julian/scale-catalog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jailman move

Browse Source
This commit is contained in:
Kjeld Schouten-Lebbing
2023-03-16 09:54:20 +01:00
parent 1d32ed34c1
commit 92fa99d689
124 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
jailman/blueprints/mariadb/config.yml Normal file
View File

@ -0,0 +1,3 @@
blueprint:
mariadb:
pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74

11
jailman/blueprints/mariadb/includes/Caddyfile Normal file
View File

@ -0,0 +1,11 @@
yourhostnamehere:80 JAIL-IP:80 {
root /usr/local/www/phpMyAdmin/
fastcgi / 127.0.0.1:9000 php {
env PATH /bin
env modHeadersAvailable true
env front_controller_active true
connect_timeout 60s
read_timeout 3600s
send_timeout 300s
}
}

83
jailman/blueprints/mariadb/includes/caddy.rc Normal file
View File

@ -0,0 +1,83 @@
#!/bin/sh
# shellcheck disable=1091,2223,2154,2034
#
# PROVIDE: caddy
# REQUIRE: networking
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable caddy:
# caddy_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable caddy
#
# caddy_cert_email (str): Set to "" by default.
# Defines the SSL certificate issuer email. By providing an
# email address you automatically agree to letsencrypt.org's
# general terms and conditions
#
# caddy_bin_path (str): Set to "/usr/local/bin/caddy" by default.
# Provides the path to the caddy server executable
#
# caddy_cpu (str): Set to "99%" by default.
# Configures, how much CPU capacity caddy may gain
#
# caddy_config_path (str): Set to "/usr/local/www/Caddyfile" by default.
# Defines the path for the configuration file caddy will load on boot
#
# caddy_user (str): Set to "root" by default.
# Defines the user that caddy will run on
#
# caddy_group (str): Set to "wheel" by default.
# Defines the group that caddy files will be attached to
#
# caddy_logfile (str) Set to "/var/log/caddy.log" by default.
# Defines where the process log file is written, this is not a web access log
#
# caddy_env (str) Set to "" by default.
# This allows environment variable to be set that may be required, for example when using "DNS Challenge" account credentials are required.
# e.g. (in your rc.conf) caddy_env="CLOUDFLARE_EMAIL=me@domain.com CLOUDFLARE_API_KEY=my_api_key"
#
. /etc/rc.subr
name="caddy"
rcvar="${name}_enable"
load_rc_config ${name}
: ${caddy_enable:="NO"}
: ${caddy_cert_email=""}
: ${caddy_bin_path="/usr/local/bin/caddy"}
: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
: ${caddy_config_path="/usr/local/www/Caddyfile"}
: ${caddy_logfile="/var/log/caddy.log"}
: ${caddy_user="root"}
: ${caddy_group="wheel"}
if [ "$caddy_cert_email" = "" ]
then
echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
exit 1
fi
pidfile="/var/run/${name}.pid"
procname="${caddy_bin_path}" #enabled builtin pid checking for start / stop
command="/usr/sbin/daemon"
command_args="-p ${pidfile} /usr/bin/env ${caddy_env} ${procname} -cpu ${caddy_cpu} -log stdout -conf ${caddy_config_path} -agree -email ${caddy_cert_email} < /dev/null >> ${caddy_logfile} 2>&1"
start_precmd="caddy_startprecmd"
caddy_startprecmd()
{
if [ ! -e "${pidfile}" ]; then
install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${pidfile}"
fi
if [ ! -e "${caddy_logfile}" ]; then
install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${caddy_logfile}"
fi
}
required_files="${caddy_config_path}"
run_rc_command "$1"

156
jailman/blueprints/mariadb/includes/config.inc.php Normal file
View File

@ -0,0 +1,156 @@
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* phpMyAdmin sample configuration, you can use it as base for
* manual configuration. For easier setup you can use setup/
*
* All directives are explained in documentation in the doc/ folder
* or at <https://docs.phpmyadmin.net/>.
*
* @package PhpMyAdmin
*/
declare(strict_types=1);
/**
* This is needed for cookie based authentication to encrypt password in
* cookie. Needs to be 32 chars long.
*/
$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
/**
* Servers configuration
*/
$i = 0;
/**
* First server
*/
$i++;
/* Authentication type */
/*$cfg['Servers'][$i]['auth_type'] = 'cookie';*/
/* Server parameters */
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['compress'] = false;
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['Servers'][$i]['socket'] = '/config/mysql.sock';
$cfg['Servers'][$i]['connect_type'] = 'socket';
/**
* phpMyAdmin configuration storage settings.
*/
/* User used to manipulate with storage */
// $cfg['Servers'][$i]['controlhost'] = '';
// $cfg['Servers'][$i]['controlport'] = '';
// $cfg['Servers'][$i]['controluser'] = 'pma';
// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
/* Storage database and tables */
// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
// $cfg['Servers'][$i]['relation'] = 'pma__relation';
// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
// $cfg['Servers'][$i]['history'] = 'pma__history';
// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
// $cfg['Servers'][$i]['recent'] = 'pma__recent';
// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
// $cfg['Servers'][$i]['users'] = 'pma__users';
// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
/**
* End of servers configuration
*/
/**
* Directories for saving/loading files from server
*/
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
/**
* Whether to display icons or text or both icons and text in table row
* action segment. Value can be either of 'icons', 'text' or 'both'.
* default = 'both'
*/
//$cfg['RowActionType'] = 'icons';
/**
* Defines whether a user should be displayed a "show all (records)"
* button in browse mode or not.
* default = false
*/
//$cfg['ShowAll'] = true;
/**
* Number of rows displayed when browsing a result set. If the result
* set contains more rows, "Previous" and "Next".
* Possible values: 25, 50, 100, 250, 500
* default = 25
*/
//$cfg['MaxRows'] = 50;
/**
* Disallow editing of binary fields
* valid values are:
* false allow editing
* 'blob' allow editing except for BLOB fields
* 'noblob' disallow editing except for BLOB fields
* 'all' disallow editing
* default = 'blob'
*/
//$cfg['ProtectBinary'] = false;
/**
* Default language to use, if not browser-defined or user-defined
* (you find all languages in the locale folder)
* uncomment the desired line:
* default = 'en'
*/
//$cfg['DefaultLang'] = 'en';
//$cfg['DefaultLang'] = 'de';
/**
* How many columns should be used for table display of a database?
* (a value larger than 1 results in some information being hidden)
* default = 1
*/
//$cfg['PropertiesNumColumns'] = 2;
/**
* Set to true if you want DB-based query history.If false, this utilizes
* JS-routines to display query history (lost by window close)
*
* This requires configuration storage enabled, see above.
* default = false
*/
//$cfg['QueryHistoryDB'] = true;
/**
* When using DB-based query history, how many entries should be kept?
* default = 25
*/
//$cfg['QueryHistoryMax'] = 100;
/**
* Whether or not to query the user before sending the error report to
* the phpMyAdmin team when a JavaScript error occurs
*
* Available options
* ('ask' | 'always' | 'never')
* default = 'ask'
*/
//$cfg['SendErrorReports'] = 'always';
/**
* You can find more configuration options in the documentation
* in the doc/ folder or at <https://docs.phpmyadmin.net/>.
*/

25
jailman/blueprints/mariadb/includes/my.cnf Normal file
View File

@ -0,0 +1,25 @@
# MySQL config file
[mysqld]
datadir=/config/db
socket=/config/mysql.sock
log_error=/config/mysql.err
innodb_file_per_table=1
transaction_isolation = READ-COMMITTED
binlog_format = ROW
symbolic-links=0
innodb_doublewrite = 0
innodb_checksum_algorithm = none
innodb_file_per_table=1
innodb_buffer_pool_size = 1G
innodb_log_buffer_size = 8M
innodb_open_files = 400
innodb_io_capacity = 400
innodb_flush_method = O_DIRECT
innodb_io_capacity = 4000
[client]
password=mypassword
port=3306
socket=/config/mysql.sock

123
jailman/blueprints/mariadb/install.sh Normal file
View File

@ -0,0 +1,123 @@
#!/usr/local/bin/bash
# This script installs the current release of Mariadb and PhpMyAdmin into a created jail
#####
#
# Init and Mounts
#
#####
# Initialise defaults
# shellcheck disable=SC2154
JAIL_IP="jail_${1}_ip4_addr"
JAIL_IP="${!JAIL_IP%/*}"
INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes"
# shellcheck disable=SC2154
CERT_EMAIL="jail_${1}_cert_email"
CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}"
# shellcheck disable=SC2154
DB_ROOT_PASSWORD="jail_${1}_db_root_password"
HOST_NAME="jail_${1}_host_name"
DL_FLAGS=""
DNS_ENV=""
# Check that necessary variables were set by nextcloud-config
if [ -z "${JAIL_IP}" ]; then
echo 'Configuration error: The mariadb jail does NOT accept DHCP'
echo 'Please reinstall using a fixed IP adress'
exit 1
fi
# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke
# shellcheck disable=SC2154
if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then
echo "Reinstall of mariadb detected... Continuing"
REINSTALL="true"
fi
# Mount database dataset and set zfs preferences
iocage exec "${1}" rm -Rf /usr/local/etc/mysql/my.cnf
createmount "${1}" "${global_dataset_config}"/"${1}"/db /config/db
zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db
zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db
iocage exec "${1}" "pw groupadd -n mysql -g 88"
iocage exec "${1}" "pw useradd -n mysql -u 88 -d /nonexistent -s /usr/sbin/nologin -g mysql"
iocage exec "${1}" chown -R mysql:mysql /config
iocage exec "${1}" sysrc mysql_optfile=/config/my.cnf
iocage exec "${1}" sysrc mysql_dbdir=/config/db
iocage exec "${1}" sysrc mysql_pidfile=/config/mysql.pid
iocage exec "${1}" sysrc mysql_enable="YES"
# Install includes fstab
iocage exec "${1}" mkdir -p /mnt/includes
iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
iocage exec "${1}" cp -f /mnt/includes/my.cnf /config/my.cnf
iocage exec "${1}" cp -f /mnt/includes/config.inc.php /usr/local/www/phpMyAdmin/config.inc.php
iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /config/my.cnf
iocage exec "${1}" ln -s /config/my.cnf /usr/local/etc/mysql/my.cnf
#####
#
# Install Caddy and PhpMyAdmin
#
#####
fetch -o /tmp https://getcaddy.com
if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
then
echo "Failed to download/install Caddy"
exit 1
fi
# Copy and edit pre-written config files
echo "Copying Caddyfile for no SSL"
iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy
iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile
# shellcheck disable=SC2154
iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile
iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
iocage exec "${1}" sysrc caddy_enable="YES"
iocage exec "${1}" sysrc php_fpm_enable="YES"
iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}"
iocage exec "${1}" sysrc caddy_env="${DNS_ENV}"
iocage restart "${1}"
sleep 10
if [ "${REINSTALL}" == "true" ]; then
echo "Reinstall detected, skipping generaion of new config and database"
else
# Secure database, set root password, create Nextcloud DB, user, and password
iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';"
iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
iocage exec "${1}" mysql -u root -e "DROP DATABASE IF EXISTS test;"
iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';"
iocage exec "${1}" mysqladmin --user=root password "${!DB_ROOT_PASSWORD}"
iocage exec "${1}" mysqladmin reload
fi
# Save passwords for later reference
iocage exec "${1}" echo "MariaDB root password is ${!DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt
# Don't need /mnt/includes any more, so unmount it
iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
# Done!
echo "Installation complete!"
echo "Using your web browser, go to http://${!HOST_NAME} to log in"
if [ "${REINSTALL}" == "true" ]; then
echo "You did a reinstall, please use your old database and account credentials"
else
echo "Database Information"
echo "--------------------"
echo "The MariaDB root password is ${!DB_ROOT_PASSWORD}"
fi
echo ""
echo "All passwords are saved in /root/${1}_db_password.txt"

93
jailman/blueprints/mariadb/readme.md Normal file
View File

@ -0,0 +1,93 @@
# MariaDB
## Original README from the mariadb github:
https://github.com/MariaDB/server/
Code status:
------------
* [![Travis CI status](https://secure.travis-ci.org/MariaDB/server.png?branch=10.5)](https://travis-ci.org/MariaDB/server) travis-ci.org (10.5 branch)
* [![Appveyor CI status](https://ci.appveyor.com/api/projects/status/4u6pexmtpuf8jq66?svg=true)](https://ci.appveyor.com/project/rasmushoj/server) ci.appveyor.com
## MariaDB: drop-in replacement for MySQL
MariaDB is designed as a drop-in replacement of MySQL(R) with more
features, new storage engines, fewer bugs, and better performance.
MariaDB is brought to you by the MariaDB Foundation and the MariaDB corporation.
Please read the CREDITS file for details about the MariaDB Foundation,
and who is developing MariaDB.
MariaDB is developed by many of the original developers of MySQL who
now work for the MariaDB Corporation, the MariaDB Foundation and by
many people in the community.
MySQL, which is the base of MariaDB, is a product and trademark of Oracle
Corporation, Inc. For a list of developers and other contributors,
see the Credits appendix. You can also run 'SHOW authors' to get a
list of active contributors.
A description of the MariaDB project and a manual can be found at:
https://mariadb.com/kb/en/
https://mariadb.com/kb/en/mariadb-vs-mysql-features/
https://mariadb.com/kb/en/mariadb-versus-mysql-compatibility/
https://mariadb.com/kb/en/library/new-and-old-releases/
https://mariadb.org/
As MariaDB is a full replacement of MySQL, the MySQL manual at
http://dev.mysql.com/doc is generally applicable.
Help
-----
More help is available from the Maria Discuss mailing list
https://launchpad.net/~maria-discuss
and the #maria IRC channel on Freenode.
Live QA for beginner contributors
----
MariaDB has a dedicated time each week when we answer new contributor questions live on Zulip and IRC.
From 8:00 to 10:00 UTC on Mondays, and 10:00 to 12:00 UTC on Thursdays,
anyone can ask any questions theyd like, and a live developer will be available to assist.
New contributors can ask questions any time, but we will provide immediate feedback during that interval.
Licensing
---------
***************************************************************************
NOTE:
MariaDB is specifically available only under version 2 of the GNU
General Public License (GPLv2). (I.e. Without the "any later version"
clause.) This is inherited from MySQL. Please see the README file in
the MySQL distribution for more information.
License information can be found in the COPYING file. Third party
license information can be found in the THIRDPARTY file.
***************************************************************************
Bug Reports
------------
Bug and/or error reports regarding MariaDB should be submitted at:
https://jira.mariadb.org
For reporting security vulnerabilities see:
https://mariadb.org/about/security-policy/
Bugs in the MySQL code can also be submitted at:
https://bugs.mysql.com
The code for MariaDB, including all revision history, can be found at:
https://github.com/MariaDB/server
***************************************************************************

37
jailman/blueprints/mariadb/update.sh Normal file
View File

@ -0,0 +1,37 @@
#!/usr/local/bin/bash
# This file contains the update script for mariadb
# shellcheck disable=SC2154
JAIL_IP="jail_${1}_ip4_addr"
JAIL_IP="${!JAIL_IP%/*}"
HOST_NAME="jail_${1}_host_name"
INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes"
# Install includes fstab
iocage exec "${1}" mkdir -p /mnt/includes
iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
iocage exec "${1}" service caddy stop
iocage exec "${1}" service php-fpm stop
fetch -o /tmp https://getcaddy.com
if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
then
echo "Failed to download/install Caddy"
exit 1
fi
# Copy and edit pre-written config files
echo "Copying Caddyfile for no SSL"
iocage exec "${1}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/
iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile
# shellcheck disable=SC2154
iocage exec "${1}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile
iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
# Don't need /mnt/includes any more, so unmount it
iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
iocage exec "${1}" service caddy start
iocage exec "${1}" service php-fpm start