the problem the PR fixes or the feature it introduces_
-_Don't forget to use "Fixes #issuenumber" to select issues and auto close them on merge_ - -### Notes: -_Please enter any other relevant information here_ - -### Please make sure you have followed the self checks below before submitting a PR: - -- [ ] Code is sufficiently commented -- [ ] Code is indented with tabs and not spaces -- [ ] The PR does not bring up any new errors -- [ ] The PR has been tested -- [ ] Any new files are named using lowercase (to avoid issues on case sensitive file systems) From 2e4ec58b7e4cf83ae58dbd7a078099289965fd22 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sun, 31 May 2020 22:32:44 +0200 Subject: [PATCH 15/25] Create SECURITY.md --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..31acc6da --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 1.2.x | :white_check_mark: | +| 1.1.x | :x: | +| 1.0.x | :x: | + +## Reporting a Vulnerability + +If you find any security issue, please email the project maintainer. + +Currently the Project Maintainer is: +[Ornias1993](https://github.com/Ornias1993) + From 9d074232921c582fbe4969ac0fda7f38a2cec870 Mon Sep 17 00:00:00 2001 From: colemamd Date: Fri, 12 Jun 2020 10:51:08 -0400 Subject: [PATCH 16/25] Fix Unifi DB creation in InfluxDB --- blueprints/unifi/install.sh | 8 ++++---- blueprints/unifi/update.sh | 41 ++++++++++++++++++++----------------- 2 files changed, 26 insertions(+), 23 deletions(-) diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh index 66e46d16..e1c90466 100755 --- a/blueprints/unifi/install.sh +++ b/blueprints/unifi/install.sh @@ -63,10 +63,7 @@ iocage exec "${1}" sysrc unifi_enable=YES iocage exec "${1}" service unifi start # shellcheck disable=SC2154 -if [[ ! "${!POLLER}" ]]; then - echo "Installation complete!" - echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." -else +if [ "${!POLLER}" = true ]; then # Check if influxdb container exists, create unifi database if it does, error if it is not. echo "Checking if the database jail and database exist..." if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then @@ -116,4 +113,7 @@ else echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." echo "In Grafana, add Unifi-Poller as a data source." +else + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." fi diff --git a/blueprints/unifi/update.sh b/blueprints/unifi/update.sh index f40a1b24..5577ceb6 100755 --- a/blueprints/unifi/update.sh +++ b/blueprints/unifi/update.sh @@ -2,25 +2,28 @@ # This file contains the update script for unifi # Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller -if [[ ! "${!POLLER}" ]]; then - echo "Skipping Unifi Poller for update, not installed" +POLLER="jail_${1}_unifi_poller" + +# shellcheck disable=SC2154 +if [ "${!POLLER}" = true ]; then + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + + # Check to see if there is an update. + # shellcheck disable=SC2154 + if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then + echo "Unifi-Poller is up to date." + exit 1 + else + # Download and install the package + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + + iocage exec "${1}" service unifi_poller restart + fi else - - FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") - DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") - - # Check to see if there is an update. - # shellcheck disable=SC2154 - if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then - echo "Unifi-Poller is up to date." - exit 1 - else - # Download and install the package - iocage exec "${1}" fetch -o /config "${DOWNLOAD}" - iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" - - iocage exec "${1}" service unifi_poller restart - fi + echo "Skipping Unifi Poller for update, not installed" fi + iocage exec "${1}" service unifi restart -echo "Update complete!" \ No newline at end of file +echo "Update complete!" From 7bd99e2d39cc05943b8f67f85364b1d1a8a803fa Mon Sep 17 00:00:00 2001 From: colemamd Date: Thu, 18 Jun 2020 19:18:40 -0400 Subject: [PATCH 17/25] fix update cmd in jailman.sh --- jailman.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jailman.sh b/jailman.sh index 1841bd53..f89a7dca 100755 --- a/jailman.sh +++ b/jailman.sh @@ -196,7 +196,7 @@ else then echo "Updating $jail" iocage update "${jail}" - iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${!blueprint}"/update.sh + iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/update.sh "${jail}" iocage restart "${jail}" iocage start "${jail}" else From f01f321cfe3c323a9ab3a805ef0c3e3046b65ab5 Mon Sep 17 00:00:00 2001 From: colemamd Date: Thu, 18 Jun 2020 19:19:23 -0400 Subject: [PATCH 18/25] use string comparison --- blueprints/unifi/install.sh | 2 +- blueprints/unifi/update.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh index e1c90466..e51f13ae 100755 --- a/blueprints/unifi/install.sh +++ b/blueprints/unifi/install.sh @@ -63,7 +63,7 @@ iocage exec "${1}" sysrc unifi_enable=YES iocage exec "${1}" service unifi start # shellcheck disable=SC2154 -if [ "${!POLLER}" = true ]; then +if [ "${!POLLER}" == true ]; then # Check if influxdb container exists, create unifi database if it does, error if it is not. echo "Checking if the database jail and database exist..." if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then diff --git a/blueprints/unifi/update.sh b/blueprints/unifi/update.sh index 5577ceb6..424a7863 100755 --- a/blueprints/unifi/update.sh +++ b/blueprints/unifi/update.sh @@ -5,7 +5,7 @@ POLLER="jail_${1}_unifi_poller" # shellcheck disable=SC2154 -if [ "${!POLLER}" = true ]; then +if [ "${!POLLER}" == true ]; then FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") From d5f703e4b9c82ebda6d19ae66f7a8e6cb0a0e1b5 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sun, 12 Jul 2020 19:27:01 +0200 Subject: [PATCH 19/25] Additional MariaDB and PHPMyAdmin fixes --- blueprints/mariadb/includes/config.inc.php | 156 +++++++++++++++++++++ blueprints/mariadb/includes/my-system.cnf | 16 --- blueprints/mariadb/includes/my.cnf | 24 +++- blueprints/mariadb/install.sh | 28 ++-- 4 files changed, 195 insertions(+), 29 deletions(-) create mode 100644 blueprints/mariadb/includes/config.inc.php delete mode 100644 blueprints/mariadb/includes/my-system.cnf diff --git a/blueprints/mariadb/includes/config.inc.php b/blueprints/mariadb/includes/config.inc.php new file mode 100644 index 00000000..817f0f49 --- /dev/null +++ b/blueprints/mariadb/includes/config.inc.php @@ -0,0 +1,156 @@ +. + * + * @package PhpMyAdmin + */ +declare(strict_types=1); + +/** + * This is needed for cookie based authentication to encrypt password in + * cookie. Needs to be 32 chars long. + */ +$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ + +/** + * Servers configuration + */ +$i = 0; + +/** + * First server + */ +$i++; +/* Authentication type */ +/*$cfg['Servers'][$i]['auth_type'] = 'cookie';*/ +/* Server parameters */ +$cfg['Servers'][$i]['host'] = 'localhost'; +$cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['AllowNoPassword'] = false; +$cfg['Servers'][$i]['socket'] = '/config/mysql.sock'; +$cfg['Servers'][$i]['connect_type'] = 'socket'; +/** + * phpMyAdmin configuration storage settings. + */ + +/* User used to manipulate with storage */ +// $cfg['Servers'][$i]['controlhost'] = ''; +// $cfg['Servers'][$i]['controlport'] = ''; +// $cfg['Servers'][$i]['controluser'] = 'pma'; +// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; + +/* Storage database and tables */ +// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +// $cfg['Servers'][$i]['relation'] = 'pma__relation'; +// $cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +// $cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +// $cfg['Servers'][$i]['history'] = 'pma__history'; +// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +// $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +// $cfg['Servers'][$i]['recent'] = 'pma__recent'; +// $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +// $cfg['Servers'][$i]['users'] = 'pma__users'; +// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; + +/** + * End of servers configuration + */ + +/** + * Directories for saving/loading files from server + */ +$cfg['UploadDir'] = ''; +$cfg['SaveDir'] = ''; + +/** + * Whether to display icons or text or both icons and text in table row + * action segment. Value can be either of 'icons', 'text' or 'both'. + * default = 'both' + */ +//$cfg['RowActionType'] = 'icons'; + +/** + * Defines whether a user should be displayed a "show all (records)" + * button in browse mode or not. + * default = false + */ +//$cfg['ShowAll'] = true; + +/** + * Number of rows displayed when browsing a result set. If the result + * set contains more rows, "Previous" and "Next". + * Possible values: 25, 50, 100, 250, 500 + * default = 25 + */ +//$cfg['MaxRows'] = 50; + +/** + * Disallow editing of binary fields + * valid values are: + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'noblob' disallow editing except for BLOB fields + * 'all' disallow editing + * default = 'blob' + */ +//$cfg['ProtectBinary'] = false; + +/** + * Default language to use, if not browser-defined or user-defined + * (you find all languages in the locale folder) + * uncomment the desired line: + * default = 'en' + */ +//$cfg['DefaultLang'] = 'en'; +//$cfg['DefaultLang'] = 'de'; + +/** + * How many columns should be used for table display of a database? + * (a value larger than 1 results in some information being hidden) + * default = 1 + */ +//$cfg['PropertiesNumColumns'] = 2; + +/** + * Set to true if you want DB-based query history.If false, this utilizes + * JS-routines to display query history (lost by window close) + * + * This requires configuration storage enabled, see above. + * default = false + */ +//$cfg['QueryHistoryDB'] = true; + +/** + * When using DB-based query history, how many entries should be kept? + * default = 25 + */ +//$cfg['QueryHistoryMax'] = 100; + +/** + * Whether or not to query the user before sending the error report to + * the phpMyAdmin team when a JavaScript error occurs + * + * Available options + * ('ask' | 'always' | 'never') + * default = 'ask' + */ +//$cfg['SendErrorReports'] = 'always'; + +/** + * You can find more configuration options in the documentation + * in the doc/ folder or at . + */ diff --git a/blueprints/mariadb/includes/my-system.cnf b/blueprints/mariadb/includes/my-system.cnf deleted file mode 100644 index b7eca26d..00000000 --- a/blueprints/mariadb/includes/my-system.cnf +++ /dev/null @@ -1,16 +0,0 @@ -[mysqld] -innodb_file_per_table=1 -transaction_isolation = READ-COMMITTED -binlog_format = ROW - -symbolic-links=0 -innodb_doublewrite = 0 -innodb_checksum_algorithm = none -innodb_file_per_table=1 - -innodb_buffer_pool_size = 1G -innodb_log_buffer_size = 8M -innodb_open_files = 400 -innodb_io_capacity = 400 -innodb_flush_method = O_DIRECT -innodb_io_capacity = 4000 diff --git a/blueprints/mariadb/includes/my.cnf b/blueprints/mariadb/includes/my.cnf index 77b7660a..9545f512 100644 --- a/blueprints/mariadb/includes/my.cnf +++ b/blueprints/mariadb/includes/my.cnf @@ -1,3 +1,25 @@ -# MySQL client config file +# MySQL config file +[mysqld] +datadir=/config/db +socket=/config/mysql.sock +log_error=/config/mysql.err +innodb_file_per_table=1 +transaction_isolation = READ-COMMITTED +binlog_format = ROW + +symbolic-links=0 +innodb_doublewrite = 0 +innodb_checksum_algorithm = none +innodb_file_per_table=1 + +innodb_buffer_pool_size = 1G +innodb_log_buffer_size = 8M +innodb_open_files = 400 +innodb_io_capacity = 400 +innodb_flush_method = O_DIRECT +innodb_io_capacity = 4000 + [client] password=mypassword +port=3306 +socket=/config/mysql.sock diff --git a/blueprints/mariadb/install.sh b/blueprints/mariadb/install.sh index d7d52499..397829a3 100755 --- a/blueprints/mariadb/install.sh +++ b/blueprints/mariadb/install.sh @@ -35,24 +35,33 @@ if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then fi # Mount database dataset and set zfs preferences -iocage exec "${1}" service mysql-server stop -iocage exec "${1}" rm -Rf /var/db/mysql -createmount "${1}" "${global_dataset_config}"/"${1}"/db /var/db/mysql +iocage exec "${1}" rm -Rf /usr/local/etc/mysql/my.cnf +createmount "${1}" "${global_dataset_config}"/"${1}"/db /config/db zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db -iocage exec "${1}" chown -R 88:88 /var/db/mysql +iocage exec "${1}" "pw groupadd -n mysql -g 88" +iocage exec "${1}" "pw useradd -n mysql -u 88 -d /nonexistent -s /usr/sbin/nologin -g mysql" + +iocage exec "${1}" chown -R mysql:mysql /config + +iocage exec "${1}" sysrc mysql_optfile=/config/my.cnf +iocage exec "${1}" sysrc mysql_dbdir=/config/db +iocage exec "${1}" sysrc mysql_pidfile=/config/mysql.pid +iocage exec "${1}" sysrc mysql_enable="YES" # Install includes fstab iocage exec "${1}" mkdir -p /mnt/includes iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 -iocage exec "${1}" mkdir -p /usr/local/www/phpmyadmin -iocage exec "${1}" chown -R www:www /usr/local/www/phpmyadmin +iocage exec "${1}" cp -f /mnt/includes/my.cnf /config/my.cnf +iocage exec "${1}" cp -f /mnt/includes/config.inc.php /usr/local/www/phpMyAdmin/config.inc.php +iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /config/my.cnf +iocage exec "${1}" ln -s /config/my.cnf /usr/local/etc/mysql/my.cnf ##### # -# Install mariadb, Caddy and PhpMyAdmin +# Install Caddy and PhpMyAdmin # ##### @@ -63,8 +72,6 @@ then exit 1 fi -iocage exec "${1}" sysrc mysql_enable="YES" - # Copy and edit pre-written config files echo "Copying Caddyfile for no SSL" iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy @@ -86,7 +93,6 @@ if [ "${REINSTALL}" == "true" ]; then else # Secure database, set root password, create Nextcloud DB, user, and password - iocage exec "${1}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" iocage exec "${1}" mysql -u root -e "DROP DATABASE IF EXISTS test;" @@ -94,8 +100,6 @@ else iocage exec "${1}" mysqladmin --user=root password "${!DB_ROOT_PASSWORD}" iocage exec "${1}" mysqladmin reload fi -iocage exec "${1}" cp -f /mnt/includes/my.cnf /root/.my.cnf -iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /root/.my.cnf # Save passwords for later reference iocage exec "${1}" echo "MariaDB root password is ${!DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt From e89c4440e5654255361a3d7d25b0b75cb632b5b1 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Mon, 13 Jul 2020 01:10:02 +0200 Subject: [PATCH 20/25] Delete test.md --- docs/test.md | 1 - 1 file changed, 1 deletion(-) delete mode 100644 docs/test.md diff --git a/docs/test.md b/docs/test.md deleted file mode 100644 index e440e5c8..00000000 --- a/docs/test.md +++ /dev/null @@ -1 +0,0 @@ -3 \ No newline at end of file From f2b2fcac5537e6c13e1890e46a6c34baf388e696 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Mon, 13 Jul 2020 01:13:47 +0200 Subject: [PATCH 21/25] Update security.md to reflect TrueNAS version --- SECURITY.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 31acc6da..3ba5b5e5 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,11 +2,12 @@ ## Supported Versions -| Version | Supported | -| ------- | ------------------ | -| 1.2.x | :white_check_mark: | -| 1.1.x | :x: | -| 1.0.x | :x: | +| Version | TrueNAS version | Supported with updates | +| ------- | ------- |------------------ | +| 1.3.0 | 12.0 | NOT RELEASED YET | +| 1.2.x | 11.3U2-3 | :white_check_mark: | +| 1.1.x | 11.3U1-2 | :x: | +| 1.0.x | 11.3U1 | :x: | ## Reporting a Vulnerability From d793671646d99b167eb5ad4b40e05b7436089376 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Mon, 13 Jul 2020 01:17:48 +0200 Subject: [PATCH 22/25] Some documentation structure changes - Move all LICENSE files to root in accordance with github guidelines - Move other github-only docs to .github instead of wiki (docs) folder --- {docs => .github}/CODEOWNERS | 0 {docs => .github}/Readme.md | 0 SECURITY.md => .github/SECURITY.md | 0 docs/LICENSE.BSD2 => LICENSE.BSD2 | 0 docs/LICENSE.GPLV2 => LICENSE.GPLV2 | 0 5 files changed, 0 insertions(+), 0 deletions(-) rename {docs => .github}/CODEOWNERS (100%) rename {docs => .github}/Readme.md (100%) rename SECURITY.md => .github/SECURITY.md (100%) rename docs/LICENSE.BSD2 => LICENSE.BSD2 (100%) rename docs/LICENSE.GPLV2 => LICENSE.GPLV2 (100%) diff --git a/docs/CODEOWNERS b/.github/CODEOWNERS similarity index 100% rename from docs/CODEOWNERS rename to .github/CODEOWNERS diff --git a/docs/Readme.md b/.github/Readme.md similarity index 100% rename from docs/Readme.md rename to .github/Readme.md diff --git a/SECURITY.md b/.github/SECURITY.md similarity index 100% rename from SECURITY.md rename to .github/SECURITY.md diff --git a/docs/LICENSE.BSD2 b/LICENSE.BSD2 similarity index 100% rename from docs/LICENSE.BSD2 rename to LICENSE.BSD2 diff --git a/docs/LICENSE.GPLV2 b/LICENSE.GPLV2 similarity index 100% rename from docs/LICENSE.GPLV2 rename to LICENSE.GPLV2 From 53a3eaa742b0a03104115d928d98ed807550f7b6 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Mon, 13 Jul 2020 16:08:26 +0200 Subject: [PATCH 23/25] Fix and Update Nextcloud - Harden Redis install - Update Nextcloud to 19 (Fixes #193 ) - Update PHP to PHP74 (Fixes #193 ) - Fix nextcloud Admin password not presented/set correctly - Remove PHP-Hash (included in base PHP now) (Fixes #193 ) - Remove PHP-WDDX (not available anymore for PHP74) (Fixes #193 ) --- blueprints/nextcloud/config.yml | 2 +- blueprints/nextcloud/includes/redis.conf | 4 ++-- blueprints/nextcloud/install.sh | 13 +++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/blueprints/nextcloud/config.yml b/blueprints/nextcloud/config.yml index edbf9d25..a6f3f67b 100644 --- a/blueprints/nextcloud/config.yml +++ b/blueprints/nextcloud/config.yml @@ -1,3 +1,3 @@ blueprint: nextcloud: - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf php73-opcache php73-pcntl php73-bcmath php73-pecl-APCu \ No newline at end of file + pkgs: nano sudo redis php74-ctype gnupg php74-dom php74-gd php74-iconv php74-json php74-mbstring php74-posix php74-simplexml php74-xmlreader php74-xmlwriter php74-zip php74-zlib php74-xml php74 php74-pecl-redis php74-session php74-xsl php74-filter php74-pecl-APCu php74-curl php74-fileinfo php74-bz2 php74-intl php74-openssl php74-ldap php74-ftp php74-imap php74-exif php74-gmp php74-pecl-memcache php74-pecl-imagick php74-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf php74-opcache php74-pcntl php74-bcmath php74-pecl-APCu \ No newline at end of file diff --git a/blueprints/nextcloud/includes/redis.conf b/blueprints/nextcloud/includes/redis.conf index ae47f742..5df02308 100644 --- a/blueprints/nextcloud/includes/redis.conf +++ b/blueprints/nextcloud/includes/redis.conf @@ -98,8 +98,8 @@ tcp-backlog 511 # incoming connections. There is no default, so Redis will not listen # on a unix socket when not specified. # -unixsocket /tmp/redis.sock -unixsocketperm 777 +unixsocket /var/run/redis/redis.sock +unixsocketperm 770 # Close the connection after a client is idle for N seconds (0 to disable) timeout 0 diff --git a/blueprints/nextcloud/install.sh b/blueprints/nextcloud/install.sh index d704d839..3d3612c2 100755 --- a/blueprints/nextcloud/install.sh +++ b/blueprints/nextcloud/install.sh @@ -50,7 +50,7 @@ if [ -z "${JAIL_IP}" ]; then exit 1 fi -if [ -z "${ADMIN_PASSWORD}" ]; then +if [ -z "${!ADMIN_PASSWORD}" ]; then echo 'Configuration error: The Nextcloud jail requires a admin_password' echo 'Please reinstall using a fixed IP adress' exit 1 @@ -130,7 +130,7 @@ iocage exec "${1}" chmod -R 770 /config/files ##### if [ "${DB_TYPE}" = "mariadb" ]; then - iocage exec "${1}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli + iocage exec "${1}" pkg install -qy mariadb104-client php74-pdo_mysql php74-mysqli fi fetch -o /tmp https://getcaddy.com @@ -150,7 +150,7 @@ iocage exec "${1}" sysrc php_fpm_enable="YES" # ##### -FILE="latest-18.tar.bz2" +FILE="latest-19.tar.bz2" if ! iocage exec "${1}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc then echo "Failed to download Nextcloud" @@ -165,6 +165,7 @@ then fi iocage exec "${1}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ iocage exec "${1}" chown -R www:www /usr/local/www/nextcloud/ +iocage exec "${1}" pw usermod www -G redis # Generate and install self-signed cert, if necessary @@ -231,7 +232,7 @@ else # Save passwords for later reference iocage exec "${1}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt iocage exec "${1}" echo "Nextcloud database password is ${!DB_PASSWORD}" >> /root/"${1}"_db_password.txt - iocage exec "${1}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud Administrator password is ${!ADMIN_PASSWORD}" >> /root/"${1}"_db_password.txt # CLI installation and configuration of Nextcloud if [ "${DB_TYPE}" = "mariadb" ]; then @@ -246,7 +247,7 @@ else iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' - iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/var/run/redis/redis.sock"' iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${!HOST_NAME}\"" @@ -287,7 +288,7 @@ if [ "${REINSTALL}" == "true" ]; then echo "You did a reinstall, please use your old database and account credentials" else - echo "Default user is admin, password is ${ADMIN_PASSWORD}" + echo "Default user is admin, password is ${!ADMIN_PASSWORD}" echo "" echo "Database Information" From 1f9ff88dc6c3899dfe9a435d615d6e3d804c4066 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Mon, 13 Jul 2020 23:58:20 +0200 Subject: [PATCH 24/25] Update tautulli deps to python3 --- blueprints/tautulli/config.yml | 2 +- blueprints/tautulli/install.sh | 1 + blueprints/tautulli/update.sh | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/blueprints/tautulli/config.yml b/blueprints/tautulli/config.yml index 3c6a9a2d..9acd5c2b 100644 --- a/blueprints/tautulli/config.yml +++ b/blueprints/tautulli/config.yml @@ -1,3 +1,3 @@ blueprint: tautulli: - pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file + pkgs: python37 py37-setuptools py37-sqlite3 py37-openssl py37-pycryptodomex python3 git \ No newline at end of file diff --git a/blueprints/tautulli/install.sh b/blueprints/tautulli/install.sh index c87ec954..d0c81373 100755 --- a/blueprints/tautulli/install.sh +++ b/blueprints/tautulli/install.sh @@ -1,6 +1,7 @@ #!/usr/local/bin/bash # This file contains the install script for Tautulli +iocage exec "$1" ln -s /usr/local/bin/python3 /usr/local/bin/python iocage exec "$1" git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli iocage exec "$1" "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config diff --git a/blueprints/tautulli/update.sh b/blueprints/tautulli/update.sh index 500aa181..a24393bf 100755 --- a/blueprints/tautulli/update.sh +++ b/blueprints/tautulli/update.sh @@ -2,6 +2,7 @@ # This file contains the update script for Tautulli iocage exec "$1" service tautulli stop +iocage exec "$1" ln -s /usr/local/bin/python3 /usr/local/bin/python # Tautulli is updated through pkg, this is mostly just a placeholder iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli From 0c81f15c0a02e64fce1fb54a070a71ed379704e3 Mon Sep 17 00:00:00 2001 From: kjeld Schouten-Lebbing Date: Tue, 14 Jul 2020 14:00:24 +0200 Subject: [PATCH 25/25] Fix broken Lidarr installer --- blueprints/lidarr/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprints/lidarr/install.sh b/blueprints/lidarr/install.sh index ef8b0d54..4fdaec1f 100755 --- a/blueprints/lidarr/install.sh +++ b/blueprints/lidarr/install.sh @@ -13,7 +13,7 @@ createmount "$1" "${global_dataset_media}"/music /mnt/music iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.7.1.1381/Lidarr.master.0.7.1.1381.linux.tar.gz -o /usr/local/share" -iocage exec "$1" "tar -xzvf Lidarr.master.0.7.1.1381.linux.tar.gz -C /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Lidarr.master.0.7.1.1381.linux.tar.gz -C /usr/local/share" iocage exec "$1" "rm /usr/local/share/Lidarr.master.0.7.1.1381.linux.tar.gz" iocage exec "$1" "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/Lidarr /config