Jailman v1.1.0 (#24)

* set branch (+2 squashed commit)

Squashed commit:

[e322f24] remove placeholder

[8647131] palceholder

* Code cleanup and (primarily) consolidation (#21)

* set branch

* Exit 1 on iocage create failure

* - Move jailcreate to global function
- Remove Jailcreate.sh

* Add dataset creation function

* - add test script to test new global changes
- also create folder in jail with createmount

* fix

* make test executable

* more verbosity, fixing folder creation

* moving global dataset create

* move jails to new dataset-mount creation function

* remove test jail and test branch-ref

* Add Nextcloud (#22)

* Basic working nextcloud integration

* Enable persistent reinstall of Nextcloud

* prepare for dev merge

* Licence alert

* Add external database and integrated jail

* small improvements and update script

* Add mariadb to dev (#31)

* Working MariaDB config

* - Set ZFS settings for DB on Nextcloud and MariaDB
- Cleanup MariaDB

* prepare for dev merge

* Niceify Readme (#34)

* put content from master into it

* Some readme itteration

* more niceification

* [WIP} Wiki workflow test (#37)

introduce automatic wiki generation

* Add Bitwarden support (#35)

* Nextcloud-Cleanup for v1.1.0 (#40)

* Nextcloud cleanup
- add db-type sanity check
- remove some integrated db checks
- Move ssl to /config/ssl
- remove integrated databases

* slight default tweaking

* fix mariadb install bug

* QA cycle

jails/mariadb/includes/Caddyfile

@@ -0,0 +1,11 @@
+yourhostnamehere:80 JAIL-IP:80 {
+  root /usr/local/www/phpMyAdmin/
+  fastcgi / 127.0.0.1:9000 php {
+        env PATH /bin
+        env modHeadersAvailable true
+        env front_controller_active true
+        connect_timeout 60s
+        read_timeout 3600s
+        send_timeout 300s
+        }
+}

jails/mariadb/includes/caddy

@@ -0,0 +1,82 @@
+#!/bin/sh
+#
+# PROVIDE: caddy
+# REQUIRE: networking
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable caddy:
+# caddy_enable (bool):        Set to "NO" by default.
+#                             Set it to "YES" to enable caddy
+#
+# caddy_cert_email (str):     Set to "" by default.
+#                             Defines the SSL certificate issuer email. By providing an
+#                             email address you automatically agree to letsencrypt.org's
+#                             general terms and conditions
+#
+# caddy_bin_path (str):       Set to "/usr/local/bin/caddy" by default.
+#                             Provides the path to the caddy server executable
+#
+# caddy_cpu (str):            Set to "99%" by default.
+#                             Configures, how much CPU capacity caddy may gain
+#
+# caddy_config_path (str):    Set to "/usr/local/www/Caddyfile" by default.
+#                             Defines the path for the configuration file caddy will load on boot
+#
+# caddy_user (str):           Set to "root" by default.
+#                             Defines the user that caddy will run on
+#
+# caddy_group (str):          Set to "wheel" by default.
+#                             Defines the group that caddy files will be attached to
+#
+# caddy_logfile (str)         Set to "/var/log/caddy.log" by default.
+#                             Defines where the process log file is written, this is not a web access log
+#
+# caddy_env (str)             Set to "" by default.
+#                             This allows environment variable to be set that may be required, for example when using "DNS Challenge" account credentials are required.
+#                             e.g. (in your rc.conf)   caddy_env="CLOUDFLARE_EMAIL=me@domain.com CLOUDFLARE_API_KEY=my_api_key"
+#
+
+. /etc/rc.subr                                           
+
+name="caddy"
+rcvar="${name}_enable"
+
+load_rc_config ${name}
+
+: ${caddy_enable:="NO"}
+: ${caddy_cert_email=""}
+: ${caddy_bin_path="/usr/local/bin/caddy"}
+: ${caddy_cpu="99%"} # was a bug for me that caused a crash within jails
+: ${caddy_config_path="/usr/local/www/Caddyfile"}
+: ${caddy_logfile="/var/log/caddy.log"}
+: ${caddy_user="root"}
+: ${caddy_group="wheel"}
+
+if [ "$caddy_cert_email" = "" ]
+then
+    echo "rc variable \$caddy_cert_email is not set. Please provide a valid SSL certificate issuer email."
+    exit 1
+fi
+
+pidfile="/var/run/${name}.pid"
+procname="${caddy_bin_path}" #enabled builtin pid checking for start / stop
+command="/usr/sbin/daemon"
+command_args="-p ${pidfile} /usr/bin/env ${caddy_env} ${procname} -cpu ${caddy_cpu} -log stdout -conf ${caddy_config_path} -agree -email ${caddy_cert_email} < /dev/null >> ${caddy_logfile} 2>&1"
+
+start_precmd="caddy_startprecmd"
+
+caddy_startprecmd()
+{
+        if [ ! -e "${pidfile}" ]; then
+                install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${pidfile}"
+        fi
+
+        if [ ! -e "${caddy_logfile}" ]; then
+                install -o "${caddy_user}" -g "${caddy_group}" "/dev/null" "${caddy_logfile}"
+        fi
+}
+
+required_files="${caddy_config_path}"
+
+run_rc_command "$1"

jails/mariadb/includes/my-system.cnf

@@ -0,0 +1,16 @@
+[mysqld]
+innodb_file_per_table=1
+transaction_isolation = READ-COMMITTED
+binlog_format = ROW
+
+symbolic-links=0
+innodb_doublewrite = 0
+innodb_checksum_algorithm = none
+innodb_file_per_table=1
+
+innodb_buffer_pool_size = 1G
+innodb_log_buffer_size  = 8M
+innodb_open_files       = 400
+innodb_io_capacity      = 400
+innodb_flush_method     = O_DIRECT
+innodb_io_capacity      = 4000

jails/mariadb/includes/my.cnf

@@ -0,0 +1,3 @@
+# MySQL client config file
+[client]
+password=mypassword

jails/mariadb/install.sh

@@ -0,0 +1,111 @@
+#!/usr/local/bin/bash
+# This script installs the current release of Mariadb and PhpMyAdmin into a created jail
+#####
+# 
+# Init and Mounts
+#
+#####
+
+# Initialise defaults
+JAIL_NAME="mariadb"
+JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )"
+INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes"
+CERT_EMAIL=${mariadb_cert_email}
+DB_ROOT_PASSWORD=${mariadb_db_root_password}
+DB_NAME="MariaDB"
+DL_FLAGS=""
+
+# Check that necessary variables were set by nextcloud-config
+if [ -z "${mariadb_ip4_addr}" ]; then
+  echo 'Configuration error: The mariadb jail does NOT accept DHCP'
+  echo 'Please reinstall using a fixed IP adress'
+  exit 1
+fi
+
+# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke
+
+if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/db")" ]; then
+	echo "Reinstall of mariadb detected... Continuing"
+	REINSTALL="true"
+fi
+
+# Mount database dataset and set zfs preferences
+createmount ${JAIL_NAME} ${global_dataset_config}/${JAIL_NAME}/db /var/db/mysql
+zfs set recordsize=16K ${global_dataset_config}/${JAIL_NAME}/db
+zfs set primarycache=metadata ${global_dataset_config}/${JAIL_NAME}/db
+
+iocage exec "${JAIL_NAME}" chown -R 88:88 /var/db/mysql
+
+# Install includes fstab
+iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes
+iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
+
+iocage exec "${JAIL_NAME}" mkdir -p /usr/local/www/phpmyadmin
+iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/phpmyadmin
+
+#####
+# 
+# Install mariadb, Caddy and PhpMyAdmin
+#
+#####
+
+fetch -o /tmp https://getcaddy.com
+if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
+then
+	echo "Failed to download/install Caddy"
+	exit 1
+fi
+
+iocage exec "${JAIL_NAME}" sysrc mysql_enable="YES"
+
+# Copy and edit pre-written config files
+echo "Copying Caddyfile for no SSL"
+iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/
+iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile
+iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile
+iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
+
+iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES"
+iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES"
+iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}"
+iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}"
+
+iocage restart "${JAIL_NAME}"
+sleep 10
+
+if [ "${REINSTALL}" == "true" ]; then
+	echo "Reinstall detected, skipping generaion of new config and database"
+else
+	
+	# Secure database, set root password, create Nextcloud DB, user, and password
+	iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf
+	iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';"
+	iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
+	iocage exec "${JAIL_NAME}" mysql -u root -e "DROP DATABASE IF EXISTS test;"
+	iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';"
+	iocage exec "${JAIL_NAME}" mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('${DB_ROOT_PASSWORD}') WHERE User='root';"
+	iocage exec "${JAIL_NAME}" mysqladmin reload
+fi
+iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my.cnf /root/.my.cnf
+iocage exec "${JAIL_NAME}" sed -i '' "s|mypassword|${DB_ROOT_PASSWORD}|" /root/.my.cnf
+
+# Save passwords for later reference
+iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt
+	
+
+# Don't need /mnt/includes any more, so unmount it
+iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
+
+# Done!
+echo "Installation complete!"
+echo "Using your web browser, go to http://${mariadb_host_name} to log in"
+
+if [ "${REINSTALL}" == "true" ]; then
+	echo "You did a reinstall, please use your old database and account credentials"
+else
+	echo "Database Information"
+	echo "--------------------"
+	echo "The ${DB_NAME} root password is ${DB_ROOT_PASSWORD}"
+	fi
+echo ""
+echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt"

jails/mariadb/readme.md

@@ -0,0 +1,91 @@
+# Original README from the mariadb github:
+
+https://github.com/MariaDB/server/
+
+Code status:
+------------
+
+* [![Travis CI status](https://secure.travis-ci.org/MariaDB/server.png?branch=10.5)](https://travis-ci.org/MariaDB/server) travis-ci.org (10.5 branch)
+* [![Appveyor CI status](https://ci.appveyor.com/api/projects/status/4u6pexmtpuf8jq66?svg=true)](https://ci.appveyor.com/project/rasmushoj/server) ci.appveyor.com
+
+## MariaDB: drop-in replacement for MySQL
+
+MariaDB is designed as a drop-in replacement of MySQL(R) with more
+features, new storage engines, fewer bugs, and better performance.
+
+MariaDB is brought to you by the MariaDB Foundation and the MariaDB corporation.
+Please read the CREDITS file for details about the MariaDB Foundation,
+and who is developing MariaDB.
+
+MariaDB is developed by many of the original developers of MySQL who
+now work for the MariaDB Corporation, the MariaDB Foundation and by
+many people in the community.
+
+MySQL, which is the base of MariaDB, is a product and trademark of Oracle
+Corporation, Inc. For a list of developers and other contributors,
+see the Credits appendix.  You can also run 'SHOW authors' to get a
+list of active contributors.
+
+A description of the MariaDB project and a manual can be found at:
+
+https://mariadb.com/kb/en/
+
+https://mariadb.com/kb/en/mariadb-vs-mysql-features/
+
+https://mariadb.com/kb/en/mariadb-versus-mysql-compatibility/
+
+https://mariadb.com/kb/en/library/new-and-old-releases/
+
+https://mariadb.org/
+
+As MariaDB is a full replacement of MySQL, the MySQL manual at
+http://dev.mysql.com/doc is generally applicable.
+
+Help
+-----
+
+More help is available from the Maria Discuss mailing list
+https://launchpad.net/~maria-discuss
+and the #maria IRC channel on Freenode.
+
+Live QA for beginner contributors
+----
+MariaDB has a dedicated time each week when we answer new contributor questions live on Zulip and IRC.
+From 8:00 to 10:00 UTC on Mondays, and 10:00 to 12:00 UTC on Thursdays,
+anyone can ask any questions they’d like, and a live developer will be available to assist.
+
+New contributors can ask questions any time, but we will provide immediate feedback during that interval.
+
+Licensing
+---------
+
+***************************************************************************
+
+NOTE: 
+
+MariaDB is specifically available only under version 2 of the GNU
+General Public License (GPLv2). (I.e. Without the "any later version"
+clause.) This is inherited from MySQL. Please see the README file in
+the MySQL distribution for more information.
+
+License information can be found in the COPYING file. Third party
+license information can be found in the THIRDPARTY file.
+
+***************************************************************************
+
+Bug Reports
+------------
+
+Bug and/or error reports regarding MariaDB should be submitted at:
+https://jira.mariadb.org
+
+For reporting security vulnerabilities see:
+https://mariadb.org/about/security-policy/
+
+Bugs in the MySQL code can also be submitted at:
+https://bugs.mysql.com
+
+The code for MariaDB, including all revision history, can be found at:
+https://github.com/MariaDB/server
+
+***************************************************************************

jails/mariadb/update.sh

@@ -0,0 +1,34 @@
+#!/usr/local/bin/bash
+# This file contains the update script for mariadb
+
+JAIL_NAME="mariadb"
+JAIL_IP="$(sed 's|\(.*\)/.*|\1|' <<<"${mariadb_ip4_addr}" )"
+INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes"
+
+# Install includes fstab
+iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes
+iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
+
+
+iocage exec ${JAIL_NAME} service caddy stop
+iocage exec ${JAIL_NAME} service php-fpm stop
+
+fetch -o /tmp https://getcaddy.com
+if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com
+then
+	echo "Failed to download/install Caddy"
+	exit 1
+fi
+
+# Copy and edit pre-written config files
+echo "Copying Caddyfile for no SSL"
+iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/
+iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile
+iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile
+iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile
+
+# Don't need /mnt/includes any more, so unmount it
+iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0
+
+iocage exec ${JAIL_NAME} service caddy start
+iocage exec ${JAIL_NAME} service php-fpm start