[WIP] Allow multiple installations of same blueprint (#88)

* Multi-install support, Blueprints and config changes. Initial commit * Migrating jails to blueprints, first steps. Tested Working: - Transmission - Lidarr - Sonarr - Radarr fix lidarr config (+10 squashed commit) Squashed commit: [5f14653] always link ports folders [f18f2f0] Optional (blueprint) ports mount Fixes #89 [96ef7e7] chmod all the things [129e707] same mistake... again... [e1596dc] missing reference [6da3567] Forgot one reference [d78b5b6] Update wiki.yml [cecc53a] Update filecheck.yml [5244abd] basic settings changed. More involved blueprints still need changes, such as: Bitwarden, nextcloud, Mariadb [6568e92] jails -> blueprints * Added Tested Working: - KMS - Plex - Tautulli - Organizr - InfluxDB - MariaDB Many squashed small fixes included: Make *.rc executable (+13 squashed commit) Squashed commit: [b28aa83] use .rc for rc.d config files [e940a48] some mariadb cleanup [dc27aff] testing another way [83bd91b] Mariadb root password alter instead of update, initial config for unifi [0ca3074] some light config cleanup [a0d4352] also remove database from influxdb example config (db should be created when required) [2c218cc] Prepare influxdb and remove unneeded content [1b34109] more shellcheck fixups [c96566c] Some shellcheck cleanup [8969ca7] bitwarden mostly done, some work on nextcloud and unifi [7f89bfa] initial mariadb patch [dd7e85f] missed one problem [f814cb7] Initial pseudo-compatibility patch for unifi * Enable Bitwarden support and some small fixes/tweaks Fixes #95 more bugs and typo's (+3 squashed commit) Squashed commit: [3b5213e] Bitwarden not correctly installing db [b7438a5] yeah thats not gonna cut it... >.< [e7987c2] some slight bitwarden tweaks * Enable Unifi support and some small fixes/tweaks small unifi cleanup. Unifi is working (+3 squashed commit) Squashed commit: [d906d2d] chmod unifi [545e999] Add extra sanity, remove unneeded variables from example [b8c0b24] Some small Unifi Tweaks * Nextcloud Cleanup, Some fixes, Initial support for blueprintsystem Fixes #96 Fixes #97 Fixes #98 some bloat and syntax fixes (+5 squashed commit) Squashed commit: [78f6428] Some more nextcloud cleanup and tweaks - combines multiple variables for cert system selection (Fixes #98 ) - Default to self signed cert - Force manual admin password [7cacae4] slight fixes [3d81cda] More cleanup [50496cc] small mariadb fix and more nextcloud cleanup [c1b2c20] Cleaning nextcloud - Remove external DB (Fixes #97 ) - Remove Postgresql (Fixes #96 ) - Some preparation for blueprint * Nextcloud done and.. another... (+5 squashed commit) Squashed commit: [c65751b] caddy not installed right. [e5da66b] more fixes [a33300e] Damnit, two typo's same scentence [4292a7a] another typo [1b820cf] typo and example hotfix * Introduce version checking for config file
2020-05-02 17:45:13 +02:00
parent 66e997069a
commit dbfbd489fa
140 changed files with 1361 additions and 1888 deletions
--- a/blueprints/unifi/includes/mongodb.conf
+++ b/blueprints/unifi/includes/mongodb.conf
@ -0,0 +1,45 @@
+# mongod.conf
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logAppend: true
+  path: /var/db/mongodb/mongod.log 
+
+# Where and how to store data.
+storage:
+  dbPath: /config/mongodb 
+  journal:
+    enabled: true
+#  engine:
+#  mmapv1:
+#  wiredTiger:
+
+# how the process runs
+processManagement:
+  fork: true  # fork and run in background
+  pidFilePath: /var/db/mongodb/mongod.lock  # location of pidfile
+  timeZoneInfo: /usr/share/zoneinfo
+
+# network interfaces
+net:
+  port: 27017
+  bindIp: 127.0.0.1  # Listen to local interface only, comment to listen on all interfaces.
+
+
+#security:
+
+#operationProfiling:
+
+#replication:
+
+#sharding:
+
+## Enterprise-Only Options
+
+#auditLog:
+
+#snmp:
--- a/blueprints/unifi/includes/rc/mongod.rc
+++ b/blueprints/unifi/includes/rc/mongod.rc
@ -0,0 +1,64 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2181,SC2006
+
+# PROVIDE: mongod
+# REQUIRE: NETWORK ldconfig
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# mongod_enable (bool):  Set to "NO" by default.
+#                        Set it to "YES" to enable mongod.
+# mongod_limits (bool):  Set to "NO" by default.
+#                        Set it to yes to run `limits -e -U mongodb`
+#                        just before mongod starts.
+# mongod_dbpath (str):   Default to "/var/db/mongodb"
+#                        Base database directory.
+# mongod_flags (str):    Custom additional arguments to be passed to mongod.
+#                        Default to "--logpath ${mongod_dbpath}/mongod.log --logappend".
+# mongod_config (str):	 Default to "/usr/local/etc/mongodb.conf"
+#                        Path to config file
+#
+
+. /etc/rc.subr
+
+name="mongod"
+rcvar=mongod_enable
+
+load_rc_config $name
+
+: ${mongod_enable="NO"}
+: ${mongod_limits="NO"}
+: ${mongod_dbpath="/config/mongodb"}
+: ${mongod_flags="--logpath ${mongod_dbpath}/mongod.log --logappend --setParameter=disabledSecureAllocatorDomains=\*"}
+: ${mongod_user="mongodb"}
+: ${mongod_group="mongodb"}
+: ${mongod_config="/usr/local/etc/mongodb.conf"}
+
+pidfile="${mongod_dbpath}/mongod.lock"
+command=/usr/local/bin/${name}
+command_args="--config $mongod_config --dbpath $mongod_dbpath --fork >/dev/null 2>/dev/null"
+start_precmd="${name}_prestart"
+
+mongod_create_dbpath()
+{
+        mkdir "${mongod_dbpath}" >/dev/null 2>/dev/null
+        [ $? -eq 0 ] && chown -R "${mongod_user}":"${mongod_group}" "${mongod_dbpath}"
+}
+
+mongod_prestart()
+{
+        if [ ! -d "${mongod_dbpath}" ]; then
+                mongod_create_dbpath || return 1
+        fi
+        if checkyesno mongod_limits; then
+                # TODO check this and clean this up
+                # Shellcheck disable=SC2046,SC2006
+                eval `/usr/bin/limits -e -U ${mongod_user}` 2>/dev/null
+        else
+                return 0
+        fi
+}
+
+run_rc_command "$1"
--- a/blueprints/unifi/includes/rc/unifi.rc
+++ b/blueprints/unifi/includes/rc/unifi.rc
@ -0,0 +1,87 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046,SC2086,SC2155,SC2237
+#
+# Created by: Mark Felder <feld@FreeBSD.org>
+# $FreeBSD: branches/2020Q2/net-mgmt/unifi5/files/unifi.in 512281 2019-09-18 17:37:59Z feld $
+#
+
+# PROVIDE: unifi
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following line to /etc/rc.conf to enable `unifi':
+#
+# unifi_enable="YES"
+#
+# Other configuration settings for unifi that can be set in /etc/rc.conf:
+#
+# unifi_user (str)
+#   This is the user that unifi runs as
+#   Set to unifi by default
+#
+# unifi_group (str)
+#   This is the group that unifi runs as
+#   Set to unifi by default
+#
+# unifi_chdir (str)
+#   This is the directory that unifi chdirs into before starting
+#   Set to /usr/local/share/java/unifi by default
+#
+# unifi_java_home (str)
+#   The path to the base directory for the Java to use to run unifi
+#   Defaults to /usr/local/openjdk8
+#
+# unifi_javaflags (str)
+#   Flags passed to Java to run unifi
+#   Set to "-Djava.awt.headless=true -Xmx1024M" by default
+#
+
+. /etc/rc.subr
+name=unifi
+
+rcvar=unifi_enable
+load_rc_config ${name}
+
+: ${unifi_enable:=NO}
+: ${unifi_user:=unifi}
+: ${unifi_group:=unifi}
+: ${unifi_chdir=/config/controller/unifi}
+: ${unifi_java_home=/usr/local/openjdk8}
+: ${unifi_javaflags="-Djava.awt.headless=true -Xmx1024M"}
+
+pidfile="/var/run/unifi/${name}.pid"
+procname=${unifi_java_home}/bin/java
+command=/usr/sbin/daemon
+command_args="-f -p ${pidfile} ${unifi_java_home}/bin/java ${unifi_javaflags} com.ubnt.ace.Launcher start"
+start_precmd=start_precmd
+stop_precmd=stop_precmd
+stop_postcmd=stop_postcmd
+
+export CLASSPATH=$(echo ${unifi_chdir}/lib/*.jar | tr ' ' ':')
+
+start_precmd()
+{
+	if [ ! -e /var/run/unifi ] ; then
+		install -d -o unifi -g unifi /var/run/unifi;
+	fi
+}
+
+stop_precmd()
+{
+	if [ -r ${pidfile} ]; then
+		_UNIFIPID=$(check_pidfile ${pidfile} ${procname})
+		export _UNIFI_CHILDREN=$(pgrep -P ${_UNIFIPID})
+	fi
+}
+
+stop_postcmd()
+{
+	if ! [ -z ${_UNIFI_CHILDREN} ]; then
+		echo "Cleaning up leftover child processes."
+		kill $sig_stop ${_UNIFI_CHILDREN}
+		wait_for_pids ${_UNIFI_CHILDREN}
+	fi
+}
+
+run_rc_command "$1"
--- a/blueprints/unifi/includes/rc/unifi_poller.rc
+++ b/blueprints/unifi/includes/rc/unifi_poller.rc
@ -0,0 +1,36 @@
+#!/bin/sh
+# shellcheck disable=SC1091,SC2034,SC2223,SC2154,SC1090,SC2046
+#
+# FreeBSD rc.d startup script for unifi-poller.
+#
+# PROVIDE: unifi-poller
+# REQUIRE: networking syslog
+# KEYWORD:
+
+. /etc/rc.subr
+
+name="unifi_poller"
+real_name="unifi-poller"
+rcvar="unifi_poller_enable"
+unifi_poller_command="/usr/local/bin/${real_name}"
+unifi_poller_user="nobody"
+unifi_poller_config="/config/up.conf"
+pidfile="/var/run/${real_name}/pid"
+
+# This runs `daemon` as the `unifi_poller_user` user.
+command="/usr/sbin/daemon"
+command_args="-P ${pidfile} -r -t ${real_name} -T ${real_name} -l daemon ${unifi_poller_command} -c ${unifi_poller_config}"
+
+load_rc_config ${name}
+: ${unifi_poller_enable:=no}
+
+# Make a place for the pid file.
+mkdir -p $(dirname ${pidfile})
+chown -R $unifi_poller_user $(dirname ${pidfile})
+
+# Suck in optional exported override variables.
+# ie. add something like the following to this file: export UP_POLLER_DEBUG=true
+[ -f "/usr/local/etc/defaults/${real_name}" ] && . "/usr/local/etc/defaults/${real_name}"
+
+# Go!
+run_rc_command "$1"
--- a/blueprints/unifi/includes/up.conf
+++ b/blueprints/unifi/includes/up.conf
@ -0,0 +1,106 @@
+# UniFi Poller v2 primary configuration file. TOML FORMAT #
+###########################################################
+
+[poller]
+  # Turns on line numbers, microsecond logging, and a per-device log.
+  # The default is false, but I personally leave this on at home (four devices).
+  # This may be noisy if you have a lot of devices. It adds one line per device.
+  debug = false
+
+  # Turns off per-interval logs. Only startup and error logs will be emitted.
+  # Recommend enabling debug with this setting for better error logging.
+  quiet = true
+
+  # Load dynamic plugins. Advanced use; only sample mysql plugin provided by default.
+  plugins = []
+
+#### OUTPUTS
+
+    # If you don't use an output, you can disable it.
+
+[prometheus]
+  disable = true
+  # This controls on which ip and port /metrics is exported when mode is "prometheus".
+  # This has no effect in other modes. Must contain a colon and port.
+  http_listen = "0.0.0.0:9130"
+  report_errors = false
+
+[influxdb]
+  disable = false
+  # InfluxDB does not require auth by default, so the user/password are probably unimportant.
+  url  = "dbip"
+  user = "influxdbuser"
+  pass = "influxdbpass"
+  # Be sure to create this database.
+  db = "unifidb"
+  # If your InfluxDB uses a valid SSL cert, set this to true.
+  verify_ssl = false
+  # The UniFi Controller only updates traffic stats about every 30 seconds.
+  # Setting this to something lower may lead to "zeros" in your data.
+  # If you're getting zeros now, set this to "1m"
+  interval = "30s"
+
+#### INPUTS
+
+[unifi]
+  # Setting this to true and providing default credentials allows you to skip
+  # configuring controllers in this config file. Instead you configure them in
+  # your prometheus.yml config. Prometheus then sends the controller URL to
+  # unifi-poller when it performs the scrape. This is useful if you have many,
+  # or changing controllers. Most people can leave this off. See wiki for more.
+  dynamic = false
+
+# The following section contains the default credentials/configuration for any
+# dynamic controller (see above section), or the primary controller if you do not
+# provide one and dynamic is disabled. In other words, you can just add your
+# controller here and delete the following section.
+[unifi.defaults]
+  #role       = "main controller"
+  url        = "https://127.0.0.1:8443"
+  user       = "unifiuser"
+  pass       = "unifipassword"
+  sites      = ["all"]
+  save_ids   = false
+  save_dpi   = false
+  save_sites = true
+  verify_ssl = false
+
+# The following is optional and used for configurations with multiple controllers.
+
+# You may repeat the following section to poll multiple controllers.
+#[[unifi.controller]]
+  # Friendly name used in dashboards. Uses URL if left empty; which is fine.
+  # Avoid changing this later because it will live forever in your database.
+  # Multiple controllers may share a role. This allows grouping during scrapes.
+  #role = ""
+  #url = "https://127.0.0.1:8443"
+
+  # Make a read-only user in the UniFi Admin Settings, allow it access to all sites.
+  #user = "unifipoller"
+  #pass = "4BB9345C-2341-48D7-99F5-E01B583FF77F"
+
+  # If the controller has more than one site, specify which sites to poll here.
+  # Set this to ["default"] to poll only the first site on the controller.
+  # A setting of ["all"] will poll all sites; this works if you only have 1 site too.
+  #sites = ["all"]
+
+  # Enable collection of Intrusion Detection System Data (InfluxDB only).
+  # Only useful if IDS or IPS are enabled on one of the sites.
+  #save_ids = false
+
+  # Enable collection of Deep Packet Inspection data. This data breaks down traffic
+  # types for each client and site, it powers a dedicated DPI dashboard.
+  # Enabling this adds roughly 150 data points per client.  That's 6000 metrics for
+  # 40 clients.  This adds a little bit of poller run time per interval and causes
+  # more API requests to your controller(s). Don't let these "cons" sway you:
+  # it's cool data. Please provide feedback on your experience with this feature.
+  #save_dpi = false
+
+  # Enable collection of site data. This data powers the Network Sites dashboard.
+  # It's not valuable to everyone and setting this to false will save resources.
+  #save_sites = true
+
+  # If your UniFi controller has a valid SSL certificate (like lets encrypt),
+  # you can enable this option to validate it. Otherwise, any SSL certificate is
+  # valid. If you don't know if you have a valid SSL cert, then you don't have one.
+  #verify_ssl = false