diff --git a/.gitignore b/.gitignore index ba79b78..33faba9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ #.gitignore **/secret/** **/.acme.sh/** +current-src.bzip2 diff --git a/configs/boot/loader.conf b/configs/boot/loader.conf index c7cb30c..a27a871 100644 --- a/configs/boot/loader.conf +++ b/configs/boot/loader.conf @@ -28,6 +28,8 @@ kern.geom.label.gptid.enable="0" # Increase dmesg buffer to fit longer boot output. kern.msgbufsize="524288" +kern.ipc.maxmbufmem=150608778240 + kern.racct.enable=1 # ZFS root boot config @@ -96,6 +98,7 @@ vfs.zfs.vdev.cache.size=134217728 vfs.zfs.vdev.cache.max=134217728 # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185487 +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210686 # https://forums.freebsd.org/threads/updating-bsd-from-10-to-11-ahci-ssd-issue.59923/ # https://lists.freebsd.org/pipermail/freebsd-bugs/2013-April/052301.html # my 8TB's don't support NCQ TRIM diff --git a/configs/etc/crontab-config.txt b/configs/etc/crontab-config.txt deleted file mode 100644 index 6095fc0..0000000 --- a/configs/etc/crontab-config.txt +++ /dev/null @@ -1,2 +0,0 @@ -00 08,12,16,20 * * * /root/FreeBSD/scripts/zfs_health.sh -00 2 * * 0 /usr/local/sbin/zfSnap -d -s -S -a 2w -p weekly_ -r zroot ship data base diff --git a/configs/etc/ctl.conf b/configs/etc/ctl.conf index 23af5bb..4408e64 100644 --- a/configs/etc/ctl.conf +++ b/configs/etc/ctl.conf @@ -33,3 +33,23 @@ target iqn.nas.ahlawat.com:f13 { size 128G } } + +target iqn.nas.ahlawat.com:f12p { +# auth-group no-authentication + portal-group pg0 + chap user secretsecret + lun 0 { + path /dev/zvol/ship/raw/FreeBSD12p + size 128G + } +} + +target iqn.nas.ahlawat.com:f13p { +# auth-group no-authentication + portal-group pg0 + chap user secretsecret + lun 0 { + path /dev/zvol/ship/raw/FreeBSD13p + size 128G + } +} diff --git a/configs/etc/defaults/devfs.rules b/configs/etc/defaults/devfs.rules index 9f4de19..1d9f577 100644 --- a/configs/etc/defaults/devfs.rules +++ b/configs/etc/defaults/devfs.rules @@ -13,7 +13,7 @@ # references must include a dollar sign '$' in front of the # name to be expanded properly. # -# $FreeBSD: releng/12.1/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $ +# $FreeBSD: releng/12.2/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $ # # Very basic and secure ruleset: Hide everything. @@ -87,12 +87,13 @@ add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide +# members of group uucp can access all usb and tty devices [usbrules=100] add path 'usbctl' mode 660 group uucp add path 'usb/*' mode 660 group uucp add path 'ttyU*' mode 660 group uucp -[serial_usb_rules=1000] +[serial_usb_rules=150] add include $devfsrules_jail add path 'cuau*' unhide add path 'cuaU*' unhide @@ -101,7 +102,7 @@ add path 'ttyU*' unhide add path 'usb*' unhide add path 'usb/*' unhide -[devfs_rules_bhyve_jail=2000] +[devfs_rules_bhyve_jail=200] add include $devfsrules_jail add path vmm unhide add path vmm/* unhide @@ -111,6 +112,6 @@ add path tap* unhide add path zvol/ship/raw/* unhide add path nmdm* unhide -[devfs_rules_tun_jail=3000] +[devfs_rules_tun_jail=300] add include $devfsrules_jail add path tun* unhide diff --git a/configs/etc/defaults/periodic.conf b/configs/etc/defaults/periodic.conf index 295dc9a..36e4707 100644 --- a/configs/etc/defaults/periodic.conf +++ b/configs/etc/defaults/periodic.conf @@ -13,7 +13,7 @@ # For a more detailed explanation of all the periodic.conf variables, please # refer to the periodic.conf(5) manual page. # -# $FreeBSD: releng/12.1/usr.sbin/periodic/periodic.conf 337648 2018-08-11 17:11:08Z brd $ +# $FreeBSD: releng/12.2/usr.sbin/periodic/periodic.conf 337648 2018-08-11 17:11:08Z brd $ # # What files override these defaults ? diff --git a/configs/etc/exports b/configs/etc/exports index b8d7e71..15cddb2 100644 --- a/configs/etc/exports +++ b/configs/etc/exports @@ -1,3 +1,6 @@ +V4: / -network=192.168.10.0 -mask=255.255.255.0 /mnt/ship/pxe/FreeBSD11 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD12 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD13 -alldirs -maproot=root +/mnt/ship/pxe/FreeBSD12p -alldirs -maproot=root +/mnt/ship/pxe/FreeBSD13p -alldirs -maproot=root diff --git a/configs/etc/freebsd-update.conf b/configs/etc/freebsd-update.conf index e46aa6a..7852883 100644 --- a/configs/etc/freebsd-update.conf +++ b/configs/etc/freebsd-update.conf @@ -1,4 +1,4 @@ -# $FreeBSD: releng/12.1/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $ +# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $ # Trusted keyprint. Changing this is a Bad Idea unless you've received # a PGP-signed email from telling you to diff --git a/configs/etc/fstab b/configs/etc/fstab index 59a4c87..1db95dc 100644 --- a/configs/etc/fstab +++ b/configs/etc/fstab @@ -1,11 +1,12 @@ # Device Mountpoint FStype Options Dump Pass# -/dev/ada2p3 none swap sw 0 0 -/dev/ada3p3 none swap sw 0 0 +#/dev/zvol/zroot/swapvol none swap sw 0 0 +#/dev/ada2p3 none swap sw 0 0 +#/dev/ada3p3 none swap sw 0 0 #/dev/da0p1 none swap sw 0 0 -/dev/da1p1 none swap sw 0 0 -/dev/da2p1 none swap sw 0 0 -/dev/da3p1 none swap sw 0 0 -/dev/da4p1 none swap sw 0 0 +#/dev/da1p1 none swap sw 0 0 +#/dev/da2p1 none swap sw 0 0 +#/dev/da3p1 none swap sw 0 0 +#/dev/da4p1 none swap sw 0 0 #/dev/da5p1 none swap sw 0 0 #/dev/da6p1 none swap sw 0 0 #/dev/da7p1 none swap sw 0 0 diff --git a/configs/etc/login.conf b/configs/etc/login.conf index 3569145..c53274b 100644 --- a/configs/etc/login.conf +++ b/configs/etc/login.conf @@ -7,7 +7,7 @@ # This file controls resource limits, accounting limits and # default user environment settings. # -# $FreeBSD: releng/12.1/usr.bin/login/login.conf 338399 2018-08-30 15:52:03Z brd $ +# $FreeBSD: releng/12.2/usr.bin/login/login.conf 357789 2020-02-12 02:04:03Z kevans $ # # Default settings effectively disable resource limits, see the @@ -26,7 +26,8 @@ default:\ :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ :welcome=/etc/motd:\ - :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ + :setenv=BLOCKSIZE=K:\ + :mail=/var/mail/$:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ :nologin=/var/run/nologin:\ :cputime=unlimited:\ @@ -63,6 +64,7 @@ xuser:\ staff:\ :tc=default: daemon:\ + :mail@:\ :memorylocked=128M:\ :tc=default: news:\ @@ -123,7 +125,8 @@ russian|Russian Users Accounts:\ #standard:\ # :copyright=/etc/COPYRIGHT:\ # :welcome=/etc/motd:\ -# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\ +# :setenv=BLOCKSIZE=K:\ +# :mail=/var/mail/$:\ # :path=~/bin /bin /usr/bin /usr/local/bin:\ # :manpath=/usr/share/man /usr/local/man:\ # :nologin=/var/run/nologin:\ diff --git a/configs/etc/ntp.conf b/configs/etc/ntp.conf index 7caedb4..3a5409b 100644 --- a/configs/etc/ntp.conf +++ b/configs/etc/ntp.conf @@ -1,5 +1,5 @@ # -# $FreeBSD: releng/12.1/usr.sbin/ntp/ntpd/ntp.conf 337649 2018-08-11 17:42:42Z brd $ +# $FreeBSD: releng/12.2/usr.sbin/ntp/ntpd/ntp.conf 352865 2019-09-29 03:36:50Z cy $ # # Default NTP servers for the FreeBSD operating system. # @@ -103,3 +103,11 @@ restrict ::1 # Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db. #leapfile "/etc/ntp/leap-seconds" leapfile "/var/db/ntpd.leap-seconds.list" + +# Specify the number of megabytes of memory that should be allocated and +# locked. -1 (default) means "do not lock the process into memory". +# 0 means "lock whatever memory the process wants into memory". Any other +# number means to lock up to that number of megabytes into memory. +# 0 may result in a segfault when ASLR with stack gap randomization +# is enabled. +#rlimit memlock 32 diff --git a/configs/etc/profile b/configs/etc/profile index ec81596..d6af3ee 100644 --- a/configs/etc/profile +++ b/configs/etc/profile @@ -1,11 +1,7 @@ -# $FreeBSD: releng/12.1/bin/sh/profile 337849 2018-08-15 14:41:24Z brd $ +# $FreeBSD: releng/12.2/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $ # # System-wide .profile file for sh(1). # -# Uncomment this to give you the default 4.2 behavior, where disk -# information is shown in K-Blocks -# BLOCKSIZE=K; export BLOCKSIZE -# # For the setting of languages and character sets please see # login.conf(5) and in particular the charset and lang options. # For full locales list check /usr/share/locale/* diff --git a/configs/etc/rc.conf b/configs/etc/rc.conf index c146569..eae48ac 100644 --- a/configs/etc/rc.conf +++ b/configs/etc/rc.conf @@ -32,13 +32,13 @@ firewall_logif="YES" # interfaces cloned_interfaces_sticky="YES" -cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10" +cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10 bridge48" ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up" ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" -vlans_lagg0="1 2 5 9 10" +vlans_lagg0="1 2 5 9 10 48" ipv6_activate_all_interfaces="YES" rtsold_enable="YES" @@ -53,12 +53,15 @@ ifconfig_lagg0_9="inet 192.168.200.10/24" ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv" ifconfig_lagg0_10="inet 192.168.10.10/24" ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv" +ifconfig_lagg0_48="inet 192.168.48.10/24" +ifconfig_lagg0_48_ipv6="inet6 2001:470:f835::10/64 auto_linklocal accept_rtadv" ifconfig_bridge1="addm lagg0.1 up" ifconfig_bridge2="addm lagg0.2 up" ifconfig_bridge5="addm lagg0.5 up" ifconfig_bridge9="addm lagg0.9 up" ifconfig_bridge10="addm lagg0.10 up" +ifconfig_bridge48="addm lagg0.48 up" # adding IP to bridges does not work #ifconfig_bridge1="inet 192.168.0.10/24" diff --git a/configs/pxe/ctl.conf b/configs/pxe/ctl.conf deleted file mode 100644 index 23af5bb..0000000 --- a/configs/pxe/ctl.conf +++ /dev/null @@ -1,35 +0,0 @@ -portal-group pg0 { - discovery-auth-group no-authentication - listen 0.0.0.0 - listen [::] -} - -target iqn.nas.ahlawat.com:f11 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD11 - size 128G - } -} - -target iqn.nas.ahlawat.com:f12 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD12 - size 128G - } -} - -target iqn.nas.ahlawat.com:f13 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD13 - size 128G - } -} diff --git a/configs/usr/local/etc/nut/ups.conf b/configs/usr/local/etc/nut/ups.conf index 08a23f4..c8a1338 100644 --- a/configs/usr/local/etc/nut/ups.conf +++ b/configs/usr/local/etc/nut/ups.conf @@ -119,6 +119,6 @@ # the -h option and/or read the driver's documentation. [ups] driver = usbhid-ups - port = /dev/ugen0.6 + port = /dev/ugen0.7 desc = "" pollonly diff --git a/configs/usr/local/etc/scl.conf b/configs/usr/local/etc/scl.conf deleted file mode 100644 index 58fb254..0000000 --- a/configs/usr/local/etc/scl.conf +++ /dev/null @@ -1,30 +0,0 @@ -############################################################################# -# Copyright (c) 2010-2014 Balabit -# -# This program is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 as published -# by the Free Software Foundation, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -# -# As an additional exemption you are allowed to compile & link against the -# OpenSSL libraries as published by the OpenSSL project. See the file -# COPYING for details. -# -############################################################################# -# -# This file is placed into /etc/syslog-ng in order to make it trivial to -# include in user written syslog-ng.conf files. It sets up 'scl-root' and -# `include-path`, then includes all SCL supplied plugins. -# - -@include 'scl/*/*.conf' - -@define java-module-dir "`module-install-dir`/java-modules" diff --git a/configs/usr/local/etc/syslog-ng.conf b/configs/usr/local/etc/syslog-ng.conf deleted file mode 100644 index b3fbc64..0000000 --- a/configs/usr/local/etc/syslog-ng.conf +++ /dev/null @@ -1,185 +0,0 @@ -@version:3.25 -@include "scl.conf" - -# -# This sample configuration file is essentially equilivent to the stock -# FreeBSD /etc/syslog.conf file. -# -# $FreeBSD: head/sysutils/syslog-ng/files/syslog-ng.conf.sample 340872 2014-01-24 00:14:07Z mat $ -# - -# -# options -# -options { chain_hostnames(off); flush_lines(0); threaded(yes); }; - -# -# sources -# -source src { system(); - udp(); internal(); }; - -# -# destinations -# -destination messages { file("/var/log/messages"); }; -destination security { file("/var/log/security"); }; -destination authlog { file("/var/log/auth.log"); }; -destination maillog { file("/var/log/maillog"); }; -destination lpd-errs { file("/var/log/lpd-errs"); }; -destination xferlog { file("/var/log/xferlog"); }; -destination cron { file("/var/log/cron"); }; -destination debuglog { file("/var/log/debug.log"); }; -destination consolelog { file("/var/log/console.log"); }; -destination all { file("/var/log/all.log"); }; -destination newscrit { file("/var/log/news/news.crit"); }; -destination newserr { file("/var/log/news/news.err"); }; -destination newsnotice { file("/var/log/news/news.notice"); }; -destination slip { file("/var/log/slip.log"); }; -destination ppp { file("/var/log/ppp.log"); }; -destination console { file("/dev/console"); }; -destination allusers { usertty("*"); }; -#destination loghost { udp("loghost" port(514)); }; - -# -# log facility filters -# -filter f_auth { facility(auth); }; -filter f_authpriv { facility(authpriv); }; -filter f_not_authpriv { not facility(authpriv); }; -#filter f_console { facility(console); }; -filter f_cron { facility(cron); }; -filter f_daemon { facility(daemon); }; -filter f_ftp { facility(ftp); }; -filter f_kern { facility(kern); }; -filter f_lpr { facility(lpr); }; -filter f_mail { facility(mail); }; -filter f_news { facility(news); }; -filter f_security { facility(security); }; -filter f_user { facility(user); }; -filter f_uucp { facility(uucp); }; -filter f_local0 { facility(local0); }; -filter f_local1 { facility(local1); }; -filter f_local2 { facility(local2); }; -filter f_local3 { facility(local3); }; -filter f_local4 { facility(local4); }; -filter f_local5 { facility(local5); }; -filter f_local6 { facility(local6); }; -filter f_local7 { facility(local7); }; - -# -# log level filters -# -filter f_emerg { level(emerg); }; -filter f_alert { level(alert..emerg); }; -filter f_crit { level(crit..emerg); }; -filter f_err { level(err..emerg); }; -filter f_warning { level(warning..emerg); }; -filter f_notice { level(notice..emerg); }; -filter f_info { level(info..emerg); }; -filter f_debug { level(debug..emerg); }; -filter f_is_debug { level(debug); }; - -# -# program filters -# -filter f_ppp { program("ppp"); }; -filter f_slip { program("startslip"); }; - -# -# *.err;kern.warning;auth.notice;mail.crit /dev/console -# -log { source(src); filter(f_err); destination(console); }; -log { source(src); filter(f_kern); filter(f_warning); destination(console); }; -log { source(src); filter(f_auth); filter(f_notice); destination(console); }; -log { source(src); filter(f_mail); filter(f_crit); destination(console); }; - -# -# *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages -# -log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); }; -log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; -log { source(src); filter(f_lpr); filter(f_info); destination(messages); }; -log { source(src); filter(f_mail); filter(f_crit); destination(messages); }; -log { source(src); filter(f_news); filter(f_err); destination(messages); }; - -# -# security.* /var/log/security -# -log { source(src); filter(f_security); destination(security); }; - -# -# auth.info;authpriv.info /var/log/auth.log -log { source(src); filter(f_auth); filter(f_info); destination(authlog); }; -log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); }; - -# -# mail.info /var/log/maillog -# -log { source(src); filter(f_mail); filter(f_info); destination(maillog); }; - -# -# lpr.info /var/log/lpd-errs -# -log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); }; - -# -# ftp.info /var/log/xferlog -# -log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); }; - -# -# cron.* /var/log/cron -# -log { source(src); filter(f_cron); destination(cron); }; - -# -# *.=debug /var/log/debug.log -# -log { source(src); filter(f_is_debug); destination(debuglog); }; - -# -# *.emerg * -# -log { source(src); filter(f_emerg); destination(allusers); }; - -# -# uncomment this to log all writes to /dev/console to /var/log/console.log -# console.info /var/log/console.log -# -#log { source(src); filter(f_console); filter(f_info); destination(consolelog); }; - -# -# uncomment this to enable logging of all log messages to /var/log/all.log -# touch /var/log/all.log and chmod it to mode 600 before it will work -# *.* /var/log/all.log -# -#log { source(src); destination(all); }; - -# -# uncomment this to enable logging to a remote loghost named loghost -# *.* @loghost -# -#log { source(src); destination(loghost); }; - -# -# uncomment these if you're running inn -# news.crit /var/log/news/news.crit -# news.err /var/log/news/news.err -# news.notice /var/log/news/news.notice -# -#log { source(src); filter(f_news); filter(f_crit); destination(newscrit); }; -#log { source(src); filter(f_news); filter(f_err); destination(newserr); }; -#log { source(src); filter(f_news); filter(f_notice); destination(newsnotice); }; - -# -# !startslip -# *.* /var/log/slip.log -# -log { source(src); filter(f_slip); destination(slip); }; - -# -# !ppp -# *.* /var/log/ppp.log -# -log { source(src); filter(f_ppp); destination(ppp); }; diff --git a/freebsd_vm/devfs.rules b/freebsd_vm/devfs.rules new file mode 100644 index 0000000..9f4de19 --- /dev/null +++ b/freebsd_vm/devfs.rules @@ -0,0 +1,116 @@ +# +# The following are some default rules for devfs(5) mounts. +# The format is very simple. Empty lines and lines beginning +# with a hash '#' are ignored. If the hash mark occurs anywhere +# other than the beginning of a line, it and any subsequent +# characters will be ignored. A line in between brackets '[]' +# denotes the beginning of a ruleset. In the brackets should +# be a name for the rule and its ruleset number. Any other lines +# will be considered to be the 'action' part of a rule +# passed to the devfs(8) command. These will be passed +# "as-is" to the devfs(8) command with the exception that +# any references to other rulesets will be expanded first. These +# references must include a dollar sign '$' in front of the +# name to be expanded properly. +# +# $FreeBSD: releng/12.1/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $ +# + +# Very basic and secure ruleset: Hide everything. +# Used as a basis for other rules. +# +[devfsrules_hide_all=1] +add hide + +# Basic devices typically necessary. +# Requires: devfsrules_hide_all +# +[devfsrules_unhide_basic=2] +add path log unhide +add path null unhide +add path zero unhide +add path crypto unhide +add path random unhide +add path urandom unhide + +# Devices typically needed to support logged-in users. +# Requires: devfsrules_hide_all +# +[devfsrules_unhide_login=3] +add path 'ptyp*' unhide +add path 'ptyq*' unhide +add path 'ptyr*' unhide +add path 'ptys*' unhide +add path 'ptyP*' unhide +add path 'ptyQ*' unhide +add path 'ptyR*' unhide +add path 'ptyS*' unhide +add path 'ptyl*' unhide +add path 'ptym*' unhide +add path 'ptyn*' unhide +add path 'ptyo*' unhide +add path 'ptyL*' unhide +add path 'ptyM*' unhide +add path 'ptyN*' unhide +add path 'ptyO*' unhide +add path 'ttyp*' unhide +add path 'ttyq*' unhide +add path 'ttyr*' unhide +add path 'ttys*' unhide +add path 'ttyP*' unhide +add path 'ttyQ*' unhide +add path 'ttyR*' unhide +add path 'ttyS*' unhide +add path 'ttyl*' unhide +add path 'ttym*' unhide +add path 'ttyn*' unhide +add path 'ttyo*' unhide +add path 'ttyL*' unhide +add path 'ttyM*' unhide +add path 'ttyN*' unhide +add path 'ttyO*' unhide +add path ptmx unhide +add path pts unhide +add path 'pts/*' unhide +add path fd unhide +add path 'fd/*' unhide +add path stdin unhide +add path stdout unhide +add path stderr unhide + +# Devices usually found in a jail. +# +[devfsrules_jail=4] +add include $devfsrules_hide_all +add include $devfsrules_unhide_basic +add include $devfsrules_unhide_login +add path fuse unhide +add path zfs unhide + +[usbrules=100] +add path 'usbctl' mode 660 group uucp +add path 'usb/*' mode 660 group uucp +add path 'ttyU*' mode 660 group uucp + +[serial_usb_rules=1000] +add include $devfsrules_jail +add path 'cuau*' unhide +add path 'cuaU*' unhide +add path 'ttyu*' unhide +add path 'ttyU*' unhide +add path 'usb*' unhide +add path 'usb/*' unhide + +[devfs_rules_bhyve_jail=2000] +add include $devfsrules_jail +add path vmm unhide +add path vmm/* unhide +add path vmm.io unhide +add path vmm.io/* unhide +add path tap* unhide +add path zvol/ship/raw/* unhide +add path nmdm* unhide + +[devfs_rules_tun_jail=3000] +add include $devfsrules_jail +add path tun* unhide diff --git a/freebsd_vm/loader.conf b/freebsd_vm/loader.conf new file mode 100644 index 0000000..7053e3c --- /dev/null +++ b/freebsd_vm/loader.conf @@ -0,0 +1,4 @@ +boot_serial="NO" + +if_tap_load="YES" + diff --git a/freebsd_vm/rc.conf b/freebsd_vm/rc.conf new file mode 100644 index 0000000..5274d16 --- /dev/null +++ b/freebsd_vm/rc.conf @@ -0,0 +1,99 @@ +hostname="freebsd.ahlawat.com" +#ifconfig_vtnet0="DHCP" +#ifconfig_vtnet0_ipv6="inet6 accept_rtadv" +sshd_enable="YES" +# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable +dumpdev="AUTO" + + +zfs_enable="YES" + +kld_list="nmdm vmm ipfw ipdivert linux64" + +# Do not mark to autodetach otherwise ZFS gets very unhappy. +geli_autodetach="NO" + +# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable +dumpdir="/var/crash" +savecore_enable="YES" + +# Turbo boost +performance_cpu_freq="HIGH" + +ntpd_sync_on_start="YES" +ntpd_enable="YES" + +powerd_enable="YES" +powerd_flags="-a hiadaptive -n hiadaptive -m 2500 -M 3300" + +smartd_enable="YES" +#nut_enable="YES" + +#dbus_enable="YES" + +firewall_enable="YES" +firewall_type="open" +firewall_logging="YES" +firewall_logif="YES" + +# interfaces +cloned_interfaces_sticky="YES" +cloned_interfaces="bridge1" + +ifconfig_vtnet0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" + +ipv6_activate_all_interfaces="YES" +rtsold_enable="YES" + +ifconfig_vtnet0="inet 192.168.0.83/24" +ifconfig_vtnet0_ipv6="inet6 fd01::83/64 auto_linklocal accept_rtadv" + +ifconfig_bridge1="ether random addm vtnet0 up" + +defaultrouter="192.168.0.5" +ipv6_defaultrouter="fd01::5" +# interfaces + +syslogd_enable="YES" +syslogd_flags="-C -O rfc5424 -ss" + +syslog_ng_enable="NO" +syslog_ng_config="-u daemon" +syslog_ng_pid="/var/run/syslog-ng.pid" + +sendmail_enable="NO" +sendmail_outbound_enable="NO" +sendmail_submit_enable="YES" +sendmail_msp_queue_enable="YES" + +sshd_enable="YES" + +iocage_enable="NO" + +devfs_system_ruleset="usbrules" + +#node_exporter_enable="YES" +#node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*" +#gstat_exporter_enable="YES" + +# modify hard disk cam queues +cam_tag_enable="YES" + +# debian jail +linux_enable="YES" + +nfs_server_enable="YES" +nfsv4_server_enable="YES" +nfsuserd_enable="YES" + +mountd_enable="YES" +mountd_flags="-r" + +rpcbind_enable="YES" +rpc_lockd_enable="YES" +rpc_statd_enable="YES" + +tftpd_enable="YES" +tftpd_flags="-s /mnt/ship/pxe" + +ctld_enable="YES" diff --git a/freebsd_vm/sysctl.conf b/freebsd_vm/sysctl.conf new file mode 100644 index 0000000..3f22525 --- /dev/null +++ b/freebsd_vm/sysctl.conf @@ -0,0 +1,14 @@ +# $FreeBSD$ +# +# This file is read when going to multi-user and its contents piped thru +# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. +# + +# Uncomment this to prevent users from seeing information about processes that +# are being run under another UID. +#security.bsd.see_other_uids=0 + +net.inet.ip.forwarding=1 # Enable IP forwarding between interfaces +net.link.bridge.pfil_onlyip=0 # Only pass IP packets when pfil is enabled +net.link.bridge.pfil_bridge=0 # Packet filter on the bridge interface +net.link.bridge.pfil_member=0 # Packet filter on the member interface diff --git a/jails/config/common/current-src.bzip2 b/jails/config/common/current-src.bzip2 index f88f268..ea46b87 100644 Binary files a/jails/config/common/current-src.bzip2 and b/jails/config/common/current-src.bzip2 differ diff --git a/jails/config/vm/freebsd.sh b/jails/config/vm/freebsd.sh index 54eefdf..e62a19b 100755 --- a/jails/config/vm/freebsd.sh +++ b/jails/config/vm/freebsd.sh @@ -62,7 +62,7 @@ exit $? # (This uses cu() so press ~+Ctrl-D to exit) #on base system: -#zfs create -V 32G -o refreservation=none ship/raw/freebsd +#zfs create -V 16G -o refreservation=none ship/raw/freebsd #zfs create -V 16G -o refreservation=none ship/raw/freebsd_1 #zfs create -V 16G -o refreservation=none ship/raw/freebsd_2 #zfs create -V 16G -o refreservation=none ship/raw/freebsd_z1 diff --git a/jails/update.sh b/jails/update.sh index 081400e..7fa78c0 100755 --- a/jails/update.sh +++ b/jails/update.sh @@ -48,6 +48,8 @@ update_jail () } iocage fetch -U -r 12.2-RELEASE +etcupdate build current-src.bzip2 +mv current-src.bzip2 /root/FreeBSD/jails/configs/common/ read -p "update pkgp packages first (y/N)? " RESP if [ ! -z $RESP ] && [ $RESP == "y" ]; then @@ -78,7 +80,6 @@ echo "freebsd-update fetch" echo "freebsd-update install" # echo "pkg bootstrap -f ; pkg update ; pkg upgrade" echo "cd /usr/src; svn update; make -j8 buildkernel KERNCONF=diyIT && make -j8 installkernel KERNCONF=diyIT" -echo "etcupdate build /root/FreeBSD/jails/configs/common/current-src.bzip2" echo "reboot" echo "pkg-static upgrade -f" #echo "rm -rf /var/tmp/temproot*" diff --git a/configs/pxe/.ssh/authorized_keys b/pxe/.ssh/authorized_keys similarity index 100% rename from configs/pxe/.ssh/authorized_keys rename to pxe/.ssh/authorized_keys diff --git a/configs/pxe/exports b/pxe/exports similarity index 100% rename from configs/pxe/exports rename to pxe/exports diff --git a/configs/pxe/fstab.11 b/pxe/fstab.11 similarity index 100% rename from configs/pxe/fstab.11 rename to pxe/fstab.11 diff --git a/configs/pxe/fstab.12 b/pxe/fstab.12 similarity index 100% rename from configs/pxe/fstab.12 rename to pxe/fstab.12 diff --git a/configs/pxe/fstab.12p b/pxe/fstab.12p similarity index 100% rename from configs/pxe/fstab.12p rename to pxe/fstab.12p diff --git a/configs/pxe/fstab.13 b/pxe/fstab.13 similarity index 100% rename from configs/pxe/fstab.13 rename to pxe/fstab.13 diff --git a/configs/pxe/fstab.13p b/pxe/fstab.13p similarity index 100% rename from configs/pxe/fstab.13p rename to pxe/fstab.13p diff --git a/configs/pxe/iscsi.conf.11 b/pxe/iscsi.conf.11 similarity index 100% rename from configs/pxe/iscsi.conf.11 rename to pxe/iscsi.conf.11 diff --git a/configs/pxe/iscsi.conf.12 b/pxe/iscsi.conf.12 similarity index 100% rename from configs/pxe/iscsi.conf.12 rename to pxe/iscsi.conf.12 diff --git a/configs/pxe/iscsi.conf.12p b/pxe/iscsi.conf.12p similarity index 100% rename from configs/pxe/iscsi.conf.12p rename to pxe/iscsi.conf.12p diff --git a/configs/pxe/iscsi.conf.13 b/pxe/iscsi.conf.13 similarity index 100% rename from configs/pxe/iscsi.conf.13 rename to pxe/iscsi.conf.13 diff --git a/configs/pxe/iscsi.conf.13p b/pxe/iscsi.conf.13p similarity index 100% rename from configs/pxe/iscsi.conf.13p rename to pxe/iscsi.conf.13p diff --git a/configs/pxe/iscsid b/pxe/iscsid similarity index 100% rename from configs/pxe/iscsid rename to pxe/iscsid diff --git a/configs/pxe/loader.conf b/pxe/loader.conf similarity index 100% rename from configs/pxe/loader.conf rename to pxe/loader.conf diff --git a/configs/pxe/rc.conf b/pxe/rc.conf similarity index 100% rename from configs/pxe/rc.conf rename to pxe/rc.conf diff --git a/configs/pxe/resolv.conf b/pxe/resolv.conf similarity index 100% rename from configs/pxe/resolv.conf rename to pxe/resolv.conf diff --git a/pxe/root/create.sh b/pxe/root/create.sh new file mode 100755 index 0000000..ebdc7f3 --- /dev/null +++ b/pxe/root/create.sh @@ -0,0 +1,174 @@ +#!/usr/local/bin/bash + +# Copyright (c) 2018-2021, diyIT.org +# All rights reserved. +# +# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") +# https://diyit.org/license/ +# +# + +JAIL=$1 +JAILHOSTNAME=$2 +JAILDOMAIN=$3 +JAILIP=$4 +JAILUSER=$5 +JAILUSERID=$6 +JAILUSERVNC=$7 + +: "${JAIL:?Need to specify JAIL - first parameter}" +: "${JAILHOSTNAME:?Need to specify JAILHOSTNAME - second parameter}" +: "${JAILDOMAIN:?Need to specify JAILDOMAIN - third parameter}" +: "${JAILIP:?Need to specify JAILIP - fourth parameter}" +: "${JAILUSER:?Need to specify JAILUSER - fifth parameter - set to X if none required}" +: "${JAILUSERID:?Need to specify JAILUSERID - sixth parameter - eg. set to 1000 for p OR 2002 for r}" +: "${JAILUSERVNC:?Need to specify JAILUSERVNC - seventh parameter - set to true to add vnc for jailuser}" +# user p and r are diyit deployment specific + +# there are cases where you may only want an IPv4 jail +I6CONFIG=true + +I4NW="192.168.10" +I6NW="fd0a" +I4GW="192.168.10.5" +I6GW="fd0a::5" +I4NS="192.168.10.5" +I6NS="fd0a::5" +# these IP spaces are diyit deployment specific + +echo "$JAIL / $JAILIP / $JAILHOSTNAME / $JAILDOMAIN / $JAILUSER / $JAILUSERID / $JAILUSERVNC" + +# cant install packages during jail creation because ipfw blocks all network traffic +#echo '{"pkgs":["bash","bash-completion","nano"]}' > /tmp/pkg-$JAIL.json +#iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json ... +#rm /tmp/pkg-$JAIL.json + +if $I6CONFIG; then + iocage create -n "$JAIL" -r 12.2-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + # iocage create -n "$JAIL" -r 12.2-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64,vnet0|accept_rtadv" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + # iocage cannot set static IP AND enable SLAAC temporary properly + iocage exec $JAIL 'sysrc ifconfig_epair0b_ipv6="inet6 auto_linklocal accept_rtadv"' + iocage exec $JAIL "sysrc rtsold_enable=YES" + iocage exec $JAIL "echo 'net.inet6.ip6.accept_rtadv=1' >> /etc/sysctl.conf" + iocage exec $JAIL "echo 'net.inet6.ip6.use_tempaddr=1' >> /etc/sysctl.conf" + iocage exec $JAIL "echo 'net.inet6.ip6.prefer_tempaddr=1' >> /etc/sysctl.conf" +else + iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json -r 12.2-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" defaultrouter=$I4GW resolver="nameserver $I4NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" +fi + +iocage exec $JAIL "sysrc firewall_enable=YES" +iocage exec $JAIL "sysrc firewall_type=open" +iocage exec $JAIL "sysrc firewall_logif=YES" +iocage exec $JAIL "service ipfw restart" + +# jail is already up at this point so configure IPv6 manually for this run +iocage exec $JAIL "ifconfig epair0b inet6 accept_rtadv; sysctl net.inet6.ip6.accept_rtadv=1; sysctl net.inet6.ip6.use_tempaddr=1; sysctl net.inet6.ip6.prefer_tempaddr=1; service rtsold start" + +iocage exec $JAIL "echo '$I4NW.$JAILIP $JAILHOSTNAME $JAILHOSTNAME.$JAILDOMAIN' >> /etc/hosts" +if $I6CONFIG; then + iocage exec $JAIL "echo '$I6NW::$JAILIP $JAILHOSTNAME $JAILHOSTNAME.$JAILDOMAIN' >> /etc/hosts" +fi + +iocage exec $JAIL "mkdir -p /mnt/certs" +iocage fstab -a $JAIL /mnt/ship/certs /mnt/certs nullfs ro 0 0 +iocage exec $JAIL "mkdir -p /mnt/config" +iocage fstab -a $JAIL /root/FreeBSD/jails/config/$JAIL /mnt/config nullfs rw 0 0 +iocage exec $JAIL "mkdir -p /var/db/freebsd-update/files" +iocage fstab -a $JAIL /var/db/freebsd-update/files /var/db/freebsd-update/files nullfs rw 0 0 +iocage exec $JAIL "mkdir -p /mnt/common" +iocage fstab -a $JAIL /root/FreeBSD/jails/config/common /mnt/common nullfs ro 0 0 + +# create resolvconf.conf - IPv6 SLAAC/DHCP on freebsd removes all ipv4 configuraton from resolv.conf +iocage exec $JAIL "[ -f /mnt/config/resolv.conf ] && cp /mnt/config/resolvconf.conf /etc/ || cp /mnt/common/resolvconf.conf /etc/" +iocage exec $JAIL "resolvconf -u" + +iocage exec $JAIL "mkdir -p /usr/local/etc/pkg/repos" +iocage exec $JAIL "[ -f /mnt/config/pkgp.conf ] && cp /mnt/config/pkgp.conf /usr/local/etc/pkg/repos/ || cp /mnt/common/pkgp.conf /usr/local/etc/pkg/repos/" + +iocage exec $JAIL "[ -f /mnt/config/freebsd-update.conf ] && cp /mnt/config/freebsd-update.conf /etc/ || cp /mnt/common/freebsd-update.conf /etc/" + +iocage exec $JAIL "env ASSUME_ALWAYS_YES=YES pkg bootstrap" +iocage exec $JAIL "pkg update -f" +iocage exec $JAIL "pkg upgrade -y" +iocage exec $JAIL "pkg install -y bash bash-completion nano" + +iocage exec $JAIL "[ -f /mnt/config/nanorc ] && cp /mnt/config/nanorc /usr/local/etc/ || cp /mnt/common/nanorc /usr/local/etc/" +iocage exec $JAIL "cp -r /mnt/common/nano /usr/local/etc/" + +#iocage exec $JAIL "passwd root" +iocage exec $JAIL "chsh -s /usr/sbin/nologin toor" +iocage exec $JAIL "pw usermod -n root -s /usr/local/bin/bash -c jail-$JAIL" + +iocage exec $JAIL "[ -f /mnt/config/.bash_profile ] && cp /mnt/config/.bash_profile /root/ || cp /mnt/common/.bash_profile /root/" + +iocage exec $JAIL "[ -f /mnt/config/.dir_colors ] && cp /mnt/config/.dir_colors /root/ || cp /mnt/common/.dir_colors /root/" + +iocage exec $JAIL "mkdir /root/.ssh" +iocage exec $JAIL "[ -f /mnt/config/authorized_keys ] && cp /mnt/config/authorized_keys /root/.ssh/ || cp /mnt/common/authorized_keys /root/.ssh/" +iocage exec $JAIL "chmod 600 /root/.ssh/authorized_keys" + +iocage exec $JAIL "[ -f /mnt/config/sshd_config ] && cp /mnt/config/sshd_config /etc/ssh/ || cp /mnt/common/sshd_config /etc/ssh/" +iocage exec $JAIL "sysrc sshd_enable=YES" +iocage exec $JAIL "/etc/rc.d/sshd start" +iocage exec $JAIL "service sshd restart" + +iocage exec $JAIL "cd /etc/mail ; make" +iocage exec $JAIL "bash /mnt/common/snip-sendmail.sh" +iocage exec $JAIL "sysrc sendmail_enable=NO" +iocage exec $JAIL "sysrc sendmail_outbound_enable=NO" +iocage exec $JAIL "sysrc sendmail_submit_enable=YES" +iocage exec $JAIL "sysrc sendmail_msp_queue_enable=YES" +iocage exec $JAIL "cd /etc/mail ; make all install" +iocage exec $JAIL "echo 'root: jail-root@$JAILDOMAIN' >> /etc/mail/aliases" +iocage exec $JAIL "/usr/bin/newaliases" +iocage exec $JAIL "service sendmail start" +iocage exec $JAIL "service sendmail restart" + +# https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213448 +iocage exec $JAIL 'sysrc ntp_leapfile_fetch_opts="--no-verify-peer -mq"' + +if [ "$JAILUSER" != "X" ]; then + + iocage exec $JAIL "pkg install -y sudo" + + iocage exec $JAIL "pw useradd $JAILUSER -u $JAILUSERID -G wheel -m -d /home/$JAILUSER -s /usr/local/bin/bash" + + iocage exec $JAIL "[ -f /mnt/config/.bash_profile ] && cp /mnt/config/.bash_profile /home/$JAILUSER/ || cp /mnt/common/.bash_profile /home/$JAILUSER/" + iocage exec $JAIL "chown $JAILUSER /home/$JAILUSER/.bash_profile" + + iocage exec $JAIL "[ -f /mnt/config/.dir_colors ] && cp /mnt/config/.dir_colors /home/$JAILUSER/ || cp /mnt/common/.dir_colors /home/$JAILUSER/" + iocage exec $JAIL "chown $JAILUSER /home/$JAILUSER/.dir_colors" + + iocage exec $JAIL "mkdir /home/$JAILUSER/.ssh" + iocage exec $JAIL "[ -f /mnt/config/authorized_keys ] && cp /mnt/config/authorized_keys /home/$JAILUSER/.ssh/ || cp /mnt/common/authorized_keys /home/$JAILUSER/.ssh/" + iocage exec $JAIL "chmod 600 /home/$JAILUSER/.ssh/authorized_keys" + iocage exec $JAIL "chown -R $JAILUSER /home/$JAILUSER/.ssh" + + iocage exec $JAIL "echo '%wheel ALL=(ALL) NOPASSWD: ALL' | EDITOR='tee -a' visudo" + echo "set ssh password for $JAILUSER" + iocage exec $JAIL "passwd $JAILUSER" + + if $JAILUSERVNC; then + iocage exec $JAIL "pkg install -y tigervnc-server perl5 xauth fluxbox xorg-fonts-truetype xterm dbus" + #firefox and other X apps require dbus + iocage exec $JAIL "sysrc dbus_enable=YES" + iocage exec $JAIL "service dbus start" + iocage exec $JAIL "mkdir -p /home/$JAILUSER/.vnc" + iocage exec $JAIL "[ -f /mnt/config/secret/passwd ] && cp /mnt/config/secret/passwd /home/$JAILUSER/.vnc/ || cp /mnt/common/secret/passwd /home/$JAILUSER/.vnc/" + iocage exec $JAIL "[ -f /mnt/config/xstartup ] && cp /mnt/config/xstartup /home/$JAILUSER/.vnc/ || cp /mnt/common/xstartup /home/$JAILUSER/.vnc/" + iocage exec $JAIL "chown -R $JAILUSER /home/$JAILUSER" + iocage exec $JAIL "[ -f /mnt/config/vncserver ] && cp /mnt/config/vncserver /usr/local/etc/rc.d/vncserver || cp /mnt/common/vncserver /usr/local/etc/rc.d/vncserver" + iocage exec $JAIL "chmod 555 /usr/local/etc/rc.d/vncserver" + iocage exec $JAIL "sysrc vncserver_enable=YES" + iocage exec $JAIL "service vncserver start" + fi +fi + +iocage exec $JAIL "pkg clean -y" +iocage exec $JAIL "tzsetup America/Los_Angeles" + +# iocage fstab -r $JAIL /root/FreeBSD/jails/config/common /mnt/common nullfs ro 0 0 +# iocage exec $JAIL "rmdir /mnt/common" + +iocage exec $JAIL "echo 'Subject: created new jail: $JAIL with $JAILIP / $JAILHOSTNAME / $JAILDOMAIN / $JAILUSER / $JAILUSERID / $JAILUSERVNC' | sendmail -v -t jail-root@$JAILDOMAIN" +# reverse dns should already be configured for the mail server to accept this email diff --git a/configs/pxe/sshd_config b/pxe/sshd_config similarity index 100% rename from configs/pxe/sshd_config rename to pxe/sshd_config diff --git a/configs/pxe/sysctl.conf b/pxe/sysctl.conf similarity index 100% rename from configs/pxe/sysctl.conf rename to pxe/sysctl.conf diff --git a/scripts/cam_tag.sh b/scripts/cam_tag.sh index c0d7173..32c6707 100755 --- a/scripts/cam_tag.sh +++ b/scripts/cam_tag.sh @@ -1,4 +1,13 @@ #!/usr/local/bin/bash + +# Copyright (c) 2018-2021, diyIT.org +# All rights reserved. +# +# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") +# https://diyit.org/license/ +# +# + #shrinking the command Native Command Queue down to 1 effectively disabling queuing for Disk in `camcontrol devlist | grep "ST8000DM" | cut -d"," -f2 | cut -d")" -f1`; do diff --git a/scripts/fan.py b/scripts/fan.py deleted file mode 100644 index 46ed243..0000000 --- a/scripts/fan.py +++ /dev/null @@ -1,14 +0,0 @@ -# pkgk install py37-pysnmp - -from pysnmp import hlapi - - -def get(target, oids, credentials, port=161, engine=hlapi.SnmpEngine(), context=hlapi.ContextData()): - handler = hlapi.getCmd( - engine, - credentials, - hlapi.UdpTransportTarget((target, port)), - context, - *construct_object_types(oids) - ) - return fetch(handler, 1)[0] diff --git a/sync-config.sh b/sync-config.sh new file mode 100755 index 0000000..8794630 --- /dev/null +++ b/sync-config.sh @@ -0,0 +1,21 @@ +#!/usr/local/bin/bash + +# Copyright (c) 2018-2021, diyIT.org +# All rights reserved. +# +# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") +# https://diyit.org/license/ +# +# + +diff -ru / configs | grep -v "Only in /" | grep "Only in" | sed 's/Only in // ; s/: /\//' | xargs -n1 echo WILL DELETE +read -p "(y/N)? " RESP +if [ ! -z $RESP ] && [ $RESP == "y" ]; then + diff -ru / configs | grep -v "Only in /" | grep "Only in" | sed 's/Only in // ; s/: /\//' | xargs -n1 rm +fi + +diff -ru / configs | grep -v "Only in /" | grep "diff -ru" | sed 's/diff -ru//' | xargs -n2 echo WILL COPY +read -p "(y/N)? " RESP +if [ ! -z $RESP ] && [ $RESP == "y" ]; then + diff -ru / configs | grep -v "Only in /" | grep "diff -ru" | sed 's/diff -ru//' | xargs -n2 cp +fi diff --git a/sync-pxe.sh b/sync-pxe.sh new file mode 100755 index 0000000..9d2a72a --- /dev/null +++ b/sync-pxe.sh @@ -0,0 +1,21 @@ +#!/usr/local/bin/bash + +# Copyright (c) 2018-2021, diyIT.org +# All rights reserved. +# +# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") +# https://diyit.org/license/ +# +# + +diff -ru /mnt/ship/pxe pxe | grep -v "Only in /" | grep "Only in" | sed 's/Only in // ; s/: /\//' | xargs -n1 echo WILL DELETE +read -p "(y/N)? " RESP +if [ ! -z $RESP ] && [ $RESP == "y" ]; then + diff -ru /mnt/ship/pxe pxe | grep -v "Only in /" | grep "Only in" | sed 's/Only in // ; s/: /\//' | xargs -n1 rm +fi + +diff -ru /mnt/ship/pxe pxe | grep -v "Only in /" | grep "diff -ru" | sed 's/diff -ru//' | xargs -n2 echo WILL COPY +read -p "(y/N)? " RESP +if [ ! -z $RESP ] && [ $RESP == "y" ]; then + diff -ru /mnt/ship/pxe pxe | grep -v "Only in /" | grep "diff -ru" | sed 's/diff -ru//' | xargs -n2 cp +fi