From dbfbd489fa2cf4906f99fa126e3302ea211121e4 Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Sat, 2 May 2020 17:45:13 +0200 Subject: [PATCH] [WIP] Allow multiple installations of same blueprint (#88) * Multi-install support, Blueprints and config changes. Initial commit * Migrating jails to blueprints, first steps. Tested Working: - Transmission - Lidarr - Sonarr - Radarr fix lidarr config (+10 squashed commit) Squashed commit: [5f14653] always link ports folders [f18f2f0] Optional (blueprint) ports mount Fixes #89 [96ef7e7] chmod all the things [129e707] same mistake... again... [e1596dc] missing reference [6da3567] Forgot one reference [d78b5b6] Update wiki.yml [cecc53a] Update filecheck.yml [5244abd] basic settings changed. More involved blueprints still need changes, such as: Bitwarden, nextcloud, Mariadb [6568e92] jails -> blueprints * Added Tested Working: - KMS - Plex - Tautulli - Organizr - InfluxDB - MariaDB Many squashed small fixes included: Make *.rc executable (+13 squashed commit) Squashed commit: [b28aa83] use .rc for rc.d config files [e940a48] some mariadb cleanup [dc27aff] testing another way [83bd91b] Mariadb root password alter instead of update, initial config for unifi [0ca3074] some light config cleanup [a0d4352] also remove database from influxdb example config (db should be created when required) [2c218cc] Prepare influxdb and remove unneeded content [1b34109] more shellcheck fixups [c96566c] Some shellcheck cleanup [8969ca7] bitwarden mostly done, some work on nextcloud and unifi [7f89bfa] initial mariadb patch [dd7e85f] missed one problem [f814cb7] Initial pseudo-compatibility patch for unifi * Enable Bitwarden support and some small fixes/tweaks Fixes #95 more bugs and typo's (+3 squashed commit) Squashed commit: [3b5213e] Bitwarden not correctly installing db [b7438a5] yeah thats not gonna cut it... >.< [e7987c2] some slight bitwarden tweaks * Enable Unifi support and some small fixes/tweaks small unifi cleanup. Unifi is working (+3 squashed commit) Squashed commit: [d906d2d] chmod unifi [545e999] Add extra sanity, remove unneeded variables from example [b8c0b24] Some small Unifi Tweaks * Nextcloud Cleanup, Some fixes, Initial support for blueprintsystem Fixes #96 Fixes #97 Fixes #98 some bloat and syntax fixes (+5 squashed commit) Squashed commit: [78f6428] Some more nextcloud cleanup and tweaks - combines multiple variables for cert system selection (Fixes #98 ) - Default to self signed cert - Force manual admin password [7cacae4] slight fixes [3d81cda] More cleanup [50496cc] small mariadb fix and more nextcloud cleanup [c1b2c20] Cleaning nextcloud - Remove external DB (Fixes #97 ) - Remove Postgresql (Fixes #96 ) - Some preparation for blueprint * Nextcloud done and.. another... (+5 squashed commit) Squashed commit: [c65751b] caddy not installed right. [e5da66b] more fixes [a33300e] Damnit, two typo's same scentence [4292a7a] another typo [1b820cf] typo and example hotfix * Introduce version checking for config file --- .github/workflows/filecheck.yml | 8 +- .github/workflows/wiki.yml | 5 +- blueprints/bitwarden/config.yml | 3 + .../bitwarden/includes/bitwarden.rc | 0 .../bitwarden/includes/bitwarden.rc.conf | 0 blueprints/bitwarden/install.sh | 119 ++++ {jails => blueprints}/bitwarden/readme.md | 0 blueprints/bitwarden/update.sh | 100 +++ blueprints/influxdb/config.yml | 3 + .../influxdb/includes/influxd.conf | 0 blueprints/influxdb/install.sh | 32 + {jails => blueprints}/influxdb/readme.md | 0 {jails => blueprints}/influxdb/update.sh | 4 +- blueprints/jackett/config.yml | 3 + .../jackett/includes/jackett.rc | 0 blueprints/jackett/install.sh | 14 + {jails => blueprints}/jackett/readme.md | 0 blueprints/jackett/update.sh | 10 + blueprints/kms/config.yml | 3 + .../kms/includes/Activate_Office_2019_Pro.bat | 0 .../kms/includes/Activate_Windows_10_Pro.bat | 0 .../Activate_Windows_Server_2019_Standard.bat | 0 .../includes/Office-2019-Pro-VLK-Config.xml | 0 {jails => blueprints}/kms/includes/Readme.md | 0 .../kms/includes/Setup_Office_2019_Pro.txt | 0 {jails => blueprints}/kms/includes/py_kms.rc | 0 blueprints/kms/install.sh | 12 + {jails => blueprints}/kms/readme.md | 0 blueprints/kms/update.sh | 10 + blueprints/lidarr/config.yml | 3 + .../lidarr/includes/lidarr.rc | 0 blueprints/lidarr/install.sh | 25 + {jails => blueprints}/lidarr/readme.md | 0 blueprints/lidarr/update.sh | 10 + blueprints/mariadb/config.yml | 3 + .../mariadb/includes/Caddyfile | 0 .../mariadb/includes/caddy.rc | 0 .../mariadb/includes/my-system.cnf | 0 {jails => blueprints}/mariadb/includes/my.cnf | 0 blueprints/mariadb/install.sh | 117 ++++ {jails => blueprints}/mariadb/readme.md | 0 blueprints/mariadb/update.sh | 37 ++ {jails => blueprints}/nextcloud/LICENSE | 0 blueprints/nextcloud/config.yml | 4 + .../nextcloud/includes/Caddyfile | 0 .../nextcloud/includes/Caddyfile-nossl | 0 .../nextcloud/includes/Caddyfile-selfsigned | 0 .../nextcloud/includes/caddy.rc | 0 .../nextcloud/includes/my-system.cnf | 0 .../nextcloud/includes/my.cnf | 0 .../nextcloud/includes/pgpass | 0 .../nextcloud/includes/php.ini | 0 .../nextcloud/includes/redis.conf | 0 .../nextcloud/includes/remove-staging.sh | 0 .../nextcloud/includes/www-crontab | 0 .../nextcloud/includes/www.conf | 0 blueprints/nextcloud/install.sh | 321 ++++++++++ {jails => blueprints}/nextcloud/readme.md | 0 {jails => blueprints}/nextcloud/update.sh | 0 blueprints/organizr/config.yml | 3 + .../organizr/includes/custom/organizr.conf | 0 .../organizr/includes/custom/phpblock.conf | 0 .../organizr/includes/nginx.conf | 0 blueprints/organizr/install.sh | 34 + {jails => blueprints}/organizr/readme.md | 0 blueprints/organizr/update.sh | 12 + blueprints/plex/config.yml | 3 + .../plex/includes/FreeBSD.conf | 0 blueprints/plex/install.sh | 51 ++ {jails => blueprints}/plex/readme.md | 0 {jails => blueprints}/plex/update.sh | 12 +- blueprints/radarr/config.yml | 3 + .../radarr/includes/radarr.rc | 0 blueprints/radarr/install.sh | 24 + {jails => blueprints}/radarr/readme.md | 0 blueprints/radarr/update.sh | 10 + blueprints/sonarr/config.yml | 3 + .../sonarr/includes/sonarr.rc | 0 blueprints/sonarr/install.sh | 24 + {jails => blueprints}/sonarr/readme.md | 0 blueprints/sonarr/update.sh | 10 + blueprints/tautulli/config.yml | 3 + blueprints/tautulli/install.sh | 11 + {jails => blueprints}/tautulli/readme.md | 0 blueprints/tautulli/update.sh | 9 + blueprints/transmission/config.yml | 3 + blueprints/transmission/install.sh | 19 + {jails => blueprints}/transmission/readme.md | 0 blueprints/transmission/update.sh | 7 + blueprints/unifi/config.yml | 3 + .../unifi/includes/mongodb.conf | 0 .../unifi/includes/rc/mongod.rc | 0 .../unifi/includes/rc/unifi.rc | 0 .../unifi/includes/rc/unifi_poller.rc | 0 {jails => blueprints}/unifi/includes/up.conf | 0 blueprints/unifi/install.sh | 117 ++++ {jails => blueprints}/unifi/readme.md | 0 {jails => blueprints}/unifi/update.sh | 11 +- config.yml.example | 169 +++-- global.sh | 84 ++- jailman.sh | 57 +- jails/bitwarden/config.yml | 2 - jails/bitwarden/install.sh | 92 --- jails/bitwarden/update.sh | 70 --- jails/influxdb/config.yml | 2 - jails/influxdb/includes/influxdb.conf | 586 ------------------ jails/influxdb/install.sh | 46 -- jails/jackett/config.yml | 2 - jails/jackett/install.sh | 14 - jails/jackett/update.sh | 10 - jails/kms/config.yml | 2 - jails/kms/install.sh | 13 - jails/kms/update.sh | 10 - jails/lidarr/config.yml | 2 - jails/lidarr/install.sh | 25 - jails/lidarr/update.sh | 10 - jails/mariadb/config.yml | 2 - jails/mariadb/install.sh | 115 ---- jails/mariadb/update.sh | 36 -- jails/nextcloud/config.yml | 2 - jails/nextcloud/install.sh | 362 ----------- jails/organizr/config.yml | 2 - jails/organizr/install.sh | 34 - jails/organizr/update.sh | 12 - jails/plex/config.yml | 2 - jails/plex/install.sh | 52 -- jails/radarr/config.yml | 2 - jails/radarr/install.sh | 24 - jails/radarr/update.sh | 10 - jails/sonarr/config.yml | 2 - jails/sonarr/install.sh | 24 - jails/sonarr/update.sh | 10 - jails/tautulli/config.yml | 2 - jails/tautulli/install.sh | 12 - jails/tautulli/update.sh | 9 - jails/transmission/config.yml | 2 - jails/transmission/install.sh | 19 - jails/transmission/update.sh | 7 - jails/unifi/config.yml | 2 - jails/unifi/install.sh | 91 --- 140 files changed, 1361 insertions(+), 1888 deletions(-) create mode 100644 blueprints/bitwarden/config.yml rename {jails => blueprints}/bitwarden/includes/bitwarden.rc (100%) rename {jails => blueprints}/bitwarden/includes/bitwarden.rc.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/bitwarden/install.sh rename {jails => blueprints}/bitwarden/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/bitwarden/update.sh create mode 100644 blueprints/influxdb/config.yml rename {jails => blueprints}/influxdb/includes/influxd.conf (100%) create mode 100755 blueprints/influxdb/install.sh rename {jails => blueprints}/influxdb/readme.md (100%) rename {jails => blueprints}/influxdb/update.sh (64%) mode change 100644 => 100755 create mode 100644 blueprints/jackett/config.yml rename {jails => blueprints}/jackett/includes/jackett.rc (100%) create mode 100755 blueprints/jackett/install.sh rename {jails => blueprints}/jackett/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/jackett/update.sh create mode 100644 blueprints/kms/config.yml rename {jails => blueprints}/kms/includes/Activate_Office_2019_Pro.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Activate_Windows_10_Pro.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Activate_Windows_Server_2019_Standard.bat (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Office-2019-Pro-VLK-Config.xml (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Readme.md (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/Setup_Office_2019_Pro.txt (100%) mode change 100755 => 100644 rename {jails => blueprints}/kms/includes/py_kms.rc (100%) create mode 100755 blueprints/kms/install.sh rename {jails => blueprints}/kms/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/kms/update.sh create mode 100644 blueprints/lidarr/config.yml rename {jails => blueprints}/lidarr/includes/lidarr.rc (100%) create mode 100755 blueprints/lidarr/install.sh rename {jails => blueprints}/lidarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/lidarr/update.sh create mode 100644 blueprints/mariadb/config.yml rename {jails => blueprints}/mariadb/includes/Caddyfile (100%) mode change 100755 => 100644 rename jails/mariadb/includes/caddy => blueprints/mariadb/includes/caddy.rc (100%) rename {jails => blueprints}/mariadb/includes/my-system.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/mariadb/includes/my.cnf (100%) mode change 100755 => 100644 create mode 100755 blueprints/mariadb/install.sh rename {jails => blueprints}/mariadb/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/mariadb/update.sh rename {jails => blueprints}/nextcloud/LICENSE (100%) mode change 100755 => 100644 create mode 100644 blueprints/nextcloud/config.yml rename {jails => blueprints}/nextcloud/includes/Caddyfile (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/Caddyfile-nossl (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/Caddyfile-selfsigned (100%) mode change 100755 => 100644 rename jails/nextcloud/includes/caddy => blueprints/nextcloud/includes/caddy.rc (100%) rename {jails => blueprints}/nextcloud/includes/my-system.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/my.cnf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/pgpass (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/php.ini (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/redis.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/remove-staging.sh (100%) rename {jails => blueprints}/nextcloud/includes/www-crontab (100%) mode change 100755 => 100644 rename {jails => blueprints}/nextcloud/includes/www.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/nextcloud/install.sh rename {jails => blueprints}/nextcloud/readme.md (100%) rename {jails => blueprints}/nextcloud/update.sh (100%) create mode 100644 blueprints/organizr/config.yml rename {jails => blueprints}/organizr/includes/custom/organizr.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/organizr/includes/custom/phpblock.conf (100%) mode change 100755 => 100644 rename {jails => blueprints}/organizr/includes/nginx.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/organizr/install.sh rename {jails => blueprints}/organizr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/organizr/update.sh create mode 100644 blueprints/plex/config.yml rename {jails => blueprints}/plex/includes/FreeBSD.conf (100%) mode change 100755 => 100644 create mode 100755 blueprints/plex/install.sh rename {jails => blueprints}/plex/readme.md (100%) mode change 100755 => 100644 rename {jails => blueprints}/plex/update.sh (60%) create mode 100644 blueprints/radarr/config.yml rename {jails => blueprints}/radarr/includes/radarr.rc (100%) create mode 100755 blueprints/radarr/install.sh rename {jails => blueprints}/radarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/radarr/update.sh create mode 100644 blueprints/sonarr/config.yml rename {jails => blueprints}/sonarr/includes/sonarr.rc (100%) create mode 100755 blueprints/sonarr/install.sh rename {jails => blueprints}/sonarr/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/sonarr/update.sh create mode 100644 blueprints/tautulli/config.yml create mode 100755 blueprints/tautulli/install.sh rename {jails => blueprints}/tautulli/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/tautulli/update.sh create mode 100644 blueprints/transmission/config.yml create mode 100755 blueprints/transmission/install.sh rename {jails => blueprints}/transmission/readme.md (100%) mode change 100755 => 100644 create mode 100755 blueprints/transmission/update.sh create mode 100644 blueprints/unifi/config.yml rename {jails => blueprints}/unifi/includes/mongodb.conf (100%) rename jails/unifi/includes/rc/mongod => blueprints/unifi/includes/rc/mongod.rc (100%) mode change 100644 => 100755 rename jails/unifi/includes/rc/unifi => blueprints/unifi/includes/rc/unifi.rc (100%) mode change 100644 => 100755 rename jails/unifi/includes/rc/unifi_poller => blueprints/unifi/includes/rc/unifi_poller.rc (100%) mode change 100644 => 100755 rename {jails => blueprints}/unifi/includes/up.conf (100%) create mode 100755 blueprints/unifi/install.sh rename {jails => blueprints}/unifi/readme.md (100%) rename {jails => blueprints}/unifi/update.sh (67%) mode change 100644 => 100755 delete mode 100644 jails/bitwarden/config.yml delete mode 100755 jails/bitwarden/install.sh delete mode 100755 jails/bitwarden/update.sh delete mode 100644 jails/influxdb/config.yml delete mode 100644 jails/influxdb/includes/influxdb.conf delete mode 100755 jails/influxdb/install.sh delete mode 100644 jails/jackett/config.yml delete mode 100755 jails/jackett/install.sh delete mode 100755 jails/jackett/update.sh delete mode 100644 jails/kms/config.yml delete mode 100755 jails/kms/install.sh delete mode 100755 jails/kms/update.sh delete mode 100644 jails/lidarr/config.yml delete mode 100755 jails/lidarr/install.sh delete mode 100755 jails/lidarr/update.sh delete mode 100644 jails/mariadb/config.yml delete mode 100755 jails/mariadb/install.sh delete mode 100755 jails/mariadb/update.sh delete mode 100644 jails/nextcloud/config.yml delete mode 100755 jails/nextcloud/install.sh delete mode 100644 jails/organizr/config.yml delete mode 100755 jails/organizr/install.sh delete mode 100755 jails/organizr/update.sh delete mode 100644 jails/plex/config.yml delete mode 100755 jails/plex/install.sh delete mode 100644 jails/radarr/config.yml delete mode 100755 jails/radarr/install.sh delete mode 100755 jails/radarr/update.sh delete mode 100644 jails/sonarr/config.yml delete mode 100755 jails/sonarr/install.sh delete mode 100755 jails/sonarr/update.sh delete mode 100644 jails/tautulli/config.yml delete mode 100755 jails/tautulli/install.sh delete mode 100755 jails/tautulli/update.sh delete mode 100644 jails/transmission/config.yml delete mode 100755 jails/transmission/install.sh delete mode 100755 jails/transmission/update.sh delete mode 100644 jails/unifi/config.yml delete mode 100644 jails/unifi/install.sh diff --git a/.github/workflows/filecheck.yml b/.github/workflows/filecheck.yml index 1ba68643..59cba21b 100644 --- a/.github/workflows/filecheck.yml +++ b/.github/workflows/filecheck.yml @@ -13,9 +13,9 @@ jobs: - uses: actions/checkout@v1 - name: check existance run: | - for pathname in jails/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done - for pathname in jails/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/readme.md || { echo "File missing: $pathname/readme.md"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/install.sh || { echo "File missing: $pathname/install.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/update.sh || { echo "File missing: $pathname/update.sh"; error="true"; }; done + for pathname in blueprints/*; do test -e $pathname/config.yml || { echo "File missing: $pathname/config.yml"; error="true"; }; done if [ "${error}" == "true" ]; then echo "Missing files detected" && exit 1; fi shell: bash diff --git a/.github/workflows/wiki.yml b/.github/workflows/wiki.yml index d87b3899..e5f4a432 100644 --- a/.github/workflows/wiki.yml +++ b/.github/workflows/wiki.yml @@ -15,10 +15,7 @@ jobs: ref: 'master' - name: rename-readme run: | - for pathname in jails/*/README.MD; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/README.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done - for pathname in jails/*/Readme.md; do ! cp "$pathname" "docs/jails/$( basename "$( dirname "$pathname" )" ).md"; done + for pathname in blueprints/*/readme.md; do ! cp "$pathname" "docs/blueprints/$( basename "$( dirname "$pathname" )" ).md"; done shell: bash - name: Deploy docs uses: mhausenblas/mkdocs-deploy-gh-pages@master diff --git a/blueprints/bitwarden/config.yml b/blueprints/bitwarden/config.yml new file mode 100644 index 00000000..c79bd93c --- /dev/null +++ b/blueprints/bitwarden/config.yml @@ -0,0 +1,3 @@ +blueprint: + bitwarden: + pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/bitwarden/includes/bitwarden.rc b/blueprints/bitwarden/includes/bitwarden.rc similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc rename to blueprints/bitwarden/includes/bitwarden.rc diff --git a/jails/bitwarden/includes/bitwarden.rc.conf b/blueprints/bitwarden/includes/bitwarden.rc.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/bitwarden/includes/bitwarden.rc.conf rename to blueprints/bitwarden/includes/bitwarden.rc.conf diff --git a/blueprints/bitwarden/install.sh b/blueprints/bitwarden/install.sh new file mode 100755 index 00000000..9c38e44b --- /dev/null +++ b/blueprints/bitwarden/install.sh @@ -0,0 +1,119 @@ +#!/usr/local/bin/bash +# This file contains the install script for bitwarden + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_db_type" +INSTALL_TYPE="${!INSTALL_TYPE:-mariadb}" + +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" mkdir -p /usr/local/share/bitwarden/src +iocage exec "${1}" git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +# shellcheck disable=SC2154 +if [ -f "/mnt/${global_dataset_config}/${1}/ssl/bitwarden-ssl.crt" ]; then + echo "certificate exist... Skipping cert generation" +else + "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/"${1}"/ssl/bitwarden-ssl.crt +fi + +if [ -f "/mnt/${global_dataset_config}/${1}/bitwarden.log" ]; then + echo "Reinstall of Bitwarden detected... using existing config and database" +elif [ "${INSTALL_TYPE}" == "mariadb" ]; then + echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" + iocage exec "${!DB_JAIL}" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "${!DB_JAIL}" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "${!DB_JAIL}" mysqladmin reload +else + echo "No config detected, doing clean install." +fi + +iocage exec "${1}" "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +iocage exec "${1}" mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/bitwarden/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" sysrc "bitwarden_enable=YES" +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden install." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/jails/bitwarden/readme.md b/blueprints/bitwarden/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/bitwarden/readme.md rename to blueprints/bitwarden/readme.md diff --git a/blueprints/bitwarden/update.sh b/blueprints/bitwarden/update.sh new file mode 100755 index 00000000..a2775815 --- /dev/null +++ b/blueprints/bitwarden/update.sh @@ -0,0 +1,100 @@ +#!/usr/local/bin/bash +# This file contains the update script for bitwarden +# Due to it being build from scratch or downloaded directly to execution dir, +# Update for Bitwarden is pretty similair to installation + +# Initialise defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +DB_DATABASE="jail_${1}_db_datavase" +DB_USER="jail_${1}_db_user" +# shellcheck disable=SC2154 +INSTALL_TYPE="jail_${1}_type" +DB_JAIL="jail_${1}_db_jail" +DB_JAIL="${!DB_JAIL}" +# shellcheck disable=SC2154 +DB_HOST="${DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" +# shellcheck disable=SC2154 +DB_PASSWORD="jail_${1}_db_password" +DB_STRING="mysql://${!DB_USER}:${!DB_PASSWORD}@${DB_HOST}/${!DB_DATABASE}" +# shellcheck disable=SC2154 +ADMIN_TOKEN="jail_${1}_admin_token" + +if [ -z "${!DB_USER}" ]; then + echo "db_user can't be empty" + exit 1 +fi + +if [ -z "${!DB_DATABASE}" ]; then + echo "db_database can't be empty" + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo "db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 + fi + +if [ -z "${!JAIL_IP}" ]; then + echo "ip4_addr can't be empty" + exit 1 +fi + +if [ -z "${!ADMIN_TOKEN}" ]; then +ADMIN_TOKEN=$(openssl rand -base64 16) +fi + +iocage exec "${1}" service bitwarden stop + +# install latest rust version, pkg version is outdated and can't build bitwarden_rs +iocage exec "${1}" "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" + +# Install Bitwarden_rs +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src fetch" +TAG=$(iocage exec "${1}" "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") +iocage exec "${1}" "git -C /usr/local/share/bitwarden/src checkout ${TAG}" +#TODO replace with: cargo build --features mysql --release +if [ "${INSTALL_TYPE}" == "mariadb" ]; then + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" +else + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" + iocage exec "${1}" "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" +fi + + +iocage exec "${1}" cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin + +# Download and install webvault +WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) +WEB_TAG="${WEB_RELEASE_URL##*/}" +iocage exec "${1}" "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" +iocage exec "${1}" "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" +iocage exec "${1}" rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz + +iocage exec "${1}" chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/bitwarden +cp "${SCRIPT_DIR}"/blueprints/"${1}"/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden +echo 'export ADMIN_TOKEN="'"${!ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.conf.d/bitwarden + +if [ "${!ADMIN_TOKEN}" == "NONE" ]; then + echo "Admin_token set to NONE, disabling admin portal" +else + echo "Admin_token set and admin portal enabled" + iocage exec "${1}" echo "${DB_NAME} Admin Token is ${!ADMIN_TOKEN}" > /root/"${1}"_admin_token.txt +fi + + +iocage exec "${1}" chmod u+x /usr/local/etc/rc.d/bitwarden +iocage exec "${1}" service bitwarden restart +echo "Jail ${1} finished Bitwarden update." +echo "Admin Token is ${!ADMIN_TOKEN}" diff --git a/blueprints/influxdb/config.yml b/blueprints/influxdb/config.yml new file mode 100644 index 00000000..da7c0120 --- /dev/null +++ b/blueprints/influxdb/config.yml @@ -0,0 +1,3 @@ +blueprint: + influxdb: + pkgs: influxdb \ No newline at end of file diff --git a/jails/influxdb/includes/influxd.conf b/blueprints/influxdb/includes/influxd.conf similarity index 100% rename from jails/influxdb/includes/influxd.conf rename to blueprints/influxdb/includes/influxd.conf diff --git a/blueprints/influxdb/install.sh b/blueprints/influxdb/install.sh new file mode 100755 index 00000000..be79b3fe --- /dev/null +++ b/blueprints/influxdb/install.sh @@ -0,0 +1,32 @@ +#!/usr/local/bin/bash +# This script installs the current release of InfluxDB + +##### +# +# Init and Mounts +# +##### + +# Initialise variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/influxdb/includes" + +# Mount and configure proper configuration location +# shellcheck disable=SC2154 +cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${1}/influxd.conf" +iocage exec "${1}" mkdir -p /config/db/data /config/db/meta /config/db/wal +iocage exec "${1}" chown -R influxd:influxd /config/db +iocage exec "${1}" sysrc influxd_conf="/config/influxd.conf" +iocage exec "${1}" sysrc influxd_enable="YES" + +# Start influxdb and wait for it to startup +iocage exec "${1}" service influxd start +sleep 15 + +# Done! +echo "Installation complete!" +echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." +echo "" diff --git a/jails/influxdb/readme.md b/blueprints/influxdb/readme.md similarity index 100% rename from jails/influxdb/readme.md rename to blueprints/influxdb/readme.md diff --git a/jails/influxdb/update.sh b/blueprints/influxdb/update.sh old mode 100644 new mode 100755 similarity index 64% rename from jails/influxdb/update.sh rename to blueprints/influxdb/update.sh index a216ec27..c0b00e28 --- a/jails/influxdb/update.sh +++ b/blueprints/influxdb/update.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash # This file contains the update script for influxdb -iocage exec influxdb service influxd stop +iocage exec "$1" service influxd stop # InfluxDB is updated during PKG update, this file is mostly just a placeholder -iocage exec influxdb service influxd restart \ No newline at end of file +iocage exec "$1" service influxd restart \ No newline at end of file diff --git a/blueprints/jackett/config.yml b/blueprints/jackett/config.yml new file mode 100644 index 00000000..ef43a221 --- /dev/null +++ b/blueprints/jackett/config.yml @@ -0,0 +1,3 @@ +blueprint: + jackett: + pkgs: mono \ No newline at end of file diff --git a/jails/jackett/includes/jackett.rc b/blueprints/jackett/includes/jackett.rc similarity index 100% rename from jails/jackett/includes/jackett.rc rename to blueprints/jackett/includes/jackett.rc diff --git a/blueprints/jackett/install.sh b/blueprints/jackett/install.sh new file mode 100755 index 00000000..d5e4ede7 --- /dev/null +++ b/blueprints/jackett/install.sh @@ -0,0 +1,14 @@ +#!/usr/local/bin/bash +# This file contains the install script for jackett + +iocage exec "$1" "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Jackett.Binaries.Mono.tar.gz +iocage exec "$1" "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" sysrc "jackett_enable=YES" +iocage exec "$1" service jackett restart diff --git a/jails/jackett/readme.md b/blueprints/jackett/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/jackett/readme.md rename to blueprints/jackett/readme.md diff --git a/blueprints/jackett/update.sh b/blueprints/jackett/update.sh new file mode 100755 index 00000000..f0c700dc --- /dev/null +++ b/blueprints/jackett/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for jackett + +iocage exec "$1" service jackett stop +#TODO insert code to update jacket itself here +iocage exec "$1" chown -R jackett:jackett /usr/local/share/Jackett /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/jackett +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/jackett +iocage exec "$1" service jackett restart diff --git a/blueprints/kms/config.yml b/blueprints/kms/config.yml new file mode 100644 index 00000000..d3aa5d24 --- /dev/null +++ b/blueprints/kms/config.yml @@ -0,0 +1,3 @@ +blueprint: + kms: + pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/kms/includes/Activate_Office_2019_Pro.bat b/blueprints/kms/includes/Activate_Office_2019_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Office_2019_Pro.bat rename to blueprints/kms/includes/Activate_Office_2019_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_10_Pro.bat b/blueprints/kms/includes/Activate_Windows_10_Pro.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_10_Pro.bat rename to blueprints/kms/includes/Activate_Windows_10_Pro.bat diff --git a/jails/kms/includes/Activate_Windows_Server_2019_Standard.bat b/blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Activate_Windows_Server_2019_Standard.bat rename to blueprints/kms/includes/Activate_Windows_Server_2019_Standard.bat diff --git a/jails/kms/includes/Office-2019-Pro-VLK-Config.xml b/blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Office-2019-Pro-VLK-Config.xml rename to blueprints/kms/includes/Office-2019-Pro-VLK-Config.xml diff --git a/jails/kms/includes/Readme.md b/blueprints/kms/includes/Readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Readme.md rename to blueprints/kms/includes/Readme.md diff --git a/jails/kms/includes/Setup_Office_2019_Pro.txt b/blueprints/kms/includes/Setup_Office_2019_Pro.txt old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/includes/Setup_Office_2019_Pro.txt rename to blueprints/kms/includes/Setup_Office_2019_Pro.txt diff --git a/jails/kms/includes/py_kms.rc b/blueprints/kms/includes/py_kms.rc similarity index 100% rename from jails/kms/includes/py_kms.rc rename to blueprints/kms/includes/py_kms.rc diff --git a/blueprints/kms/install.sh b/blueprints/kms/install.sh new file mode 100755 index 00000000..4ca49f7f --- /dev/null +++ b/blueprints/kms/install.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the install script for KMS + +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" sysrc "py_kms_enable=YES" +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/jails/kms/readme.md b/blueprints/kms/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/kms/readme.md rename to blueprints/kms/readme.md diff --git a/blueprints/kms/update.sh b/blueprints/kms/update.sh new file mode 100755 index 00000000..24636602 --- /dev/null +++ b/blueprints/kms/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for KMS + +iocage exec "$1" service py_kms stop +iocage exec "$1" svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms +iocage exec "$1" chown -R kms:kms /usr/local/share/py-kms /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/py_kms +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/py_kms +iocage exec "$1" service py_kms start \ No newline at end of file diff --git a/blueprints/lidarr/config.yml b/blueprints/lidarr/config.yml new file mode 100644 index 00000000..08b7eec5 --- /dev/null +++ b/blueprints/lidarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + lidarr: lidarr + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/lidarr/includes/lidarr.rc b/blueprints/lidarr/includes/lidarr.rc similarity index 100% rename from jails/lidarr/includes/lidarr.rc rename to blueprints/lidarr/includes/lidarr.rc diff --git a/blueprints/lidarr/install.sh b/blueprints/lidarr/install.sh new file mode 100755 index 00000000..119f9ebc --- /dev/null +++ b/blueprints/lidarr/install.sh @@ -0,0 +1,25 @@ +#!/usr/local/bin/bash +# This file contains the install script for lidarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/music /mnt/music + + +iocage exec "$1" "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" +iocage exec "$1" "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" +iocage exec "$1" "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/Lidarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" sysrc "lidarr_enable=YES" +iocage exec "$1" service lidarr start diff --git a/jails/lidarr/readme.md b/blueprints/lidarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/lidarr/readme.md rename to blueprints/lidarr/readme.md diff --git a/blueprints/lidarr/update.sh b/blueprints/lidarr/update.sh new file mode 100755 index 00000000..2e5edf9e --- /dev/null +++ b/blueprints/lidarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for lidarr + +iocage exec "$1" service lidarr stop +#TODO insert code to update lidarr itself here +iocage exec "$1" chown -R lidarr:lidarr /usr/local/share/lidarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/lidarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/lidarr +iocage exec "$1" service lidarr restart \ No newline at end of file diff --git a/blueprints/mariadb/config.yml b/blueprints/mariadb/config.yml new file mode 100644 index 00000000..05feae35 --- /dev/null +++ b/blueprints/mariadb/config.yml @@ -0,0 +1,3 @@ +blueprint: + mariadb: + pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/mariadb/includes/Caddyfile b/blueprints/mariadb/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/Caddyfile rename to blueprints/mariadb/includes/Caddyfile diff --git a/jails/mariadb/includes/caddy b/blueprints/mariadb/includes/caddy.rc similarity index 100% rename from jails/mariadb/includes/caddy rename to blueprints/mariadb/includes/caddy.rc diff --git a/jails/mariadb/includes/my-system.cnf b/blueprints/mariadb/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my-system.cnf rename to blueprints/mariadb/includes/my-system.cnf diff --git a/jails/mariadb/includes/my.cnf b/blueprints/mariadb/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/includes/my.cnf rename to blueprints/mariadb/includes/my.cnf diff --git a/blueprints/mariadb/install.sh b/blueprints/mariadb/install.sh new file mode 100755 index 00000000..e94678b0 --- /dev/null +++ b/blueprints/mariadb/install.sh @@ -0,0 +1,117 @@ +#!/usr/local/bin/bash +# This script installs the current release of Mariadb and PhpMyAdmin into a created jail +##### +# +# Init and Mounts +# +##### + +# Initialise defaults +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" +# shellcheck disable=SC2154 +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +# shellcheck disable=SC2154 +DB_ROOT_PASSWORD="jail_${1}_db_root_password" +HOST_NAME="jail_${1}_host_name" +DL_FLAGS="" +DNS_ENV="" + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The mariadb jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/db")" ]; then + echo "Reinstall of mariadb detected... Continuing" + REINSTALL="true" +fi + +# Mount database dataset and set zfs preferences +createmount "${1}" "${global_dataset_config}"/"${1}"/db /var/db/mysql +zfs set recordsize=16K "${global_dataset_config}"/"${1}"/db +zfs set primarycache=metadata "${global_dataset_config}"/"${1}"/db + +iocage exec "${1}" chown -R 88:88 /var/db/mysql + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" mkdir -p /usr/local/www/phpmyadmin +iocage exec "${1}" chown -R www:www /usr/local/www/phpmyadmin + +##### +# +# Install mariadb, Caddy and PhpMyAdmin +# +##### + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc mysql_enable="YES" + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_env="${DNS_ENV}" + +iocage restart "${1}" +sleep 10 + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + iocage exec "${1}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" + iocage exec "${1}" mysql -u root -e "DROP DATABASE IF EXISTS test;" + iocage exec "${1}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" + iocage exec "${1}" mysqladmin --user=root password "${!DB_ROOT_PASSWORD}" + iocage exec "${1}" mysqladmin reload +fi +iocage exec "${1}" cp -f /mnt/includes/my.cnf /root/.my.cnf +iocage exec "${1}" sed -i '' "s|mypassword|${!DB_ROOT_PASSWORD}|" /root/.my.cnf + +# Save passwords for later reference +iocage exec "${1}" echo "MariaDB root password is ${!DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +echo "Using your web browser, go to http://${!HOST_NAME} to log in" + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + echo "Database Information" + echo "--------------------" + echo "The MariaDB root password is ${!DB_ROOT_PASSWORD}" + fi +echo "" +echo "All passwords are saved in /root/${1}_db_password.txt" diff --git a/jails/mariadb/readme.md b/blueprints/mariadb/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/mariadb/readme.md rename to blueprints/mariadb/readme.md diff --git a/blueprints/mariadb/update.sh b/blueprints/mariadb/update.sh new file mode 100755 index 00000000..8e20ef6d --- /dev/null +++ b/blueprints/mariadb/update.sh @@ -0,0 +1,37 @@ +#!/usr/local/bin/bash +# This file contains the update script for mariadb + +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/mariadb/includes" + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" service caddy stop +iocage exec "${1}" service php-fpm stop + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +# Copy and edit pre-written config files +echo "Copying Caddyfile for no SSL" +iocage exec "${1}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ +iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile +# shellcheck disable=SC2154 +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +iocage exec "${1}" service caddy start +iocage exec "${1}" service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/LICENSE b/blueprints/nextcloud/LICENSE old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/LICENSE rename to blueprints/nextcloud/LICENSE diff --git a/blueprints/nextcloud/config.yml b/blueprints/nextcloud/config.yml new file mode 100644 index 00000000..0f8e0193 --- /dev/null +++ b/blueprints/nextcloud/config.yml @@ -0,0 +1,4 @@ +blueprint: + nextcloud: + pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf + ports: true \ No newline at end of file diff --git a/jails/nextcloud/includes/Caddyfile b/blueprints/nextcloud/includes/Caddyfile old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile rename to blueprints/nextcloud/includes/Caddyfile diff --git a/jails/nextcloud/includes/Caddyfile-nossl b/blueprints/nextcloud/includes/Caddyfile-nossl old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-nossl rename to blueprints/nextcloud/includes/Caddyfile-nossl diff --git a/jails/nextcloud/includes/Caddyfile-selfsigned b/blueprints/nextcloud/includes/Caddyfile-selfsigned old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/Caddyfile-selfsigned rename to blueprints/nextcloud/includes/Caddyfile-selfsigned diff --git a/jails/nextcloud/includes/caddy b/blueprints/nextcloud/includes/caddy.rc similarity index 100% rename from jails/nextcloud/includes/caddy rename to blueprints/nextcloud/includes/caddy.rc diff --git a/jails/nextcloud/includes/my-system.cnf b/blueprints/nextcloud/includes/my-system.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my-system.cnf rename to blueprints/nextcloud/includes/my-system.cnf diff --git a/jails/nextcloud/includes/my.cnf b/blueprints/nextcloud/includes/my.cnf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/my.cnf rename to blueprints/nextcloud/includes/my.cnf diff --git a/jails/nextcloud/includes/pgpass b/blueprints/nextcloud/includes/pgpass old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/pgpass rename to blueprints/nextcloud/includes/pgpass diff --git a/jails/nextcloud/includes/php.ini b/blueprints/nextcloud/includes/php.ini old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/php.ini rename to blueprints/nextcloud/includes/php.ini diff --git a/jails/nextcloud/includes/redis.conf b/blueprints/nextcloud/includes/redis.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/redis.conf rename to blueprints/nextcloud/includes/redis.conf diff --git a/jails/nextcloud/includes/remove-staging.sh b/blueprints/nextcloud/includes/remove-staging.sh similarity index 100% rename from jails/nextcloud/includes/remove-staging.sh rename to blueprints/nextcloud/includes/remove-staging.sh diff --git a/jails/nextcloud/includes/www-crontab b/blueprints/nextcloud/includes/www-crontab old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www-crontab rename to blueprints/nextcloud/includes/www-crontab diff --git a/jails/nextcloud/includes/www.conf b/blueprints/nextcloud/includes/www.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/nextcloud/includes/www.conf rename to blueprints/nextcloud/includes/www.conf diff --git a/blueprints/nextcloud/install.sh b/blueprints/nextcloud/install.sh new file mode 100755 index 00000000..79f56f3f --- /dev/null +++ b/blueprints/nextcloud/install.sh @@ -0,0 +1,321 @@ +#!/usr/local/bin/bash +# This script installs the current release of Nextcloud into a create jail +# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud + +# Initialise defaults +# General Defaults +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" +HOST_NAME="jail_${1}_host_name" +TIME_ZONE="jail_${1}_time_zone" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/nextcloud/includes" + +# SSL/CERT Defaults +CERT_TYPE="jail_${1}_cert_type" +CERT_TYPE="${!CERT_TYPE:-SELFSIGNED_CERT}" +CERT_EMAIL="jail_${1}_cert_email" +CERT_EMAIL="${!CERT_EMAIL:-placeholder@email.fake}" +DNS_PLUGIN="jail_${1}_dns_plugin" +DNS_ENV="jail_${1}_dns_env" + +# Database Defaults +DB_TYPE="jail_${1}_db_type" +DB_TYPE="${!DB_TYPE:-mariadb}" +DB_JAIL="jail_${1}_db_jail" +# shellcheck disable=SC2154 +DB_HOST="jail_${!DB_JAIL}_ip4_addr" +DB_HOST="${!DB_HOST%/*}:3306" + +DB_PASSWORD="jail_${1}_db_password" + +DB_DATABASE="jail_${1}_db_database" +DB_DATABASE="${!DB_DATABASE:-$1}" + +DB_USER="jail_${1}_db_user" +DB_USER="${!DB_USER:-$DB_DATABASE}" + +ADMIN_PASSWORD="jail_${1}_admin_password" + +##### +# +# Input Sanity Check +# +##### + + +# Check that necessary variables were set by nextcloud-config +if [ -z "${JAIL_IP}" ]; then + echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${ADMIN_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud jail requires a admin_password' + echo 'Please reinstall using a fixed IP adress' + exit 1 +fi + +if [ -z "${!DB_PASSWORD}" ]; then + echo 'Configuration error: The Nextcloud Jail needs a database password' + echo 'Please reinstall with a defifined: db_password' + exit 1 +fi + +# shellcheck disable=SC2154 +if [ -z "${!TIME_ZONE}" ]; then + echo 'Configuration error: !TIME_ZONE must be set' + exit 1 +fi +if [ -z "${!HOST_NAME}" ]; then + echo 'Configuration error: !HOST_NAME must be set' + exit 1 +fi + + + +if [ "$CERT_TYPE" != "STANDALONE_CERT" ] && [ "$CERT_TYPE" != "DNS_CERT" ] && [ "$CERT_TYPE" != "NO_CERT" ] && [ "$CERT_TYPE" != "SELFSIGNED_CERT" ]; then + echo 'Configuration error, cert_type options: STANDALONE_CERT, DNS_CERT, NO_CERT or SELFSIGNED_CERT' + exit 1 +fi + +if [ "$CERT_TYPE" == "DNS_CERT" ]; then + if [ -z "${!DNS_PLUGIN}" ] ; then + echo "DNS_PLUGIN must be set to a supported DNS provider." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." + echo "Be sure to omit the prefix of \"tls.dns.\"." + exit 1 + elif [ -z "${!DNS_ENV}" ] ; then + echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." + echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." + exit 1 + else + DL_FLAGS="tls.dns.${DNS_PLUGIN}" + DNS_SETTING="dns ${DNS_PLUGIN}" + fi +fi + +# Make sure DB_PATH is empty -- if not, MariaDB will choke +# shellcheck disable=SC2154 +if [ "$(ls -A "/mnt/${global_dataset_config}/${1}/config")" ]; then + echo "Reinstall of Nextcloud detected... " + REINSTALL="true" +fi + + +##### + # +# Fstab And Mounts +# +##### + +# Create and Mount Nextcloud, Config and Files +createmount "${1}" "${global_dataset_config}"/"${1}"/config /usr/local/www/nextcloud/config +createmount "${1}" "${global_dataset_config}"/"${1}"/themes /usr/local/www/nextcloud/themes +createmount "${1}" "${global_dataset_config}"/"${1}"/files /config/files + +# Install includes fstab +iocage exec "${1}" mkdir -p /mnt/includes +iocage fstab -a "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + + +iocage exec "${1}" chown -R www:www /config/files +iocage exec "${1}" chmod -R 770 /config/files + + +##### +# +# Basic dependency install +# +##### + +if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli +fi + +fetch -o /tmp https://getcaddy.com +if ! iocage exec "${1}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com +then + echo "Failed to download/install Caddy" + exit 1 +fi + +iocage exec "${1}" sysrc redis_enable="YES" +iocage exec "${1}" sysrc php_fpm_enable="YES" +iocage exec "${1}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" +iocage exec "${1}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" + + +##### +# +# Install Nextcloud +# +##### + +FILE="latest-18.tar.bz2" +if ! iocage exec "${1}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc +then + echo "Failed to download Nextcloud" + exit 1 +fi +iocage exec "${1}" gpg --import /tmp/nextcloud.asc +if ! iocage exec "${1}" gpg --verify /tmp/"${FILE}".asc +then + echo "GPG Signature Verification Failed!" + echo "The Nextcloud download is corrupt." + exit 1 +fi +iocage exec "${1}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ +iocage exec "${1}" chown -R www:www /usr/local/www/nextcloud/ + + +# Generate and install self-signed cert, if necessary +if [ "$CERT_TYPE" == "SELFSIGNED_CERT" ] && [ ! -f "/mnt/${global_dataset_config}/${1}/ssl/privkey.pem" ]; then + echo "No ssl certificate present, generating self signed certificate" + if [ ! -d "/mnt/${global_dataset_config}/${1}/ssl" ]; then + echo "cert folder not existing... creating..." + iocage exec "${1}" mkdir /config/ssl + fi + openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${!HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem + iocage exec "${1}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem + iocage exec "${1}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem +fi + +# Copy and edit pre-written config files +iocage exec "${1}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini +iocage exec "${1}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf +iocage exec "${1}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ + + +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + iocage exec "${1}" cp -f /mnt/includes/remove-staging.sh /root/ +fi + +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Copying Caddyfile for no SSL" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "Copying Caddyfile for self-signed cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile +else + echo "Copying Caddyfile for Let's Encrypt cert" + iocage exec "${1}" cp -f /mnt/includes/Caddyfile /usr/local/www/ +fi + + +iocage exec "${1}" cp -f /mnt/includes/caddy.rc /usr/local/etc/rc.d/caddy + + +iocage exec "${1}" sed -i '' "s/yourhostnamehere/${!HOST_NAME}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile +iocage exec "${1}" sed -i '' "s|mytimezone|${!TIME_ZONE}|" /usr/local/etc/php.ini + +iocage exec "${1}" sysrc caddy_enable="YES" +iocage exec "${1}" sysrc caddy_cert_email="${CERT_EMAIL}" +iocage exec "${1}" sysrc caddy_SNI_default="${!HOST_NAME}" +iocage exec "${1}" sysrc caddy_env="${!DNS_ENV}" + +iocage restart "${1}" + +if [ "${REINSTALL}" == "true" ]; then + echo "Reinstall detected, skipping generaion of new config and database" +else + + # Secure database, set root password, create Nextcloud DB, user, and password + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" + iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${!DB_PASSWORD}';" + iocage exec "mariadb" mysqladmin reload + fi + + + # Save passwords for later reference + iocage exec "${1}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud database password is ${!DB_PASSWORD}" >> /root/"${1}"_db_password.txt + iocage exec "${1}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/"${1}"_db_password.txt + + # CLI installation and configuration of Nextcloud + if [ "${DB_TYPE}" = "mariadb" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${!DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${!ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" + fi + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${!TIME_ZONE}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" + if [ "$CERT_TYPE" == "NO_CERT" ]; then + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${!HOST_NAME}/\"" + else + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${!HOST_NAME}/\"" + fi + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${!HOST_NAME}\"" + iocage exec "${1}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' + iocage exec "${1}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' + +fi + +iocage exec "${1}" touch /var/log/nextcloud.log +iocage exec "${1}" chown www /var/log/nextcloud.log +iocage exec "${1}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' +iocage exec "${1}" crontab -u www /mnt/includes/www-crontab + +# Don't need /mnt/includes any more, so unmount it +iocage fstab -r "${1}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 + +# Done! +echo "Installation complete!" +if [ "$CERT_TYPE" == "NO_CERT" ]; then + echo "Using your web browser, go to http://${!HOST_NAME} to log in" +else + echo "Using your web browser, go to https://${!HOST_NAME} to log in" +fi + +if [ "${REINSTALL}" == "true" ]; then + echo "You did a reinstall, please use your old database and account credentials" +else + + echo "Default user is admin, password is ${ADMIN_PASSWORD}" + echo "" + + echo "Database Information" + echo "--------------------" + echo "Database user = ${DB_USER}" + echo "Database password = ${!DB_PASSWORD}" + echo "" + echo "All passwords are saved in /root/${1}_db_password.txt" +fi + +echo "" +if [ "$CERT_TYPE" == "STANDALONE_CERT" ] && [ "$CERT_TYPE" == "DNS_CERT" ]; then + echo "You have obtained your Let's Encrypt certificate using the staging server." + echo "This certificate will not be trusted by your browser and will cause SSL errors" + echo "when you connect. Once you've verified that everything else is working" + echo "correctly, you should issue a trusted certificate. To do this, run:" + echo "iocage exec ${1}/root/remove-staging.sh" + echo "" +elif [ "$CERT_TYPE" == "SELFSIGNED_CERT" ]; then + echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" + echo "installation. This certificate will not be trusted by your browser and" + echo "will cause SSL errors when you connect. If you wish to replace this certificate" + echo "with one obtained elsewhere, the private key is located at:" + echo "/config/ssl/privkey.pem" + echo "The full chain (server + intermediate certificates together) is at:" + echo "/config/ssl/fullchain.pem" + echo "" +fi + diff --git a/jails/nextcloud/readme.md b/blueprints/nextcloud/readme.md similarity index 100% rename from jails/nextcloud/readme.md rename to blueprints/nextcloud/readme.md diff --git a/jails/nextcloud/update.sh b/blueprints/nextcloud/update.sh similarity index 100% rename from jails/nextcloud/update.sh rename to blueprints/nextcloud/update.sh diff --git a/blueprints/organizr/config.yml b/blueprints/organizr/config.yml new file mode 100644 index 00000000..a06f8e48 --- /dev/null +++ b/blueprints/organizr/config.yml @@ -0,0 +1,3 @@ +blueprint: + organizr: + pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/organizr/includes/custom/organizr.conf b/blueprints/organizr/includes/custom/organizr.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/organizr.conf rename to blueprints/organizr/includes/custom/organizr.conf diff --git a/jails/organizr/includes/custom/phpblock.conf b/blueprints/organizr/includes/custom/phpblock.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/custom/phpblock.conf rename to blueprints/organizr/includes/custom/phpblock.conf diff --git a/jails/organizr/includes/nginx.conf b/blueprints/organizr/includes/nginx.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/includes/nginx.conf rename to blueprints/organizr/includes/nginx.conf diff --git a/blueprints/organizr/install.sh b/blueprints/organizr/install.sh new file mode 100755 index 00000000..c52d0538 --- /dev/null +++ b/blueprints/organizr/install.sh @@ -0,0 +1,34 @@ +#!/usr/local/bin/bash +# This file contains the install script for Organizr + +iocage exec "$1" sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf +iocage exec "$1" cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini +iocage exec "$1" sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini +# shellcheck disable=SC2154 +mv /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf.bak +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +cp -Rf "${SCRIPT_DIR}"/blueprints/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/custom +# shellcheck disable=SC2154 +if [ ! -d "/mnt/${global_dataset_config}/$1/ssl" ]; then + echo "cert folder doesn't exist... creating..." + iocage exec "$1" mkdir /config/ssl +fi + +if [ -f "/mnt/${global_dataset_config}/$1/ssl/Organizr-Cert.crt" ]; then + echo "certificate exists... Skipping cert generation" +else + echo "No ssl certificate present, generating self signed certificate" + openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/"$1"/ssl/Organizr-Cert.crt +fi + +iocage exec "$1" git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php +iocage exec "$1" sysrc nginx_enable=YES +iocage exec "$1" sysrc php_fpm_enable=YES +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start diff --git a/jails/organizr/readme.md b/blueprints/organizr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/organizr/readme.md rename to blueprints/organizr/readme.md diff --git a/blueprints/organizr/update.sh b/blueprints/organizr/update.sh new file mode 100755 index 00000000..3021ec5d --- /dev/null +++ b/blueprints/organizr/update.sh @@ -0,0 +1,12 @@ +#!/usr/local/bin/bash +# This file contains the update script for Organizr + +iocage exec "$1" service nginx stop +iocage exec "$1" service php-fpm stop +# TODO setup cli update for Organizr here. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/nginx/nginx.conf +iocage exec "$1" "cd /usr/local/www/Organizr && git pull" +iocage exec "$1" chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom +iocage exec "$1" service nginx start +iocage exec "$1" service php-fpm start \ No newline at end of file diff --git a/blueprints/plex/config.yml b/blueprints/plex/config.yml new file mode 100644 index 00000000..bc68372a --- /dev/null +++ b/blueprints/plex/config.yml @@ -0,0 +1,3 @@ +blueprint: + plex: + pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/plex/includes/FreeBSD.conf b/blueprints/plex/includes/FreeBSD.conf old mode 100755 new mode 100644 similarity index 100% rename from jails/plex/includes/FreeBSD.conf rename to blueprints/plex/includes/FreeBSD.conf diff --git a/blueprints/plex/install.sh b/blueprints/plex/install.sh new file mode 100755 index 00000000..54766a03 --- /dev/null +++ b/blueprints/plex/install.sh @@ -0,0 +1,51 @@ +#!/usr/local/bin/bash +# This file contains the install script for plex + +iocage exec plex mkdir -p /usr/local/etc/pkg/repos + +# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/pkg/repos/FreeBSD.conf + + +# Check if datasets for media librarys exist, create them if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" /mnt/media +createmount "$1" "${global_dataset_media}"/movies /mnt/media/movies +createmount "$1" "${global_dataset_media}"/music /mnt/media/music +createmount "$1" "${global_dataset_media}"/shows /mnt/media/shows + +# Create plex ramdisk if specified +# shellcheck disable=SC2154 +if [ -z "${plex_ramdisk}" ]; then + echo "no ramdisk specified for plex, continuing without randisk" +else + iocage fstab -a "$1" tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 +fi + +iocage exec "$1" chown -R plex:plex /config + +# Force update pkg to get latest plex version +iocage exec "$1" pkg update +iocage exec "$1" pkg upgrade -y + +# Add plex user to video group for future hw-encoding support +iocage exec "$1" pw groupmod -n video -m plex + +# Run different install procedures depending on Plex vs Plex Beta +# shellcheck disable=SC2154 +if [ "$plex_beta" == "true" ]; then + echo "beta enabled in config.yml... using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_plexpass_enable=YES" + iocage exec "$1" sysrc plexmediaserver_plexpass_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart +else + echo "beta disabled in config.yml... NOT using plex beta for install" + iocage exec "$1" sysrc "plexmediaserver_enable=YES" + iocage exec "$1" sysrc plexmediaserver_support_path="/config" + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart +fi + +echo "Finished installing plex" \ No newline at end of file diff --git a/jails/plex/readme.md b/blueprints/plex/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/plex/readme.md rename to blueprints/plex/readme.md diff --git a/jails/plex/update.sh b/blueprints/plex/update.sh similarity index 60% rename from jails/plex/update.sh rename to blueprints/plex/update.sh index ca01432a..97d89491 100755 --- a/jails/plex/update.sh +++ b/blueprints/plex/update.sh @@ -5,16 +5,16 @@ # shellcheck disable=SC2154 if [ "$plex_plexpass" == "true" ]; then echo "beta enabled in config.yml... using plex beta for update..." - iocage exec plex service plexmediaserver_plexpass stop + iocage exec "$1" service plexmediaserver_plexpass stop # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ + iocage exec "$1" service plexmediaserver_plexpass restart else echo "beta disabled in config.yml... NOT using plex beta for update..." - iocage exec plex service plexmediaserver stop + iocage exec "$1" service plexmediaserver stop # Plex is updated using PKG already, this is mostly a placeholder - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart + iocage exec "$1" chown -R plex:plex /usr/local/share/plexmediaserver/ + iocage exec "$1" service plexmediaserver restart fi diff --git a/blueprints/radarr/config.yml b/blueprints/radarr/config.yml new file mode 100644 index 00000000..6125ba70 --- /dev/null +++ b/blueprints/radarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + radarr: + pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/radarr/includes/radarr.rc b/blueprints/radarr/includes/radarr.rc similarity index 100% rename from jails/radarr/includes/radarr.rc rename to blueprints/radarr/includes/radarr.rc diff --git a/blueprints/radarr/install.sh b/blueprints/radarr/install.sh new file mode 100755 index 00000000..99442692 --- /dev/null +++ b/blueprints/radarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for radarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for movies exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/movies /mnt/movies + +iocage exec "$1" "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz +iocage exec "$1" "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" sysrc "radarr_enable=YES" +iocage exec "$1" service radarr restart diff --git a/jails/radarr/readme.md b/blueprints/radarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/radarr/readme.md rename to blueprints/radarr/readme.md diff --git a/blueprints/radarr/update.sh b/blueprints/radarr/update.sh new file mode 100755 index 00000000..8275b656 --- /dev/null +++ b/blueprints/radarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for radarr + +iocage exec "$1" service radarr stop +#TODO insert code to update radarr itself here +iocage exec "$1" chown -R radarr:radarr /usr/local/share/Radarr /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/radarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/radarr +iocage exec "$1" service radarr restart \ No newline at end of file diff --git a/blueprints/sonarr/config.yml b/blueprints/sonarr/config.yml new file mode 100644 index 00000000..ab4801ba --- /dev/null +++ b/blueprints/sonarr/config.yml @@ -0,0 +1,3 @@ +blueprint: + sonarr: + pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/sonarr/includes/sonarr.rc b/blueprints/sonarr/includes/sonarr.rc similarity index 100% rename from jails/sonarr/includes/sonarr.rc rename to blueprints/sonarr/includes/sonarr.rc diff --git a/blueprints/sonarr/install.sh b/blueprints/sonarr/install.sh new file mode 100755 index 00000000..faec9912 --- /dev/null +++ b/blueprints/sonarr/install.sh @@ -0,0 +1,24 @@ +#!/usr/local/bin/bash +# This file contains the install script for sonarr + +# Check if dataset for completed download and it parent dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" +createmount "$1" "${global_dataset_downloads}"/complete /mnt/fetched + +# Check if dataset for media library and the dataset for tv shows exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_media}" +createmount "$1" "${global_dataset_media}"/shows /mnt/shows + +iocage exec "$1" "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" +iocage exec "$1" "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" +iocage exec "$1" rm /usr/local/share/NzbDrone.master.tar.gz +iocage exec "$1" "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +iocage exec "$1" mkdir /usr/local/etc/rc.d +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" sysrc "sonarr_enable=YES" +iocage exec "$1" service sonarr restart diff --git a/jails/sonarr/readme.md b/blueprints/sonarr/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/sonarr/readme.md rename to blueprints/sonarr/readme.md diff --git a/blueprints/sonarr/update.sh b/blueprints/sonarr/update.sh new file mode 100755 index 00000000..f81fd987 --- /dev/null +++ b/blueprints/sonarr/update.sh @@ -0,0 +1,10 @@ +#!/usr/local/bin/bash +# This file contains the update script for sonarr + +iocage exec "$1" service sonarr stop +#TODO insert code to update sonarr itself here +iocage exec "$1" chown -R sonarr:sonarr /usr/local/share/NzbDrone /config +# shellcheck disable=SC2154 +cp "${SCRIPT_DIR}"/blueprints/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/"$1"/root/usr/local/etc/rc.d/sonarr +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/sonarr +iocage exec "$1" service sonarr restart \ No newline at end of file diff --git a/blueprints/tautulli/config.yml b/blueprints/tautulli/config.yml new file mode 100644 index 00000000..3c6a9a2d --- /dev/null +++ b/blueprints/tautulli/config.yml @@ -0,0 +1,3 @@ +blueprint: + tautulli: + pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/blueprints/tautulli/install.sh b/blueprints/tautulli/install.sh new file mode 100755 index 00000000..c87ec954 --- /dev/null +++ b/blueprints/tautulli/install.sh @@ -0,0 +1,11 @@ +#!/usr/local/bin/bash +# This file contains the install script for Tautulli + +iocage exec "$1" git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli +iocage exec "$1" "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" sysrc "tautulli_enable=YES" +iocage exec "$1" sysrc "tautulli_flags=--datadir /config" +iocage exec "$1" service tautulli start \ No newline at end of file diff --git a/jails/tautulli/readme.md b/blueprints/tautulli/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/tautulli/readme.md rename to blueprints/tautulli/readme.md diff --git a/blueprints/tautulli/update.sh b/blueprints/tautulli/update.sh new file mode 100755 index 00000000..500aa181 --- /dev/null +++ b/blueprints/tautulli/update.sh @@ -0,0 +1,9 @@ +#!/usr/local/bin/bash +# This file contains the update script for Tautulli + +iocage exec "$1" service tautulli stop +# Tautulli is updated through pkg, this is mostly just a placeholder +iocage exec "$1" chown -R tautulli:tautulli /usr/local/share/Tautulli /config +iocage exec "$1" cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli +iocage exec "$1" chmod u+x /usr/local/etc/rc.d/tautulli +iocage exec "$1" service tautulli restart \ No newline at end of file diff --git a/blueprints/transmission/config.yml b/blueprints/transmission/config.yml new file mode 100644 index 00000000..ad770179 --- /dev/null +++ b/blueprints/transmission/config.yml @@ -0,0 +1,3 @@ +blueprint: + transmission: + pkgs: bash unzip unrar transmission \ No newline at end of file diff --git a/blueprints/transmission/install.sh b/blueprints/transmission/install.sh new file mode 100755 index 00000000..50686d9c --- /dev/null +++ b/blueprints/transmission/install.sh @@ -0,0 +1,19 @@ +#!/usr/local/bin/bash +# This file contains the install script for transmission + +# Check if dataset Downloads dataset exist, create if they do not. +# shellcheck disable=SC2154 +createmount "$1" "${global_dataset_downloads}" /mnt/downloads + +# Check if dataset Complete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/complete /mnt/downloads/complete + +# Check if dataset InComplete Downloads dataset exist, create if they do not. +createmount "$1" "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete + + +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" sysrc "transmission_enable=YES" +iocage exec "$1" sysrc "transmission_conf_dir=/config" +iocage exec "$1" sysrc "transmission_download_dir=/mnt/downloads/complete" +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/jails/transmission/readme.md b/blueprints/transmission/readme.md old mode 100755 new mode 100644 similarity index 100% rename from jails/transmission/readme.md rename to blueprints/transmission/readme.md diff --git a/blueprints/transmission/update.sh b/blueprints/transmission/update.sh new file mode 100755 index 00000000..6c3d216e --- /dev/null +++ b/blueprints/transmission/update.sh @@ -0,0 +1,7 @@ +#!/usr/local/bin/bash +# This file contains the update script for transmission + +iocage exec "$1" service transmission stop +# Transmision is updated during PKG update, this file is mostly just a placeholder +iocage exec "$1" chown -R transmission:transmission /config +iocage exec "$1" service transmission restart \ No newline at end of file diff --git a/blueprints/unifi/config.yml b/blueprints/unifi/config.yml new file mode 100644 index 00000000..96e874cf --- /dev/null +++ b/blueprints/unifi/config.yml @@ -0,0 +1,3 @@ +blueprint: + unifi: + pkgs: jq unifi5 \ No newline at end of file diff --git a/jails/unifi/includes/mongodb.conf b/blueprints/unifi/includes/mongodb.conf similarity index 100% rename from jails/unifi/includes/mongodb.conf rename to blueprints/unifi/includes/mongodb.conf diff --git a/jails/unifi/includes/rc/mongod b/blueprints/unifi/includes/rc/mongod.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/mongod rename to blueprints/unifi/includes/rc/mongod.rc diff --git a/jails/unifi/includes/rc/unifi b/blueprints/unifi/includes/rc/unifi.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/unifi rename to blueprints/unifi/includes/rc/unifi.rc diff --git a/jails/unifi/includes/rc/unifi_poller b/blueprints/unifi/includes/rc/unifi_poller.rc old mode 100644 new mode 100755 similarity index 100% rename from jails/unifi/includes/rc/unifi_poller rename to blueprints/unifi/includes/rc/unifi_poller.rc diff --git a/jails/unifi/includes/up.conf b/blueprints/unifi/includes/up.conf similarity index 100% rename from jails/unifi/includes/up.conf rename to blueprints/unifi/includes/up.conf diff --git a/blueprints/unifi/install.sh b/blueprints/unifi/install.sh new file mode 100755 index 00000000..2ad17799 --- /dev/null +++ b/blueprints/unifi/install.sh @@ -0,0 +1,117 @@ +#!/usr/local/bin/bash +# This file contains the install script for unifi-controller & unifi-poller + +# Initialize variables +# shellcheck disable=SC2154 +JAIL_IP="jail_${1}_ip4_addr" +JAIL_IP="${!JAIL_IP%/*}" + +# shellcheck disable=SC2154 +DB_JAIL="jail_${1}_db_jail" + +POLLER="jail_${1}_unifi_poller" + +# shellcheck disable=SC2154 +DB_IP="jail_${!DB_JAIL}_ip4_addr" +DB_IP="${!DB_IP%/*}" + +# shellcheck disable=SC2154 +DB_NAME="jail_${1}_up_db_name" +DB_NAME="${!DB_NAME:-$1}" + +# shellcheck disable=SC2154 +DB_USER="jail_${1}_up_db_user" +DB_USER="${!DB_USER:-$DB_NAME}" + +# shellcheck disable=SC2154 +DB_PASS="jail_${1}_up_db_password" + +# shellcheck disable=SC2154 +UP_USER="jail_${1}_up_user" +UP_USER="${!UP_USER:-$1}" + +# shellcheck disable=SC2154 +UP_PASS="jail_${1}_up_password" +INCLUDES_PATH="${SCRIPT_DIR}/blueprints/unifi/includes" + +if [ -z "${!DB_PASSWORD}" ]; then + echo "up_db_password can't be empty" + exit 1 +fi + +if [ -z "${!DB_JAIL}" ]; then + echo "db_jail can't be empty" + exit 1 +fi + +if [ -z "${!UP_PASS}" ]; then + echo "up_password can't be empty" + exit 1 +fi + +# Enable persistent Unifi Controller data +iocage exec "${1}" mkdir -p /config/controller/mongodb +iocage exec "${1}" cp -Rp /usr/local/share/java/unifi /config/controller +iocage exec "${1}" chown -R mongodb:mongodb /config/controller/mongodb +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/mongod.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/mongod +# shellcheck disable=SC2154 +cp "${INCLUDES_PATH}"/rc/unifi.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi +iocage exec "${1}" sysrc unifi_enable=YES +iocage exec "${1}" service unifi start + +# shellcheck disable=SC2154 +if [[ ! "${!POLLER}" ]]; then + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." +else + # Check if influxdb container exists, create unifi database if it does, error if it is not. + echo "Checking if the database jail and database exist..." + if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${!DB_JAIL}" ]]; then + DB_EXISTING=$(iocage exec "${!DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') + if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then + echo "${!DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " + else + echo "${!DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." + if [[ -z "${DB_USER}" ]] || [[ -z "${!DB_PASS}" ]]; then + echo "Database username and password not provided. Cannot create database without credentials. Exiting..." + exit 1 + else + iocage exec "${!DB_JAIL}" "curl -XPOST -u ${DB_USER}:${!DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" + echo "Database ${DB_NAME} created with username ${DB_USER} with password ${!DB_PASS}." + fi + fi + else + echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." + exit 1 + fi + + # Download and install Unifi-Poller + FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") + DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + + # Install downloaded Unifi-Poller package, configure and enable + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${1}" + # shellcheck disable=SC2154 + cp "${INCLUDES_PATH}"/rc/unifi_poller.rc /mnt/"${global_dataset_iocage}"/jails/"${1}"/root/usr/local/etc/rc.d/unifi_poller + iocage exec "${1}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|influxdbpass|${!DB_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|unifipassword|${!UP_PASS}|" /config/up.conf + iocage exec "${1}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf + + + iocage exec "${1}" sysrc unifi_poller_enable=YES + iocage exec "${1}" service unifi_poller start + + echo "Installation complete!" + echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." + echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." + echo "In Grafana, add Unifi-Poller as a data source." +fi diff --git a/jails/unifi/readme.md b/blueprints/unifi/readme.md similarity index 100% rename from jails/unifi/readme.md rename to blueprints/unifi/readme.md diff --git a/jails/unifi/update.sh b/blueprints/unifi/update.sh old mode 100644 new mode 100755 similarity index 67% rename from jails/unifi/update.sh rename to blueprints/unifi/update.sh index f554e205..a585afab --- a/jails/unifi/update.sh +++ b/blueprints/unifi/update.sh @@ -2,21 +2,20 @@ # This file contains the update script for unifi # Unifi Controller is updated through pkg, Unifi-Poller is not. This script updates Unifi-Poller -JAIL_NAME="unifi" FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") # Check to see if there is an update. # shellcheck disable=SC2154 -if [[ -f /mnt/"${global_dataset_config}"/"${JAIL_NAME}"/"${FILE_NAME}" ]]; then +if [[ -f /mnt/"${global_dataset_config}"/"${1}"/"${FILE_NAME}" ]]; then echo "Unifi-Poller is up to date." exit 1 else # Download and install the package - iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" - iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" - iocage exec "${JAIL_NAME}" service unifi restart - iocage exec "${JAIL_NAME}" service unifi_poller restart + iocage exec "${1}" fetch -o /config "${DOWNLOAD}" + iocage exec "${1}" pkg install -qy /config/"${FILE_NAME}" + iocage exec "${1}" service unifi restart + iocage exec "${1}" service unifi_poller restart fi echo "Update complete!" diff --git a/config.yml.example b/config.yml.example index 1f78d862..6dbc916e 100644 --- a/config.yml.example +++ b/config.yml.example @@ -1,4 +1,6 @@ global: + # Config file syntax version (not same as script version) + version: 1.2 # Relevant dataset paths, please use the ZFS dataset syntax such as: tank/apps dataset: # dataset for internal jail config files @@ -15,100 +17,89 @@ global: # Please use standard space delimited pkg install syntax. pkgs: curl ca_root_nss bash - -# Example configuration, showing how to customise network config. -# Use the same jailname on both sides of this variable example: example -example: example - #interfaces is optional and will be autmatically replace with vnet0:bridge0 if not present - interfaces: vnet0:bridge0 - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - # Jail specific pkgs. - # Please use standard space delimited pkg install syntax. - pkgs: mono +jail: + plex: + blueprint: plex + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + beta: false -plex: plex - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - beta: false - -lidarr: lidarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + lidarr: + blueprint: lidarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + sonarr: + blueprint: sonarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + radarr: + blueprint: radarr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + kms: + blueprint: kms + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -sonarr: sonarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + jackett: + blueprint: jackett + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + organizr: + blueprint: organizr + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + + tautulli: + blueprint: tautulli + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -radarr: radarr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + transmission: + blueprint: transmission + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 -kms: kms - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - -jackett: jackett - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 -organizr: organizr - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + nextcloud: + blueprint: nextcloud + ip4_addr: 192.168.1.99/24 + gateway: 192.168.1.1 + time_zone: Europe/Amsterdam + host_name: cloud.example.com + db_jail: "mariadb" + admin_password: "PUTYOUROWNADMINPASSWORDHERE" + db_password: "PLEASEALSOPUTYOURPASSWORDHEREADIFFERNTONE" + + mariadb: + blueprint: mariadb + ip4_addr: 192.168.1.98/24 + gateway: 192.168.1.1 + db_root_password: ReplaceThisWithYourOwnRootPAssword + host_name: mariadb.local.example -tautulli: tautulli - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + bitwarden: + blueprint: bitwarden + ip4_addr: 192.168.1.97/24 + gateway: 192.168.1.1 + db_jail: "mariadb" + db_password: "YourDBPasswordHerePLEASE" + admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" -transmission: transmission - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 + influxdb: + blueprint: influxdb + ip4_addr: 192.168.1.250/24 + gateway: 192.168.1.1 - -nextcloud: nextcloud - ip4_addr: 192.168.1.99/24 - gateway: 192.168.1.1 - time_zone: Europe/Amsterdam - host_name: cloud.example.com - database: mariadb - standalone_cert: 0 - selfsigned_cert: 0 - dns_cert: 0 - no_cert: 1 - dl_flags: "" - dns_settings: "" - cert_email: "placeholder@holdplace.org" - database: mariadb -# db_database: -# db_user: -# db_password -# db_host - -mariadb: mariadb - ip4_addr: 192.168.1.98/24 - gateway: 192.168.1.1 - db_root_password: ReplaceThisWithYourOwnRootPAssword - host_name: mariadb.local.example - -bitwarden: bitwarden - ip4_addr: 192.168.1.97/24 - gateway: 192.168.1.1 - db_password: "YourDBPasswordHerePLEASE" - type: mariadb - admin_token: "PUTYOURADMINTOKENHEREANDREMOVETHIS" - -influxdb: influxdb - ip4_addr: 192.168.1.250/24 - gateway: 192.168.1.1 - database: influxdb - -unifi: unifi - ip4_addr: 192.168.1.251/24 - gateway: 192.168.1.1 - unifi_poller: true - db_jail: influxdb - up_db_name: unifi - up_db_user: unifi-poller - up_db_password: unifi-poller - up_user: upoller - up_password: upoller + unifi: + blueprint: unifi + ip4_addr: 192.168.1.251/24 + gateway: 192.168.1.1 + unifi_poller: true + db_jail: influxdb + up_db_password: unifi-poller + up_password: upoller diff --git a/global.sh b/global.sh index 4a9f1359..262a72f3 100755 --- a/global.sh +++ b/global.sh @@ -43,12 +43,12 @@ fi jailcreate() { echo "Checking config..." -jailname="${1}" -jailpkgs="${1}_pkgs" -jailinterfaces="${1}_interfaces" -jailip4="${1}_ip4_addr" -jailgateway="${1}_gateway" -jaildhcp="${1}_dhcp" +blueprintpkgs="blueprint_${2}_pkgs" +blueprintports="blueprint_${2}_ports" +jailinterfaces="jail_${1}_interfaces" +jailip4="jail_${1}_ip4_addr" +jailgateway="jail_${1}_gateway" +jaildhcp="jail_${1}_dhcp" setdhcp=${!jaildhcp} if [ -z "${!jailinterfaces}" ]; then @@ -62,49 +62,47 @@ if [ -z "${setdhcp}" ] && [ -z "${!jailip4}" ] && [ -z "${!jailgateway}" ]; then setdhcp="on" fi -if [ -z "${!jailname}" ]; then - echo "ERROR, jail not defined in config.yml" - exit 1 -else - echo "Creating jail for $1" +echo "Creating jail for $1" +# shellcheck disable=SC2154 +pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!blueprintpkgs}")" +echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json +if [ "${setdhcp}" == "on" ] +then # shellcheck disable=SC2154 - pkgs="$(sed 's/[^[:space:]]\{1,\}/"&"/g;s/ /,/g' <<<"${global_jails_pkgs} ${!jailpkgs}")" - echo '{"pkgs":['"${pkgs}"']}' > /tmp/pkg.json - if [ "${setdhcp}" == "on" ] + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b then - # shellcheck disable=SC2154 - if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" dhcp="on" vnet="on" allow_raw_sockets="1" boot="on" -b - then - echo "Failed to create jail" - exit 1 - fi - else - # shellcheck disable=SC2154 - if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b - then - echo "Failed to create jail" - exit 1 - fi - + echo "Failed to create jail" + exit 1 fi - - rm /tmp/pkg.json - echo "creating jail config directory" +else # shellcheck disable=SC2154 - createmount "${1}" "${global_dataset_config}" - createmount "${1}" "${global_dataset_config}"/"${1}" /config - - # Create and Mount portsnap + if ! iocage create -n "${1}" -p /tmp/pkg.json -r "${global_jails_version}" interfaces="${jailinterfaces}" ip4_addr="vnet0|${!jailip4}" defaultrouter="${!jailgateway}" vnet="on" allow_raw_sockets="1" boot="on" -b + then + echo "Failed to create jail" + exit 1 + fi +fi + +rm /tmp/pkg.json +echo "creating jail config directory" +# shellcheck disable=SC2154 +createmount "${1}" "${global_dataset_config}" +createmount "${1}" "${global_dataset_config}"/"${1}" /config + +# Create and Mount portsnap +createmount "${1}" "${global_dataset_config}"/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap +createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports +if [ "${!blueprintports}" == "true" ] +then echo "Mounting and fetching ports" - createmount "${1}" "${global_dataset_config}"/portsnap - createmount "${1}" "${global_dataset_config}"/portsnap/db /var/db/portsnap - createmount "${1}" "${global_dataset_config}"/portsnap/ports /usr/ports - iocage exec "${1}" "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi" - - echo "Jail creation completed for ${1}" -fi - +else + echo "Ports not enabled for blueprint, skipping" +fi + +echo "Jail creation completed for ${1}" + } # $1 = jail name diff --git a/jailman.sh b/jailman.sh index 2111951f..7db54514 100755 --- a/jailman.sh +++ b/jailman.sh @@ -20,7 +20,7 @@ if ! [ "$(id -u)" = 0 ]; then fi # Auto Update -BRANCH="dev" +BRANCH="multi_install" gitupdate ${BRANCH} # If no option is given, point to the help menu @@ -107,9 +107,16 @@ export global_dataset_iocage # Parse the Config YAML # shellcheck disable=SC2046 -for configpath in "${SCRIPT_DIR}"/jails/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done +for configpath in "${SCRIPT_DIR}"/blueprints/*/config.yml; do ! eval $(parse_yaml "${configpath}"); done eval "$(parse_yaml config.yml)" +# shellcheck disable=SC2154 +if [ "${global_version}" != "1.2" ]; then + echo "You are using old config.yml synatx." + echo "Please check the wiki for required changes" + exit 1 +fi + # Check and Execute requested jail destructions if [ ${#destroyjails[@]} -eq 0 ]; then echo "No jails to destroy" @@ -132,12 +139,18 @@ else echo "jails to install ${installjails[@]}" for jail in "${installjails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Installing $jail" - jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh + jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/install.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -150,12 +163,18 @@ else echo "jails to reinstall ${redojails[@]}" for jail in "${redojails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/install.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" ] then echo "Reinstalling $jail" - iocage destroy -f "${jail}" && jailcreate "${jail}" && "${SCRIPT_DIR}"/jails/"${jail}"/install.sh + iocage destroy -f "${jail}" && jailcreate "${jail}" "${!blueprint}" && "${SCRIPT_DIR}"/blueprints/"${!blueprint}"/install.sh "${jail}" else - echo "Missing install script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -169,15 +188,21 @@ else echo "jails to update ${updatejails[@]}" for jail in "${updatejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Updating $jail" iocage update "${jail}" - iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${jail}"/update.sh + iocage exec "${jail}" "pkg update && pkg upgrade -y" && "${SCRIPT_DIR}"/jails/"${!blueprint}"/update.sh iocage restart "${jail}" iocage start "${jail}" else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Missing blueprint ${!blueprint} for $jail in ${SCRIPT_DIR}/blueprints/${!blueprint}/install.sh" + exit 1 fi done fi @@ -190,11 +215,17 @@ else echo "jails to update ${upgradejails[@]}" for jail in "${upgradejails[@]}" do - if [ -f "${SCRIPT_DIR}/jails/$jail/update.sh" ] + blueprint=jail_${jail}_blueprint + if [ -z "${!blueprint}" ] + then + echo "Config for ${jail} in config.yml incorrect. Please check your config." + exit 1 + elif [ -f "${SCRIPT_DIR}/blueprints/${!blueprint}/update.sh" ] then echo "Currently Upgrading is not yet included in this script." else - echo "Missing update script for $jail in ${SCRIPT_DIR}/jails/$jail/update.sh" + echo "Currently Upgrading is not yet included in this script." + exit 1 fi done fi diff --git a/jails/bitwarden/config.yml b/jails/bitwarden/config.yml deleted file mode 100644 index 6214896e..00000000 --- a/jails/bitwarden/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -bitwarden: bitwarden - pkgs: sqlite3 nginx git sudo vim-tiny bash node npm python27-2.7.17_1 mariadb104-client \ No newline at end of file diff --git a/jails/bitwarden/install.sh b/jails/bitwarden/install.sh deleted file mode 100755 index 11d445f0..00000000 --- a/jails/bitwarden/install.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for bitwarden - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -# shellcheck disable=SC2154 -INSTALL_TYPE=${bitwarden_type} -# shellcheck disable=SC2154 -DB_HOST="${mariadb_ip4_addr%/*}:3306" -# shellcheck disable=SC2154 -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -# shellcheck disable=SC2154 -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} mkdir -p /usr/local/share/bitwarden/src -iocage exec ${JAIL_NAME} git clone https://github.com/dani-garcia/bitwarden_rs/ /usr/local/share/bitwarden/src -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz - -# shellcheck disable=SC2154 -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/bitwarden-ssl.crt" ]; then - echo "certificate exist... Skipping cert generation" -else - "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.key -out /mnt/"${global_dataset_config}"/${JAIL_NAME}/ssl/bitwarden-ssl.crt -fi - -if [ -f "/mnt/${global_dataset_config}/${JAIL_NAME}/bitwarden.log" ]; then - echo "Reinstall of Bitwarden detected... using existing config and database" -elif [ "${INSTALL_TYPE}" == "mariadb" ]; then - echo "No config detected, doing clean install, utilizing the Mariadb database ${DB_HOST}" - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload -else - echo "No config detected, doing clean install." -fi - -iocage exec ${JAIL_NAME} "pw user add bitwarden -c bitwarden -u 725 -d /nonexistent -s /usr/bin/nologin" -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -iocage exec ${JAIL_NAME} mkdir /usr/local/etc/rc.d /usr/local/etc/rc.conf.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} sysrc "bitwarden_enable=YES" -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden install." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/bitwarden/update.sh b/jails/bitwarden/update.sh deleted file mode 100755 index 15e51002..00000000 --- a/jails/bitwarden/update.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for bitwarden -# Due to it being build from scratch or downloaded directly to execution dir, -# Update for Bitwarden is pretty similair to installation - -# Initialise defaults -JAIL_NAME="bitwarden" -DB_DATABASE=${JAIL_NAME} -DB_USER=${JAIL_NAME} -# shellcheck disable=SC2154 -INSTALL_TYPE=${bitwarden_type} -# shellcheck disable=SC2154 -DB_HOST="${mariadb_ip4_addr%/*}:3306" -# shellcheck disable=SC2154 -DB_PASSWORD="${bitwarden_db_password}" -DB_STRING="mysql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}/${DB_DATABASE}" -# shellcheck disable=SC2154 -ADMIN_TOKEN=${bitwarden_admin_token} - -if [ -z "${ADMIN_TOKEN}" ]; then -ADMIN_TOKEN=$(openssl rand -base64 16) -fi - -iocage exec ${JAIL_NAME} service bitwarden stop - -# install latest rust version, pkg version is outdated and can't build bitwarden_rs -iocage exec ${JAIL_NAME} "curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y" - -# Install Bitwarden_rs -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src fetch" -TAG=$(iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src tag --sort=v:refname | tail -n1") -iocage exec ${JAIL_NAME} "git -C /usr/local/share/bitwarden/src checkout ${TAG}" -#TODO replace with: cargo build --features mysql --release -if [ "${INSTALL_TYPE}" == "mariadb" ]; then - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features mysql --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features mysql" -else - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo build --features sqlite --release" - iocage exec ${JAIL_NAME} "cd /usr/local/share/bitwarden/src && $HOME/.cargo/bin/cargo install diesel_cli --no-default-features --features sqlite-bundled" -fi - - -iocage exec ${JAIL_NAME} cp -r /usr/local/share/bitwarden/src/target/release /usr/local/share/bitwarden/bin - -# Download and install webvault -WEB_RELEASE_URL=$(curl -Ls -o /dev/null -w "%{url_effective}" https://github.com/dani-garcia/bw_web_builds/releases/latest) -WEB_TAG="${WEB_RELEASE_URL##*/}" -iocage exec ${JAIL_NAME} "fetch http://github.com/dani-garcia/bw_web_builds/releases/download/$WEB_TAG/bw_web_$WEB_TAG.tar.gz -o /usr/local/share/bitwarden" -iocage exec ${JAIL_NAME} "tar -xzvf /usr/local/share/bitwarden/bw_web_$WEB_TAG.tar.gz -C /usr/local/share/bitwarden/" -iocage exec ${JAIL_NAME} rm /usr/local/share/bitwarden/bw_web_"$WEB_TAG".tar.gz - -iocage exec ${JAIL_NAME} chown -R bitwarden:bitwarden /usr/local/share/bitwarden /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.d/bitwarden -cp "${SCRIPT_DIR}"/jails/${JAIL_NAME}/includes/bitwarden.rc.conf /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export DATABASE_URL="'"${DB_STRING}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden -echo 'export ADMIN_TOKEN="'"${ADMIN_TOKEN}"'"' >> /mnt/"${global_dataset_iocage}"/jails/${JAIL_NAME}/root/usr/local/etc/rc.conf.d/bitwarden - -if [ "${ADMIN_TOKEN}" == "NONE" ]; then - echo "Admin_token set to NONE, disabling admin portal" -else - echo "Admin_token set and admin portal enabled" - iocage exec "${JAIL_NAME}" echo "${DB_NAME} Admin Token is ${ADMIN_TOKEN}" > /root/${JAIL_NAME}_admin_token.txt -fi - - -iocage exec ${JAIL_NAME} chmod u+x /usr/local/etc/rc.d/bitwarden -iocage exec ${JAIL_NAME} service bitwarden restart -echo "Jail ${JAIL_NAME} finished Bitwarden update." -echo "Admin Token is ${ADMIN_TOKEN}" diff --git a/jails/influxdb/config.yml b/jails/influxdb/config.yml deleted file mode 100644 index 2ced3a1c..00000000 --- a/jails/influxdb/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -influxdb: influxdb - pkgs: influxdb \ No newline at end of file diff --git a/jails/influxdb/includes/influxdb.conf b/jails/influxdb/includes/influxdb.conf deleted file mode 100644 index ad9533b0..00000000 --- a/jails/influxdb/includes/influxdb.conf +++ /dev/null @@ -1,586 +0,0 @@ -### Welcome to the InfluxDB configuration file. - -# The values in this file override the default values used by the system if -# a config option is not specified. The commented out lines are the configuration -# field and the default value used. Uncommenting a line and changing the value -# will change the value used at runtime when the process is restarted. - -# Once every 24 hours InfluxDB will report usage data to usage.influxdata.com -# The data includes a random ID, os, arch, version, the number of series and other -# usage data. No data from user databases is ever transmitted. -# Change this option to true to disable reporting. -# reporting-disabled = false - -# Bind address to use for the RPC service for backup and restore. -# bind-address = "127.0.0.1:8088" - -### -### [meta] -### -### Controls the parameters for the Raft consensus group that stores metadata -### about the InfluxDB cluster. -### - -[meta] - # Where the metadata/raft database is stored - dir = "/config/influxdb/database/meta" - - # Automatically create a default retention policy when creating a database. - # retention-autocreate = true - - # If log messages are printed for the meta service - # logging-enabled = true - -### -### [data] -### -### Controls where the actual shard data for InfluxDB lives and how it is -### flushed from the WAL. "dir" may need to be changed to a suitable place -### for your system, but the WAL settings are an advanced configuration. The -### defaults should work for most systems. -### - -[data] - # The directory where the TSM storage engine stores TSM files. - dir = "/config/influxdb/database/data" - - # The directory where the TSM storage engine stores WAL files. - wal-dir = "/config/influxdb/database/wal" - - # The amount of time that a write will wait before fsyncing. A duration - # greater than 0 can be used to batch up multiple fsync calls. This is useful for slower - # disks or when WAL write contention is seen. A value of 0s fsyncs every write to the WAL. - # Values in the range of 0-100ms are recommended for non-SSD disks. - # wal-fsync-delay = "0s" - - - # The type of shard index to use for new shards. The default is an in-memory index that is - # recreated at startup. A value of "tsi1" will use a disk based index that supports higher - # cardinality datasets. - # index-version = "inmem" - - # Trace logging provides more verbose output around the tsm engine. Turning - # this on can provide more useful output for debugging tsm engine issues. - # trace-logging-enabled = false - - # Whether queries should be logged before execution. Very useful for troubleshooting, but will - # log any sensitive data contained within a query. - # query-log-enabled = true - - # Validates incoming writes to ensure keys only have valid unicode characters. - # This setting will incur a small overhead because every key must be checked. - # validate-keys = false - - # Settings for the TSM engine - - # CacheMaxMemorySize is the maximum size a shard's cache can - # reach before it starts rejecting writes. - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # cache-max-memory-size = "1g" - - # CacheSnapshotMemorySize is the size at which the engine will - # snapshot the cache and write it to a TSM file, freeing up memory - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # cache-snapshot-memory-size = "25m" - - # CacheSnapshotWriteColdDuration is the length of time at - # which the engine will snapshot the cache and write it to - # a new TSM file if the shard hasn't received writes or deletes - # cache-snapshot-write-cold-duration = "10m" - - # CompactFullWriteColdDuration is the duration at which the engine - # will compact all TSM files in a shard if it hasn't received a - # write or delete - # compact-full-write-cold-duration = "4h" - - # The maximum number of concurrent full and level compactions that can run at one time. A - # value of 0 results in 50% of runtime.GOMAXPROCS(0) used at runtime. Any number greater - # than 0 limits compactions to that value. This setting does not apply - # to cache snapshotting. - # max-concurrent-compactions = 0 - - # CompactThroughput is the rate limit in bytes per second that we - # will allow TSM compactions to write to disk. Note that short bursts are allowed - # to happen at a possibly larger value, set by CompactThroughputBurst - # compact-throughput = "48m" - - # CompactThroughputBurst is the rate limit in bytes per second that we - # will allow TSM compactions to write to disk. - # compact-throughput-burst = "48m" - - # If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to - # TSM files. This setting has been found to be problematic on some kernels, and defaults to off. - # It might help users who have slow disks in some cases. - # tsm-use-madv-willneed = false - - # Settings for the inmem index - - # The maximum series allowed per database before writes are dropped. This limit can prevent - # high cardinality issues at the database level. This limit can be disabled by setting it to - # 0. - # max-series-per-database = 1000000 - - # The maximum number of tag values per tag that are allowed before writes are dropped. This limit - # can prevent high cardinality tag values from being written to a measurement. This limit can be - # disabled by setting it to 0. - # max-values-per-tag = 100000 - - # Settings for the tsi1 index - - # The threshold, in bytes, when an index write-ahead log file will compact - # into an index file. Lower sizes will cause log files to be compacted more - # quickly and result in lower heap usage at the expense of write throughput. - # Higher sizes will be compacted less frequently, store more series in-memory, - # and provide higher write throughput. - # Valid size suffixes are k, m, or g (case insensitive, 1024 = 1k). - # Values without a size suffix are in bytes. - # max-index-log-file-size = "1m" - - # The size of the internal cache used in the TSI index to store previously - # calculated series results. Cached results will be returned quickly from the cache rather - # than needing to be recalculated when a subsequent query with a matching tag key/value - # predicate is executed. Setting this value to 0 will disable the cache, which may - # lead to query performance issues. - # This value should only be increased if it is known that the set of regularly used - # tag key/value predicates across all measurements for a database is larger than 100. An - # increase in cache size may lead to an increase in heap usage. - series-id-set-cache-size = 100 - -### -### [coordinator] -### -### Controls the clustering service configuration. -### - -[coordinator] - # The default time a write request will wait until a "timeout" error is returned to the caller. - # write-timeout = "10s" - - # The maximum number of concurrent queries allowed to be executing at one time. If a query is - # executed and exceeds this limit, an error is returned to the caller. This limit can be disabled - # by setting it to 0. - # max-concurrent-queries = 0 - - # The maximum time a query will is allowed to execute before being killed by the system. This limit - # can help prevent run away queries. Setting the value to 0 disables the limit. - # query-timeout = "0s" - - # The time threshold when a query will be logged as a slow query. This limit can be set to help - # discover slow or resource intensive queries. Setting the value to 0 disables the slow query logging. - # log-queries-after = "0s" - - # The maximum number of points a SELECT can process. A value of 0 will make - # the maximum point count unlimited. This will only be checked every second so queries will not - # be aborted immediately when hitting the limit. - # max-select-point = 0 - - # The maximum number of series a SELECT can run. A value of 0 will make the maximum series - # count unlimited. - # max-select-series = 0 - - # The maximum number of group by time bucket a SELECT can create. A value of zero will max the maximum - # number of buckets unlimited. - # max-select-buckets = 0 - -### -### [retention] -### -### Controls the enforcement of retention policies for evicting old data. -### - -[retention] - # Determines whether retention policy enforcement enabled. - # enabled = true - - # The interval of time when retention policy enforcement checks run. - # check-interval = "30m" - -### -### [shard-precreation] -### -### Controls the precreation of shards, so they are available before data arrives. -### Only shards that, after creation, will have both a start- and end-time in the -### future, will ever be created. Shards are never precreated that would be wholly -### or partially in the past. - -[shard-precreation] - # Determines whether shard pre-creation service is enabled. - # enabled = true - - # The interval of time when the check to pre-create new shards runs. - # check-interval = "10m" - - # The default period ahead of the endtime of a shard group that its successor - # group is created. - # advance-period = "30m" - -### -### Controls the system self-monitoring, statistics and diagnostics. -### -### The internal database for monitoring data is created automatically if -### if it does not already exist. The target retention within this database -### is called 'monitor' and is also created with a retention period of 7 days -### and a replication factor of 1, if it does not exist. In all cases the -### this retention policy is configured as the default for the database. - -[monitor] - # Whether to record statistics internally. - # store-enabled = true - - # The destination database for recorded statistics - # store-database = "_internal" - - # The interval at which to record statistics - # store-interval = "10s" - -### -### [http] -### -### Controls how the HTTP endpoints are configured. These are the primary -### mechanism for getting data into and out of InfluxDB. -### - -[http] - # Determines whether HTTP endpoint is enabled. - # enabled = true - - # Determines whether the Flux query endpoint is enabled. - # flux-enabled = false - - # Determines whether the Flux query logging is enabled. - # flux-log-enabled = false - - # The bind address used by the HTTP service. - # bind-address = ":8086" - - # Determines whether user authentication is enabled over HTTP/HTTPS. - # auth-enabled = false - - # The default realm sent back when issuing a basic auth challenge. - # realm = "InfluxDB" - - # Determines whether HTTP request logging is enabled. - # log-enabled = true - - # Determines whether the HTTP write request logs should be suppressed when the log is enabled. - # suppress-write-log = false - - # When HTTP request logging is enabled, this option specifies the path where - # log entries should be written. If unspecified, the default is to write to stderr, which - # intermingles HTTP logs with internal InfluxDB logging. - # - # If influxd is unable to access the specified path, it will log an error and fall back to writing - # the request log to stderr. - # access-log-path = "" - - # Filters which requests should be logged. Each filter is of the pattern NNN, NNX, or NXX where N is - # a number and X is a wildcard for any number. To filter all 5xx responses, use the string 5xx. - # If multiple filters are used, then only one has to match. The default is to have no filters which - # will cause every request to be printed. - # access-log-status-filters = [] - - # Determines whether detailed write logging is enabled. - # write-tracing = false - - # Determines whether the pprof endpoint is enabled. This endpoint is used for - # troubleshooting and monitoring. - # pprof-enabled = true - - # Enables authentication on pprof endpoints. Users will need admin permissions - # to access the pprof endpoints when this setting is enabled. This setting has - # no effect if either auth-enabled or pprof-enabled are set to false. - # pprof-auth-enabled = false - - # Enables a pprof endpoint that binds to localhost:6060 immediately on startup. - # This is only needed to debug startup issues. - # debug-pprof-enabled = false - - # Enables authentication on the /ping, /metrics, and deprecated /status - # endpoints. This setting has no effect if auth-enabled is set to false. - # ping-auth-enabled = false - - # Determines whether HTTPS is enabled. - # https-enabled = false - - # The SSL certificate to use when HTTPS is enabled. - # https-certificate = "/config/ssl/influxdb.pem" - - # Use a separate private key location. - # https-private-key = "" - - # The JWT auth shared secret to validate requests using JSON web tokens. - # shared-secret = "" - - # The default chunk size for result sets that should be chunked. - # max-row-limit = 0 - - # The maximum number of HTTP connections that may be open at once. New connections that - # would exceed this limit are dropped. Setting this value to 0 disables the limit. - # max-connection-limit = 0 - - # Enable http service over unix domain socket - # unix-socket-enabled = false - - # The path of the unix domain socket. - # bind-socket = "/var/run/influxdb.sock" - - # The maximum size of a client request body, in bytes. Setting this value to 0 disables the limit. - # max-body-size = 25000000 - - # The maximum number of writes processed concurrently. - # Setting this to 0 disables the limit. - # max-concurrent-write-limit = 0 - - # The maximum number of writes queued for processing. - # Setting this to 0 disables the limit. - # max-enqueued-write-limit = 0 - - # The maximum duration for a write to wait in the queue to be processed. - # Setting this to 0 or setting max-concurrent-write-limit to 0 disables the limit. - # enqueued-write-timeout = 0 - -### -### [logging] -### -### Controls how the logger emits logs to the output. -### - -[logging] - # Determines which log encoder to use for logs. Available options - # are auto, logfmt, and json. auto will use a more a more user-friendly - # output format if the output terminal is a TTY, but the format is not as - # easily machine-readable. When the output is a non-TTY, auto will use - # logfmt. - # format = "auto" - - # Determines which level of logs will be emitted. The available levels - # are error, warn, info, and debug. Logs that are equal to or above the - # specified level will be emitted. - # level = "info" - - # Suppresses the logo output that is printed when the program is started. - # The logo is always suppressed if STDOUT is not a TTY. - # suppress-logo = false - -### -### [subscriber] -### -### Controls the subscriptions, which can be used to fork a copy of all data -### received by the InfluxDB host. -### - -[subscriber] - # Determines whether the subscriber service is enabled. - # enabled = true - - # The default timeout for HTTP writes to subscribers. - # http-timeout = "30s" - - # Allows insecure HTTPS connections to subscribers. This is useful when testing with self- - # signed certificates. - # insecure-skip-verify = false - - # The path to the PEM encoded CA certs file. If the empty string, the default system certs will be used - # ca-certs = "" - - # The number of writer goroutines processing the write channel. - # write-concurrency = 40 - - # The number of in-flight writes buffered in the write channel. - # write-buffer-size = 1000 - - -### -### [[graphite]] -### -### Controls one or many listeners for Graphite data. -### - -[[graphite]] - # Determines whether the graphite endpoint is enabled. - # enabled = false - # database = "graphite" - # retention-policy = "" - # bind-address = ":2003" - # protocol = "tcp" - # consistency-level = "one" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # number of batches that may be pending in memory - # batch-pending = 10 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # udp-read-buffer = 0 - - ### This string joins multiple matching 'measurement' values providing more control over the final measurement name. - # separator = "." - - ### Default tags that will be added to all metrics. These can be overridden at the template level - ### or by tags extracted from metric - # tags = ["region=us-east", "zone=1c"] - - ### Each template line requires a template pattern. It can have an optional - ### filter before the template and separated by spaces. It can also have optional extra - ### tags following the template. Multiple tags should be separated by commas and no spaces - ### similar to the line protocol format. There can be only one default template. - # templates = [ - # "*.app env.service.resource.measurement", - # # Default template - # "server.*", - # ] - -### -### [collectd] -### -### Controls one or many listeners for collectd data. -### - -[[collectd]] - # enabled = false - # bind-address = ":25826" - # database = "collectd" - # retention-policy = "" - # - # The collectd service supports either scanning a directory for multiple types - # db files, or specifying a single db file. - # typesdb = "/usr/local/share/collectd" - # - # security-level = "none" - # auth-file = "/etc/collectd/auth_file" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # Number of batches that may be pending in memory - # batch-pending = 10 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "10s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # read-buffer = 0 - - # Multi-value plugins can be handled two ways. - # "split" will parse and store the multi-value plugin data into separate measurements - # "join" will parse and store the multi-value plugin as a single multi-value measurement. - # "split" is the default behavior for backward compatibility with previous versions of influxdb. - # parse-multivalue-plugin = "split" -### -### [opentsdb] -### -### Controls one or many listeners for OpenTSDB data. -### - -[[opentsdb]] - # enabled = false - # bind-address = ":4242" - # database = "opentsdb" - # retention-policy = "" - # consistency-level = "one" - # tls-enabled = false - # certificate= "/config/ssl/influxdb.pem" - - # Log an error for every malformed point. - # log-point-errors = true - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Only points - # metrics received over the telnet protocol undergo batching. - - # Flush if this many points get buffered - # batch-size = 1000 - - # Number of batches that may be pending in memory - # batch-pending = 5 - - # Flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - -### -### [[udp]] -### -### Controls the listeners for InfluxDB line protocol data via UDP. -### - -[[udp]] - # enabled = false - # bind-address = ":8089" - # database = "udp" - # retention-policy = "" - - # InfluxDB precision for timestamps on received points ("" or "n", "u", "ms", "s", "m", "h") - # precision = "" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # Flush if this many points get buffered - # batch-size = 5000 - - # Number of batches that may be pending in memory - # batch-pending = 10 - - # Will flush at least this often even if we haven't hit buffer limit - # batch-timeout = "1s" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - # read-buffer = 0 - -### -### [continuous_queries] -### -### Controls how continuous queries are run within InfluxDB. -### - -[continuous_queries] - # Determines whether the continuous query service is enabled. - # enabled = true - - # Controls whether queries are logged when executed by the CQ service. - # log-enabled = true - - # Controls whether queries are logged to the self-monitoring data store. - # query-stats-enabled = false - - # interval for how often continuous queries will be checked if they need to run - # run-interval = "1s" - -### -### [tls] -### -### Global configuration settings for TLS in InfluxDB. -### - -[tls] - # Determines the available set of cipher suites. See https://golang.org/pkg/crypto/tls/#pkg-constants - # for a list of available ciphers, which depends on the version of Go (use the query - # SHOW DIAGNOSTICS to see the version of Go used to build InfluxDB). If not specified, uses - # the default settings from Go's crypto/tls package. - # ciphers = [ - # "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", - # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - # ] - - # Minimum version of the tls protocol that will be negotiated. If not specified, uses the - # default settings from Go's crypto/tls package. - # min-version = "tls1.2" - - # Maximum version of the tls protocol that will be negotiated. If not specified, uses the - # default settings from Go's crypto/tls package. - # max-version = "tls1.2" diff --git a/jails/influxdb/install.sh b/jails/influxdb/install.sh deleted file mode 100755 index 9fe6886a..00000000 --- a/jails/influxdb/install.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of InfluxDB - -##### -# -# Init and Mounts -# -##### - -# Initialise variables -JAIL_NAME="influxdb" -# shellcheck disable=SC2154 -JAIL_IP="${influxdb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/influxdb/includes" -# shellcheck disable=SC2154 -DATABASE="${influxdb_database}" - -# Mount and configure proper configuration location -# shellcheck disable=SC2154 -cp -rf "${INCLUDES_PATH}/influxd.conf" "/mnt/${global_dataset_config}/${JAIL_NAME}/influxd.conf" -iocage exec "${JAIL_NAME}" mkdir -p /config/db/data /config/db/meta /config/db/wal -iocage exec "${JAIL_NAME}" chown -R influxd:influxd /config/db -iocage exec "${JAIL_NAME}" sysrc influxd_conf="/config/influxd.conf" -iocage exec "${JAIL_NAME}" sysrc influxd_enable="YES" - -# Start influxdb and wait for it to startup -iocage exec "${JAIL_NAME}" service influxd start -sleep 15 - -# Create database and restart -if iocage exec "${JAIL_NAME}" curl -XPOST http://localhost:8086/query --data-urlencode "q=CREATE DATABASE ${DATABASE}"; then - echo "Database created." -else - echo "Database creation failed. Please attempt to create the database manually." - exit 1 -fi - -# Done! -echo "Installation complete!" -echo "Your may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." -echo "You may connect InfluxDB plugins to the InfluxDB jail at http://${JAIL_IP}:8086." -echo "" -echo "Database Information" -echo "--------------------" -echo "Database = ${DATABASE} at http://${JAIL_IP}:8086." -echo "" \ No newline at end of file diff --git a/jails/jackett/config.yml b/jails/jackett/config.yml deleted file mode 100644 index 01cd737f..00000000 --- a/jails/jackett/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -jackett: jackett - pkgs: mono \ No newline at end of file diff --git a/jails/jackett/install.sh b/jails/jackett/install.sh deleted file mode 100755 index 954d59c5..00000000 --- a/jails/jackett/install.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for jackett - -iocage exec jackett "fetch https://github.com/Jackett/Jackett/releases/download/v0.11.502/Jackett.Binaries.Mono.tar.gz -o /usr/local/share" -iocage exec jackett "tar -xzvf /usr/local/share/Jackett.Binaries.Mono.tar.gz -C /usr/local/share" -iocage exec jackett rm /usr/local/share/Jackett.Binaries.Mono.tar.gz -iocage exec jackett "pw user add jackett -c jackett -u 818 -d /nonexistent -s /usr/bin/nologin" -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -iocage exec jackett mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/jackett/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/jackett/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett sysrc "jackett_enable=YES" -iocage exec jackett service jackett restart diff --git a/jails/jackett/update.sh b/jails/jackett/update.sh deleted file mode 100755 index b5ad1679..00000000 --- a/jails/jackett/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for jackett - -iocage exec jackett service jackett stop -#TODO insert code to update jacket itself here -iocage exec jackett chown -R jackett:jackett /usr/local/share/Jackett /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/test10/includes/jackett.rc /mnt/"${global_dataset_iocage}"/jails/test10/root/usr/local/etc/rc.d/jackett -iocage exec jackett chmod u+x /usr/local/etc/rc.d/jackett -iocage exec jackett service jackett restart diff --git a/jails/kms/config.yml b/jails/kms/config.yml deleted file mode 100644 index ca31811d..00000000 --- a/jails/kms/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -kms: kms - pkgs: bash py37-tkinter py37-pip py37-sqlite3 git \ No newline at end of file diff --git a/jails/kms/install.sh b/jails/kms/install.sh deleted file mode 100755 index c7dffa88..00000000 --- a/jails/kms/install.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for KMS - - -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms "pw user add kms -c kms -u 666 -d /nonexistent -s /usr/bin/nologin" -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -iocage exec kms mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms sysrc "py_kms_enable=YES" -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/kms/update.sh b/jails/kms/update.sh deleted file mode 100755 index e953f084..00000000 --- a/jails/kms/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for KMS - -iocage exec kms service py_kms stop -iocage exec kms svn checkout https://github.com/SystemRage/py-kms/trunk/py-kms /usr/local/share/py-kms -iocage exec kms chown -R kms:kms /usr/local/share/py-kms /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/kms/includes/py_kms.rc /mnt/"${global_dataset_iocage}"/jails/kms/root/usr/local/etc/rc.d/py_kms -iocage exec kms chmod u+x /usr/local/etc/rc.d/py_kms -iocage exec kms service py_kms start \ No newline at end of file diff --git a/jails/lidarr/config.yml b/jails/lidarr/config.yml deleted file mode 100644 index c9bc00a2..00000000 --- a/jails/lidarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -lidarr: lidarr - pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/lidarr/install.sh b/jails/lidarr/install.sh deleted file mode 100755 index 702d3603..00000000 --- a/jails/lidarr/install.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for lidarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount lidarr "${global_dataset_downloads}" -createmount lidarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -# shellcheck disable=SC2154 -createmount lidarr "${global_dataset_media}" -createmount lidarr "${global_dataset_media}"/music /mnt/music - - -iocage exec lidarr "fetch https://github.com/lidarr/Lidarr/releases/download/v0.2.0.371/Lidarr.develop.0.2.0.371.linux.tar.gz -o /usr/local/share" -iocage exec lidarr "tar -xzvf /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz -C /usr/local/share" -iocage exec lidarr "rm /usr/local/share/Lidarr.develop.0.2.0.371.linux.tar.gz" -iocage exec lidarr "pw user add lidarr -c lidarr -u 353 -d /nonexistent -s /usr/bin/nologin" -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/Lidarr /config -iocage exec lidarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr sysrc "lidarr_enable=YES" -iocage exec lidarr service lidarr start diff --git a/jails/lidarr/update.sh b/jails/lidarr/update.sh deleted file mode 100755 index a1990a7a..00000000 --- a/jails/lidarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for lidarr - -iocage exec lidarr service lidarr stop -#TODO insert code to update lidarr itself here -iocage exec lidarr chown -R lidarr:lidarr /usr/local/share/lidarr /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/lidarr/includes/lidarr.rc /mnt/"${global_dataset_iocage}"/jails/lidarr/root/usr/local/etc/rc.d/lidarr -iocage exec lidarr chmod u+x /usr/local/etc/rc.d/lidarr -iocage exec lidarr service lidarr restart \ No newline at end of file diff --git a/jails/mariadb/config.yml b/jails/mariadb/config.yml deleted file mode 100644 index bbe68e55..00000000 --- a/jails/mariadb/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -mariadb: mariadb - pkgs: mariadb104-server git php74-session php74-xml php74-ctype php74-openssl php74-filter php74-gd php74-json php74-mysqli php74-mbstring php74-zlib php74-zip php74-bz2 phpMyAdmin5-php74 php74-pdo_mysql php74-mysqli phpMyAdmin5-php74-5.0.1 diff --git a/jails/mariadb/install.sh b/jails/mariadb/install.sh deleted file mode 100755 index 9bf39b4e..00000000 --- a/jails/mariadb/install.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Mariadb and PhpMyAdmin into a created jail -##### -# -# Init and Mounts -# -##### - -# Initialise defaults -JAIL_NAME="mariadb" -# shellcheck disable=SC2154 -JAIL_IP="${mariadb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" -# shellcheck disable=SC2154 -CERT_EMAIL=${mariadb_cert_email} -# shellcheck disable=SC2154 -DB_ROOT_PASSWORD=${mariadb_db_root_password} -DB_NAME="MariaDB" -DL_FLAGS="" - -# Check that necessary variables were set by nextcloud-config -if [ -z "${mariadb_ip4_addr}" ]; then - echo 'Configuration error: The mariadb jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke -# shellcheck disable=SC2154 -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/db")" ]; then - echo "Reinstall of mariadb detected... Continuing" - REINSTALL="true" -fi - -# Mount database dataset and set zfs preferences -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/db /var/db/mysql -zfs set recordsize=16K "${global_dataset_config}"/${JAIL_NAME}/db -zfs set primarycache=metadata "${global_dataset_config}"/${JAIL_NAME}/db - -iocage exec "${JAIL_NAME}" chown -R 88:88 /var/db/mysql - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec "${JAIL_NAME}" mkdir -p /usr/local/www/phpmyadmin -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/phpmyadmin - -##### -# -# Install mariadb, Caddy and PhpMyAdmin -# -##### - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc mysql_enable="YES" - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -# shellcheck disable=SC2154 -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" -sleep 10 - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my-system.cnf /var/db/mysql/my.cnf - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='';" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" - iocage exec "${JAIL_NAME}" mysql -u root -e "DROP DATABASE IF EXISTS test;" - iocage exec "${JAIL_NAME}" mysql -u root -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" - iocage exec "${JAIL_NAME}" mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('${DB_ROOT_PASSWORD}') WHERE User='root';" - iocage exec "${JAIL_NAME}" mysqladmin reload -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/my.cnf /root/.my.cnf -iocage exec "${JAIL_NAME}" sed -i '' "s|mypassword|${DB_ROOT_PASSWORD}|" /root/.my.cnf - -# Save passwords for later reference -iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -echo "Using your web browser, go to http://${mariadb_host_name} to log in" - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - echo "Database Information" - echo "--------------------" - echo "The ${DB_NAME} root password is ${DB_ROOT_PASSWORD}" - fi -echo "" -echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" diff --git a/jails/mariadb/update.sh b/jails/mariadb/update.sh deleted file mode 100755 index c3d8ad2f..00000000 --- a/jails/mariadb/update.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for mariadb - -JAIL_NAME="mariadb" -# shellcheck disable=SC2154 -JAIL_IP="${mariadb_ip4_addr%/*}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/mariadb/includes" - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec ${JAIL_NAME} service caddy stop -iocage exec ${JAIL_NAME} service php-fpm stop - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -# Copy and edit pre-written config files -echo "Copying Caddyfile for no SSL" -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/Caddyfile -# shellcheck disable=SC2154 -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${mariadb_host_name}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -iocage exec ${JAIL_NAME} service caddy start -iocage exec ${JAIL_NAME} service php-fpm start \ No newline at end of file diff --git a/jails/nextcloud/config.yml b/jails/nextcloud/config.yml deleted file mode 100644 index dfe6c31d..00000000 --- a/jails/nextcloud/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -nextcloud: nextcloud - pkgs: nano sudo redis php73-ctype gnupg php73-dom php73-gd php73-iconv php73-json php73-mbstring php73-posix php73-simplexml php73-xmlreader php73-xmlwriter php73-zip php73-zlib php73-hash php73-xml php73 php73-pecl-redis php73-session php73-wddx php73-xsl php73-filter php73-pecl-APCu php73-curl php73-fileinfo php73-bz2 php73-intl php73-openssl php73-ldap php73-ftp php73-imap php73-exif php73-gmp php73-pecl-memcache php73-pecl-imagick php73-pecl-smbclient perl5 p5-Locale-gettext help2man texinfo m4 autoconf \ No newline at end of file diff --git a/jails/nextcloud/install.sh b/jails/nextcloud/install.sh deleted file mode 100755 index a519faea..00000000 --- a/jails/nextcloud/install.sh +++ /dev/null @@ -1,362 +0,0 @@ -#!/usr/local/bin/bash -# This script installs the current release of Nextcloud into a create jail -# Based on the example by danb35: https://github.com/danb35/freenas-iocage-nextcloud - - -# Initialise defaults -JAIL_NAME="nextcloud" -# shellcheck disable=SC2154 -JAIL_IP="${nextcloud_ip4_addr%/*}" -# shellcheck disable=SC2154 -DATABASE="$nextcloud_database" -INCLUDES_PATH="${SCRIPT_DIR}/jails/nextcloud/includes" -# shellcheck disable=SC2154 -STANDALONE_CERT=${nextcloud_standalone_cert} -# shellcheck disable=SC2154 -SELFSIGNED_CERT=${nextcloud_selfsigned_cert} -# shellcheck disable=SC2154 -DNS_CERT=${nextcloud_dns_cert} -# shellcheck disable=SC2154 -NO_CERT=${nextcloud_no_cert} -# shellcheck disable=SC2154 -DL_FLAGS=${nextcloud_dl_flags} -# shellcheck disable=SC2154 -DNS_SETTING=${nextcloud_dns_settings} -# shellcheck disable=SC2154 -CERT_EMAIL=${nextcloud_cert_email} -# shellcheck disable=SC2154 -HOST_NAME=${nextcloud_host_name} - -# Only generate new DB passwords when using buildin database -# Set DB username and database to fixed "nextcloud" - -if [ "${DATABASE}" = "pgsql-external" ]; then - DB_NAME="PostgreSQL" - # shellcheck disable=SC2154 - DB_HOST="${nextcloud_db_host}" - # shellcheck disable=SC2154 - DB_DATABASE="${nextcloud_db_database}" - # shellcheck disable=SC2154 - DB_USER="${nextcloud_db_user}" - # shellcheck disable=SC2154 - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-external" ]; then - DB_NAME="MariaDB" - DB_HOST="${nextcloud_db_host}" - DB_DATABASE="${nextcloud_db_database}" - DB_USER="${nextcloud_db_user}" - DB_PASSWORD="${nextcloud_db_password}" -elif [ "${DATABASE}" = "mariadb-jail" ]; then - DB_DATABASE="nextcloud" - DB_USER="nextcloud" - # shellcheck disable=SC2154 - DB_HOST="${mariadb_ip4_addr%/*}:3306" - DB_PASSWORD="${nextcloud_db_password}" -else - echo "Invalid ${JAIL_NAME}_database selected please select one from the following options:" - echo "mariadb-jail, mariadb-external, pgsql-external" - exit 1 -fi - - -ADMIN_PASSWORD=$(openssl rand -base64 12) - -##### -# -# Input Sanity Check -# -##### - - -# Check that necessary variables were set by nextcloud-config -if [ -z "${nextcloud_ip4_addr}" ]; then - echo 'Configuration error: The Nextcloud jail does NOT accept DHCP' - echo 'Please reinstall using a fixed IP adress' - exit 1 -fi - -if [ -z "${DB_PASSWORD}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database password' - echo 'Please reinstall with a defifined: db_password' - exit 1 -fi - -if [ -z "${DB_USER}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database user' - echo 'Please reinstall with a defifined: db_user' - exit 1 -fi - -if [ -z "${DB_HOST}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database host' - echo 'Please reinstall with a defifined: db_host' - exit 1 -fi - -if [ -z "${DB_DATABASE}" ]; then - echo 'Configuration error: The Nextcloud Jail needs a database name' - echo 'Please reinstall with a defifined: db_database' - exit 1 -fi - -# shellcheck disable=SC2154 -if [ -z "${nextcloud_time_zone}" ]; then - echo 'Configuration error: TIME_ZONE must be set' - exit 1 -fi -if [ -z "${HOST_NAME}" ]; then - echo 'Configuration error: HOST_NAME must be set' - exit 1 -fi -if [ "$STANDALONE_CERT" -eq 0 ] && [ "$DNS_CERT" -eq 0 ] && [ "$NO_CERT" -eq 0 ] && [ "$SELFSIGNED_CERT" -eq 0 ]; then - echo 'Configuration error: Either STANDALONE_CERT, DNS_CERT, NO_CERT,' - echo 'or SELFSIGNED_CERT must be set to 1.' - exit 1 -fi -if [ "$STANDALONE_CERT" -eq 1 ] && [ "$DNS_CERT" -eq 1 ] ; then - echo 'Configuration error: Only one of STANDALONE_CERT and DNS_CERT' - echo 'may be set to 1.' - exit 1 -fi - -if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_PLUGIN}" ] ; then - echo "DNS_PLUGIN must be set to a supported DNS provider." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for list." - echo "Be sure to omit the prefix of \"tls.dns.\"." - exit 1 -fi -if [ "$DNS_CERT" -eq 1 ] && [ -z "${DNS_ENV}" ] ; then - echo "DNS_ENV must be set to a your DNS provider\'s authentication credentials." - echo "See https://caddyserver.com/docs under the heading of \"DNS Providers\" for more." - exit 1 -fi - -if [ "$DNS_CERT" -eq 1 ] ; then - DL_FLAGS="tls.dns.${DNS_PLUGIN}" - DNS_SETTING="dns ${DNS_PLUGIN}" -fi - -# Make sure DB_PATH is empty -- if not, MariaDB/PostgreSQL will choke -# shellcheck disable=SC2154 -if [ "$(ls -A "/mnt/${global_dataset_config}/${JAIL_NAME}/config")" ]; then - echo "Reinstall of Nextcloud detected... " - echo "External database selected, unable to verify compatibility. REINSTALL MIGHT NOT WORK... Continuing" - REINSTALL="true" -fi - - -##### - # -# Fstab And Mounts -# -##### - -# Create and Mount Nextcloud, Config and Files -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/config /usr/local/www/nextcloud/config -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/themes /usr/local/www/nextcloud/themes -createmount ${JAIL_NAME} "${global_dataset_config}"/${JAIL_NAME}/files /config/files - -# Install includes fstab -iocage exec "${JAIL_NAME}" mkdir -p /mnt/includes -iocage fstab -a "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - - -iocage exec "${JAIL_NAME}" chown -R www:www /config/files -iocage exec "${JAIL_NAME}" chmod -R 770 /config/files - - -##### -# -# Basic dependency install -# -##### - -if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy mariadb103-client php73-pdo_mysql php73-mysqli -elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" pkg install -qy postgresql10-client php73-pgsql php73-pdo_pgsql -fi - -fetch -o /tmp https://getcaddy.com -if ! iocage exec "${JAIL_NAME}" bash -s personal "${DL_FLAGS}" < /tmp/getcaddy.com -then - echo "Failed to download/install Caddy" - exit 1 -fi - -iocage exec "${JAIL_NAME}" sysrc redis_enable="YES" -iocage exec "${JAIL_NAME}" sysrc php_fpm_enable="YES" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/www/php73-opcache clean install BATCH=yes" -iocage exec "${JAIL_NAME}" sh -c "make -C /usr/ports/devel/php73-pcntl clean install BATCH=yes" - - -##### -# -# Install Nextcloud -# -##### - -FILE="latest-18.tar.bz2" -if ! iocage exec "${JAIL_NAME}" fetch -o /tmp https://download.nextcloud.com/server/releases/"${FILE}" https://download.nextcloud.com/server/releases/"${FILE}".asc https://nextcloud.com/nextcloud.asc -then - echo "Failed to download Nextcloud" - exit 1 -fi -iocage exec "${JAIL_NAME}" gpg --import /tmp/nextcloud.asc -if ! iocage exec "${JAIL_NAME}" gpg --verify /tmp/"${FILE}".asc -then - echo "GPG Signature Verification Failed!" - echo "The Nextcloud download is corrupt." - exit 1 -fi -iocage exec "${JAIL_NAME}" tar xjf /tmp/"${FILE}" -C /usr/local/www/ -iocage exec "${JAIL_NAME}" chown -R www:www /usr/local/www/nextcloud/ - - -# Generate and install self-signed cert, if necessary -if [ "$SELFSIGNED_CERT" -eq 1 ] && [ ! -f "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl/privkey.pem" ]; then - echo "No ssl certificate present, generating self signed certificate" - if [ ! -d "/mnt/${global_dataset_config}/${JAIL_NAME}/ssl" ]; then - echo "cert folder not existing... creating..." - iocage exec ${JAIL_NAME} mkdir /config/ssl - fi - openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=${HOST_NAME}" -keyout "${INCLUDES_PATH}"/privkey.pem -out "${INCLUDES_PATH}"/fullchain.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/privkey.pem /config/ssl/privkey.pem - iocage exec "${JAIL_NAME}" cp /mnt/includes/fullchain.pem /config/ssl/fullchain.pem -fi - -# Copy and edit pre-written config files -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/php.ini /usr/local/etc/php.ini -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/redis.conf /usr/local/etc/redis.conf -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/www.conf /usr/local/etc/php-fpm.d/ -if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/remove-staging.sh /root/ -fi -if [ "$NO_CERT" -eq 1 ]; then - echo "Copying Caddyfile for no SSL" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-nossl /usr/local/www/Caddyfile -elif [ "$SELFSIGNED_CERT" -eq 1 ]; then - echo "Copying Caddyfile for self-signed cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile-selfsigned /usr/local/www/Caddyfile -else - echo "Copying Caddyfile for Let's Encrypt cert" - iocage exec "${JAIL_NAME}" cp -f /mnt/includes/Caddyfile /usr/local/www/ -fi -iocage exec "${JAIL_NAME}" cp -f /mnt/includes/caddy /usr/local/etc/rc.d/ - - -iocage exec "${JAIL_NAME}" sed -i '' "s/yourhostnamehere/${HOST_NAME}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s/JAIL-IP/${JAIL_IP}/" /usr/local/www/Caddyfile -iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${nextcloud_time_zone}|" /usr/local/etc/php.ini - -iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES" -iocage exec "${JAIL_NAME}" sysrc caddy_cert_email="${CERT_EMAIL}" -iocage exec "${JAIL_NAME}" sysrc caddy_SNI_default="${HOST_NAME}" -iocage exec "${JAIL_NAME}" sysrc caddy_env="${DNS_ENV}" - -iocage restart "${JAIL_NAME}" - -if [ "${REINSTALL}" == "true" ]; then - echo "Reinstall detected, skipping generaion of new config and database" -else - - # Secure database, set root password, create Nextcloud DB, user, and password - if [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "mariadb" mysql -u root -e "CREATE DATABASE ${DB_DATABASE};" - iocage exec "mariadb" mysql -u root -e "GRANT ALL ON ${DB_DATABASE}.* TO ${DB_USER}@${JAIL_IP} IDENTIFIED BY '${DB_PASSWORD}';" - iocage exec "mariadb" mysqladmin reload - fi - - - # Save passwords for later reference - iocage exec "${JAIL_NAME}" echo "${DB_NAME} root password is ${DB_ROOT_PASSWORD}" > /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud database password is ${DB_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - iocage exec "${JAIL_NAME}" echo "Nextcloud Administrator password is ${ADMIN_PASSWORD}" >> /root/${JAIL_NAME}_db_password.txt - - # CLI installation and configuration of Nextcloud - if [ "${DATABASE}" = "mariadb-external" ] || [ "${DATABASE}" = "mariadb-jail" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"mysql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set mysql.utf8mb4 --type boolean --value=\"true\"" - elif [ "${DATABASE}" = "pgsql-external" ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ maintenance:install --database=\"pgsql\" --database-name=\"${DB_DATABASE}\" --database-user=\"${DB_USER}\" --database-pass=\"${DB_PASSWORD}\" --database-host=\"${DB_HOST}\" --admin-user=\"admin\" --admin-pass=\"${ADMIN_PASSWORD}\" --data-dir=\"/config/files\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:add-missing-indices" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ db:convert-filecache-bigint --no-interaction" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set logtimezone --value=\"${nextcloud_time_zone}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set log_type --value="file"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logfile --value="/var/log/nextcloud.log"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set loglevel --value="2"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set logrotate_size --value="104847600"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.local --value="\OC\Memcache\APCu"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis host --value="/tmp/redis.sock"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set redis port --value=0 --type=integer' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set memcache.locking --value="\OC\Memcache\Redis"' - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwritehost --value=\"${HOST_NAME}\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwriteprotocol --value=\"https\"" - if [ "$NO_CERT" -eq 1 ]; then - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"http://${HOST_NAME}/\"" - else - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set overwrite.cli.url --value=\"https://${HOST_NAME}/\"" - fi - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ config:system:set htaccess.RewriteBase --value="/"' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ maintenance:update:htaccess' - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 1 --value=\"${HOST_NAME}\"" - iocage exec "${JAIL_NAME}" su -m www -c "php /usr/local/www/nextcloud/occ config:system:set trusted_domains 2 --value=\"${JAIL_IP}\"" - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ app:enable encryption' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:enable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ encryption:disable' - iocage exec "${JAIL_NAME}" su -m www -c 'php /usr/local/www/nextcloud/occ background:cron' - -fi - -iocage exec "${JAIL_NAME}" touch /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" chown www /var/log/nextcloud.log -iocage exec "${JAIL_NAME}" su -m www -c 'php -f /usr/local/www/nextcloud/cron.php' -iocage exec "${JAIL_NAME}" crontab -u www /mnt/includes/www-crontab - -# Don't need /mnt/includes any more, so unmount it -iocage fstab -r "${JAIL_NAME}" "${INCLUDES_PATH}" /mnt/includes nullfs rw 0 0 - -# Done! -echo "Installation complete!" -if [ "$NO_CERT" -eq 1 ]; then - echo "Using your web browser, go to http://${HOST_NAME} to log in" -else - echo "Using your web browser, go to https://${HOST_NAME} to log in" -fi - -if [ "${REINSTALL}" == "true" ]; then - echo "You did a reinstall, please use your old database and account credentials" -else - - echo "Default user is admin, password is ${ADMIN_PASSWORD}" - echo "" - - echo "Database Information" - echo "--------------------" - echo "Database user = ${DB_USER}" - echo "Database password = ${DB_PASSWORD}" - echo "" - echo "All passwords are saved in /root/${JAIL_NAME}_db_password.txt" -fi - -echo "" -if [ "$STANDALONE_CERT" -eq 1 ] || [ "$DNS_CERT" -eq 1 ]; then - echo "You have obtained your Let's Encrypt certificate using the staging server." - echo "This certificate will not be trusted by your browser and will cause SSL errors" - echo "when you connect. Once you've verified that everything else is working" - echo "correctly, you should issue a trusted certificate. To do this, run:" - echo " iocage exec ${JAIL_NAME} /root/remove-staging.sh" - echo "" -elif [ "$SELFSIGNED_CERT" -eq 1 ]; then - echo "You have chosen to create a self-signed TLS certificate for your Nextcloud" - echo "installation. This certificate will not be trusted by your browser and" - echo "will cause SSL errors when you connect. If you wish to replace this certificate" - echo "with one obtained elsewhere, the private key is located at:" - echo "/config/ssl/privkey.pem" - echo "The full chain (server + intermediate certificates together) is at:" - echo "/config/ssl/fullchain.pem" - echo "" -fi - diff --git a/jails/organizr/config.yml b/jails/organizr/config.yml deleted file mode 100644 index 887c1645..00000000 --- a/jails/organizr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -organizr: organizr - pkgs: nginx php72 php72-filter php72-curl php72-hash php72-json php72-openssl php72-pdo php72-pdo_sqlite php72-session php72-simplexml php72-sqlite3 php72-zip git \ No newline at end of file diff --git a/jails/organizr/install.sh b/jails/organizr/install.sh deleted file mode 100755 index 951ff0d8..00000000 --- a/jails/organizr/install.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Organizr - -iocage exec organizr sed -i '' -e 's?listen = 127.0.0.1:9000?listen = /var/run/php-fpm.sock?g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.owner = www/listen.owner = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.group = www/listen.group = www/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr sed -i '' -e 's/;listen.mode = 0660/listen.mode = 0600/g' /usr/local/etc/php-fpm.d/www.conf -iocage exec organizr cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;date.timezone =?date.timezone = "Universal"?g' /usr/local/etc/php.ini -iocage exec organizr sed -i '' -e 's?;cgi.fix_pathinfo=1?cgi.fix_pathinfo=0?g' /usr/local/etc/php.ini -# shellcheck disable=SC2154 -mv /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf.bak -cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf -cp -Rf "${SCRIPT_DIR}"/jails/organizr/includes/custom /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/custom -# shellcheck disable=SC2154 -if [ ! -d "/mnt/${global_dataset_config}/organizr/ssl" ]; then - echo "cert folder doesn't exist... creating..." - iocage exec organizr mkdir /config/ssl -fi - -if [ -f "/mnt/${global_dataset_config}/organizr/ssl/Organizr-Cert.crt" ]; then - echo "certificate exists... Skipping cert generation" -else - echo "No ssl certificate present, generating self signed certificate" - openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=localhost" -keyout /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.key -out /mnt/"${global_dataset_config}"/organizr/ssl/Organizr-Cert.crt -fi - -iocage exec organizr git clone https://github.com/causefx/Organizr.git /usr/local/www/Organizr -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr ln -s /config/config.php /usr/local/www/Organizr/api/config/config.php -iocage exec organizr sysrc nginx_enable=YES -iocage exec organizr sysrc php_fpm_enable=YES -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start diff --git a/jails/organizr/update.sh b/jails/organizr/update.sh deleted file mode 100755 index b24f1154..00000000 --- a/jails/organizr/update.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Organizr - -iocage exec organizr service nginx stop -iocage exec organizr service php-fpm stop -# TODO setup cli update for Organizr here. -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/organizr/includes/nginx.conf /mnt/"${global_dataset_iocage}"/jails/organizr/root/usr/local/etc/nginx/nginx.conf -iocage exec organizr "cd /usr/local/www/Organizr && git pull" -iocage exec organizr chown -R www:www /usr/local/www /config /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/custom -iocage exec organizr service nginx start -iocage exec organizr service php-fpm start \ No newline at end of file diff --git a/jails/plex/config.yml b/jails/plex/config.yml deleted file mode 100644 index 8206391a..00000000 --- a/jails/plex/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -plex: plex - pkgs: plexmediaserver \ No newline at end of file diff --git a/jails/plex/install.sh b/jails/plex/install.sh deleted file mode 100755 index cdeb3803..00000000 --- a/jails/plex/install.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for plex - -iocage exec plex mkdir -p /usr/local/etc/pkg/repos - - -# Change to to more frequent FreeBSD repo to stay up-to-date with plex more. -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/plex/includes/FreeBSD.conf /mnt/"${global_dataset_iocage}"/jails/plex/root/usr/local/etc/pkg/repos/FreeBSD.conf - - -# Check if datasets for media librarys exist, create them if they do not. -# shellcheck disable=SC2154 -createmount plex "${global_dataset_media}" /mnt/media -createmount plex "${global_dataset_media}"/movies /mnt/media/movies -createmount plex "${global_dataset_media}"/music /mnt/media/music -createmount plex "${global_dataset_media}"/shows /mnt/media/shows - -# Create plex ramdisk if specified -# shellcheck disable=SC2154 -if [ -z "${plex_ramdisk}" ]; then - echo "no ramdisk specified for plex, continuing without randisk" -else - iocage fstab -a plex tmpfs /tmp_transcode tmpfs rw,size="${plex_ramdisk}",mode=1777 0 0 -fi - -iocage exec plex chown -R plex:plex /config - -# Force update pkg to get latest plex version -iocage exec plex pkg update -iocage exec plex pkg upgrade -y - -# Add plex user to video group for future hw-encoding support -iocage exec plex pw groupmod -n video -m plex - -# Run different install procedures depending on Plex vs Plex Beta -# shellcheck disable=SC2154 -if [ "$plex_beta" == "true" ]; then - echo "beta enabled in config.yml... using plex beta for install" - iocage exec plex sysrc "plexmediaserver_plexpass_enable=YES" - iocage exec plex sysrc plexmediaserver_plexpass_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver-plexpass/ - iocage exec plex service plexmediaserver_plexpass restart -else - echo "beta disabled in config.yml... NOT using plex beta for install" - iocage exec plex sysrc "plexmediaserver_enable=YES" - iocage exec plex sysrc plexmediaserver_support_path="/config" - iocage exec plex chown -R plex:plex /usr/local/share/plexmediaserver/ - iocage exec plex service plexmediaserver restart -fi - -echo "Finished installing plex" \ No newline at end of file diff --git a/jails/radarr/config.yml b/jails/radarr/config.yml deleted file mode 100644 index 789ec723..00000000 --- a/jails/radarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -radarr: radarr - pkgs: mono mediainfo sqlite3 libgdiplus \ No newline at end of file diff --git a/jails/radarr/install.sh b/jails/radarr/install.sh deleted file mode 100755 index d8305480..00000000 --- a/jails/radarr/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for radarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount radarr "${global_dataset_downloads}" -createmount radarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for movies exist, create if they do not. -# shellcheck disable=SC2154 -createmount radarr "${global_dataset_media}" -createmount radarr "${global_dataset_media}"/movies /mnt/movies - -iocage exec radarr "fetch https://github.com/Radarr/Radarr/releases/download/v0.2.0.1480/Radarr.develop.0.2.0.1480.linux.tar.gz -o /usr/local/share" -iocage exec radarr "tar -xzvf /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -C /usr/local/share" -iocage exec radarr rm /usr/local/share/Radarr.develop.0.2.0.1480.linux.tar.gz -iocage exec radarr "pw user add radarr -c radarr -u 352 -d /nonexistent -s /usr/bin/nologin" -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -iocage exec radarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr sysrc "radarr_enable=YES" -iocage exec radarr service radarr restart diff --git a/jails/radarr/update.sh b/jails/radarr/update.sh deleted file mode 100755 index b527d0ce..00000000 --- a/jails/radarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for radarr - -iocage exec radarr service radarr stop -#TODO insert code to update radarr itself here -iocage exec radarr chown -R radarr:radarr /usr/local/share/Radarr /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/radarr/includes/radarr.rc /mnt/"${global_dataset_iocage}"/jails/radarr/root/usr/local/etc/rc.d/radarr -iocage exec radarr chmod u+x /usr/local/etc/rc.d/radarr -iocage exec radarr service radarr restart \ No newline at end of file diff --git a/jails/sonarr/config.yml b/jails/sonarr/config.yml deleted file mode 100644 index 1197e640..00000000 --- a/jails/sonarr/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -sonarr: sonarr - pkgs: mono mediainfo sqlite3 \ No newline at end of file diff --git a/jails/sonarr/install.sh b/jails/sonarr/install.sh deleted file mode 100755 index b63614b9..00000000 --- a/jails/sonarr/install.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for sonarr - -# Check if dataset for completed download and it parent dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount sonarr "${global_dataset_downloads}" -createmount sonarr "${global_dataset_downloads}"/complete /mnt/fetched - -# Check if dataset for media library and the dataset for tv shows exist, create if they do not. -# shellcheck disable=SC2154 -createmount sonarr "${global_dataset_media}" -createmount sonarr "${global_dataset_media}"/shows /mnt/shows - -iocage exec sonarr "fetch http://download.sonarr.tv/v2/master/mono/NzbDrone.master.tar.gz -o /usr/local/share" -iocage exec sonarr "tar -xzvf /usr/local/share/NzbDrone.master.tar.gz -C /usr/local/share" -iocage exec sonarr rm /usr/local/share/NzbDrone.master.tar.gz -iocage exec sonarr "pw user add sonarr -c sonarr -u 351 -d /nonexistent -s /usr/bin/nologin" -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -iocage exec sonarr mkdir /usr/local/etc/rc.d -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr sysrc "sonarr_enable=YES" -iocage exec sonarr service sonarr restart diff --git a/jails/sonarr/update.sh b/jails/sonarr/update.sh deleted file mode 100755 index 47f94384..00000000 --- a/jails/sonarr/update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for sonarr - -iocage exec sonarr service sonarr stop -#TODO insert code to update sonarr itself here -iocage exec sonarr chown -R sonarr:sonarr /usr/local/share/NzbDrone /config -# shellcheck disable=SC2154 -cp "${SCRIPT_DIR}"/jails/sonarr/includes/sonarr.rc /mnt/"${global_dataset_iocage}"/jails/sonarr/root/usr/local/etc/rc.d/sonarr -iocage exec sonarr chmod u+x /usr/local/etc/rc.d/sonarr -iocage exec sonarr service sonarr restart \ No newline at end of file diff --git a/jails/tautulli/config.yml b/jails/tautulli/config.yml deleted file mode 100644 index 34256990..00000000 --- a/jails/tautulli/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -tautulli: tautulli - pkgs: python2 py27-sqlite3 py27-openssl git \ No newline at end of file diff --git a/jails/tautulli/install.sh b/jails/tautulli/install.sh deleted file mode 100755 index eee596bb..00000000 --- a/jails/tautulli/install.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for Tautulli - - -iocage exec tautulli git clone https://github.com/Tautulli/Tautulli.git /usr/local/share/Tautulli -iocage exec tautulli "pw user add tautulli -c tautulli -u 109 -d /nonexistent -s /usr/bin/nologin" -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli sysrc "tautulli_enable=YES" -iocage exec tautulli sysrc "tautulli_flags=--datadir /config" -iocage exec tautulli service tautulli start \ No newline at end of file diff --git a/jails/tautulli/update.sh b/jails/tautulli/update.sh deleted file mode 100755 index 52c00a18..00000000 --- a/jails/tautulli/update.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for Tautulli - -iocage exec tautulli service tautulli stop -# Tautulli is updated through pkg, this is mostly just a placeholder -iocage exec tautulli chown -R tautulli:tautulli /usr/local/share/Tautulli /config -iocage exec tautulli cp /usr/local/share/Tautulli/init-scripts/init.freenas /usr/local/etc/rc.d/tautulli -iocage exec tautulli chmod u+x /usr/local/etc/rc.d/tautulli -iocage exec tautulli service tautulli restart \ No newline at end of file diff --git a/jails/transmission/config.yml b/jails/transmission/config.yml deleted file mode 100644 index efec5ece..00000000 --- a/jails/transmission/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -transmission: transmission - pkgs: bash unzip unrar transmission \ No newline at end of file diff --git a/jails/transmission/install.sh b/jails/transmission/install.sh deleted file mode 100755 index 43c298c5..00000000 --- a/jails/transmission/install.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for transmission - -# Check if dataset Downloads dataset exist, create if they do not. -# shellcheck disable=SC2154 -createmount transmission "${global_dataset_downloads}" /mnt/downloads - -# Check if dataset Complete Downloads dataset exist, create if they do not. -createmount transmission "${global_dataset_downloads}"/complete /mnt/downloads/complete - -# Check if dataset InComplete Downloads dataset exist, create if they do not. -createmount transmission "${global_dataset_downloads}"/incomplete /mnt/downloads/incomplete - - -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission sysrc "transmission_enable=YES" -iocage exec transmission sysrc "transmission_conf_dir=/config" -iocage exec transmission sysrc "transmission_download_dir=/mnt/downloads/complete" -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/jails/transmission/update.sh b/jails/transmission/update.sh deleted file mode 100755 index a0c0e40b..00000000 --- a/jails/transmission/update.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the update script for transmission - -iocage exec transmission service transmission stop -# Transmision is updated during PKG update, this file is mostly just a placeholder -iocage exec transmission chown -R transmission:transmission /config -iocage exec transmission service transmission restart \ No newline at end of file diff --git a/jails/unifi/config.yml b/jails/unifi/config.yml deleted file mode 100644 index 3d74c1ae..00000000 --- a/jails/unifi/config.yml +++ /dev/null @@ -1,2 +0,0 @@ -unifi: unifi - pkgs: jq unifi5 \ No newline at end of file diff --git a/jails/unifi/install.sh b/jails/unifi/install.sh deleted file mode 100644 index 7d810792..00000000 --- a/jails/unifi/install.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/local/bin/bash -# This file contains the install script for unifi-controller & unifi-poller - -# Initialize variables -JAIL_NAME="unifi" -# shellcheck disable=SC2154 -JAIL_IP="${unifi_ip4_addr%/*}" -# shellcheck disable=SC2154 -DB_IP="${influxdb_ip4_addr%/*}" -# shellcheck disable=SC2154 -DB_JAIL="${unifi_db_jail}" -# shellcheck disable=SC2154 -DB_NAME="${unifi_up_db_name:-unifi}" -# shellcheck disable=SC2154 -DB_USER="${unifi_up_db_user}" -# shellcheck disable=SC2154 -DB_PASS="${unifi_up_db_password}" -# shellcheck disable=SC2154 -UP_USER="${unifi_up_user}" -# shellcheck disable=SC2154 -UP_PASS="${unifi_up_password}" -INCLUDES_PATH="${SCRIPT_DIR}/jails/unifi/includes" - -# Enable persistent Unifi Controller data -iocage exec "${JAIL_NAME}" mkdir -p /config/controller/mongodb -iocage exec "${JAIL_NAME}" cp -Rp /usr/local/share/java/unifi /config/controller -iocage exec "${JAIL_NAME}" chown -R mongodb:mongodb /config/controller/mongodb -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/mongodb.conf /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/rc/mongod /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ -# shellcheck disable=SC2154 -cp "${INCLUDES_PATH}"/rc/unifi /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/ -iocage exec "${JAIL_NAME}" sysrc unifi_enable=YES -iocage exec "${JAIL_NAME}" service unifi start - -# shellcheck disable=SC2154 -if [[ ! "${unifi_unifi_poller}" ]]; then - echo "Installation complete!" - echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." -else - # Check if influxdb container exists, create unifi database if it does, error if it is not. - echo "Checking if the database jail and database exist..." - if [[ -d /mnt/"${global_dataset_iocage}"/jails/"${DB_JAIL}" ]]; then - DB_EXISTING=$(iocage exec "${DB_JAIL}" curl -G http://localhost:8086/query --data-urlencode 'q=SHOW DATABASES' | jq '.results [] | .series [] | .values []' | grep "$DB_NAME" | sed 's/"//g' | sed 's/^ *//g') - if [[ "$DB_NAME" == "$DB_EXISTING" ]]; then - echo "${DB_JAIL} jail with database ${DB_NAME} already exists. Skipping database creation... " - else - echo "${DB_JAIL} jail exists, but database ${DB_NAME} does not. Creating database ${DB_NAME}." - if [[ -z "${DB_USER}" ]] || [[ -z "${DB_PASS}" ]]; then - echo "Database username and password not provided. Cannot create database without credentials. Exiting..." - exit 1 - else - iocage exec "${DB_JAIL}" "curl -XPOST -u ${DB_USER}:${DB_PASS} http://localhost:8086/query --data-urlencode 'q=CREATE DATABASE ${DB_NAME}'" - echo "Database ${DB_NAME} created with username ${DB_USER} with password ${DB_PASS}." - fi - fi - else - echo "Influxdb jail does not exist. Unifi-Poller requires Influxdb jail. Please install the Influxdb jail." - exit 1 - fi - - # Download and install Unifi-Poller - FILE_NAME=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .name") - DOWNLOAD=$(curl -s https://api.github.com/repos/unifi-poller/unifi-poller/releases/latest | jq -r ".assets[] | select(.name | contains(\"amd64.txz\")) | .browser_download_url") - iocage exec "${JAIL_NAME}" fetch -o /config "${DOWNLOAD}" - - # Install downloaded Unifi-Poller package, configure and enable - iocage exec "${JAIL_NAME}" pkg install -qy /config/"${FILE_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/up.conf /mnt/"${global_dataset_config}"/"${JAIL_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/up.conf.example /mnt/"${global_dataset_config}"/"${JAIL_NAME}" - # shellcheck disable=SC2154 - cp "${INCLUDES_PATH}"/rc/unifi_poller /mnt/"${global_dataset_iocage}"/jails/"${JAIL_NAME}"/root/usr/local/etc/rc.d/unifi_poller - iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbuser|${DB_USER}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|influxdbpass|${DB_PASS}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifidb|${DB_NAME}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifiuser|${UP_USER}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|unifipassword|${UP_PASS}|" /config/up.conf - iocage exec "${JAIL_NAME}" sed -i '' "s|dbip|http://${DB_IP}:8086|" /config/up.conf - - - iocage exec "${JAIL_NAME}" sysrc unifi_poller_enable=YES - iocage exec "${JAIL_NAME}" service unifi_poller start - - echo "Installation complete!" - echo "Unifi Controller is accessible at https://${JAIL_IP}:8443." - echo "Please login to the Unifi Controller and add ${UP_USER} as a read-only user." - echo "In Grafana, add Unifi-Poller as a data source." -fi