apr 19 update

jails/config/cert/acmedns

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Copyright (c) 2018-2021, diyIT.org
+# All rights reserved.
+#
+# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
+# https://diyit.org/license/
+#
+#
+
+# the two lines below are not just comments but required by rcorder; service -e
+# PROVIDE: acmedns
+# REQUIRE: NETWORKING DAEMON
+
+. /etc/rc.subr
+
+: ${acmedns_enable="NO"}
+
+name=acmedns
+rcvar=${name}_enable
+
+ACMEDNS="/usr/local/bin/acme-dns"
+
+start_cmd="${name}_start"
+stop_cmd="${name}_stop"
+restart_cmd="${name}_restart"
+
+acmedns_start()
+{
+        $ACMEDNS -c /etc/acme-dns/config.cfg &
+}
+
+acmedns_stop()
+{
+        ps ax | grep -ie acme-dns | grep -v grep | awk '{print $1}' | xargs kill -9
+}
+acmedns_restart()
+{
+	acmedns_stop
+	acmedns_start
+}
+
+load_rc_config ${name}
+run_rc_command "$1"

jails/config/cert/config.cfg

@@ -0,0 +1,65 @@
+[general]
+# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
+# In this case acme-dns will error out and you will need to define the listening interface
+# for example: listen = "127.0.0.1:53"
+listen = "0.0.0.0:53"
+# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
+protocol = "both4"
+# domain name to serve the requests off of
+domain = "dns-auth.ahlawat.com"
+# zone name server
+nsname = "dns-auth.ahlawat.com"
+# admin email address, where @ is substituted with .
+nsadmin = "sharad.ahlawat.com"
+# predefined records served in addition to the TXT
+records = [
+    # domain pointing to the public IP of your acme-dns server
+    "dns-auth.ahlawat.com. A 216.139.40.20",
+    # specify that auth.example.org will resolve any *.auth.example.org records
+    "dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
+]
+# debug messages from CORS etc
+debug = false
+
+[database]
+# Database engine to use, sqlite3 or postgres
+engine = "sqlite3"
+# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
+# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
+connection = "/usr/local/lib/acme-dns/acme-dns.db"
+# connection = "postgres://user:password@localhost/acmedns_db"
+
+[api]
+# listen ip eg. 127.0.0.1
+ip = "0.0.0.0"
+# disable registration endpoint
+disable_registration = false
+# listen port, eg. 443 for default HTTPS
+port = "443"
+# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
+tls = "cert"
+# only used if tls = "cert"
+tls_cert_privkey = "/mnt/certs/privkey.pem"
+tls_cert_fullchain = "/mnt/certs/fullchain.pem"
+# only used if tls = "letsencrypt"
+acme_cache_dir = "api-certs"
+# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
+notification_email = ""
+# CORS AllowOrigins, wildcards can be used
+corsorigins = [
+    "*"
+]
+# use HTTP header to get the client ip
+use_header = false
+# header name to pull the ip address / list of ip addresses from
+header_name = "X-Forwarded-For"
+
+[logconfig]
+# logging level: "error", "warning", "info" or "debug"
+loglevel = "debug"
+# possible values: stdout, TODO file & integrations
+logtype = "stdout"
+# file path for logfile TODO
+# logfile = "./acme-dns.log"
+# format, either "json" or "text"
+logformat = "text"

jails/config/cert/config.cfg-80

@@ -0,0 +1,65 @@
+[general]
+# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
+# In this case acme-dns will error out and you will need to define the listening interface
+# for example: listen = "127.0.0.1:53"
+listen = "0.0.0.0:53"
+# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
+protocol = "both"
+# domain name to serve the requests off of
+domain = "dns-auth.ahlawat.com"
+# zone name server
+nsname = "dns-auth.ahlawat.com"
+# admin email address, where @ is substituted with .
+nsadmin = "sharad.ahlawat.com"
+# predefined records served in addition to the TXT
+records = [
+    # domain pointing to the public IP of your acme-dns server
+    "dns-auth.ahlawat.com. A 216.139.40.20",
+    # specify that auth.example.org will resolve any *.auth.example.org records
+    "dns-auth.ahlawat.com. NS dns-auth.ahlawat.com.",
+]
+# debug messages from CORS etc
+debug = false
+
+[database]
+# Database engine to use, sqlite3 or postgres
+engine = "sqlite3"
+# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
+# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
+connection = "/usr/local/lib/acme-dns/acme-dns.db"
+# connection = "postgres://user:password@localhost/acmedns_db"
+
+[api]
+# listen ip eg. 127.0.0.1
+ip = "0.0.0.0"
+# disable registration endpoint
+disable_registration = false
+# listen port, eg. 443 for default HTTPS
+port = "80"
+# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
+tls = "none"
+# only used if tls = "cert"
+tls_cert_privkey = "/mnt/certs/privkey.pem"
+tls_cert_fullchain = "/mnt/certs/fullchain.pem"
+# only used if tls = "letsencrypt"
+acme_cache_dir = "api-certs"
+# optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
+notification_email = ""
+# CORS AllowOrigins, wildcards can be used
+corsorigins = [
+    "*"
+]
+# use HTTP header to get the client ip
+use_header = false
+# header name to pull the ip address / list of ip addresses from
+header_name = "X-Forwarded-For"
+
+[logconfig]
+# logging level: "error", "warning", "info" or "debug"
+loglevel = "debug"
+# possible values: stdout, TODO file & integrations
+logtype = "stdout"
+# file path for logfile TODO
+# logfile = "./acme-dns.log"
+# format, either "json" or "text"
+logformat = "text"

jails/config/cert/pkg-list-details.txt

@@ -0,0 +1,7 @@
+pkgp-freebsd-pkg____bash-5.1.16
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____curl-7.82.0
+pkgp-freebsd-pkg____git-lite-2.35.1
+pkgp-freebsd-pkg____go-1.18,1
+pkgp-freebsd-pkg____nano-6.0
+pkgp-freebsd-pkg____pkg-1.17.5_1

jails/config/cert/pkg-list.txt

@@ -0,0 +1 @@
+bash bash-completion curl git-lite go nano pkg