updated for FreeBSD 12.2
This commit is contained in:
parent
bd3cffc61a
commit
5cee123a3c
@ -1,6 +1,6 @@
|
|||||||
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
|
||||||
Copyright (c) 2018-2020, diyIT.org
|
Copyright (c) 2018-2021, diyIT.org
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
@ -1,32 +1,63 @@
|
|||||||
;
|
;
|
||||||
; Netatalk 3.x configuration file
|
; Netatalk 3.x configuration file
|
||||||
;
|
; http://netatalk.sourceforge.net/3.1/htmldocs/afp.conf.5.html
|
||||||
|
|
||||||
[Global]
|
[Global]
|
||||||
; Global server settings
|
; Global server settings
|
||||||
hostname = atm
|
hostname = atm
|
||||||
hosts allow = 192.168.0.0/24,192.168.100.0/24
|
afp listen = ::
|
||||||
afp listen = 0.0.0.0
|
mimic model = TimeCapsule6,106
|
||||||
|
uam list = uams_guest.so uams_dhx2_passwd.so
|
||||||
|
; locate uam # show all the uam modules
|
||||||
|
|
||||||
|
force xattr with sticky bit = yes
|
||||||
|
|
||||||
zeroconf = yes
|
zeroconf = yes
|
||||||
|
afpstats = yes
|
||||||
|
|
||||||
|
ldap auth method = simple
|
||||||
|
;ldap auth dn = cn=admin,dc=infra
|
||||||
|
;ldap auth pw = notrequired
|
||||||
|
ldap server = ldap.ahlawat.com
|
||||||
|
|
||||||
|
ldap name attr = cn
|
||||||
|
ldap userbase = ou=people,dc=infra
|
||||||
|
ldap userscope = one
|
||||||
|
ldap uuid attr = uidNumber
|
||||||
|
|
||||||
|
ldap group attr = cn
|
||||||
|
ldap groupbase = ou=group,dc=infra
|
||||||
|
ldap groupscope = one
|
||||||
|
;ldap uuid attr = gidNumber #this is used both for users and groups.
|
||||||
|
|
||||||
|
; You can comment these 2 lines when your setup is working
|
||||||
|
;log level = default:maxdebug,afpdaemon:maxdebug,logger:maxdebug,uamsdaemon:maxdebug
|
||||||
|
log file = /var/log/afpd.log
|
||||||
|
|
||||||
|
[default_for_all_vol]
|
||||||
|
cnid scheme = dbd
|
||||||
|
appledouble = ea
|
||||||
|
ea = ad
|
||||||
|
|
||||||
; [Homes]
|
; [Homes]
|
||||||
; basedir regex = /xxxx
|
; basedir regex = /xxxx
|
||||||
|
|
||||||
; [My AFP Volume]
|
[Sharad]
|
||||||
; path = /path/to/volume
|
|
||||||
|
|
||||||
[Sharad Time Machine Volume]
|
|
||||||
path = /mnt/sharad
|
path = /mnt/sharad
|
||||||
|
valid users = sharad
|
||||||
time machine = yes
|
time machine = yes
|
||||||
|
|
||||||
[Rachna Time Machine Volume]
|
[Rachna]
|
||||||
path = /mnt/rachna
|
path = /mnt/rachna
|
||||||
|
valid users = rachna
|
||||||
time machine = yes
|
time machine = yes
|
||||||
|
|
||||||
[Nivi Time Machine Volume]
|
[Nivi]
|
||||||
path = /mnt/nivi
|
path = /mnt/nivi
|
||||||
|
valid users = nivi
|
||||||
time machine = yes
|
time machine = yes
|
||||||
|
|
||||||
[Rishabh Time Machine Volume]
|
[Rishabh]
|
||||||
path = /mnt/rishabh
|
path = /mnt/rishabh
|
||||||
|
valid users = rishabh
|
||||||
time machine = yes
|
time machine = yes
|
||||||
|
14
jails/config/atm/afpd.service
Normal file
14
jails/config/atm/afpd.service
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
|
||||||
|
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
|
||||||
|
<service-group>
|
||||||
|
<name replace-wildcards="yes">%h</name>
|
||||||
|
<service>
|
||||||
|
<type>_afpovertcp._tcp</type>
|
||||||
|
<port>548</port>
|
||||||
|
</service>
|
||||||
|
<service>
|
||||||
|
<type>_device-info._tcp</type>
|
||||||
|
<port>0</port>
|
||||||
|
<txt-record>model=Xserve</txt-record>
|
||||||
|
</service>
|
||||||
|
</service-group>
|
15
jails/config/atm/ldap.conf
Normal file
15
jails/config/atm/ldap.conf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
#
|
||||||
|
# LDAP Defaults
|
||||||
|
#
|
||||||
|
|
||||||
|
# See ldap.conf(5) for details
|
||||||
|
# This file should be world readable but not world writable.
|
||||||
|
|
||||||
|
BASE ou=people,dc=infra
|
||||||
|
URI ldaps://ldap.ahlawat.com:636
|
||||||
|
ssl start_tls
|
||||||
|
tls_cacert /mnt/certs/cacert.pem
|
||||||
|
|
||||||
|
#SIZELIMIT 12
|
||||||
|
#TIMELIMIT 15
|
||||||
|
#DEREF never
|
3
jails/config/atm/netatalk
Normal file
3
jails/config/atm/netatalk
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
auth required /usr/local/lib/pam_ldap.so try_first_pass
|
||||||
|
account required /usr/local/lib/pam_ldap.so try_first_pass
|
||||||
|
session required /usr/local/lib/pam_ldap.so
|
142
jails/config/atm/nslcd.conf
Normal file
142
jails/config/atm/nslcd.conf
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
# This is the configuration file for the LDAP nameservice
|
||||||
|
# switch library's nslcd daemon. It configures the mapping
|
||||||
|
# between NSS names (see /etc/nsswitch.conf) and LDAP
|
||||||
|
# information in the directory.
|
||||||
|
# See the manual page nslcd.conf(5) for more information.
|
||||||
|
|
||||||
|
# The user and group nslcd should run as.
|
||||||
|
uid nslcd
|
||||||
|
gid nslcd
|
||||||
|
|
||||||
|
# The uri pointing to the LDAP server to use for name lookups.
|
||||||
|
# Multiple entries may be specified. The address that is used
|
||||||
|
# here should be resolvable without using LDAP (obviously).
|
||||||
|
#uri ldap://127.0.0.1/
|
||||||
|
#uri ldaps://127.0.0.1/
|
||||||
|
#uri ldapi://%2fvar%2frun%2fldapi_sock/
|
||||||
|
# Note: %2f encodes the '/' used as directory separator
|
||||||
|
uri ldaps://ldap.ahlawat.com:636
|
||||||
|
|
||||||
|
# The LDAP version to use (defaults to 3
|
||||||
|
# if supported by client library)
|
||||||
|
#ldap_version 3
|
||||||
|
|
||||||
|
# The distinguished name of the search base.
|
||||||
|
base ou=people,dc=infra
|
||||||
|
|
||||||
|
# The distinguished name to bind to the server with.
|
||||||
|
# Optional: default is to bind anonymously.
|
||||||
|
#binddn cn=proxyuser,dc=example,dc=com
|
||||||
|
|
||||||
|
# The credentials to bind with.
|
||||||
|
# Optional: default is no credentials.
|
||||||
|
# Note that if you set a bindpw you should check the permissions of this file.
|
||||||
|
#bindpw secret
|
||||||
|
|
||||||
|
# The distinguished name to perform password modifications by root by.
|
||||||
|
#rootpwmoddn cn=admin,dc=example,dc=com
|
||||||
|
|
||||||
|
# The default search scope.
|
||||||
|
#scope sub
|
||||||
|
scope one
|
||||||
|
#scope base
|
||||||
|
|
||||||
|
# Customize certain database lookups.
|
||||||
|
#base group ou=Groups,dc=example,dc=com
|
||||||
|
#base passwd ou=People,dc=example,dc=com
|
||||||
|
#base shadow ou=People,dc=example,dc=com
|
||||||
|
#scope group onelevel
|
||||||
|
#scope hosts sub
|
||||||
|
|
||||||
|
# Bind/connect timelimit.
|
||||||
|
#bind_timelimit 30
|
||||||
|
|
||||||
|
# Search timelimit.
|
||||||
|
#timelimit 30
|
||||||
|
|
||||||
|
# Idle timelimit. nslcd will close connections if the
|
||||||
|
# server has not been contacted for the number of seconds.
|
||||||
|
#idle_timelimit 3600
|
||||||
|
|
||||||
|
# Use StartTLS without verifying the server certificate.
|
||||||
|
ssl start_tls
|
||||||
|
#tls_reqcert never
|
||||||
|
|
||||||
|
# CA certificates for server certificate verification
|
||||||
|
tls_cacertdir /mnt/certs
|
||||||
|
tls_cacertfile /mnt/certs/cacert.pem
|
||||||
|
|
||||||
|
# Seed the PRNG if /dev/urandom is not provided
|
||||||
|
#tls_randfile /var/run/egd-pool
|
||||||
|
|
||||||
|
# SSL cipher suite
|
||||||
|
# See man ciphers for syntax
|
||||||
|
#tls_ciphers TLSv1
|
||||||
|
|
||||||
|
# Client certificate and key
|
||||||
|
# Use these, if your server requires client authentication.
|
||||||
|
#tls_cert
|
||||||
|
#tls_key
|
||||||
|
|
||||||
|
# Mappings for Services for UNIX 3.5
|
||||||
|
#filter passwd (objectClass=User)
|
||||||
|
#map passwd uid msSFU30Name
|
||||||
|
#map passwd userPassword msSFU30Password
|
||||||
|
#map passwd homeDirectory msSFU30HomeDirectory
|
||||||
|
#map passwd homeDirectory msSFUHomeDirectory
|
||||||
|
#filter shadow (objectClass=User)
|
||||||
|
#map shadow uid msSFU30Name
|
||||||
|
#map shadow userPassword msSFU30Password
|
||||||
|
#filter group (objectClass=Group)
|
||||||
|
#map group member msSFU30PosixMember
|
||||||
|
|
||||||
|
# Mappings for Services for UNIX 2.0
|
||||||
|
#filter passwd (objectClass=User)
|
||||||
|
#map passwd uid msSFUName
|
||||||
|
#map passwd userPassword msSFUPassword
|
||||||
|
#map passwd homeDirectory msSFUHomeDirectory
|
||||||
|
#map passwd gecos msSFUName
|
||||||
|
#filter shadow (objectClass=User)
|
||||||
|
#map shadow uid msSFUName
|
||||||
|
#map shadow userPassword msSFUPassword
|
||||||
|
#map shadow shadowLastChange pwdLastSet
|
||||||
|
#filter group (objectClass=Group)
|
||||||
|
#map group member posixMember
|
||||||
|
|
||||||
|
# Mappings for Active Directory
|
||||||
|
#pagesize 1000
|
||||||
|
#referrals off
|
||||||
|
#idle_timelimit 800
|
||||||
|
#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
||||||
|
#map passwd uid sAMAccountName
|
||||||
|
#map passwd homeDirectory unixHomeDirectory
|
||||||
|
#map passwd gecos displayName
|
||||||
|
#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
|
||||||
|
#map shadow uid sAMAccountName
|
||||||
|
#map shadow shadowLastChange pwdLastSet
|
||||||
|
#filter group (objectClass=group)
|
||||||
|
|
||||||
|
# Alternative mappings for Active Directory
|
||||||
|
# (replace the SIDs in the objectSid mappings with the value for your domain)
|
||||||
|
#pagesize 1000
|
||||||
|
#referrals off
|
||||||
|
#idle_timelimit 800
|
||||||
|
#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer)))
|
||||||
|
#map passwd uid cn
|
||||||
|
#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||||
|
#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||||
|
#map passwd homeDirectory "/home/$cn"
|
||||||
|
#map passwd gecos displayName
|
||||||
|
#map passwd loginShell "/bin/bash"
|
||||||
|
#filter group (|(objectClass=group)(objectClass=person))
|
||||||
|
#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820
|
||||||
|
|
||||||
|
# Mappings for AIX SecureWay
|
||||||
|
#filter passwd (objectClass=aixAccount)
|
||||||
|
#map passwd uid userName
|
||||||
|
#map passwd userPassword passwordChar
|
||||||
|
#map passwd uidNumber uid
|
||||||
|
#map passwd gidNumber gid
|
||||||
|
#filter group (objectClass=aixAccessGroup)
|
||||||
|
#map group cn groupName
|
||||||
|
#map group gidNumber gid
|
18
jails/config/atm/nsswitch.conf
Normal file
18
jails/config/atm/nsswitch.conf
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
#
|
||||||
|
# nsswitch.conf(5) - name service switch configuration file
|
||||||
|
# $FreeBSD: releng/12.1/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z brd $
|
||||||
|
#
|
||||||
|
#group: compat
|
||||||
|
group: files ldap
|
||||||
|
group_compat: nis
|
||||||
|
hosts: files dns
|
||||||
|
netgroup: compat
|
||||||
|
networks: files
|
||||||
|
#passwd: compat
|
||||||
|
passwd: files ldap
|
||||||
|
passwd_compat: nis
|
||||||
|
shells: files
|
||||||
|
services: compat
|
||||||
|
services_compat: nis
|
||||||
|
protocols: files
|
||||||
|
rpc: files
|
17
jails/config/atm/pam_ldap.conf
Normal file
17
jails/config/atm/pam_ldap.conf
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
#
|
||||||
|
# LDAP Defaults
|
||||||
|
#
|
||||||
|
|
||||||
|
# See ldap.conf(5) for details
|
||||||
|
# This file should be world readable but not world writable.
|
||||||
|
|
||||||
|
BASE ou=people,dc=infra
|
||||||
|
URI ldaps://ldap.ahlawat.com:636
|
||||||
|
ssl start_tls
|
||||||
|
tls_cacert /mnt/certs/cacert.pem
|
||||||
|
|
||||||
|
pam_login_attribute cn
|
||||||
|
|
||||||
|
#SIZELIMIT 12
|
||||||
|
#TIMELIMIT 15
|
||||||
|
#DEREF never
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
28
jails/config/atm/sshd
Normal file
28
jails/config/atm/sshd
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
#
|
||||||
|
# $FreeBSD: releng/12.1/lib/libpam/pam.d/sshd 197769 2009-10-05 09:28:54Z des $
|
||||||
|
#
|
||||||
|
# PAM configuration for the "sshd" service
|
||||||
|
#
|
||||||
|
|
||||||
|
# auth
|
||||||
|
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||||
|
auth requisite pam_opieaccess.so no_warn allow_local
|
||||||
|
#auth sufficient pam_krb5.so no_warn try_first_pass
|
||||||
|
#auth sufficient pam_ssh.so no_warn try_first_pass
|
||||||
|
auth sufficient /usr/local/lib/pam_ldap.so no_warn
|
||||||
|
auth required pam_unix.so no_warn try_first_pass
|
||||||
|
|
||||||
|
# account
|
||||||
|
account required pam_nologin.so
|
||||||
|
#account required pam_krb5.so
|
||||||
|
account required pam_login_access.so
|
||||||
|
account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
|
||||||
|
account required pam_unix.so
|
||||||
|
|
||||||
|
# session
|
||||||
|
#session optional pam_ssh.so want_agent
|
||||||
|
session required pam_permit.so
|
||||||
|
|
||||||
|
# password
|
||||||
|
#password sufficient pam_krb5.so no_warn try_first_pass
|
||||||
|
password required pam_unix.so no_warn try_first_pass
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
1
jails/config/cert/backup.sh
Executable file
1
jails/config/cert/backup.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
cp -r /root/.acme.sh /mnt/config/secret/
|
77
jails/config/common/freebsd-update.conf
Normal file
77
jails/config/common/freebsd-update.conf
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
|
||||||
|
|
||||||
|
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
||||||
|
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
||||||
|
# change it and explaining why.
|
||||||
|
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
|
||||||
|
|
||||||
|
# Server or server pool from which to fetch updates. You can change
|
||||||
|
# this to point at a specific server if you want, but in most cases
|
||||||
|
# using a "nearby" server won't provide a measurable improvement in
|
||||||
|
# performance.
|
||||||
|
ServerName update.FreeBSD.org
|
||||||
|
|
||||||
|
# Components of the base system which should be kept updated.
|
||||||
|
#Components src world
|
||||||
|
Components world
|
||||||
|
|
||||||
|
# Example for updating the userland and the kernel source code only:
|
||||||
|
# Components src/base src/sys world
|
||||||
|
|
||||||
|
# Paths which start with anything matching an entry in an IgnorePaths
|
||||||
|
# statement will be ignored.
|
||||||
|
IgnorePaths
|
||||||
|
|
||||||
|
# Paths which start with anything matching an entry in an IDSIgnorePaths
|
||||||
|
# statement will be ignored by "freebsd-update IDS".
|
||||||
|
IDSIgnorePaths /usr/share/man/cat
|
||||||
|
IDSIgnorePaths /usr/share/man/whatis
|
||||||
|
IDSIgnorePaths /var/db/locate.database
|
||||||
|
IDSIgnorePaths /var/log
|
||||||
|
|
||||||
|
# Paths which start with anything matching an entry in an UpdateIfUnmodified
|
||||||
|
# statement will only be updated if the contents of the file have not been
|
||||||
|
# modified by the user (unless changes are merged; see below).
|
||||||
|
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
|
||||||
|
|
||||||
|
# When upgrading to a new FreeBSD release, files which match MergeChanges
|
||||||
|
# will have any local changes merged into the version from the new release.
|
||||||
|
MergeChanges /etc/ /boot/device.hints
|
||||||
|
|
||||||
|
### Default configuration options:
|
||||||
|
|
||||||
|
# Directory in which to store downloaded updates and temporary
|
||||||
|
# files used by FreeBSD Update.
|
||||||
|
# WorkDir /var/db/freebsd-update
|
||||||
|
|
||||||
|
# Destination to send output of "freebsd-update cron" if an error
|
||||||
|
# occurs or updates have been downloaded.
|
||||||
|
# MailTo root
|
||||||
|
|
||||||
|
# Is FreeBSD Update allowed to create new files?
|
||||||
|
# AllowAdd yes
|
||||||
|
|
||||||
|
# Is FreeBSD Update allowed to delete files?
|
||||||
|
# AllowDelete yes
|
||||||
|
|
||||||
|
# If the user has modified file ownership, permissions, or flags, should
|
||||||
|
# FreeBSD Update retain this modified metadata when installing a new version
|
||||||
|
# of that file?
|
||||||
|
# KeepModifiedMetadata yes
|
||||||
|
|
||||||
|
# When upgrading between releases, should the list of Components be
|
||||||
|
# read strictly (StrictComponents yes) or merely as a list of components
|
||||||
|
# which *might* be installed of which FreeBSD Update should figure out
|
||||||
|
# which actually are installed and upgrade those (StrictComponents no)?
|
||||||
|
# StrictComponents no
|
||||||
|
|
||||||
|
# When installing a new kernel perform a backup of the old one first
|
||||||
|
# so it is possible to boot the old kernel in case of problems.
|
||||||
|
# BackupKernel yes
|
||||||
|
|
||||||
|
# If BackupKernel is enabled, the backup kernel is saved to this
|
||||||
|
# directory.
|
||||||
|
# BackupKernelDir /boot/kernel.old
|
||||||
|
|
||||||
|
# When backing up a kernel also back up debug symbol files?
|
||||||
|
# BackupKernelSymbolFiles no
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#! /usr/local/bin/bash
|
#! /usr/local/bin/bash
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||||
# $FreeBSD: releng/12.1/crypto/openssh/sshd_config 338561 2018-09-10 16:20:12Z des $
|
# $FreeBSD: releng/12.2/crypto/openssh/sshd_config 360313 2020-04-25 15:38:48Z emaste $
|
||||||
|
|
||||||
# This is the sshd server system-wide configuration file. See
|
# This is the sshd server system-wide configuration file. See
|
||||||
# sshd_config(5) for more information.
|
# sshd_config(5) for more information.
|
||||||
@ -105,7 +105,7 @@ AuthorizedKeysFile .ssh/authorized_keys
|
|||||||
#PermitTunnel no
|
#PermitTunnel no
|
||||||
#ChrootDirectory none
|
#ChrootDirectory none
|
||||||
#UseBlacklist no
|
#UseBlacklist no
|
||||||
#VersionAddendum FreeBSD-20180909
|
#VersionAddendum FreeBSD-20200214
|
||||||
|
|
||||||
# no default banner path
|
# no default banner path
|
||||||
#Banner none
|
#Banner none
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,99 +1,13 @@
|
|||||||
# Example MySQL config file for small systems.
|
|
||||||
#
|
#
|
||||||
# This is for a system with little memory (<= 64M) where MySQL is only used
|
# This group is read both by the client and the server
|
||||||
# from time to time and it's important that the mysqld daemon
|
# use it for options that affect everything, see
|
||||||
# doesn't use much resources.
|
# https://mariadb.com/kb/en/configuring-mariadb-with-option-files/#option-groups
|
||||||
#
|
#
|
||||||
# MySQL programs look for option files in a set of
|
[client-server]
|
||||||
# locations which depend on the deployment platform.
|
port = 3306
|
||||||
# You can copy this option file to one of those
|
socket = /var/run/mysql/mysql.sock
|
||||||
# locations. For information about these locations, see:
|
|
||||||
# http://dev.mysql.com/doc/mysql/en/option-files.html
|
|
||||||
#
|
#
|
||||||
# In this file, you can use all long options that a program supports.
|
# include *.cnf from the config directory
|
||||||
# If you want to know which options a program supports, run the program
|
|
||||||
# with the "--help" option.
|
|
||||||
|
|
||||||
# The following options will be passed to all MySQL clients
|
|
||||||
[client]
|
|
||||||
#password = your_password
|
|
||||||
port = 3306
|
|
||||||
socket = /tmp/mysql.sock
|
|
||||||
|
|
||||||
# Here follows entries for some specific programs
|
|
||||||
|
|
||||||
# The MySQL server
|
|
||||||
[mysqld]
|
|
||||||
bind-address = *
|
|
||||||
port = 3306
|
|
||||||
socket = /tmp/mysql.sock
|
|
||||||
skip-external-locking
|
|
||||||
key_buffer_size = 16K
|
|
||||||
max_allowed_packet = 64M
|
|
||||||
table_open_cache = 16
|
|
||||||
sort_buffer_size = 64K
|
|
||||||
read_buffer_size = 256K
|
|
||||||
read_rnd_buffer_size = 256K
|
|
||||||
net_buffer_length = 2K
|
|
||||||
thread_stack = 240K
|
|
||||||
|
|
||||||
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
|
|
||||||
# if all processes that need to connect to mysqld run on the same host.
|
|
||||||
# All interaction with mysqld must be made via Unix sockets or named pipes.
|
|
||||||
# Note that using this option without enabling named pipes on Windows
|
|
||||||
# (using the "enable-named-pipe" option) will render mysqld useless!
|
|
||||||
#
|
#
|
||||||
#skip-networking
|
!includedir /usr/local/etc/mysql/conf.d/
|
||||||
server-id = 1
|
|
||||||
|
|
||||||
# Uncomment the following if you want to log updates
|
|
||||||
#log-bin=mysql-bin
|
|
||||||
|
|
||||||
# binary logging format - mixed recommended
|
|
||||||
binlog_format=ROW
|
|
||||||
|
|
||||||
# Causes updates to non-transactional engines using statement format to be
|
|
||||||
# written directly to binary log. Before using this option make sure that
|
|
||||||
# there are no dependencies between transactional and non-transactional
|
|
||||||
# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
|
|
||||||
# t_innodb; otherwise, slaves may diverge from the master.
|
|
||||||
#binlog_direct_non_transactional_updates=TRUE
|
|
||||||
|
|
||||||
# Uncomment the following if you are using InnoDB tables
|
|
||||||
#innodb_data_home_dir = /var/db/mysql
|
|
||||||
#innodb_data_file_path = ibdata1:10M:autoextend
|
|
||||||
innodb_log_group_home_dir = /var/db/mysql-log
|
|
||||||
# You can set .._buffer_pool_size up to 50 - 80 %
|
|
||||||
# of RAM but beware of setting memory usage too high
|
|
||||||
innodb_buffer_pool_size = 1G
|
|
||||||
innodb_io_capacity=4000
|
|
||||||
transaction-isolation = READ-COMMITTED
|
|
||||||
# Set .._log_file_size to 25 % of buffer pool size
|
|
||||||
innodb_log_file_size = 250M
|
|
||||||
#innodb_log_buffer_size = 8M
|
|
||||||
innodb_flush_log_at_trx_commit = 2
|
|
||||||
#innodb_lock_wait_timeout = 50
|
|
||||||
|
|
||||||
innodb_doublewrite = 0
|
|
||||||
innodb_checksum_algorithm = none
|
|
||||||
slow_query_log_file = /var/db/mysql-log/slow.log
|
|
||||||
log-error = /var/db/mysql-log/error.log
|
|
||||||
log_bin = /var/db/mysql-log/binlog
|
|
||||||
relay_log = /var/db/mysql-log/relay-bin
|
|
||||||
expire_logs_days = 7
|
|
||||||
|
|
||||||
[mysqldump]
|
|
||||||
quick
|
|
||||||
max_allowed_packet = 16M
|
|
||||||
|
|
||||||
[mysql]
|
|
||||||
no-auto-rehash
|
|
||||||
# Remove the next comment character if you are not familiar with SQL
|
|
||||||
#safe-updates
|
|
||||||
|
|
||||||
[myisamchk]
|
|
||||||
key_buffer_size = 8M
|
|
||||||
sort_buffer_size = 8M
|
|
||||||
|
|
||||||
[mysqlhotcopy]
|
|
||||||
interactive-timeout
|
|
||||||
|
99
jails/config/db/my.cnf.oldversion
Normal file
99
jails/config/db/my.cnf.oldversion
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
# Example MySQL config file for small systems.
|
||||||
|
#
|
||||||
|
# This is for a system with little memory (<= 64M) where MySQL is only used
|
||||||
|
# from time to time and it's important that the mysqld daemon
|
||||||
|
# doesn't use much resources.
|
||||||
|
#
|
||||||
|
# MySQL programs look for option files in a set of
|
||||||
|
# locations which depend on the deployment platform.
|
||||||
|
# You can copy this option file to one of those
|
||||||
|
# locations. For information about these locations, see:
|
||||||
|
# http://dev.mysql.com/doc/mysql/en/option-files.html
|
||||||
|
#
|
||||||
|
# In this file, you can use all long options that a program supports.
|
||||||
|
# If you want to know which options a program supports, run the program
|
||||||
|
# with the "--help" option.
|
||||||
|
|
||||||
|
# The following options will be passed to all MySQL clients
|
||||||
|
[client]
|
||||||
|
#password = your_password
|
||||||
|
port = 3306
|
||||||
|
socket = /tmp/mysql.sock
|
||||||
|
|
||||||
|
# Here follows entries for some specific programs
|
||||||
|
|
||||||
|
# The MySQL server
|
||||||
|
[mysqld]
|
||||||
|
bind-address = *
|
||||||
|
port = 3306
|
||||||
|
socket = /tmp/mysql.sock
|
||||||
|
skip-external-locking
|
||||||
|
key_buffer_size = 16K
|
||||||
|
max_allowed_packet = 64M
|
||||||
|
table_open_cache = 16
|
||||||
|
sort_buffer_size = 64K
|
||||||
|
read_buffer_size = 256K
|
||||||
|
read_rnd_buffer_size = 256K
|
||||||
|
net_buffer_length = 2K
|
||||||
|
thread_stack = 240K
|
||||||
|
|
||||||
|
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
|
||||||
|
# if all processes that need to connect to mysqld run on the same host.
|
||||||
|
# All interaction with mysqld must be made via Unix sockets or named pipes.
|
||||||
|
# Note that using this option without enabling named pipes on Windows
|
||||||
|
# (using the "enable-named-pipe" option) will render mysqld useless!
|
||||||
|
#
|
||||||
|
#skip-networking
|
||||||
|
server-id = 1
|
||||||
|
|
||||||
|
# Uncomment the following if you want to log updates
|
||||||
|
#log-bin=mysql-bin
|
||||||
|
|
||||||
|
# binary logging format - mixed recommended
|
||||||
|
binlog_format=ROW
|
||||||
|
|
||||||
|
# Causes updates to non-transactional engines using statement format to be
|
||||||
|
# written directly to binary log. Before using this option make sure that
|
||||||
|
# there are no dependencies between transactional and non-transactional
|
||||||
|
# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
|
||||||
|
# t_innodb; otherwise, slaves may diverge from the master.
|
||||||
|
#binlog_direct_non_transactional_updates=TRUE
|
||||||
|
|
||||||
|
# Uncomment the following if you are using InnoDB tables
|
||||||
|
#innodb_data_home_dir = /var/db/mysql
|
||||||
|
#innodb_data_file_path = ibdata1:10M:autoextend
|
||||||
|
innodb_log_group_home_dir = /var/db/mysql-log
|
||||||
|
# You can set .._buffer_pool_size up to 50 - 80 %
|
||||||
|
# of RAM but beware of setting memory usage too high
|
||||||
|
innodb_buffer_pool_size = 1G
|
||||||
|
innodb_io_capacity=4000
|
||||||
|
transaction-isolation = READ-COMMITTED
|
||||||
|
# Set .._log_file_size to 25 % of buffer pool size
|
||||||
|
innodb_log_file_size = 250M
|
||||||
|
#innodb_log_buffer_size = 8M
|
||||||
|
innodb_flush_log_at_trx_commit = 2
|
||||||
|
#innodb_lock_wait_timeout = 50
|
||||||
|
|
||||||
|
innodb_doublewrite = 0
|
||||||
|
innodb_checksum_algorithm = none
|
||||||
|
slow_query_log_file = /var/db/mysql-log/slow.log
|
||||||
|
log-error = /var/db/mysql-log/error.log
|
||||||
|
log_bin = /var/db/mysql-log/binlog
|
||||||
|
relay_log = /var/db/mysql-log/relay-bin
|
||||||
|
expire_logs_days = 7
|
||||||
|
|
||||||
|
[mysqldump]
|
||||||
|
quick
|
||||||
|
max_allowed_packet = 16M
|
||||||
|
|
||||||
|
[mysql]
|
||||||
|
no-auto-rehash
|
||||||
|
# Remove the next comment character if you are not familiar with SQL
|
||||||
|
#safe-updates
|
||||||
|
|
||||||
|
[myisamchk]
|
||||||
|
key_buffer_size = 8M
|
||||||
|
sort_buffer_size = 8M
|
||||||
|
|
||||||
|
[mysqlhotcopy]
|
||||||
|
interactive-timeout
|
90
jails/config/db/server.cnf
Normal file
90
jails/config/db/server.cnf
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
# Options specific to server applications, see
|
||||||
|
# https://mariadb.com/kb/en/configuring-mariadb-with-option-files/#server-option-groups
|
||||||
|
|
||||||
|
# Options specific to all server programs
|
||||||
|
[server]
|
||||||
|
|
||||||
|
# Options specific to MariaDB server programs
|
||||||
|
[server-mariadb]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options for specific server tools
|
||||||
|
#
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
user = mysql
|
||||||
|
# port = 3306 # set in /usr/local/etc/mysql/my.cnf
|
||||||
|
# socket = /var/run/mysql/mysql.sock # set in /usr/local/etc/mysql/my.cnf
|
||||||
|
bind-address = *
|
||||||
|
basedir = /usr/local
|
||||||
|
datadir = /var/db/mysql
|
||||||
|
net_retry_count = 16384
|
||||||
|
# [mysqld] configuration for ZFS
|
||||||
|
# From https://www.percona.com/resources/technical-presentations/zfs-mysql-percona-technical-webinar
|
||||||
|
# Create separate datasets for data and logs, eg
|
||||||
|
# zroot/mysql compression=on recordsize=128k atime=off
|
||||||
|
# zroot/mysql/data recordsize=16k
|
||||||
|
# zroot/mysql/logs
|
||||||
|
datadir = /var/db/mysql
|
||||||
|
innodb_log_group_home_dir = /var/db/mysql-log
|
||||||
|
#audit_log_file = /var/db/mysql-log/audit.log
|
||||||
|
general_log_file = /var/db/mysql-log/general.log
|
||||||
|
log_bin = /var/db/mysql-log/mysql-bin
|
||||||
|
relay_log = /var/db/mysql-log/relay-log
|
||||||
|
slow_query_log_file = /var/db/mysql-log/slow.log
|
||||||
|
innodb_doublewrite = 0
|
||||||
|
innodb_flush_method = O_DSYNC
|
||||||
|
|
||||||
|
##
|
||||||
|
log-error = /var/db/mysql-log/error.log
|
||||||
|
|
||||||
|
|
||||||
|
### custom optimizations
|
||||||
|
skip-external-locking
|
||||||
|
key_buffer_size = 16K
|
||||||
|
max_allowed_packet = 64M
|
||||||
|
table_open_cache = 16
|
||||||
|
sort_buffer_size = 64K
|
||||||
|
read_buffer_size = 256K
|
||||||
|
read_rnd_buffer_size = 256K
|
||||||
|
net_buffer_length = 2K
|
||||||
|
thread_stack = 240K
|
||||||
|
|
||||||
|
server-id = 1
|
||||||
|
binlog_format=ROW
|
||||||
|
|
||||||
|
innodb_buffer_pool_size = 1G
|
||||||
|
innodb_io_capacity=4000
|
||||||
|
transaction-isolation = READ-COMMITTED
|
||||||
|
innodb_log_file_size = 250M
|
||||||
|
innodb_flush_log_at_trx_commit = 2
|
||||||
|
innodb_checksum_algorithm = none
|
||||||
|
|
||||||
|
slow_query_log_file = /var/db/mysql-log/slow.log
|
||||||
|
|
||||||
|
expire_logs_days = 7
|
||||||
|
###
|
||||||
|
|
||||||
|
|
||||||
|
# Options read by `mysqld_safe`
|
||||||
|
# Renamed from [mysqld_safe] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb_safe]
|
||||||
|
|
||||||
|
# Options read my `mariabackup`
|
||||||
|
[mariabackup]
|
||||||
|
|
||||||
|
# Options read by `mysql_upgrade`
|
||||||
|
# Renamed from [mysql_upgrade] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-upgrade]
|
||||||
|
|
||||||
|
# Specific options read by the mariabackup SST method
|
||||||
|
[sst]
|
||||||
|
|
||||||
|
# Options read by `mysqlbinlog`
|
||||||
|
# Renamed from [mysqlbinlog] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-binlog]
|
||||||
|
|
||||||
|
# Options read by `mysqladmin`
|
||||||
|
# Renamed from [mysqladmin] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-admin]
|
||||||
|
|
@ -36,7 +36,6 @@ xpack.security.http.ssl.certificate_authorities: certs/cacert.pem
|
|||||||
xpack.security.transport.ssl.key: certs/diyprivkeyr.pem
|
xpack.security.transport.ssl.key: certs/diyprivkeyr.pem
|
||||||
xpack.security.transport.ssl.certificate: certs/diyfullchain.pem
|
xpack.security.transport.ssl.certificate: certs/diyfullchain.pem
|
||||||
xpack.security.transport.ssl.certificate_authorities: certs/cacert.pem
|
xpack.security.transport.ssl.certificate_authorities: certs/cacert.pem
|
||||||
|
|
||||||
#
|
#
|
||||||
# ----------------------------------- Paths ------------------------------------
|
# ----------------------------------- Paths ------------------------------------
|
||||||
#
|
#
|
||||||
@ -76,16 +75,17 @@ network.host: _epair0b_
|
|||||||
#
|
#
|
||||||
# --------------------------------- Discovery ----------------------------------
|
# --------------------------------- Discovery ----------------------------------
|
||||||
#
|
#
|
||||||
# Pass an initial list of hosts to perform discovery when new node is started:
|
# Pass an initial list of hosts to perform discovery when this node is started:
|
||||||
# The default list of hosts is ["127.0.0.1", "[::1]"]
|
# The default list of hosts is ["127.0.0.1", "[::1]"]
|
||||||
#
|
#
|
||||||
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
|
#discovery.seed_hosts: ["host1", "host2"]
|
||||||
#
|
#
|
||||||
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
|
# Bootstrap the cluster using an initial set of master-eligible nodes:
|
||||||
#
|
#
|
||||||
#discovery.zen.minimum_master_nodes:
|
cluster.initial_master_nodes: ["node-1"]
|
||||||
|
#cluster.initial_master_nodes: ["node-1", "node-2"]
|
||||||
#
|
#
|
||||||
# For more information, consult the zen discovery module documentation.
|
# For more information, consult the discovery and cluster formation module documentation.
|
||||||
#
|
#
|
||||||
# ---------------------------------- Gateway -----------------------------------
|
# ---------------------------------- Gateway -----------------------------------
|
||||||
#
|
#
|
2
jails/config/elk/fstab
Normal file
2
jails/config/elk/fstab
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
fdesc /dev/fd fdescfs rw,auto 0 0
|
||||||
|
proc /proc procfs rw,auto 0 0
|
@ -24,8 +24,7 @@ heartbeat.monitors:
|
|||||||
- type: http
|
- type: http
|
||||||
|
|
||||||
# List or urls to query
|
# List or urls to query
|
||||||
#urls: ["http://localhost:9200"]
|
urls: ["https://cloud.google.com","https://azure.microsoft.com","https://aws.amazon.com"]
|
||||||
urls: ["https://google.com","https://aws.amazon.com"]
|
|
||||||
|
|
||||||
# Configure task schedule
|
# Configure task schedule
|
||||||
schedule: '@every 10s'
|
schedule: '@every 10s'
|
||||||
@ -56,46 +55,6 @@ setup.template.settings:
|
|||||||
# env: staging
|
# env: staging
|
||||||
|
|
||||||
|
|
||||||
#================================= Paths ======================================
|
|
||||||
|
|
||||||
# The home path for the filebeat installation. This is the default base path
|
|
||||||
# for all other path settings and for miscellaneous files that come with the
|
|
||||||
# distribution (for example, the sample dashboards).
|
|
||||||
# If not set by a CLI flag or in the configuration file, the default for the
|
|
||||||
# home path is the location of the binary.
|
|
||||||
#path.home:
|
|
||||||
|
|
||||||
# The configuration path for the filebeat installation. This is the default
|
|
||||||
# base path for configuration files, including the main YAML configuration file
|
|
||||||
# and the Elasticsearch template file. If not set by a CLI flag or in the
|
|
||||||
# configuration file, the default for the configuration path is the home path.
|
|
||||||
#path.config: ${path.home}
|
|
||||||
|
|
||||||
# The data path for the filebeat installation. This is the default base path
|
|
||||||
# for all the files in which filebeat needs to store its data. If not set by a
|
|
||||||
# CLI flag or in the configuration file, the default for the data path is a data
|
|
||||||
# subdirectory inside the home path.
|
|
||||||
#path.data: ${path.home}/data
|
|
||||||
|
|
||||||
# The logs path for a filebeat installation. This is the default location for
|
|
||||||
# the Beat's log files. If not set by a CLI flag or in the configuration file,
|
|
||||||
# the default for the logs path is a logs subdirectory inside the home path.
|
|
||||||
#path.logs: ${path.home}/logs
|
|
||||||
|
|
||||||
|
|
||||||
#============================== Dashboards =====================================
|
|
||||||
# These settings control loading the sample dashboards to the Kibana index. Loading
|
|
||||||
# the dashboards is disabled by default and can be enabled either by setting the
|
|
||||||
# options here, or by using the `-setup` CLI flag or the `setup` command.
|
|
||||||
#setup.dashboards.enabled: false
|
|
||||||
#setup.dashboards.enabled: true
|
|
||||||
|
|
||||||
# The URL from where to download the dashboards archive. By default this URL
|
|
||||||
# has a value which is computed based on the Beat name and version. For released
|
|
||||||
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
|
|
||||||
# website.
|
|
||||||
#setup.dashboards.url:
|
|
||||||
|
|
||||||
#============================== Kibana =====================================
|
#============================== Kibana =====================================
|
||||||
|
|
||||||
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
|
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
|
||||||
@ -106,9 +65,7 @@ setup.kibana:
|
|||||||
# Scheme and port can be left out and will be set to the default (http and 5601)
|
# Scheme and port can be left out and will be set to the default (http and 5601)
|
||||||
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
|
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
|
||||||
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
|
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
|
||||||
#host: "localhost:5601"
|
host: "http://elk.diyit.org:5601"
|
||||||
#host: "https://kibanax.diyit.org:443"
|
|
||||||
host: "http://kibanax.diyit.org:5601"
|
|
||||||
|
|
||||||
# Kibana Space ID
|
# Kibana Space ID
|
||||||
# ID of the Kibana Space into which the dashboards should be loaded. By default,
|
# ID of the Kibana Space into which the dashboards should be loaded. By default,
|
||||||
@ -117,7 +74,7 @@ setup.kibana:
|
|||||||
|
|
||||||
#============================= Elastic Cloud ==================================
|
#============================= Elastic Cloud ==================================
|
||||||
|
|
||||||
# These settings simplify using heartbeat with the Elastic Cloud (https://cloud.elastic.co/).
|
# These settings simplify using Heartbeat with the Elastic Cloud (https://cloud.elastic.co/).
|
||||||
|
|
||||||
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
|
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
|
||||||
# `setup.kibana.host` options.
|
# `setup.kibana.host` options.
|
||||||
@ -137,36 +94,40 @@ setup.kibana:
|
|||||||
# Array of hosts to connect to.
|
# Array of hosts to connect to.
|
||||||
#hosts: ["localhost:9200"]
|
#hosts: ["localhost:9200"]
|
||||||
|
|
||||||
# Enabled ilm (beta) to use index lifecycle management instead daily indices.
|
# Protocol - either `http` (default) or `https`.
|
||||||
#ilm.enabled: false
|
|
||||||
|
|
||||||
# Optional protocol and basic auth credentials.
|
|
||||||
#protocol: "https"
|
#protocol: "https"
|
||||||
|
|
||||||
|
# Authentication credentials - either API key or username/password.
|
||||||
|
#api_key: "id:api_key"
|
||||||
#username: "elastic"
|
#username: "elastic"
|
||||||
#password: "changeme"
|
#password: "changeme"
|
||||||
|
|
||||||
#----------------------------- Logstash output --------------------------------
|
#----------------------------- Logstash output --------------------------------
|
||||||
output.logstash:
|
output.logstash:
|
||||||
# The Logstash hosts
|
# The Logstash hosts
|
||||||
hosts: ["kibanax.diyit.org:5044"]
|
hosts: ["elk.diyit.org:5044"]
|
||||||
|
|
||||||
# Optional SSL. By default is off.
|
# Optional SSL. By default is off.
|
||||||
# List of root certificates for HTTPS server verifications
|
# List of root certificates for HTTPS server verifications
|
||||||
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
|
#ssl.certificate_authorities: ["/mnt/certs/cacert.pem"]
|
||||||
|
|
||||||
# Certificate for SSL client authentication
|
# Certificate for SSL client authentication
|
||||||
#ssl.certificate: "/etc/pki/client/cert.pem"
|
#ssl.certificate: "/mnt/certs/diyfullchain.pem"
|
||||||
|
|
||||||
# Client Certificate Key
|
# Client Certificate Key
|
||||||
#ssl.key: "/etc/pki/client/cert.key"
|
#ssl.key: "/mnt/certs/diyprivkeyr.pem"
|
||||||
|
|
||||||
#================================ Processors =====================================
|
#================================ Processors =====================================
|
||||||
|
|
||||||
# Configure processors to enhance or manipulate events generated by the beat.
|
|
||||||
|
|
||||||
processors:
|
processors:
|
||||||
- add_host_metadata: ~
|
- add_observer_metadata:
|
||||||
- add_cloud_metadata: ~
|
# Optional, but recommended geo settings for the location Heartbeat is running in
|
||||||
|
#geo:
|
||||||
|
# Token describing this location
|
||||||
|
#name: us-east-1a
|
||||||
|
|
||||||
|
# Lat, Lon "
|
||||||
|
#location: "37.926868, -78.024902"
|
||||||
|
|
||||||
#================================ Logging =====================================
|
#================================ Logging =====================================
|
||||||
|
|
||||||
@ -178,20 +139,30 @@ processors:
|
|||||||
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
|
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
|
||||||
# "publish", "service".
|
# "publish", "service".
|
||||||
#logging.selectors: ["*"]
|
#logging.selectors: ["*"]
|
||||||
logging.to_syslog: true
|
|
||||||
logging.to_files: false
|
|
||||||
|
|
||||||
#============================== Xpack Monitoring ===============================
|
#============================== X-Pack Monitoring ===============================
|
||||||
# heartbeat can export internal metrics to a central Elasticsearch monitoring
|
# heartbeat can export internal metrics to a central Elasticsearch monitoring
|
||||||
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
|
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
|
||||||
# reporting is disabled by default.
|
# reporting is disabled by default.
|
||||||
|
|
||||||
# Set to true to enable the monitoring reporter.
|
# Set to true to enable the monitoring reporter.
|
||||||
#xpack.monitoring.enabled: false
|
#monitoring.enabled: false
|
||||||
|
|
||||||
|
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
|
||||||
|
# Heartbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
|
||||||
|
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
|
||||||
|
#monitoring.cluster_uuid:
|
||||||
|
|
||||||
# Uncomment to send the metrics to Elasticsearch. Most settings from the
|
# Uncomment to send the metrics to Elasticsearch. Most settings from the
|
||||||
# Elasticsearch output are accepted here as well. Any setting that is not set is
|
# Elasticsearch output are accepted here as well.
|
||||||
# automatically inherited from the Elasticsearch output configuration, so if you
|
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
|
||||||
# have the Elasticsearch output configured, you can simply uncomment the
|
# Any setting that is not set is automatically inherited from the Elasticsearch
|
||||||
# following line.
|
# output configuration, so if you have the Elasticsearch output configured such
|
||||||
#xpack.monitoring.elasticsearch:
|
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
|
||||||
|
# uncomment the following line.
|
||||||
|
#monitoring.elasticsearch:
|
||||||
|
|
||||||
|
#================================= Migration ==================================
|
||||||
|
|
||||||
|
# This allows to enable 6.7 migration aliases
|
||||||
|
#migration.6_to_7.enabled: true
|
77
jails/config/elk/jvm.options
Executable file
77
jails/config/elk/jvm.options
Executable file
@ -0,0 +1,77 @@
|
|||||||
|
## JVM configuration
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
## IMPORTANT: JVM heap size
|
||||||
|
################################################################
|
||||||
|
##
|
||||||
|
## You should always set the min and max JVM heap
|
||||||
|
## size to the same value. For example, to set
|
||||||
|
## the heap to 4 GB, set:
|
||||||
|
##
|
||||||
|
## -Xms4g
|
||||||
|
## -Xmx4g
|
||||||
|
##
|
||||||
|
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
|
||||||
|
## for more information
|
||||||
|
##
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
# Xms represents the initial size of total heap space
|
||||||
|
# Xmx represents the maximum size of total heap space
|
||||||
|
|
||||||
|
-Xms4g
|
||||||
|
-Xmx4g
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
## Expert settings
|
||||||
|
################################################################
|
||||||
|
##
|
||||||
|
## All settings below this section are considered
|
||||||
|
## expert settings. Don't tamper with them unless
|
||||||
|
## you understand what you are doing
|
||||||
|
##
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
## GC configuration
|
||||||
|
8-13:-XX:+UseConcMarkSweepGC
|
||||||
|
8-13:-XX:CMSInitiatingOccupancyFraction=75
|
||||||
|
8-13:-XX:+UseCMSInitiatingOccupancyOnly
|
||||||
|
|
||||||
|
## G1GC Configuration
|
||||||
|
# NOTE: G1 GC is only supported on JDK version 10 or later
|
||||||
|
# to use G1GC, uncomment the next two lines and update the version on the
|
||||||
|
# following three lines to your version of the JDK
|
||||||
|
# 10-13:-XX:-UseConcMarkSweepGC
|
||||||
|
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
|
||||||
|
14-:-XX:+UseG1GC
|
||||||
|
14-:-XX:G1ReservePercent=25
|
||||||
|
14-:-XX:InitiatingHeapOccupancyPercent=30
|
||||||
|
|
||||||
|
## JVM temporary directory
|
||||||
|
-Djava.io.tmpdir=${ES_TMPDIR}
|
||||||
|
|
||||||
|
## heap dumps
|
||||||
|
|
||||||
|
# generate a heap dump when an allocation from the Java heap fails
|
||||||
|
# heap dumps are created in the working directory of the JVM
|
||||||
|
-XX:+HeapDumpOnOutOfMemoryError
|
||||||
|
|
||||||
|
# specify an alternative path for heap dumps; ensure the directory exists and
|
||||||
|
# has sufficient space
|
||||||
|
-XX:HeapDumpPath=data
|
||||||
|
|
||||||
|
# specify an alternative path for JVM fatal error logs
|
||||||
|
-XX:ErrorFile=logs/hs_err_pid%p.log
|
||||||
|
|
||||||
|
## JDK 8 GC logging
|
||||||
|
8:-XX:+PrintGCDetails
|
||||||
|
8:-XX:+PrintGCDateStamps
|
||||||
|
8:-XX:+PrintTenuringDistribution
|
||||||
|
8:-XX:+PrintGCApplicationStoppedTime
|
||||||
|
8:-Xloggc:${ES_TMPDIR}/gc.log
|
||||||
|
8:-XX:+UseGCLogFileRotation
|
||||||
|
8:-XX:NumberOfGCLogFiles=32
|
||||||
|
8:-XX:GCLogFileSize=64m
|
||||||
|
|
||||||
|
# JDK 9+ GC logging
|
||||||
|
9-:-Xlog:gc*,gc+age=trace,safepoint:file=${ES_TMPDIR}/gc.log:utctime,pid,tags:filecount=32,filesize=64m
|
@ -25,7 +25,7 @@ server.host: "::"
|
|||||||
server.name: "kibana.diyit.org"
|
server.name: "kibana.diyit.org"
|
||||||
|
|
||||||
# The URLs of the Elasticsearch instances to use for all your queries.
|
# The URLs of the Elasticsearch instances to use for all your queries.
|
||||||
elasticsearch.hosts: ["https://kibanax.diyit.org:9200"]
|
elasticsearch.hosts: ["https://elk.diyit.org:9200"]
|
||||||
|
|
||||||
# When this setting's value is true Kibana uses the hostname specified in the server.host
|
# When this setting's value is true Kibana uses the hostname specified in the server.host
|
||||||
# setting. When the value of this setting is false, Kibana uses the hostname of the host
|
# setting. When the value of this setting is false, Kibana uses the hostname of the host
|
||||||
@ -53,7 +53,8 @@ server.ssl.certificate: /mnt/certs/diyfullchain.pem
|
|||||||
server.ssl.key: /mnt/certs/diyprivkeyr.pem
|
server.ssl.key: /mnt/certs/diyprivkeyr.pem
|
||||||
|
|
||||||
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
|
# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
|
||||||
# These files validate that your Elasticsearch backend uses the same key files.
|
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
|
||||||
|
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
|
||||||
#elasticsearch.ssl.certificate: /path/to/your/client.crt
|
#elasticsearch.ssl.certificate: /path/to/your/client.crt
|
||||||
#elasticsearch.ssl.key: /path/to/your/client.key
|
#elasticsearch.ssl.key: /path/to/your/client.key
|
||||||
|
|
||||||
@ -110,4 +111,5 @@ elasticsearch.ssl.verificationMode: full
|
|||||||
#ops.interval: 5000
|
#ops.interval: 5000
|
||||||
|
|
||||||
# Specifies locale to be used for all localizable strings, dates and number formats.
|
# Specifies locale to be used for all localizable strings, dates and number formats.
|
||||||
|
# Supported languages are the following: English - en , by default , Chinese - zh-CN .
|
||||||
#i18n.locale: "en"
|
#i18n.locale: "en"
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
@ -10,6 +10,7 @@ input {
|
|||||||
beats {
|
beats {
|
||||||
port => 5044
|
port => 5044
|
||||||
ssl => false
|
ssl => false
|
||||||
|
#https://discuss.elastic.co/t/problem-with-cipher-in-beat-input/67841
|
||||||
ssl_key => '/mnt/certs/diyprivkeyr.pem'
|
ssl_key => '/mnt/certs/diyprivkeyr.pem'
|
||||||
ssl_certificate => '/mnt/certs/diyfullchain.pem'
|
ssl_certificate => '/mnt/certs/diyfullchain.pem'
|
||||||
ssl_certificate_authorities => ["/mnt/certs/cacert.pem"]
|
ssl_certificate_authorities => ["/mnt/certs/cacert.pem"]
|
||||||
@ -22,7 +23,7 @@ output {
|
|||||||
ssl => true
|
ssl => true
|
||||||
ssl_certificate_verification => true
|
ssl_certificate_verification => true
|
||||||
cacert => '/mnt/certs/cacert.pem'
|
cacert => '/mnt/certs/cacert.pem'
|
||||||
hosts => ["https://kibanax.diyit.org:9200"]
|
hosts => ["https://elk.diyit.org:9200"]
|
||||||
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
|
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
|
||||||
user => "elastic"
|
user => "elastic"
|
||||||
password => "${es_pwd}"
|
password => "${es_pwd}"
|
@ -16,7 +16,6 @@
|
|||||||
#
|
#
|
||||||
# Use a descriptive name for the node:
|
# Use a descriptive name for the node:
|
||||||
#
|
#
|
||||||
# node.name: test
|
|
||||||
node.name: logstash
|
node.name: logstash
|
||||||
#
|
#
|
||||||
# If omitted the node name will default to the machine's host name
|
# If omitted the node name will default to the machine's host name
|
||||||
@ -26,7 +25,6 @@ node.name: logstash
|
|||||||
# Which directory should be used by logstash and its plugins
|
# Which directory should be used by logstash and its plugins
|
||||||
# for any persistent needs. Defaults to LOGSTASH_HOME/data
|
# for any persistent needs. Defaults to LOGSTASH_HOME/data
|
||||||
#
|
#
|
||||||
# path.data:
|
|
||||||
path.data: /var/db/logstash
|
path.data: /var/db/logstash
|
||||||
#
|
#
|
||||||
# ------------ Pipeline Settings --------------
|
# ------------ Pipeline Settings --------------
|
||||||
@ -40,7 +38,7 @@ path.data: /var/db/logstash
|
|||||||
#
|
#
|
||||||
# This defaults to the number of the host's CPU cores.
|
# This defaults to the number of the host's CPU cores.
|
||||||
#
|
#
|
||||||
pipeline.workers: 8
|
pipeline.workers: 4
|
||||||
#
|
#
|
||||||
# How many events to retrieve from inputs before sending to filters+workers
|
# How many events to retrieve from inputs before sending to filters+workers
|
||||||
#
|
#
|
||||||
@ -207,7 +205,6 @@ path.config: /usr/local/etc/logstash/logstash.conf
|
|||||||
# * trace
|
# * trace
|
||||||
#
|
#
|
||||||
# log.level: info
|
# log.level: info
|
||||||
#log.level: debug
|
|
||||||
# path.logs:
|
# path.logs:
|
||||||
#
|
#
|
||||||
# ------------ Other Settings --------------
|
# ------------ Other Settings --------------
|
||||||
@ -215,17 +212,24 @@ path.config: /usr/local/etc/logstash/logstash.conf
|
|||||||
# Where to find custom plugins
|
# Where to find custom plugins
|
||||||
# path.plugins: []
|
# path.plugins: []
|
||||||
#
|
#
|
||||||
|
# Flag to output log lines of each pipeline in its separate log file. Each log filename contains the pipeline.name
|
||||||
|
# Default is false
|
||||||
|
# pipeline.separate_logs: false
|
||||||
|
#
|
||||||
# ------------ X-Pack Settings (not applicable for OSS build)--------------
|
# ------------ X-Pack Settings (not applicable for OSS build)--------------
|
||||||
#
|
#
|
||||||
# X-Pack Monitoring
|
# X-Pack Monitoring
|
||||||
# https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html
|
# https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html
|
||||||
xpack.monitoring.enabled: true
|
xpack.monitoring.enabled: false
|
||||||
xpack.monitoring.elasticsearch.username: logstash_system
|
xpack.monitoring.elasticsearch.username: logstash_system
|
||||||
xpack.monitoring.elasticsearch.password: a746MPWa1AVieOJlDtM2
|
xpack.monitoring.elasticsearch.password: a746MPWa1AVieOJlDtM2
|
||||||
xpack.monitoring.elasticsearch.hosts: ["https://kibanax.diyit.org:9200"]
|
xpack.monitoring.elasticsearch.hosts: ["https://elk.diyit.org:9200"]
|
||||||
#xpack.monitoring.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
|
#xpack.monitoring.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
|
||||||
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/mnt/certs/cacert.pem"
|
# an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
|
||||||
#xpack.monitoring.elasticsearch.ssl.truststore.path: /path/to/file
|
#xpack.monitoring.elasticsearch.cloud_id: monitoring_cluster_id:xxxxxxxxxx
|
||||||
|
#xpack.monitoring.elasticsearch.cloud_auth: logstash_system:password
|
||||||
|
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/mnt/certs/cacert.crt"
|
||||||
|
#xpack.monitoring.elasticsearch.ssl.truststore.path: path/to/file
|
||||||
#xpack.monitoring.elasticsearch.ssl.truststore.password: password
|
#xpack.monitoring.elasticsearch.ssl.truststore.password: password
|
||||||
#xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
|
#xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
|
||||||
#xpack.monitoring.elasticsearch.ssl.keystore.password: password
|
#xpack.monitoring.elasticsearch.ssl.keystore.password: password
|
||||||
@ -241,6 +245,9 @@ xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
|
|||||||
#xpack.management.elasticsearch.username: logstash_admin_user
|
#xpack.management.elasticsearch.username: logstash_admin_user
|
||||||
#xpack.management.elasticsearch.password: password
|
#xpack.management.elasticsearch.password: password
|
||||||
#xpack.management.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
|
#xpack.management.elasticsearch.hosts: ["https://es1:9200", "https://es2:9200"]
|
||||||
|
# an alternative to hosts + username/password settings is to use cloud_id/cloud_auth
|
||||||
|
#xpack.management.elasticsearch.cloud_id: management_cluster_id:xxxxxxxxxx
|
||||||
|
#xpack.management.elasticsearch.cloud_auth: logstash_admin_user:password
|
||||||
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
|
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
|
||||||
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
|
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
|
||||||
#xpack.management.elasticsearch.ssl.truststore.password: password
|
#xpack.management.elasticsearch.ssl.truststore.password: password
|
130
jails/config/elk/rc.d/elasticsearch
Executable file
130
jails/config/elk/rc.d/elasticsearch
Executable file
@ -0,0 +1,130 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# $FreeBSD: head/textproc/elasticsearch7/files/elasticsearch.in 538703 2020-06-13 22:41:04Z glewis $
|
||||||
|
#
|
||||||
|
# PROVIDE: elasticsearch
|
||||||
|
# REQUIRE: NETWORKING SERVERS
|
||||||
|
# BEFORE: DAEMON
|
||||||
|
# KEYWORD: shutdown
|
||||||
|
#
|
||||||
|
# Add the following line to /etc/rc.conf to enable elasticsearch:
|
||||||
|
#
|
||||||
|
# elasticsearch_enable="YES"
|
||||||
|
#
|
||||||
|
# elasticsearch_user (username): Set to elasticsearch by default.
|
||||||
|
# Set it to required username.
|
||||||
|
# elasticsearch_group (group): Set to elasticsearch by default.
|
||||||
|
# Set it to required group.
|
||||||
|
# elasticsearch_config (path): Set to /usr/local/etc/elasticsearch/elasticsearch.yml by default.
|
||||||
|
# Set it to the config file location.
|
||||||
|
# elasticsearch_java_home (path): Set to /usr/local/openjdk8 by default.
|
||||||
|
# Set it to the root of the JDK to use.
|
||||||
|
#
|
||||||
|
. /etc/rc.subr
|
||||||
|
|
||||||
|
name=elasticsearch
|
||||||
|
rcvar=elasticsearch_enable
|
||||||
|
|
||||||
|
load_rc_config ${name}
|
||||||
|
|
||||||
|
: ${elasticsearch_enable:=NO}
|
||||||
|
: ${elasticsearch_user=elasticsearch}
|
||||||
|
: ${elasticsearch_group=elasticsearch}
|
||||||
|
: ${elasticsearch_config=/usr/local/etc/elasticsearch}
|
||||||
|
: ${elasticsearch_login_class=root}
|
||||||
|
: ${elasticsearch_java_home="/usr/local/openjdk11"}
|
||||||
|
|
||||||
|
required_files="${elasticsearch_config}/elasticsearch.yml"
|
||||||
|
_pidprefix=/var/run/elasticsearch/elasticsearch
|
||||||
|
pidfile=${_pidprefix}.pid
|
||||||
|
procname=${elasticsearch_java_home}/bin/java
|
||||||
|
|
||||||
|
extra_commands="console status"
|
||||||
|
console_cmd=elasticsearch_console
|
||||||
|
start_precmd=elasticsearch_precmd
|
||||||
|
command=/usr/local/lib/elasticsearch/bin/elasticsearch
|
||||||
|
command_args="-d --pidfile=${pidfile}"
|
||||||
|
|
||||||
|
export ES_PATH_CONF=${elasticsearch_config}
|
||||||
|
export JAVA_HOME=${elasticsearch_java_home}
|
||||||
|
|
||||||
|
elasticsearch_precmd()
|
||||||
|
{
|
||||||
|
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 ${pidfile%/*}
|
||||||
|
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 /var/db/elasticsearch
|
||||||
|
/usr/bin/install -d -o ${elasticsearch_user} -g ${elasticsearch_group} -m 755 /var/log/elasticsearch
|
||||||
|
}
|
||||||
|
|
||||||
|
elasticsearch_console()
|
||||||
|
{
|
||||||
|
command_args=""
|
||||||
|
run_rc_command "start"
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "$2" ]; then
|
||||||
|
profile="$2"
|
||||||
|
if [ "x${elasticsearch_profiles}" != "x" ]; then
|
||||||
|
eval elasticsearch_config="\${elasticsearch_${profile}_config:-}"
|
||||||
|
if [ "x${elasticsearch_config}" = "x" ]; then
|
||||||
|
echo "You must define a configuration (elasticsearch_${profile}_config)"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
export ES_PATH_CONF=${elasticsearch_config}
|
||||||
|
required_files="${elasticsearch_config}/elasticsearch.yml"
|
||||||
|
required_files="${elasticsearch_config}/jvm.options"
|
||||||
|
eval elasticsearch_enable="\${elasticsearch_${profile}_enable:-${elasticsearch_enable}}"
|
||||||
|
pidfile="${_pidprefix}.${profile}.pid"
|
||||||
|
command_args="-d --pidfile=${pidfile}"
|
||||||
|
echo "===> elasticsearch profile: ${profile}"
|
||||||
|
else
|
||||||
|
echo "$0: extra argument ignored"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ "x${elasticsearch_profiles}" != "x" -a "x$1" != "x" ]; then
|
||||||
|
for profile in ${elasticsearch_profiles}; do
|
||||||
|
eval _enable="\${elasticsearch_${profile}_enable}"
|
||||||
|
case "x${_enable:-${elasticsearch_enable}}" in
|
||||||
|
x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
|
||||||
|
continue
|
||||||
|
;;
|
||||||
|
x[Yy][Ee][Ss])
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if test -z "$_enable"; then
|
||||||
|
_var=elasticsearch_enable
|
||||||
|
else
|
||||||
|
_var=elasticsearch_"${profile}"_enable
|
||||||
|
fi
|
||||||
|
echo "Bad value" \
|
||||||
|
"'${_enable:-${elasticsearch_enable}}'" \
|
||||||
|
"for ${_var}. " \
|
||||||
|
"Profile ${profile} skipped."
|
||||||
|
continue
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
/usr/local/etc/rc.d/elasticsearch $1 ${profile}
|
||||||
|
retcode="$?"
|
||||||
|
if [ "0${retcode}" -ne 0 ]; then
|
||||||
|
failed="${profile} (${retcode}) ${failed:-}"
|
||||||
|
else
|
||||||
|
success="${profile} ${success:-}"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "x${elasticsearch_mem_min}" != "x" ]; then
|
||||||
|
echo "The elasticsearch_mem_min variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
if [ "x${elasticsearch_mem_max}" != "x" ]; then
|
||||||
|
echo "The elasticsearch_mem_max variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
if [ "x${elasticsearch_props}" != "x" ]; then
|
||||||
|
echo "The elasticsearch_props variable is no longer supported please set this in ${elasticsearch_config}/jvm.options"
|
||||||
|
exit 1;
|
||||||
|
fi
|
||||||
|
|
||||||
|
run_rc_command "$1"
|
121
jails/config/elk/rc.d/logstash
Executable file
121
jails/config/elk/rc.d/logstash
Executable file
@ -0,0 +1,121 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Configuration settings for logstash in /etc/rc.conf:
|
||||||
|
#
|
||||||
|
# PROVIDE: logstash
|
||||||
|
# REQUIRE: DAEMON
|
||||||
|
# BEFORE: LOGIN
|
||||||
|
# KEYWORD: shutdown
|
||||||
|
#
|
||||||
|
# logstash_enable (bool):
|
||||||
|
# Default value: "NO"
|
||||||
|
# Flag that determines whether Logstash is enabled.
|
||||||
|
#
|
||||||
|
# logstash_home (string):
|
||||||
|
# Default value: "/usr/local/logstash"
|
||||||
|
# Logstash installation directory.
|
||||||
|
#
|
||||||
|
# logstash_config (string):
|
||||||
|
# Default value: /usr/local/etc/${name}
|
||||||
|
# Logstash configuration path.
|
||||||
|
#
|
||||||
|
# logstash_log (bool):
|
||||||
|
# Set to "NO" by default.
|
||||||
|
# Set it to "YES" to enable logstash logging to file
|
||||||
|
# Default output to /var/log/logstash.log
|
||||||
|
#
|
||||||
|
# logstash_log_file (string):
|
||||||
|
# Default value: "${logdir}/${name}.log"
|
||||||
|
# Log file path.
|
||||||
|
#
|
||||||
|
# logstash_java_home (string):
|
||||||
|
# Default value: "/usr/local/openjdk8"
|
||||||
|
# Root directory of the desired Java SDK.
|
||||||
|
# The JAVA_HOME environment variable is set with the contents of this
|
||||||
|
# variable.
|
||||||
|
#
|
||||||
|
# logstash_java_opts (string):
|
||||||
|
# Default value: ""
|
||||||
|
# Options to pass to the Java Virtual Machine.
|
||||||
|
# The JAVA_OPTS environment variable is set with the contents of this
|
||||||
|
# variable.
|
||||||
|
#
|
||||||
|
# logstash_opts (string):
|
||||||
|
# Default value: ""
|
||||||
|
# Additional command line flags for logstash, eg. "-r"
|
||||||
|
#
|
||||||
|
|
||||||
|
. /etc/rc.subr
|
||||||
|
|
||||||
|
name=logstash
|
||||||
|
rcvar=logstash_enable
|
||||||
|
|
||||||
|
load_rc_config ${name}
|
||||||
|
|
||||||
|
logdir="/var/log"
|
||||||
|
|
||||||
|
: ${logstash_enable="NO"}
|
||||||
|
: ${logstash_user="logstash"}
|
||||||
|
: ${logstash_group="logstash"}
|
||||||
|
: ${logstash_home="/usr/local/logstash"}
|
||||||
|
: ${logstash_config="/usr/local/etc/logstash"}
|
||||||
|
: ${logstash_log="YES"}
|
||||||
|
: ${logstash_log_dir="${logdir}/${name}"}
|
||||||
|
: ${logstash_java_home="/usr/local/openjdk11"}
|
||||||
|
: ${logstash_java_opts=""}
|
||||||
|
: ${logstash_opts=""}
|
||||||
|
|
||||||
|
pidfile=/var/run/${name}/${name}.pid
|
||||||
|
|
||||||
|
extra_commands="configtest reload"
|
||||||
|
start_precmd="logstash_precmd"
|
||||||
|
configtest_cmd=configtest
|
||||||
|
|
||||||
|
logstash_cmd="${logstash_home}/bin/logstash"
|
||||||
|
procname="${logstash_java_home}/bin/java"
|
||||||
|
|
||||||
|
logstash_chdir=${logstash_home}
|
||||||
|
logstash_log_options=""
|
||||||
|
|
||||||
|
if checkyesno logstash_log; then
|
||||||
|
logstash_log_options=" -l ${logstash_log_dir}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
logstash_args="--path.settings ${logstash_config} ${logstash_log_options} ${logstash_opts}"
|
||||||
|
|
||||||
|
JAVA_OPTS="${logstash_java_opts}"
|
||||||
|
JAVA_HOME="${logstash_java_home}"
|
||||||
|
export JAVA_OPTS
|
||||||
|
export JAVA_HOME
|
||||||
|
|
||||||
|
command="/usr/sbin/daemon"
|
||||||
|
command_args="-f -p ${pidfile} ${logstash_cmd} ${logstash_args}"
|
||||||
|
required_files="${logstash_home} ${logstash_java_home} ${logstash_cmd} ${logstash_config}"
|
||||||
|
|
||||||
|
# Include /usr/local/bin in path because Logstash startup scripts
|
||||||
|
# assume bash is in path.
|
||||||
|
PATH=/usr/local/bin:$PATH
|
||||||
|
|
||||||
|
logstash_precmd()
|
||||||
|
{
|
||||||
|
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${pidfile%/*}
|
||||||
|
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${logstash_log_dir}
|
||||||
|
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/db/logstash
|
||||||
|
/usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/run/logstash
|
||||||
|
|
||||||
|
if [ -d ${logstash_home}/data/queue ]; then
|
||||||
|
chown ${logstash_user}:${logstash_group} ${logstash_home}/data/queue
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
configtest()
|
||||||
|
{
|
||||||
|
echo "${name} configtest:"
|
||||||
|
echo "WARNING: this does not check validity of Grok patterns!"
|
||||||
|
echo "WARNING: this does not check validity of Grok patterns!"
|
||||||
|
echo "WARNING: this does not check validity of Grok patterns!"
|
||||||
|
${logstash_cmd} --path.settings ${logstash_config} --config.test_and_exit
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
run_rc_command "$1"
|
7
jails/config/elk/start_logstash.sh
Executable file
7
jails/config/elk/start_logstash.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
ps axww | grep logstash
|
||||||
|
echo press any key to continue - ctrl-c to abort
|
||||||
|
read X
|
||||||
|
mount proc
|
||||||
|
service logstash start
|
||||||
|
#/usr/sbin/daemon -f /usr/local/logstash/bin/logstash --path.settings /usr/local/etc/logstash -l /var/log/logstash
|
||||||
|
ps axww | grep logstash
|
3
jails/config/elk/updateCerts.sh
Executable file
3
jails/config/elk/updateCerts.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs
|
||||||
|
cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs
|
||||||
|
service elasticsearch restart
|
@ -1,6 +1,6 @@
|
|||||||
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
|
||||||
Copyright (c) 2018-2020, diyIT.org
|
Copyright (c) 2018-2021, diyIT.org
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
|
||||||
Copyright (c) 2018-2020, diyIT.org
|
Copyright (c) 2018-2021, diyIT.org
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
12
jails/config/hass/.tmux.conf
Normal file
12
jails/config/hass/.tmux.conf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
unbind C-b
|
||||||
|
set -g prefix C-a
|
||||||
|
bind C-a send-prefix
|
||||||
|
|
||||||
|
setw -g mouse on
|
||||||
|
|
||||||
|
# Set the default terminal mode to 256color mode
|
||||||
|
set -g default-terminal "xterm-256color"
|
||||||
|
|
||||||
|
# enable activity alerts
|
||||||
|
setw -g monitor-activity on
|
||||||
|
set -g visual-activity on
|
15
jails/config/hass/hass.sh
Executable file
15
jails/config/hass/hass.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# ./hass.sh under tmux
|
||||||
|
|
||||||
|
cd /data/homeassistant/
|
||||||
|
source bin/activate
|
||||||
|
hass
|
15
jails/config/hass/heyu.sh
Executable file
15
jails/config/hass/heyu.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# ./hass.sh under tmux
|
||||||
|
|
||||||
|
heyu start
|
||||||
|
heyu info
|
||||||
|
heyu monitor
|
4
jails/config/hass/setup_jail.sh
Executable file
4
jails/config/hass/setup_jail.sh
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
# requrired to run other configured scripts
|
||||||
|
/bin/sh /etc/rc
|
||||||
|
# launch tmux with jails
|
||||||
|
/mnt/config/startsessions.sh
|
31
jails/config/hass/startsessions.sh
Executable file
31
jails/config/hass/startsessions.sh
Executable file
@ -0,0 +1,31 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
session="sess_tmux"
|
||||||
|
|
||||||
|
# set up tmux
|
||||||
|
tmux start-server
|
||||||
|
|
||||||
|
# create a new tmux session, naming the window freepbx
|
||||||
|
tmux new-session -d -s $session -n hass
|
||||||
|
tmux selectp -t 1
|
||||||
|
tmux send-keys "cd /mnt/config;./hass.sh" C-m
|
||||||
|
|
||||||
|
# create a new window windows
|
||||||
|
tmux new-window -t $session:1 -n heyu
|
||||||
|
tmux selectp -t 1
|
||||||
|
tmux send-keys "cd /mnt/config;./heyu.sh" C-m
|
||||||
|
|
||||||
|
# return to main window
|
||||||
|
tmux select-window -t $session:0
|
||||||
|
tmux selectp -t 1
|
||||||
|
|
||||||
|
# Finished setup, attach to the tmux session!
|
||||||
|
#tmux attach-session -t $session
|
264
jails/config/hass/x10.conf
Normal file
264
jails/config/hass/x10.conf
Normal file
@ -0,0 +1,264 @@
|
|||||||
|
# Example Heyu configuration file. Copy this to file 'x10config' in
|
||||||
|
# directory $HOME/.heyu/ and modify as required. This example uses
|
||||||
|
# features which are new to heyu version 2
|
||||||
|
# and which will not be recognized by heyu version 1.xx.
|
||||||
|
|
||||||
|
# Note: This example file describes only a few of the most commom
|
||||||
|
# configuration directives. For the complete list see man page
|
||||||
|
# x10config(5).
|
||||||
|
|
||||||
|
# Anything on a line between a '#' character and the end of the line is
|
||||||
|
# treated as a comment and ignored by Heyu, as are blank lines.
|
||||||
|
# The various configuration directives in this file can be in any order
|
||||||
|
# except that ALIAS directives must appear before any other directive
|
||||||
|
# which references the alias label in place of a housecode|unit address.
|
||||||
|
# See 'man x10config' for additional information and directives.
|
||||||
|
|
||||||
|
# Serial port to which the CM11a is connected. Default is /dev/ttyS0.
|
||||||
|
|
||||||
|
tty /dev/ttyU1
|
||||||
|
check_ri_line NO
|
||||||
|
|
||||||
|
# If you have an X10 compatible RF receiver connected to a second
|
||||||
|
# serial port, use the TTY_AUX directive to specify the serial port
|
||||||
|
# and model of receiver. Supported receivers are W800RF32, MR26A,
|
||||||
|
# and RFXCOM. There are no defaults.
|
||||||
|
|
||||||
|
tty_aux /dev/ttyU0 MR26A
|
||||||
|
|
||||||
|
# The CM19A is both a receiver and transmitter for X10 RF signals.
|
||||||
|
# The MR26A is a receiver only.
|
||||||
|
# The CM19A is USB and the MR26A is serial port
|
||||||
|
|
||||||
|
# Base housecode. The default is A.
|
||||||
|
|
||||||
|
#housecode A
|
||||||
|
|
||||||
|
# Aliases:
|
||||||
|
# Format: ALIAS Label Housecode|Unitcode_string [Module_Type]
|
||||||
|
|
||||||
|
# The label is limited to 32 characters in length and is case-sensitive,
|
||||||
|
# e.g., Front_Porch and front_porch are treated as different labels.
|
||||||
|
# Each alias may reference a single unitcode or a multiple unitcode
|
||||||
|
# string (no embedded blanks), but is limited to one housecode.
|
||||||
|
|
||||||
|
# The optional Module_Type is the general type or specific model number
|
||||||
|
# of a module currently supported by Heyu. (Knowing the characteristics
|
||||||
|
# of a module allows Heyu to track changes in its On/Off/Dim state
|
||||||
|
# as X10 signals are sent or received.) The most commonly used modules
|
||||||
|
# are the standard X10 lamp module (StdLM) and standard X10 appliance
|
||||||
|
# module (StdAM). Other modules currently supported by Heyu are listed
|
||||||
|
# in x10config(5). A standard X10 lamp module (StdLM) is the
|
||||||
|
# default (changeable with the DEFAULT_MODULE directive)
|
||||||
|
# for housecode|units which are not defined in an alias directive.
|
||||||
|
# A module_type should normally not be defined for mutiple-unit
|
||||||
|
# aliases, just for the single-unit aliases. (The module characteristics
|
||||||
|
# are associated with the housecode|unit, however referenced.)
|
||||||
|
|
||||||
|
# Some examples:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Note: Prior versions of Heyu used a different format for
|
||||||
|
# aliases - no ALIAS directive and the Housecode and Unitcode_string
|
||||||
|
# were separated by a space, e.g., simply:
|
||||||
|
# front_porch A 1
|
||||||
|
# Heyu will continue to accept this older format for compatibility,
|
||||||
|
# but its use is discouraged as modules cannot be specified.
|
||||||
|
|
||||||
|
# Scenes and Usersyns (User-defined synonyms):
|
||||||
|
# Format: SCENE Label Command1 <args> [; Command2 <args> [; ...
|
||||||
|
# Format: USERSYN Label Command1 <args> [; Command2 <args> [; ...
|
||||||
|
# The label is limited to 32 characters and is case-sensitive.
|
||||||
|
# Scenes and Usersyns are both semicolon-separated lists of
|
||||||
|
# commands with their arguments which can be executed or used
|
||||||
|
# in macros as if their labels were ordinary Heyu commands.
|
||||||
|
# See 'man x10config' for the features and limitations of Scenes
|
||||||
|
# and Usersyns.
|
||||||
|
# (In the current version of heyu, the ONLY distinction between
|
||||||
|
# scenes and usersyns is the 'show' menus in which they appear.)
|
||||||
|
# Some examples:
|
||||||
|
|
||||||
|
SCENE blinker on D5; off D5; on D5; off D5
|
||||||
|
#USERSYN normal_lights on front_porch; on back_porch
|
||||||
|
#SCENE tv_on on tv_set; dimb living_room 10
|
||||||
|
|
||||||
|
# parameters, e.g., $1, $2, which are replaced by actual
|
||||||
|
# parameters supplied when the scene/usersyn is run.
|
||||||
|
|
||||||
|
#USERSYN night_lights dimb front_porch $1; dimb back_porch $1
|
||||||
|
|
||||||
|
# Define the (writeable) directory where the Heyu state engine daemon
|
||||||
|
# (started with 'heyu engine') is to write its log file 'heyu.log.<tty>'.
|
||||||
|
# The default is 'NONE', indicating no log file is to be written.
|
||||||
|
|
||||||
|
log_dir /usr/local/etc/heyu/log
|
||||||
|
|
||||||
|
# The entries in the log file are similar to those which appear in
|
||||||
|
# the heyu monitor, but in addition will include an entry when
|
||||||
|
# a script is launched, and unless redirected elsewhere, any
|
||||||
|
# text output from that script.
|
||||||
|
|
||||||
|
# Note that the log file will continue to grow. Manually delete
|
||||||
|
# or trim it from time to time, or configure a Unix utility like
|
||||||
|
# 'logrotate' to manage this task automatically.
|
||||||
|
|
||||||
|
# If the Heyu state engine is running, Heyu can launch scripts
|
||||||
|
# (or any Unix commands) when it sees specified X10 signals.
|
||||||
|
# The format is:
|
||||||
|
|
||||||
|
#SCRIPT [ -l label ] <launch conditions> :: [options] <command line>
|
||||||
|
|
||||||
|
# where label is an optional label, <launch conditions> tell
|
||||||
|
# Heyu under what conditions to launch the script, and
|
||||||
|
# <command line> is the script command to be executed.
|
||||||
|
# The '::' (two colons) separator is mandatory since the launch
|
||||||
|
# conditions can be quite complex.
|
||||||
|
# See x10scripts(5) for details, but here's a simple example
|
||||||
|
# (with no label):
|
||||||
|
|
||||||
|
#SCRIPT doorbell on :: play $HOME/sounds/barking_dog.wav
|
||||||
|
|
||||||
|
# Users have the option of running either 'heyuhelper' in a manner
|
||||||
|
# similar to heyu 1.35 or general scripts as above with the
|
||||||
|
# following directive. The default is SCRIPTS, to run general scripts.
|
||||||
|
|
||||||
|
#script_mode SCRIPTS
|
||||||
|
|
||||||
|
# (With the choice 'HEYUHELPER', a script named 'heyuhelper' on
|
||||||
|
# the user's path is run every time any X10 signal is received
|
||||||
|
# by heyu over the power line, assuming the heyu state engine
|
||||||
|
# daemon is running.)
|
||||||
|
|
||||||
|
### The following directives apply when a schedule is ###
|
||||||
|
### is uploaded to the CM11A interface. ###
|
||||||
|
|
||||||
|
# The file name of the user's X10 schedule file in the Heyu base
|
||||||
|
# directory. The default is 'x10.sched'. If you regularly use
|
||||||
|
# more than one, list them here and just comment/uncomment as
|
||||||
|
# appropriate, e.g.,
|
||||||
|
|
||||||
|
#schedule_file x10.sched
|
||||||
|
#schedule_file normal.sched
|
||||||
|
#schedule_file vacation.sched
|
||||||
|
|
||||||
|
# The MODE directive - Heyu's two modes of operation:
|
||||||
|
# In the default COMPATIBLE mode, the schedule uploaded to the
|
||||||
|
# interface is configured to begin on Jan 1st of the current
|
||||||
|
# year and # is valid for 366 days - through Dec 31st of the
|
||||||
|
# current # year or Jan 1st of the following year, depending
|
||||||
|
# whether # the current year is a leap or common year.
|
||||||
|
# COMPATIBLE mode is the default.
|
||||||
|
|
||||||
|
# In HEYU mode the schedule uploaded to the interface is
|
||||||
|
# configured to begin on today's date and is valid for
|
||||||
|
# the number days of provided by the PROGRAM_DAYS directive.
|
||||||
|
# WARNING: The mere execution of X10's ActiveHome(tm) program
|
||||||
|
# under MS-Windows, or having its resident driver running, when
|
||||||
|
# the interface has been programmed by Heyu in HEYU mode can
|
||||||
|
# cause problems. See 'man x10config' for details.
|
||||||
|
|
||||||
|
#mode COMPATIBLE
|
||||||
|
|
||||||
|
# Number of days for which the interface is to be programmed
|
||||||
|
# when running in HEYU mode. It is ignored in COMPATIBLE mode.
|
||||||
|
# (A shorter period can yield more accurate values for dawn
|
||||||
|
# and dusk.) The default is 366 days.
|
||||||
|
|
||||||
|
#program_days 366
|
||||||
|
|
||||||
|
# Should Heyu combine events having the same date range, time, etc.,
|
||||||
|
# by concatenating the macros for similar events? The default is YES.
|
||||||
|
|
||||||
|
#combine_events YES
|
||||||
|
|
||||||
|
# Should Heyu compress uploaded macros by combining unit codes for the same
|
||||||
|
#housecode and command and eliminating duplicates? E.g.,
|
||||||
|
# (on A1; on B2; on A3, on B2) ==> (on A1,3; on B2)
|
||||||
|
# The default is NO
|
||||||
|
|
||||||
|
#compress_macros NO
|
||||||
|
|
||||||
|
# The user's Longitude and Latitude, needed for dawn/dusk calculations.
|
||||||
|
# There are no defaults. Don't use these examples - put in values
|
||||||
|
# for your own location.
|
||||||
|
|
||||||
|
longitude W121:46
|
||||||
|
latitude N37:16
|
||||||
|
|
||||||
|
# For dawn/dusk related times, Heyu breaks up the schedule date intervals
|
||||||
|
# into subintervals, each with a constant value of dawn or dusk time.
|
||||||
|
# These directives instruct Heyu what value of dawn/dusk time to use.
|
||||||
|
# The default value is FIRST, i.e., that on the first day of the subinterval,
|
||||||
|
# which is most convenient for comparing Heyu's computations with actual.
|
||||||
|
|
||||||
|
#dawn_option FIRST
|
||||||
|
#dusk_option FIRST
|
||||||
|
|
||||||
|
# The following times allow bounds to be placed on the times of Dawn
|
||||||
|
# and Dusk computed by Heyu. For example, setting the value for
|
||||||
|
#min_dawn to 06:30 will ensure that an event scheduled to be
|
||||||
|
# executed at Dawn will occur at 06:30 during summer hours whenever
|
||||||
|
# the actual computed value of Dawn is earlier than that time.
|
||||||
|
# The value for these directives are specified as hh:mm Legal
|
||||||
|
# (i.e., wall-clock) time, or the directives may be disabled with
|
||||||
|
# the word OFF, which is the default.
|
||||||
|
|
||||||
|
# Timer options DAWNLT, DAWNGT, DUSKLT, DUSKGT used in the Heyu
|
||||||
|
# schedule file will usually eliminate the need for these directives.
|
||||||
|
# See man page x10sched(5) for details.
|
||||||
|
|
||||||
|
#min_dawn OFF
|
||||||
|
#max_dawn OFF
|
||||||
|
#min_dusk OFF
|
||||||
|
#max_dusk OFF
|
||||||
|
|
||||||
|
# Directory to write reports and files other than the critical files
|
||||||
|
# The default is to write them in the Heyu base directory.
|
||||||
|
|
||||||
|
#report_path ./
|
||||||
|
|
||||||
|
# Replace events having delayed macros with new events and new
|
||||||
|
# undelayed macros when possible. (The purpose is to avoid pending
|
||||||
|
# delayed macros, which are purged when a new schedule is uploaded.)
|
||||||
|
# The default is YES.
|
||||||
|
|
||||||
|
#repl_delayed_macros YES
|
||||||
|
|
||||||
|
# For test purposes, Heyu can write some additional files when
|
||||||
|
# the command 'heyu upload check' is executed. This directive
|
||||||
|
# instructs Heyu to write these files. The default is NO.
|
||||||
|
|
||||||
|
#write_check_files NO
|
||||||
|
|
||||||
|
START_ENGINE AUTO
|
||||||
|
|
||||||
|
alias Kitchen D1 StdLM
|
||||||
|
alias Family_Room D2 StdLM
|
||||||
|
alias Hallway D3 StdLM
|
||||||
|
alias Kitchen_Table D4 StdLM
|
||||||
|
alias Stairway D5 StdLM
|
||||||
|
alias Study D6 StdLM
|
||||||
|
alias Dining D7 StdLM
|
||||||
|
alias Bonus_Room D8 StdLM
|
||||||
|
alias Living_Room_L0 D9 StdLM
|
||||||
|
alias Front_Door D10 StdLM
|
||||||
|
alias Living_Room_L1 D11 StdLM
|
||||||
|
alias Living_Room_L2 D12 StdLM
|
||||||
|
alias Piano_Room_L1 D13 StdLM
|
||||||
|
alias Piano_Room_L2 D14 StdLM
|
||||||
|
alias Family_Room_L0 D15 StdLM
|
||||||
|
alias Chime G1 StdAM
|
||||||
|
alias Main_Garage G2 StdAM
|
||||||
|
alias Side_Garage G3 StdAM
|
||||||
|
alias Front_Yard G13 StdLM
|
||||||
|
alias Back_Yard G14 StdLM
|
||||||
|
alias Plants_front_house I1 RAIN8II
|
||||||
|
alias Plants_front_road I2 RAIN8II
|
||||||
|
alias Lawn_front_road I3 RAIN8II
|
||||||
|
alias Lawn_front_garage I4 RAIN8II
|
||||||
|
alias Lawn_back_pool I5 RAIN8II
|
||||||
|
alias Lawn_back_house I6 RAIN8II
|
||||||
|
alias Plants_back_garage I7 RAIN8II
|
||||||
|
alias Plants_back_road I8 RAIN8II
|
23
jails/config/hub/ipfw.rules
Normal file
23
jails/config/hub/ipfw.rules
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Flush out the list before we begin.
|
||||||
|
ipfw -q -f flush
|
||||||
|
|
||||||
|
# Set rules command prefix
|
||||||
|
cmd="ipfw -q add"
|
||||||
|
pif="epair0b" # interface name of NIC attached to Internet
|
||||||
|
|
||||||
|
$cmd 00100 allow ip from any to any via lo0
|
||||||
|
$cmd 00200 deny ip from any to 127.0.0.0/8
|
||||||
|
$cmd 00300 deny ip from 127.0.0.0/8 to any
|
||||||
|
$cmd 00400 deny ip from any to ::1
|
||||||
|
$cmd 00500 deny ip from ::1 to any
|
||||||
|
$cmd 00600 allow ipv6-icmp from :: to ff02::/16
|
||||||
|
$cmd 00700 allow ipv6-icmp from fe80::/10 to fe80::/10
|
||||||
|
$cmd 00800 allow ipv6-icmp from fe80::/10 to ff02::/16
|
||||||
|
$cmd 00900 allow ipv6-icmp from any to any icmp6types 1
|
||||||
|
$cmd 01000 allow ipv6-icmp from any to any icmp6types 2,135,136
|
||||||
|
$cmd 05000 reset ip from table(22) to me
|
||||||
|
$cmd 65000 allow ip from any to any
|
||||||
|
$cmd 65535 deny ip from any to any
|
||||||
|
|
||||||
|
# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
54
jails/config/hub/sshguard.conf
Normal file
54
jails/config/hub/sshguard.conf
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# sshguard.conf -- SSHGuard configuration
|
||||||
|
|
||||||
|
# Options that are uncommented in this example are set to their default
|
||||||
|
# values. Options without defaults are commented out.
|
||||||
|
|
||||||
|
#### REQUIRED CONFIGURATION ####
|
||||||
|
# Full path to backend executable (required, no default)
|
||||||
|
#BACKEND="/usr/local/libexec/sshg-fw-hosts"
|
||||||
|
BACKEND="/usr/local/libexec/sshg-fw-ipfw"
|
||||||
|
#BACKEND="/usr/local/libexec/sshg-fw-pf"
|
||||||
|
|
||||||
|
# Space-separated list of log files to monitor. (optional, no default)
|
||||||
|
#FILES="/var/log/auth.log /var/log/maillog"
|
||||||
|
FILES="/var/log/auth.log"
|
||||||
|
|
||||||
|
# Shell command that provides logs on standard output. (optional, no default)
|
||||||
|
# Example 1: ssh and sendmail from systemd journal:
|
||||||
|
#LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t sendmail -o cat"
|
||||||
|
# Example 2: ssh from os_log (macOS 10.12+)
|
||||||
|
#LOGREADER="/usr/bin/log stream --style syslog --predicate '(processImagePath contains \"sshd\")'"
|
||||||
|
|
||||||
|
#### OPTIONS ####
|
||||||
|
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
||||||
|
# Most attacks have a score of 10. (optional, default 30)
|
||||||
|
THRESHOLD=30
|
||||||
|
|
||||||
|
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
||||||
|
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
|
||||||
|
BLOCK_TIME=120
|
||||||
|
|
||||||
|
# Remember potential attackers for up to DETECTION_TIME seconds before
|
||||||
|
# resetting their score. (optional, default 1800)
|
||||||
|
DETECTION_TIME=1800
|
||||||
|
|
||||||
|
# Size of IPv6 'subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
|
||||||
|
IPV6_SUBNET=128
|
||||||
|
|
||||||
|
# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
|
||||||
|
IPV4_SUBNET=32
|
||||||
|
|
||||||
|
#### EXTRAS ####
|
||||||
|
# !! Warning: These features may not work correctly with sandboxing. !!
|
||||||
|
|
||||||
|
# Full path to PID file (optional, no default)
|
||||||
|
#PID_FILE=/var/run/sshguard.pid
|
||||||
|
|
||||||
|
# Colon-separated blacklist threshold and full path to blacklist file.
|
||||||
|
# (optional, no default)
|
||||||
|
#BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
|
||||||
|
|
||||||
|
# IP addresses listed in the WHITELIST_FILE are considered to be
|
||||||
|
# friendlies and will never be blocked.
|
||||||
|
#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist
|
1
jails/config/hub/vncmods/passwd
Normal file
1
jails/config/hub/vncmods/passwd
Normal file
@ -0,0 +1 @@
|
|||||||
|
Í•it†Í®
|
44
jails/config/hub/vncmods/vncserver
Executable file
44
jails/config/hub/vncmods/vncserver
Executable file
@ -0,0 +1,44 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# the two lines below are not just comments but required by rcorder; service -e
|
||||||
|
# PROVIDE: vncserver
|
||||||
|
# REQUIRE: NETWORKING SERVERS DAEMON ldconfig resolv
|
||||||
|
|
||||||
|
. /etc/rc.subr
|
||||||
|
|
||||||
|
: ${vncserver_enable="NO"}
|
||||||
|
: ${vncserver_user="p"}
|
||||||
|
: ${vncserver_geometry="1600x900"}
|
||||||
|
: ${vncserver_display="1"}
|
||||||
|
: ${vncserver_securitytypes="vncauth"}
|
||||||
|
# : ${vncserver_securitytypes="vencrypt,vncauth,tlsvnc"}
|
||||||
|
# encryption incompatible with clients - vncconnect-realvnc and guacd
|
||||||
|
|
||||||
|
name=vncserver
|
||||||
|
rcvar=vncserver_enable
|
||||||
|
|
||||||
|
VNCSERVER="/usr/local/bin/vncserver"
|
||||||
|
|
||||||
|
start_cmd="vncserver_start"
|
||||||
|
stop_cmd="vncserver_stop"
|
||||||
|
restart_cmd="vncserver_restart"
|
||||||
|
|
||||||
|
vncserver_start()
|
||||||
|
{
|
||||||
|
CMD="$VNCSERVER -geometry ${vncserver_geometry} -name $(hostname -s) -securitytypes ${vncserver_securitytypes} :${vncserver_display}"
|
||||||
|
su -l ${vncserver_user} -c "${CMD}"
|
||||||
|
}
|
||||||
|
|
||||||
|
vncserver_stop()
|
||||||
|
{
|
||||||
|
CMD="$VNCSERVER -kill :${vncserver_display}"
|
||||||
|
su -l ${vncserver_user} -c "${CMD}"
|
||||||
|
}
|
||||||
|
vncserver_restart()
|
||||||
|
{
|
||||||
|
vncserver_stop
|
||||||
|
vncserver_start
|
||||||
|
}
|
||||||
|
|
||||||
|
load_rc_config ${name}
|
||||||
|
run_rc_command "$1"
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/local/bin/bash
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
@ -10,9 +10,9 @@
|
|||||||
|
|
||||||
# ./ibm.sh under tmux
|
# ./ibm.sh under tmux
|
||||||
|
|
||||||
ifconfig tun186 create
|
ifconfig tun95 create
|
||||||
ifconfig tun186 inet 172.16.0.186 172.16.0.100
|
ifconfig tun95 inet 172.16.0.95 172.16.0.100
|
||||||
chmod 666 /dev/tun186
|
chmod 666 /dev/tun95
|
||||||
|
|
||||||
cd /data/Z110/CONF
|
cd /data/Z110/CONF
|
||||||
# hercules
|
# hercules
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
7
jails/config/jump/enable-routing.sh
Executable file
7
jails/config/jump/enable-routing.sh
Executable file
@ -0,0 +1,7 @@
|
|||||||
|
sysctl net.inet.ip.forwarding=1
|
||||||
|
route add 10.1.2.0/24 192.168.55.105
|
||||||
|
# on remote -
|
||||||
|
#sudo sysctl net.ipv4.ip_forward=1
|
||||||
|
#ip route add 192.168.0.0/24 via 192.168.55.1
|
||||||
|
#OR
|
||||||
|
#ip route add 192.168.0.0/24 dev tun0
|
1
jails/config/jump/guacamole-client/add-ldap.sh
Executable file
1
jails/config/jump/guacamole-client/add-ldap.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
ldapadd -H ldaps://ldap.ahlawat.com -f $1 -D cn=admin,dc=infra -W
|
Binary file not shown.
16
jails/config/jump/guacamole-client/guacamole.properties
Normal file
16
jails/config/jump/guacamole-client/guacamole.properties
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
###
|
||||||
|
### guacamole.properties.sample
|
||||||
|
###
|
||||||
|
|
||||||
|
|
||||||
|
### The Host the Guacamole proxy daemon (guacd) is listening on.
|
||||||
|
#
|
||||||
|
guacd-host: localhost
|
||||||
|
guacd-port: 4822
|
||||||
|
guacd-ssl: false
|
||||||
|
ldap-hostname: ldap.ahlawat.com
|
||||||
|
ldap-port: 636
|
||||||
|
ldap-encryption-method: ssl
|
||||||
|
ldap-user-base-dn: ou=people,dc=infra
|
||||||
|
ldap-username-attribute: cn
|
||||||
|
ldap-config-base-dn: ou=hosts,dc=infra
|
20
jails/config/jump/guacamole-client/logback.xml
Normal file
20
jails/config/jump/guacamole-client/logback.xml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!-- Guacamole logs all messages to console by default. Servlet containers
|
||||||
|
like Tomcat will automattically redirect these messages to a log file,
|
||||||
|
catalina.out in the case of Tomcat. Valid levels= error, warn, info,
|
||||||
|
debug -->
|
||||||
|
<configuration>
|
||||||
|
|
||||||
|
<!-- Appender for debugging -->
|
||||||
|
<appender name="GUAC-DEBUG" class="ch.qos.logback.core.ConsoleAppender">
|
||||||
|
<encoder>
|
||||||
|
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
|
||||||
|
</encoder>
|
||||||
|
</appender>
|
||||||
|
|
||||||
|
<!-- Log at DEBUG level -->
|
||||||
|
<root level="info">
|
||||||
|
<appender-ref ref="GUAC-DEBUG"/>
|
||||||
|
</root>
|
||||||
|
|
||||||
|
</configuration>
|
14
jails/config/jump/guacamole-client/rdp-windows.ldif
Normal file
14
jails/config/jump/guacamole-client/rdp-windows.ldif
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
dn: cn=rdp-windows,ou=hosts,dc=infra
|
||||||
|
objectClass: guacConfigGroup
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: Windows rdp
|
||||||
|
guacConfigProtocol: rdp
|
||||||
|
guacConfigParameter: hostname=192.168.0.81
|
||||||
|
guacConfigParameter: port=3389
|
||||||
|
guacConfigParameter: username=v
|
||||||
|
guacConfigParameter: password=v
|
||||||
|
guacConfigParameter: security=nla
|
||||||
|
guacConfigParameter: ignore-cert=true
|
||||||
|
member: cn=sharad,ou=people,dc=infra
|
||||||
|
member: cn=diyit,ou=people,dc=infra
|
||||||
|
# seeAlso: cn=ahlawat.com,ou=groups,dc=infra
|
10
jails/config/jump/guacamole-client/ssh-nas.ldif
Normal file
10
jails/config/jump/guacamole-client/ssh-nas.ldif
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
dn: cn=ssh-nas,ou=hosts,dc=infra
|
||||||
|
objectClass: guacConfigGroup
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: NAS ssh
|
||||||
|
guacConfigProtocol: ssh
|
||||||
|
guacConfigParameter: hostname=192.168.0.10
|
||||||
|
guacConfigParameter: port=22
|
||||||
|
member: cn=sharad,ou=people,dc=infra
|
||||||
|
member: cn=diyit,ou=people,dc=infra
|
||||||
|
# seeAlso: cn=ahlawat.com,ou=groups,dc=infra
|
74
jails/config/jump/guacamole-client/user-mapping.xml
Normal file
74
jails/config/jump/guacamole-client/user-mapping.xml
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!-- Guacamole's default authentication module is a simple xml file.
|
||||||
|
Each user is specified with a corresponding <authorized> tag. This
|
||||||
|
tag contains all authorized connections for that user each denoted
|
||||||
|
with a <connections> tag. Each <connection> tag contains a
|
||||||
|
protocol and set of protocol-specific parameters, specified with
|
||||||
|
the <protocol> and <param> tags respectively. For more information
|
||||||
|
visit http://guac-dev.org/doc/gug/configuring-guacamole.html -->
|
||||||
|
|
||||||
|
|
||||||
|
<user-mapping>
|
||||||
|
|
||||||
|
<!-- Per-user authentication and config information md5 -s "Npasswd" -->
|
||||||
|
<authorize username="admin" password="4ee438b74bd65c9f8402e7e48fa64fb7" encoding="md5">
|
||||||
|
<connection name="vnc-hub">
|
||||||
|
<protocol>vnc</protocol>
|
||||||
|
<param name="hostname">192.168.0.50</param>
|
||||||
|
<param name="port">5901</param>
|
||||||
|
<param name="password">vncpass</param>
|
||||||
|
<param name="color-depth">24</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="rdp-windows">
|
||||||
|
<protocol>rdp</protocol>
|
||||||
|
<param name="hostname">192.168.0.81</param>
|
||||||
|
<param name="port">3389</param>
|
||||||
|
<param name="security">nla</param>
|
||||||
|
<param name="ignore-cert">true</param>
|
||||||
|
<param name="username">v</param>
|
||||||
|
<param name="password">v</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="ssh-nas">
|
||||||
|
<protocol>ssh</protocol>
|
||||||
|
<param name="hostname">192.168.0.10</param>
|
||||||
|
<param name="port">22</param>
|
||||||
|
<param name="font-name">monospace</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="vnc-rpi3">
|
||||||
|
<protocol>vnc</protocol>
|
||||||
|
<param name="hostname">192.168.200.192</param>
|
||||||
|
<param name="port">5901</param>
|
||||||
|
<param name="password">vncpass</param>
|
||||||
|
<param name="color-depth">24</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="ssh-rpi3">
|
||||||
|
<protocol>ssh</protocol>
|
||||||
|
<param name="hostname">192.168.200.192</param>
|
||||||
|
<param name="port">22</param>
|
||||||
|
<param name="font-name">monospace</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="ssh-dev">
|
||||||
|
<protocol>ssh</protocol>
|
||||||
|
<param name="hostname">192.168.55.105</param>
|
||||||
|
<param name="port">22</param>
|
||||||
|
<param name="font-name">monospace</param>
|
||||||
|
</connection>
|
||||||
|
</authorize>
|
||||||
|
|
||||||
|
<authorize username="inseego" password="7cc6a3864acc736437f606146083abad" encoding="md5">
|
||||||
|
<connection name="vnc">
|
||||||
|
<protocol>vnc</protocol>
|
||||||
|
<param name="hostname">192.168.200.212</param>
|
||||||
|
<param name="port">5901</param>
|
||||||
|
<param name="password">vncpass</param>
|
||||||
|
<param name="color-depth">24</param>
|
||||||
|
</connection>
|
||||||
|
<connection name="ssh">
|
||||||
|
<protocol>ssh</protocol>
|
||||||
|
<param name="hostname">192.168.200.212</param>
|
||||||
|
<param name="port">22</param>
|
||||||
|
<param name="font-name">monospace</param>
|
||||||
|
</connection>
|
||||||
|
</authorize>
|
||||||
|
|
||||||
|
</user-mapping>
|
12
jails/config/jump/guacamole-client/vnc-hub.ldif
Normal file
12
jails/config/jump/guacamole-client/vnc-hub.ldif
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
dn: cn=vnc-hub,ou=hosts,dc=infra
|
||||||
|
objectClass: guacConfigGroup
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: HUB vnc
|
||||||
|
guacConfigProtocol: vnc
|
||||||
|
guacConfigParameter: hostname=192.168.0.50
|
||||||
|
guacConfigParameter: port=5901
|
||||||
|
guacConfigParameter: password=vncpass
|
||||||
|
guacConfigParameter: color-depth=24
|
||||||
|
member: cn=sharad,ou=people,dc=infra
|
||||||
|
member: cn=diyit,ou=people,dc=infra
|
||||||
|
# seeAlso: cn=ahlawat.com,ou=groups,dc=infra
|
17
jails/config/jump/guacamole-server/guacd.conf
Normal file
17
jails/config/jump/guacamole-server/guacd.conf
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
#
|
||||||
|
# guacd.conf example
|
||||||
|
#
|
||||||
|
|
||||||
|
[daemon]
|
||||||
|
# Possible log_level variables are:
|
||||||
|
# trace, debug, info, warning, and error
|
||||||
|
# Default is info
|
||||||
|
log_level = info
|
||||||
|
|
||||||
|
[server]
|
||||||
|
bind_host = localhost
|
||||||
|
bind_port = 4822
|
||||||
|
|
||||||
|
[ssl]
|
||||||
|
#server_certificate = /mnt/certs/fullchain.pem
|
||||||
|
#server_key = /mnt/certs/privkeyr.pem
|
28
jails/config/jump/schema/guacConfigGroup.ldif
Normal file
28
jails/config/jump/schema/guacConfigGroup.ldif
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
#
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing,
|
||||||
|
# software distributed under the License is distributed on an
|
||||||
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
# KIND, either express or implied. See the License for the
|
||||||
|
# specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: cn=guacConfigGroup,cn=schema,cn=config
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
cn: guacConfigGroup
|
||||||
|
olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466
|
||||||
|
.115.121.1.15 )
|
||||||
|
olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.146
|
||||||
|
6.115.121.1.15 )
|
||||||
|
olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole config
|
||||||
|
uration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter )
|
31
jails/config/jump/schema/guacConfigGroup.schema
Normal file
31
jails/config/jump/schema/guacConfigGroup.schema
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
#
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing,
|
||||||
|
# software distributed under the License is distributed on an
|
||||||
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
# KIND, either express or implied. See the License for the
|
||||||
|
# specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
attributetype ( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol'
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||||
|
|
||||||
|
attributetype ( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter'
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||||
|
|
||||||
|
objectClass ( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup'
|
||||||
|
DESC 'Guacamole configuration group'
|
||||||
|
SUP groupOfNames
|
||||||
|
MUST guacConfigProtocol
|
||||||
|
MAY guacConfigParameter )
|
||||||
|
|
2
jails/config/jump/setup_jail.sh
Executable file
2
jails/config/jump/setup_jail.sh
Executable file
@ -0,0 +1,2 @@
|
|||||||
|
# requrired to run other configured scripts
|
||||||
|
/bin/sh /etc/rc
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
28
jails/config/ldap/schema-addons/guacConfigGroup.ldif
Normal file
28
jails/config/ldap/schema-addons/guacConfigGroup.ldif
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
#
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing,
|
||||||
|
# software distributed under the License is distributed on an
|
||||||
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
# KIND, either express or implied. See the License for the
|
||||||
|
# specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
dn: cn=guacConfigGroup,cn=schema,cn=config
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
cn: guacConfigGroup
|
||||||
|
olcAttributeTypes: {0}( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol' SYNTAX 1.3.6.1.4.1.1466
|
||||||
|
.115.121.1.15 )
|
||||||
|
olcAttributeTypes: {1}( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter' SYNTAX 1.3.6.1.4.1.146
|
||||||
|
6.115.121.1.15 )
|
||||||
|
olcObjectClasses: {0}( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup' DESC 'Guacamole config
|
||||||
|
uration group' SUP groupOfNames MUST guacConfigProtocol MAY guacConfigParameter )
|
31
jails/config/ldap/schema-addons/guacConfigGroup.schema
Normal file
31
jails/config/ldap/schema-addons/guacConfigGroup.schema
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
#
|
||||||
|
# Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
# or more contributor license agreements. See the NOTICE file
|
||||||
|
# distributed with this work for additional information
|
||||||
|
# regarding copyright ownership. The ASF licenses this file
|
||||||
|
# to you under the Apache License, Version 2.0 (the
|
||||||
|
# "License"); you may not use this file except in compliance
|
||||||
|
# with the License. You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing,
|
||||||
|
# software distributed under the License is distributed on an
|
||||||
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
# KIND, either express or implied. See the License for the
|
||||||
|
# specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
attributetype ( 1.3.6.1.4.1.38971.1.1.1 NAME 'guacConfigProtocol'
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||||
|
|
||||||
|
attributetype ( 1.3.6.1.4.1.38971.1.1.2 NAME 'guacConfigParameter'
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
||||||
|
|
||||||
|
objectClass ( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup'
|
||||||
|
DESC 'Guacamole configuration group'
|
||||||
|
SUP groupOfNames
|
||||||
|
MUST guacConfigProtocol
|
||||||
|
MAY guacConfigParameter )
|
||||||
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDDECIuIzM+f5+s
|
|
||||||
PdoTBSLGpARZkcKWboSUfLdiFsBEXkV5KLy12S6T2ja0oH5C6GfhkqpdzAsCPHKs
|
|
||||||
SdIyJAmHj7FXnbOnP93N64E3n/wONj5cq9QAz2acKxS167DXpnSE7K+egcqI7ePL
|
|
||||||
BBecLnKUUnSQ4JMAeUBatjnl5SsKF7pwDM1DsOYvWFpDH0BfjIlZq1JJIUnfE7pK
|
|
||||||
b3ppdBSF0bum+/Y6TZVJdNg4fYj5k68vLeBp8PkJj60pO4B7oexLpXcz/pqkGi9a
|
|
||||||
K5P86RzZliKMqGVAs3TmxWMskoX2Hpm1VXIg/Pht75FuaPqwkAW8FVb3Y7yvfmgU
|
|
||||||
O7FaP423AgMBAAECggEAP7BG2LWZh7B32+8eAtPMdPsciHo1BJT1KN5HqfkvsaLu
|
|
||||||
IA8S/nT45kF7VyKH1yS2tkoC4jk65vIBpws7XC+0BNT/3FGbVOJfc1qPiC/uRl2j
|
|
||||||
ovJfeBw/roHKc1OPG/o3VSdKeAB8tpSlqaWeZ9oqgw8hDCSnGqJ8RqH06YEXumVO
|
|
||||||
/59N5/kweoN1902nrsnhhY72cx/YY7TFZt+sbCs1D8rimHFX5UQUWGQgwqKeCvG2
|
|
||||||
VmBtU+oXCBKdaR+IcJd9Oy/qkmEQZ6dDL7n/HUwOcRzuBuZoeXN9sc9z81mYEI2Q
|
|
||||||
bYpowPOyqFArB08HjQpFndQFSyNwiVVSzaOHRUNBwQKBgQDkECi9WkyqGgVvSM6f
|
|
||||||
fC9OTKKk5kI12j4I3aQKZSnW/eNTpaHykRhvUsr36zp58vRN4G9YDJyblgOhgr1U
|
|
||||||
7SBwqZRLETwG0ktKDipgibWjBm+K5LfK+wWRwn/qzq494Qg2GQ/DniXqCZ6SI1s1
|
|
||||||
wMBHS9s/VYPGaYvYrS1TD90JpwKBgQDa9R90rcyNlXTLHwYzxgjJczLKHz+0ANlR
|
|
||||||
GORg31/VBxs94IYby+cZ/oGRjCB5syR/SaN5Z+N2w8GT0yFWN8UCJS0G4I6fGtCb
|
|
||||||
wYWzhK2UtI4WyOH9jIdl8AYjFGRZMFJEkDPmac54jtNcqhfO/Eei9+yHq7llEnUP
|
|
||||||
F4qKf8K9cQKBgQDEwDgVW4DGQxqrLhmrt3wsRasPLeKzCOv5xBTQLwRQiMoEkOFN
|
|
||||||
HeYBrGCUT6gsKvCe+t+0C3VUOLA7N0pVqRkSeQoJVP3/OI9hfSUMEeHUminCnpz9
|
|
||||||
DWB5pl2q2dGyaqAl46sY7SfyZ4gYtU3r6rU3DPdCBWlg1A+kx4pRnV7pAwKBgCOu
|
|
||||||
fonNKOCJ0panX6NgSl5J36UAoqj62m9U1yLSRBO7LL1QsYomGGssBoFpjIFIqFH1
|
|
||||||
9iX6wB7Cl/E3Ht+mBvzqggP05EkZXZWEW/19SaxKID2mTu260PXTv6xHznKaZU23
|
|
||||||
Ej4iT/tlixw2u9qHUkVEkc8qNPQ7pcfn1jPrzhiBAoGBAN075cp3R9bzzfVzrFRh
|
|
||||||
ZFWzSnWieSsOP635nj48HXKyne7gjvG1IG/HHSi3XPmRIdWTAfOYz29rWQEOaY7b
|
|
||||||
wbNhvH7jvtq/A7/Uifh6l8cnN9TFAmN/wmKEUCloVxg1/GltXbR6UwzbJWAs40ya
|
|
||||||
VtAxvncs1bqtPBAgfE5wwdCd
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDYdTOGw8TvQtkr
|
|
||||||
Z139xpQC1iXu/X+2ei7ascX6C2G8WM7NS3XphgMd0LgzEm9POoJyYP7KVjQdPK5m
|
|
||||||
mRoZOCATmFhNPGSer96qjASHgm10GISKlUyGKRWv1mNHsLJaLwsd8ef13+qBsTvG
|
|
||||||
pT0z2I/0OWwAuqQuZdMPuVskspF8jusycibpQ7WjqaOynPEUuRZHDLQToso02+Vd
|
|
||||||
X3l3bU08Rz3vW7+hNjZYuzsfCTBzD91kxTGyetqg2CXyLM/dWbDFgY72zG682X0d
|
|
||||||
CtoWoEAKdUJkPDxQeKJtqh84TsAOUvg/z3W6J7uJow9OcWsXWJcAJ/HG8gNPq4ho
|
|
||||||
sVbc96SzAgMBAAECggEADXPTPPfjwF7uMkVdUQ1LW5XFi8HTcxrK2KqdvDmC3HrE
|
|
||||||
d3vOGzJJ9UtodzwZENp5CvS+QQL0gDCqQhQXzCNx0uXv7vTm5/nUI9NJ4MYZWVLA
|
|
||||||
wgAfXmMlRuVTDDyOCQ7NaRIEsYI2B9Nk/KZ+VD+MSshazvzKgVuwr1R8tp4mbpAx
|
|
||||||
8f4xe51b5ZVqTLcnkoSR6lTmKMQruIZwQpvaGYZLjBRaBcACwYkbZksQZkx7xZdZ
|
|
||||||
enpLcKoCc1xXg+gjlfF9HOD1e2GlYQTOgfDcQVJEIS+jjzMyiJA1BxqL8/LkafeD
|
|
||||||
CKfx8mzd1LjyDDaAP8ruZb4Ns/6SazAPozxBSRnP2QKBgQD+uf+evckgN6+3/Bur
|
|
||||||
egP6I4dUKw1joCo69p98388mWq+ywhIc2rquEfSoQCqjli4pG3iwBbDVxgjk08GV
|
|
||||||
ayFaP3X3LvuqCZBktSjEJR6WUMB0kW77BigLCtbzyd2R9upp0A3CnXsmmLVL+o5n
|
|
||||||
TD5w6cd67NPS/NGo2FyA6JQO5QKBgQDZijnfG4Yt6BdX3+WBFXNGkhdJziokmrfG
|
|
||||||
no5p/tw+/kJfHFC017Z+EbLbcWMKL9cDzl9uMXGDy1xd8+OfolxZZEnrmt4btbmh
|
|
||||||
wVzTPrhREwjqzwu/Y2jQwFBef+zJ+b8a1uZOFYVIWWeGCT7wirq54AslE8y0lNEF
|
|
||||||
olBnP44TtwKBgQDyn4k50z16QXBOx4Q3fZ3CKQsigWtcZFc1GGlrEOaHesN1eeK0
|
|
||||||
tyYu3Q1zIMM8U7SeFPuMda8sv1cDVitCPetjwaSED61IFZoCQoeU5GJQ/JODtG7I
|
|
||||||
DOIhOm7pgHJaMJywsqoYn9WIOtYci4gOHhIvjI0jqeZNReARehwJ8P3tfQKBgEWD
|
|
||||||
hAalNvVIat0rsJzVC+cLG+H7vT/BKOSRGhUI2bxPZ0oZNDj1jV0vrqWsz+cbbmvK
|
|
||||||
8He32PwyaaukGaKTMUtnXq+o5zyXj1/+9/iQ3DkcCgdubeSUkZPTQFtSKYpJAiZD
|
|
||||||
cYiWG+cImqocHj6jNhPbYfRRJWK3Ayv3uBWmG3J1AoGAGjKqKpd8+00IxElXpov9
|
|
||||||
At2YzPZlzPQCU0+vcreGVTaO9wNdVKfc6uaeAO4D0DP9SOwEqRC9rv8FNb8DxgTB
|
|
||||||
ryWMy8rY/CC3mhK6hnsWNRC0a1myKva2XwQ+jMKuCsznFE0N2xjizNdv2/HM2dcr
|
|
||||||
ropb+P1w1KZyTiNbTTTC1eQ=
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDc2cV9/D/MWdUl
|
|
||||||
DBfKzA3zNjFbzDJd4WP1fdRRIdell57kJwyKehYCw/HxWy4+AnWj6c2fhPXI2EQp
|
|
||||||
K3I1QjNSxV4kq+Lr2SFJuDiZvDRLzihu24N6go34R9712mbZOWWl0KyihO6E2cH8
|
|
||||||
h6cr2iahXmAjqVtm9/mBmdnrQ2Bv0fusdpS24x3NOPs4Q5gJTadJFGBkwXb88D/+
|
|
||||||
mBDcEUFwDul4bVQWvqHk+8EJwApGLo7YVL2F0A25FAm43rWexjb+JeTsHRqN/TaV
|
|
||||||
ALzQPr/DQIb2wyWsTnQMnd0t8qg9ErDAKgxMDeGDRFbHr5wNMTrewQkW7yd+H0T0
|
|
||||||
Wa97aDXbAgMBAAECggEANUp/M0VZB7BtlED0xMS0YQmko2gEh07J1gUE5IbsCFMr
|
|
||||||
zhX2GrwW75fkm77Ky7/AL0tNiL6GqG43FFAdgOh2hfSGIQcw/IQqWiWP0tjtLZWT
|
|
||||||
gByL/1XdeBmvnVeUFbqZ4ocWASlefMQm4Q7Csfwz8iBZxoEpQxF3LWS4huJ9NL3d
|
|
||||||
qiI1jX5otXN0ybA6jDpridvExRwWT6KrAykUrh5f7vRGUp0I7/GltvSHS4mu24C1
|
|
||||||
08RUPE5NjynEX/amc1urMwH3ZdOZgCx819DfQXpQts9/TejSLlLL8s4lXTsZDoab
|
|
||||||
DiJ1zZKZEpMIheEGAWSyLtqc1QxypauVAMeM6ZgasQKBgQD88Yf1E7X8zS4hYSyu
|
|
||||||
WHiUgrin/0febsHWZAVBTwnzpDwfY0jNnq57tiALyaVzk3vCL3a9WckpXPbQk4Yk
|
|
||||||
Oypu1eDyGT4Xf7hrXqFTlMtkupa3Os5/MlTXOFMMs5VISsxrbVjNlvSxITXASWwr
|
|
||||||
IYVjmhgTx8Rg3ApM5X/Tqd8XxwKBgQDfhPZ2t+4fBwhzgydKnkPWMbJ6k17tWoZu
|
|
||||||
8tzCzrxJd/cYUmi/44sOLrFCLwaS28I4sR7iBPCeiFnnbqlv+f6uw2Xmr5jc/BsT
|
|
||||||
md6yl2gNmow//iGFwf8lAsA1VyoFbZoAvQUMVElaxvCngifsTNqRHap8KY6xv5r/
|
|
||||||
C6MEoGd5TQKBgQDEoPXxnEsCpHXR2Pqk5X2G5T+qyRYTYcIpaUN0i37O+cMLG2FD
|
|
||||||
BrHY1bF/uFd3yxSP1dnWRG/OSchMSAIlNCE+W+EsEldkaRLx1HRQxwB941a6RWq1
|
|
||||||
EmlFjTFyVEAeHJdgg3ZfC5RYBdsFCY6e0MYisW06IzcTnLodIOMHpawZjQKBgQC+
|
|
||||||
1RVbnINXyDhl7rbQFTlTmVCJKGMmgGBAP2dNhxXoH909zbYTBmFFdYXvPJj/L1Kt
|
|
||||||
9kKos5D/uOgRGEDfEnBnovnQL2FyYmd3n6orjerPmoBdbkoOmeeNIMEbiVSeF8oh
|
|
||||||
EUBLG3cZYro6OXx+WctNlCdnJE/o3+6kC7pdi9lsDQKBgEtkK4RpB1OKJm6sEiWe
|
|
||||||
hoTI6yqflpkivWtV3F8/D37LbYT5wiAsRr6AkgetB7jsi0t//thJiAUUxhtb+u4M
|
|
||||||
1zR7i9bIRv3lU8TgYpfS/Yq3T9feZoj682LKtBMPoSgm/p5+ogzIlAU3cpjAW+A8
|
|
||||||
2CyzbDc7K58vuzaR8RHpnzYi
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -1,28 +0,0 @@
|
|||||||
-----BEGIN PRIVATE KEY-----
|
|
||||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDJE2rtl2EGU7YD
|
|
||||||
TWSlapLqMgn02m9Valldv6u3NP5CZTwI9/xrlEZYzjArInvLE4SFx5VlgC52K92A
|
|
||||||
tZUqs7ckZgDmMOIr1vXGP3YgzGO9NK3hqyPHlu2Twuu96rP9+CTTlU8ovun14Ucu
|
|
||||||
b0+W3pH646kMZBc0wAAj0xg+QI0PhFphQZyHkV9laOFwx/ErCu9SdUfcUY+zouSG
|
|
||||||
DMxPAL8pT1JS5IOVGDM7rXbAwZ1+LrHTmOD1Mi6jtYtV7/Pqga6CBpcQFa/kMvza
|
|
||||||
idjPkVyUg4YY/9i+P9dRQMK6dJgmRSaLLaOTaYHCT6PgpWQvKhYJZsNIB+LmfdHp
|
|
||||||
gzE4s0tfAgMBAAECggEBALtNkzVu5bp3D/1TgoV0GRZ/NjcXos32GvjxKoummZJP
|
|
||||||
qvTPzBqKLF1c9BG6NYadz7yuhcPe+2iow9S5URJOBjOpsPy8XHJp8teRFgDHY8FD
|
|
||||||
6RVlzhaFyRjzYZWvo6rYE7XkR7C05ktcZmoi1gi7m1AR8c7RDazdjUPRx6t1hfEE
|
|
||||||
ubocsnwZ5McU3tHVHj8pHBM9nKaarVd3BSTydStjGOmoS+E5BR1NLMDpx3Aw9S/V
|
|
||||||
tn1iJxxF9+GONFfCBQ/IQ4+rBbOPsICwhhhrTpJwPilzBynGQevtEHdpq6ewS2bq
|
|
||||||
ESsgQoax70cW1TymOPOzYQvPUzJy0S68OoSMAXVr8MECgYEA755LulHIALONfQWG
|
|
||||||
XBUT7UMaePyLDkuNoGkIDqIdqZiJf8kxDs8yWznCGim/vlnmK2hVn1nqi+omtbaG
|
|
||||||
AsCgU9q2JnP4r0Nr7yb/L4WAHp5WxR5ifS/aOHUple9oQwfPkzpxWEGFFvN0PW7p
|
|
||||||
4lk4lRNvI4q5zMdugpbwn4vbzEMCgYEA1tKRDfPY/9GV/dYnt433bjtlNU9j7UCc
|
|
||||||
8iP26Rg8zjC4tzlVoZDZjov5FMG2Ifb7cLNroONATg2ivKNyRm73Le9p2KVqtvTX
|
|
||||||
zHs1sKVJofWQ4+GzJd8MkUEXu397oTUudGV+z82Hd0iKkQBT7EYBybHl6kY4XbR1
|
|
||||||
BS36gdW2oLUCgYBvt1LBNH3V7eCqiFfjOKSIuv9tpvjCGnGWd0GdaPIBby+0Fz47
|
|
||||||
FFj69UvM3OgbvFg2prc8yzQyNWIE2GtUfzCAx/iipvEr7Xg2EO1q34gjPllgH9F1
|
|
||||||
YkkQh3dzAyKOFecuUlIj/rApSipIthxvPn/F6UCoxnXnxpd8ZRkcmZ1JdwKBgQCZ
|
|
||||||
bltb88YRMMhIPCSx3RvUB2gJ42Ijmfp+l2FKqp0DR5kmhDS86I/6V87XHGPRbm23
|
|
||||||
2O4OQ0Eyflq1EKgV1juE+3JF4h+N/OIEkhuOxv8IRjPuDs29RsnbFPq2WB8czLcZ
|
|
||||||
O0SPduRCNfWCCxHltzqfrAfig7TOeIz73hMFmHaP4QKBgQCN1XzjGMrL0ZlFQTM1
|
|
||||||
ljaqWEaQ+JSzZtiVDdPcuKytyvz59OdJnag9O0TBaOY6XGG1Dbl8FJEG9KZCwYRv
|
|
||||||
a+CKb6qHyowgu17GlWQBn2i3Ep5GOQhkR4ghvDXZPwOJfW5VbfWo4N/r3Q81kaRO
|
|
||||||
Iovk5uipUk5dtW69hOYmq4OBxA==
|
|
||||||
-----END PRIVATE KEY-----
|
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
@ -683,7 +683,7 @@ readme_directory = /usr/local/share/doc/postfix
|
|||||||
inet_protocols = ipv4, ipv6
|
inet_protocols = ipv4, ipv6
|
||||||
|
|
||||||
# sometimes comcast's IPv6 reverse DNS lookup stops working so you need to enable the line below (default: any)
|
# sometimes comcast's IPv6 reverse DNS lookup stops working so you need to enable the line below (default: any)
|
||||||
smtp_address_preference = ipv4
|
#smtp_address_preference = ipv4
|
||||||
|
|
||||||
meta_directory = /usr/local/libexec/postfix
|
meta_directory = /usr/local/libexec/postfix
|
||||||
shlib_directory = /usr/local/lib/postfix
|
shlib_directory = /usr/local/lib/postfix
|
||||||
|
@ -328,9 +328,9 @@ local_transport_rate_delay = $default_transport_rate_delay
|
|||||||
luser_relay =
|
luser_relay =
|
||||||
mail_name = Postfix
|
mail_name = Postfix
|
||||||
mail_owner = postfix
|
mail_owner = postfix
|
||||||
mail_release_date = 20200316
|
mail_release_date = 20200516
|
||||||
mail_spool_directory = /var/mail
|
mail_spool_directory = /var/mail
|
||||||
mail_version = 3.5.0
|
mail_version = 3.5.2
|
||||||
mailbox_command =
|
mailbox_command =
|
||||||
mailbox_command_maps =
|
mailbox_command_maps =
|
||||||
mailbox_delivery_lock = flock, dotlock
|
mailbox_delivery_lock = flock, dotlock
|
||||||
@ -340,7 +340,7 @@ mailbox_transport_maps =
|
|||||||
maillog_file =
|
maillog_file =
|
||||||
maillog_file_compressor = gzip
|
maillog_file_compressor = gzip
|
||||||
maillog_file_prefixes = /var, /dev/stdout
|
maillog_file_prefixes = /var, /dev/stdout
|
||||||
maillog_file_rotate_suffix = %Y%M%d-%H%M%S
|
maillog_file_rotate_suffix = %Y%m%d-%H%M%S
|
||||||
mailq_path = /usr/local/bin/mailq
|
mailq_path = /usr/local/bin/mailq
|
||||||
manpage_directory = /usr/local/man
|
manpage_directory = /usr/local/man
|
||||||
maps_rbl_domains =
|
maps_rbl_domains =
|
||||||
|
1903
jails/config/mail/sendmail.cf
Normal file
1903
jails/config/mail/sendmail.cf
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,4 +1,4 @@
|
|||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
BIN
jails/config/monitor/dbip-city-lite-2020-06.mmdb
Normal file
BIN
jails/config/monitor/dbip-city-lite-2020-06.mmdb
Normal file
Binary file not shown.
After Width: | Height: | Size: 85 MiB |
2
jails/config/monitor/matomo-archive
Normal file
2
jails/config/monitor/matomo-archive
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
MAILTO="sharad@diyit.org"
|
||||||
|
5 5 * * * /usr/local/bin/php /usr/local/www/matomo/console core:archive --url=https://ahlawat.com/matomo/ >> /root/matomo-archive.log
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
mount proc
|
|
||||||
/usr/sbin/daemon -f /usr/local/logstash/bin/logstash --path.settings /usr/local/etc/logstash -l /var/log/logstash
|
|
||||||
ps axww | grep logstash
|
|
1
jails/config/pkgp/ccache.conf
Normal file
1
jails/config/pkgp/ccache.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
max_size = 32.0G
|
@ -1,4 +1,4 @@
|
|||||||
# $FreeBSD: releng/12.1/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
|
# $FreeBSD: releng/12.2/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
|
||||||
|
|
||||||
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
# Trusted keyprint. Changing this is a Bad Idea unless you've received
|
||||||
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
|
||||||
|
@ -1,2 +1,3 @@
|
|||||||
WANT_OPENLDAP_SASL=yes
|
WANT_OPENLDAP_SASL=yes
|
||||||
LICENSES_ACCEPTED+=DCC
|
LICENSES_ACCEPTED+=DCC
|
||||||
|
WITH_CCACHE_BUILD=yes
|
||||||
|
@ -5,11 +5,14 @@ net/openldap24-sasl-client
|
|||||||
security/cyrus-sasl2
|
security/cyrus-sasl2
|
||||||
www/apache24
|
www/apache24
|
||||||
devel/apr1
|
devel/apr1
|
||||||
net/php73-ldap
|
net/php74-ldap
|
||||||
mail/postfix
|
mail/postfix
|
||||||
mail/dovecot
|
mail/dovecot
|
||||||
mail/dovecot-pigeonhole
|
mail/dovecot-pigeonhole
|
||||||
mail/rspamd
|
mail/rspamd
|
||||||
mail/dcc-dccd
|
mail/dcc-dccd
|
||||||
net/netatalk3
|
net/netatalk3
|
||||||
net/samba410
|
net/samba411
|
||||||
|
net/nss-pam-ldapd
|
||||||
|
net/nss-pam-ldapd-sasl
|
||||||
|
#security/pam_ldap # included above
|
||||||
|
11
jails/config/pkgp/pkgp.conf
Normal file
11
jails/config/pkgp/pkgp.conf
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
FreeBSD: {
|
||||||
|
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
|
||||||
|
enabled: no
|
||||||
|
}
|
||||||
|
|
||||||
|
pkgp-freebsd-pkg: {
|
||||||
|
url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest",
|
||||||
|
mirror_type: "http",
|
||||||
|
enabled: yes,
|
||||||
|
priority: 10
|
||||||
|
}
|
@ -133,7 +133,7 @@ PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/poudriere.key
|
|||||||
# It will be mounted into the jail and be shared among all jails.
|
# It will be mounted into the jail and be shared among all jails.
|
||||||
# It is recommended that extra ccache configuration be done with
|
# It is recommended that extra ccache configuration be done with
|
||||||
# ccache -o rather than from the environment.
|
# ccache -o rather than from the environment.
|
||||||
#CCACHE_DIR=/var/cache/ccache
|
CCACHE_DIR=/mnt/cache/ccache
|
||||||
|
|
||||||
# Static ccache support from host. This uses the existing
|
# Static ccache support from host. This uses the existing
|
||||||
# ccache from the host in the build jail. This is useful for
|
# ccache from the host in the build jail. This is useful for
|
||||||
@ -200,7 +200,7 @@ NOLINUX=yes
|
|||||||
# List of packages that will always be allowed to use MAKE_JOBS
|
# List of packages that will always be allowed to use MAKE_JOBS
|
||||||
# regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports
|
# regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports
|
||||||
# which holdup the rest of the queue to build more quickly.
|
# which holdup the rest of the queue to build more quickly.
|
||||||
#ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py*"
|
ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py* llvm*"
|
||||||
|
|
||||||
# Timestamp every line of build logs
|
# Timestamp every line of build logs
|
||||||
# Default: no
|
# Default: no
|
||||||
@ -282,7 +282,7 @@ PRESERVE_TIMESTAMP=yes
|
|||||||
|
|
||||||
# Define pkgname globs to boost priority for
|
# Define pkgname globs to boost priority for
|
||||||
# Default: none
|
# Default: none
|
||||||
#PRIORITY_BOOST="pypy openoffice*"
|
PRIORITY_BOOST="llvm*"
|
||||||
|
|
||||||
# Define format for buildnames
|
# Define format for buildnames
|
||||||
# Default: %Y-%m-%d_%Hh%Mm%Ss
|
# Default: %Y-%m-%d_%Hh%Mm%Ss
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
@ -48,35 +48,31 @@ frontend stats
|
|||||||
|
|
||||||
frontend ft
|
frontend ft
|
||||||
bind :::80 v4v6
|
bind :::80 v4v6
|
||||||
bind :::443 v4v6 alpn http/1.1,h2 ssl crt /mnt/certs/haproxy.pem crt /mnt/certs/bbhaproxy.pem crt /mnt/certs/diyhaproxy.pem crt /mnt/certs/dithaproxy.pem crt /mnt/certs/xflowhaproxy.pem
|
bind :::443 v4v6 alpn http/1.1,h2 ssl crt /mnt/certs/haproxy.pem crt /mnt/certs/bbhaproxy.pem crt /mnt/certs/diyhaproxy.pem crt /mnt/certs/xflowhaproxy.pem crt /mnt/certs/dvpchaproxy.pem crt /mnt/certs/mdvpchaproxy.pem
|
||||||
|
|
||||||
redirect scheme https if !{ ssl_fc }
|
redirect scheme https if !{ ssl_fc }
|
||||||
|
|
||||||
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc
|
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc
|
||||||
# passing on that browser is using https
|
# passing on that browser is using https
|
||||||
reqadd X-Forwarded-Proto:\ https
|
## http-request add-header Forwarded: proto=https
|
||||||
|
#enabling this breaks things, needs investigation
|
||||||
|
|
||||||
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||||
|
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
|
||||||
|
|
||||||
# for Clickjacking - added to individual backends
|
# for Clickjacking - added to individual backends
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
# prevent browser from using non-secure
|
# prevent browser from using non-secure
|
||||||
rspadd Strict-Transport-Security:\ max-age=15768000
|
http-response add-header Strict-Transport-Security: max-age=15768000
|
||||||
|
|
||||||
acl network_allowed src 192.168.0.0/24 192.168.100.0/24 2603:3024:3f6:e1::/64
|
acl network_allowed src 192.168.0.0/24 192.168.100.0/24 2603:3024:3f6:e1::/64
|
||||||
acl restricted_page path -i -m sub /wp-admin
|
acl restricted_page path -i -m sub /wp-admin
|
||||||
acl restricted_page path -i -m sub /wp-login
|
acl restricted_page path -i -m sub /wp-login
|
||||||
block if restricted_page !network_allowed
|
http-request deny if restricted_page !network_allowed
|
||||||
|
|
||||||
use_backend bk_ahlawat if { ssl_fc_sni ahlawat.com }
|
use_backend bk_ahlawat if { ssl_fc_sni ahlawat.com }
|
||||||
use_backend bk_ahlawat if { ssl_fc_sni www.ahlawat.com }
|
use_backend bk_ahlawat if { ssl_fc_sni www.ahlawat.com }
|
||||||
use_backend bk_beyondbell if { ssl_fc_sni beyondbell.com }
|
|
||||||
use_backend bk_beyondbell if { ssl_fc_sni www.beyondbell.com }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni diyit.org }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni www.diyit.org }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni xflow.org }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni www.xflow.org }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni diyit.space }
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni www.diyit.space }
|
|
||||||
|
|
||||||
use_backend bk_ahlawat-sharad if { ssl_fc_sni sharad.ahlawat.com }
|
use_backend bk_ahlawat-sharad if { ssl_fc_sni sharad.ahlawat.com }
|
||||||
use_backend bk_ahlawat-rachna if { ssl_fc_sni rachna.ahlawat.com }
|
use_backend bk_ahlawat-rachna if { ssl_fc_sni rachna.ahlawat.com }
|
||||||
@ -96,53 +92,67 @@ frontend ft
|
|||||||
use_backend bk_ahlawat-matrix if { ssl_fc_sni matrix.ahlawat.com }
|
use_backend bk_ahlawat-matrix if { ssl_fc_sni matrix.ahlawat.com }
|
||||||
use_backend bk_ahlawat-meet if { ssl_fc_sni meet.ahlawat.com }
|
use_backend bk_ahlawat-meet if { ssl_fc_sni meet.ahlawat.com }
|
||||||
use_backend bk_ahlawat-monitor if { ssl_fc_sni monitor.ahlawat.com }
|
use_backend bk_ahlawat-monitor if { ssl_fc_sni monitor.ahlawat.com }
|
||||||
|
use_backend bk_ahlawat-jump if { ssl_fc_sni jump.ahlawat.com }
|
||||||
|
|
||||||
|
use_backend bk_diyit if { ssl_fc_sni diyit.org }
|
||||||
|
use_backend bk_diyit if { ssl_fc_sni www.diyit.org }
|
||||||
|
use_backend bk_diyit if { ssl_fc_sni xflow.org }
|
||||||
|
use_backend bk_diyit if { ssl_fc_sni www.xflow.org }
|
||||||
use_backend bk_diyit-grafana if { ssl_fc_sni grafana.diyit.org }
|
use_backend bk_diyit-grafana if { ssl_fc_sni grafana.diyit.org }
|
||||||
use_backend bk_diyit-prometheus if { ssl_fc_sni prometheus.diyit.org }
|
use_backend bk_diyit-prometheus if { ssl_fc_sni prometheus.diyit.org }
|
||||||
use_backend bk_diyit-kibana if { ssl_fc_sni kibana.diyit.org }
|
use_backend bk_diyit-kibana if { ssl_fc_sni kibana.diyit.org }
|
||||||
use_backend bk_diyit-maps if { ssl_fc_sni maps.diyit.org }
|
use_backend bk_diyit-maps if { ssl_fc_sni maps.diyit.org }
|
||||||
|
|
||||||
|
use_backend bk_dvpc if { ssl_fc_sni datavpc.com }
|
||||||
|
use_backend bk_dvpc if { ssl_fc_sni www.datavpc.com }
|
||||||
|
use_backend bk_dvpc if { ssl_fc_sni mydatavpc.com }
|
||||||
|
use_backend bk_dvpc if { ssl_fc_sni www.mydatavpc.com }
|
||||||
|
|
||||||
|
use_backend bk_beyondbell if { ssl_fc_sni beyondbell.com }
|
||||||
|
use_backend bk_beyondbell if { ssl_fc_sni www.beyondbell.com }
|
||||||
use_backend bk_beyondbell-ci if { ssl_fc_sni ci.beyondbell.com }
|
use_backend bk_beyondbell-ci if { ssl_fc_sni ci.beyondbell.com }
|
||||||
use_backend bk_beyondbell-git if { ssl_fc_sni git.beyondbell.com }
|
use_backend bk_beyondbell-git if { ssl_fc_sni git.beyondbell.com }
|
||||||
use_backend bk_beyondbell-repo if { ssl_fc_sni repo.beyondbell.com }
|
use_backend bk_beyondbell-repo if { ssl_fc_sni repo.beyondbell.com }
|
||||||
use_backend bk_beyondbell-gs if { ssl_fc_sni gs.beyondbell.com }
|
use_backend bk_beyondbell-web-moonglade if { ssl_fc_sni moonglade.beyondbell.com }
|
||||||
|
use_backend bk_beyondbell-web-moonglade-private if { ssl_fc_sni moonglade-private.beyondbell.com }
|
||||||
|
use_backend bk_beyondbell-r-windows if { ssl_fc_sni moonglade-server.beyondbell.com }
|
||||||
|
use_backend bk_beyondbell-windows if { ssl_fc_sni gs.beyondbell.com }
|
||||||
|
|
||||||
default_backend bk_ahlawat
|
default_backend bk_ahlawat
|
||||||
|
|
||||||
|
acl is_websocket hdr(Upgrade) -i WebSocket
|
||||||
|
acl is_websocket hdr_beg(Host) -i ws
|
||||||
|
use_backend bk_ahlawat if is_websocket
|
||||||
|
|
||||||
|
|
||||||
backend bk_ahlawat
|
backend bk_ahlawat
|
||||||
server srv1 web.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 web.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_beyondbell
|
|
||||||
server srv1 192.168.0.77:8000
|
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
|
||||||
|
|
||||||
backend bk_diyit
|
|
||||||
server srv1 web.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
|
||||||
|
|
||||||
backend bk_ahlawat-sharad
|
backend bk_ahlawat-sharad
|
||||||
balance roundrobin
|
balance roundrobin
|
||||||
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
# http-response set-header Content-Security-Policy "default-src 'self' *.ahlawat.com"
|
||||||
|
|
||||||
backend bk_ahlawat-rachna
|
backend bk_ahlawat-rachna
|
||||||
server srv1 rachnax.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 rachnax.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-nivi
|
backend bk_ahlawat-nivi
|
||||||
server srv1 nivix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 nivix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-rishabh
|
backend bk_ahlawat-rishabh
|
||||||
server srv1 rishabhx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 rishabhx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#backend bk_ahlawat-book
|
#backend bk_ahlawat-book
|
||||||
# server srv1 bookx.ahlawat.com:443 check ssl verify none
|
# server srv1 bookx.ahlawat.com:443 check ssl verify none
|
||||||
@ -150,102 +160,143 @@ backend bk_ahlawat-rishabh
|
|||||||
backend bk_ahlawat-book-443
|
backend bk_ahlawat-book-443
|
||||||
# server srv1 2603:3024:3f6:e1::57:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv1 2603:3024:3f6:e1::57:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv1 bookx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-book-444
|
backend bk_ahlawat-book-444
|
||||||
# server srv1 2603:3024:3f6:e1::57:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv1 2603:3024:3f6:e1::57:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv1 bookx.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-book-445
|
backend bk_ahlawat-book-445
|
||||||
# server srv1 2603:3024:3f6:e1::57:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv1 2603:3024:3f6:e1::57:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv1 bookx.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-cam
|
backend bk_ahlawat-cam
|
||||||
server srv1 192.168.0.54:8765 check
|
server srv1 192.168.0.54:8765 check
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_ahlawat-ci
|
||||||
|
# http-request set-header Host cix.ahlawat.com:8080
|
||||||
|
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/\2
|
||||||
|
http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/\2
|
||||||
|
server srv1 cix.ahlawat.com:8080 check
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-cloud
|
backend bk_ahlawat-cloud
|
||||||
server srv1 cloudx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 cloudx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-git
|
backend bk_ahlawat-git
|
||||||
server srv1 gitx.ahlawat.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 gitx.ahlawat.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspidel X-Frame-Options:*
|
http-response set-header X-Frame-Options "ALLOW-FROM *.diyit.org"
|
||||||
# http-request set-var(txn.src) src
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
# acl mynet var(txn.src) -m sub 192.168.0
|
|
||||||
# acl mynet var(txn.src) -m sub 2603:3024:3f6:e1
|
|
||||||
# rspidel X-Frame-Options:* if mynet
|
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN unless mynet
|
|
||||||
# The gitea server add this header be default
|
|
||||||
|
|
||||||
backend bk_ahlawat-hub
|
backend bk_ahlawat-hub
|
||||||
server srv1 hubx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 hubx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-matrix
|
backend bk_ahlawat-matrix
|
||||||
server srv1 matrix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 matrix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-meet
|
backend bk_ahlawat-meet
|
||||||
server srv1 meet.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 meet.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-monitor
|
backend bk_ahlawat-monitor
|
||||||
server srv1 monitorx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 monitorx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_ahlawat-jump
|
||||||
|
server srv1 jumpx.ahlawat.com:8080 check
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
backend bk_diyit
|
||||||
|
server srv1 web.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_diyit-grafana
|
backend bk_diyit-grafana
|
||||||
server srv1 monitorx.ahlawat.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 monitorx.ahlawat.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_diyit-prometheus
|
backend bk_diyit-prometheus
|
||||||
server srv1 monitorx.ahlawat.com:9090 check
|
server srv1 monitorx.ahlawat.com:9090 check
|
||||||
# ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_diyit-kibana
|
backend bk_diyit-kibana
|
||||||
server srv1 monitorx.ahlawat.com:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_diyit-maps
|
backend bk_diyit-maps
|
||||||
server srv1 mapsx.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# rspadd X-Frame-Options:\ SAMEORIGIN
|
# server srv1 mapsx.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-ci
|
|
||||||
# http-request set-header Host cix.ahlawat.com:8180
|
|
||||||
reqirep ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8180/\2
|
backend bk_dvpc
|
||||||
rspirep ^([^\ \t:]*:)\ http://cix.ahlawat.com:8180/(.*) \1\ https://ci.ahlawat.com/\2
|
server srv1 web.datavpc.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv1 cix.ahlawat.com:8180 check
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
backend bk_beyondbell
|
||||||
|
server srv1 192.168.0.77:8000
|
||||||
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_beyondbell-ci
|
||||||
|
# http-request set-header Host cix.beyondbell.com:8111
|
||||||
|
http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2
|
||||||
|
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2
|
||||||
|
server srv1 192.168.0.73:8111
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_beyondbell-git
|
backend bk_beyondbell-git
|
||||||
server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_beyondbell-ci
|
|
||||||
http-request set-header Host cix.beyondbell.com:8111
|
|
||||||
reqirep ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://cix.beyondbell.com:8111/\2
|
|
||||||
rspirep ^([^\ \t:]*:)\ http://cix.beyondbell.com:8111/(.*) \1\ https://ci.beyondbell.com/\2
|
|
||||||
server srv1 cix.beyondbell.com:8111
|
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
|
||||||
|
|
||||||
backend bk_beyondbell-repo
|
backend bk_beyondbell-repo
|
||||||
# http-request set-header Host 192.168.0.75:8080
|
# http-request set-header Host 192.168.0.75:8081
|
||||||
reqirep ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8080/\2
|
# http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2
|
||||||
rspirep ^([^\ \t:]*:)\ http://192.168.0.75:8080/(.*) \1\ https://repo.beyondbell.com/\2
|
# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2
|
||||||
server srv1 192.168.0.75:8080
|
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
|
||||||
|
|
||||||
backend bk_beyondbell-gs
|
server srv1 192.168.0.75:8081
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
# http-response del-header Strict-Transport-Security
|
||||||
|
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
|
||||||
|
|
||||||
|
backend bk_beyondbell-web-moonglade
|
||||||
|
server srv1 192.168.0.74:8000
|
||||||
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_beyondbell-web-moonglade-private
|
||||||
|
server srv1 192.168.0.74:4000
|
||||||
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_beyondbell-r-windows
|
||||||
|
server srv1 192.168.0.85:4000
|
||||||
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_beyondbell-windows
|
||||||
server srv1 192.168.0.81:26900 check
|
server srv1 192.168.0.81:26900 check
|
||||||
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
rspadd X-Frame-Options:\ SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
1
jails/config/proxy/port-fwd.sh
Executable file
1
jails/config/proxy/port-fwd.sh
Executable file
@ -0,0 +1 @@
|
|||||||
|
ipfw add 10000 fwd 192.168.0.4,55820 udp from me to 192.168.0.55 dst-port 55820
|
@ -1,99 +1,13 @@
|
|||||||
# Example MySQL config file for small systems.
|
|
||||||
#
|
#
|
||||||
# This is for a system with little memory (<= 64M) where MySQL is only used
|
# This group is read both by the client and the server
|
||||||
# from time to time and it's important that the mysqld daemon
|
# use it for options that affect everything, see
|
||||||
# doesn't use much resources.
|
# https://mariadb.com/kb/en/configuring-mariadb-with-option-files/#option-groups
|
||||||
#
|
#
|
||||||
# MySQL programs look for option files in a set of
|
[client-server]
|
||||||
# locations which depend on the deployment platform.
|
port = 3306
|
||||||
# You can copy this option file to one of those
|
socket = /var/run/mysql/mysql.sock
|
||||||
# locations. For information about these locations, see:
|
|
||||||
# http://dev.mysql.com/doc/mysql/en/option-files.html
|
|
||||||
#
|
#
|
||||||
# In this file, you can use all long options that a program supports.
|
# include *.cnf from the config directory
|
||||||
# If you want to know which options a program supports, run the program
|
|
||||||
# with the "--help" option.
|
|
||||||
|
|
||||||
# The following options will be passed to all MySQL clients
|
|
||||||
[client]
|
|
||||||
#password = your_password
|
|
||||||
port = 3306
|
|
||||||
socket = /tmp/mysql.sock
|
|
||||||
|
|
||||||
# Here follows entries for some specific programs
|
|
||||||
|
|
||||||
# The MySQL server
|
|
||||||
[mysqld]
|
|
||||||
bind-address = *
|
|
||||||
port = 3306
|
|
||||||
socket = /tmp/mysql.sock
|
|
||||||
skip-external-locking
|
|
||||||
key_buffer_size = 16K
|
|
||||||
max_allowed_packet = 64M
|
|
||||||
table_open_cache = 16
|
|
||||||
sort_buffer_size = 64K
|
|
||||||
read_buffer_size = 256K
|
|
||||||
read_rnd_buffer_size = 256K
|
|
||||||
net_buffer_length = 2K
|
|
||||||
thread_stack = 240K
|
|
||||||
|
|
||||||
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
|
|
||||||
# if all processes that need to connect to mysqld run on the same host.
|
|
||||||
# All interaction with mysqld must be made via Unix sockets or named pipes.
|
|
||||||
# Note that using this option without enabling named pipes on Windows
|
|
||||||
# (using the "enable-named-pipe" option) will render mysqld useless!
|
|
||||||
#
|
#
|
||||||
#skip-networking
|
!includedir /usr/local/etc/mysql/conf.d/
|
||||||
server-id = 1
|
|
||||||
|
|
||||||
# Uncomment the following if you want to log updates
|
|
||||||
#log-bin=mysql-bin
|
|
||||||
|
|
||||||
# binary logging format - mixed recommended
|
|
||||||
binlog_format=ROW
|
|
||||||
|
|
||||||
# Causes updates to non-transactional engines using statement format to be
|
|
||||||
# written directly to binary log. Before using this option make sure that
|
|
||||||
# there are no dependencies between transactional and non-transactional
|
|
||||||
# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
|
|
||||||
# t_innodb; otherwise, slaves may diverge from the master.
|
|
||||||
#binlog_direct_non_transactional_updates=TRUE
|
|
||||||
|
|
||||||
# Uncomment the following if you are using InnoDB tables
|
|
||||||
#innodb_data_home_dir = /var/db/mysql
|
|
||||||
#innodb_data_file_path = ibdata1:10M:autoextend
|
|
||||||
innodb_log_group_home_dir = /var/db/mysql-log
|
|
||||||
# You can set .._buffer_pool_size up to 50 - 80 %
|
|
||||||
# of RAM but beware of setting memory usage too high
|
|
||||||
innodb_buffer_pool_size = 1G
|
|
||||||
innodb_io_capacity=4000
|
|
||||||
transaction-isolation = READ-COMMITTED
|
|
||||||
# Set .._log_file_size to 25 % of buffer pool size
|
|
||||||
innodb_log_file_size = 250M
|
|
||||||
#innodb_log_buffer_size = 8M
|
|
||||||
innodb_flush_log_at_trx_commit = 2
|
|
||||||
#innodb_lock_wait_timeout = 50
|
|
||||||
|
|
||||||
innodb_doublewrite = 0
|
|
||||||
innodb_checksum_algorithm = none
|
|
||||||
slow_query_log_file = /var/db/mysql-log/slow.log
|
|
||||||
log-error = /var/db/mysql-log/error.log
|
|
||||||
log_bin = /var/db/mysql-log/binlog
|
|
||||||
relay_log = /var/db/mysql-log/relay-bin
|
|
||||||
expire_logs_days = 7
|
|
||||||
|
|
||||||
[mysqldump]
|
|
||||||
quick
|
|
||||||
max_allowed_packet = 16M
|
|
||||||
|
|
||||||
[mysql]
|
|
||||||
no-auto-rehash
|
|
||||||
# Remove the next comment character if you are not familiar with SQL
|
|
||||||
#safe-updates
|
|
||||||
|
|
||||||
[myisamchk]
|
|
||||||
key_buffer_size = 8M
|
|
||||||
sort_buffer_size = 8M
|
|
||||||
|
|
||||||
[mysqlhotcopy]
|
|
||||||
interactive-timeout
|
|
||||||
|
90
jails/config/r-db/server.cnf
Normal file
90
jails/config/r-db/server.cnf
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
# Options specific to server applications, see
|
||||||
|
# https://mariadb.com/kb/en/configuring-mariadb-with-option-files/#server-option-groups
|
||||||
|
|
||||||
|
# Options specific to all server programs
|
||||||
|
[server]
|
||||||
|
|
||||||
|
# Options specific to MariaDB server programs
|
||||||
|
[server-mariadb]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options for specific server tools
|
||||||
|
#
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
user = mysql
|
||||||
|
# port = 3306 # set in /usr/local/etc/mysql/my.cnf
|
||||||
|
# socket = /var/run/mysql/mysql.sock # set in /usr/local/etc/mysql/my.cnf
|
||||||
|
bind-address = *
|
||||||
|
basedir = /usr/local
|
||||||
|
datadir = /var/db/mysql
|
||||||
|
net_retry_count = 16384
|
||||||
|
# [mysqld] configuration for ZFS
|
||||||
|
# From https://www.percona.com/resources/technical-presentations/zfs-mysql-percona-technical-webinar
|
||||||
|
# Create separate datasets for data and logs, eg
|
||||||
|
# zroot/mysql compression=on recordsize=128k atime=off
|
||||||
|
# zroot/mysql/data recordsize=16k
|
||||||
|
# zroot/mysql/logs
|
||||||
|
datadir = /var/db/mysql
|
||||||
|
innodb_log_group_home_dir = /var/db/mysql-log
|
||||||
|
#audit_log_file = /var/db/mysql-log/audit.log
|
||||||
|
general_log_file = /var/db/mysql-log/general.log
|
||||||
|
log_bin = /var/db/mysql-log/mysql-bin
|
||||||
|
relay_log = /var/db/mysql-log/relay-log
|
||||||
|
slow_query_log_file = /var/db/mysql-log/slow.log
|
||||||
|
innodb_doublewrite = 0
|
||||||
|
innodb_flush_method = O_DSYNC
|
||||||
|
|
||||||
|
##
|
||||||
|
log-error = /var/db/mysql-log/error.log
|
||||||
|
|
||||||
|
|
||||||
|
### custom optimizations
|
||||||
|
skip-external-locking
|
||||||
|
key_buffer_size = 16K
|
||||||
|
max_allowed_packet = 64M
|
||||||
|
table_open_cache = 16
|
||||||
|
sort_buffer_size = 64K
|
||||||
|
read_buffer_size = 256K
|
||||||
|
read_rnd_buffer_size = 256K
|
||||||
|
net_buffer_length = 2K
|
||||||
|
thread_stack = 240K
|
||||||
|
|
||||||
|
server-id = 1
|
||||||
|
binlog_format=ROW
|
||||||
|
|
||||||
|
innodb_buffer_pool_size = 1G
|
||||||
|
innodb_io_capacity=4000
|
||||||
|
transaction-isolation = READ-COMMITTED
|
||||||
|
innodb_log_file_size = 250M
|
||||||
|
innodb_flush_log_at_trx_commit = 2
|
||||||
|
innodb_checksum_algorithm = none
|
||||||
|
|
||||||
|
slow_query_log_file = /var/db/mysql-log/slow.log
|
||||||
|
|
||||||
|
expire_logs_days = 7
|
||||||
|
###
|
||||||
|
|
||||||
|
|
||||||
|
# Options read by `mysqld_safe`
|
||||||
|
# Renamed from [mysqld_safe] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb_safe]
|
||||||
|
|
||||||
|
# Options read my `mariabackup`
|
||||||
|
[mariabackup]
|
||||||
|
|
||||||
|
# Options read by `mysql_upgrade`
|
||||||
|
# Renamed from [mysql_upgrade] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-upgrade]
|
||||||
|
|
||||||
|
# Specific options read by the mariabackup SST method
|
||||||
|
[sst]
|
||||||
|
|
||||||
|
# Options read by `mysqlbinlog`
|
||||||
|
# Renamed from [mysqlbinlog] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-binlog]
|
||||||
|
|
||||||
|
# Options read by `mysqladmin`
|
||||||
|
# Renamed from [mysqladmin] starting with MariaDB 10.4.6.
|
||||||
|
[mariadb-admin]
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
|
||||||
Copyright (c) 2018-2020, BeyondBell.com
|
Copyright (c) 2018-2021, BeyondBell.com
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
|
||||||
Copyright (c) 2018-2020, BeyondBell.com
|
Copyright (c) 2018-2021, BeyondBell.com
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
Redistribution and use in source and binary forms, with or without
|
||||||
|
@ -10,8 +10,8 @@ pkgp-freebsd-pkg: {
|
|||||||
priority: 10
|
priority: 10
|
||||||
}
|
}
|
||||||
|
|
||||||
pkgp121: {
|
pkgp122: {
|
||||||
url: "http://pkgp.ahlawat.com/packages/pj121-default/",
|
url: "http://pkgp.ahlawat.com/packages/pj122-default/",
|
||||||
mirror_type: "http",
|
mirror_type: "http",
|
||||||
signature_type: "pubkey",
|
signature_type: "pubkey",
|
||||||
pubkey: "/mnt/certs/poudriere.cert",
|
pubkey: "/mnt/certs/poudriere.cert",
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
@ -18,6 +18,16 @@ ifconfig bridge1 addm tap82 up
|
|||||||
ifconfig tap82 up
|
ifconfig tap82 up
|
||||||
ifconfig tap82 inet6 auto_linklocal
|
ifconfig tap82 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap1082 create
|
||||||
|
ifconfig bridge10 addm tap1082 up
|
||||||
|
ifconfig tap1082 up
|
||||||
|
ifconfig tap1082 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap2082 create
|
||||||
|
ifconfig bridge9 addm tap2082 up
|
||||||
|
ifconfig tap2082 up
|
||||||
|
ifconfig tap2082 inet6 auto_linklocal
|
||||||
|
|
||||||
ifconfig tap83 create
|
ifconfig tap83 create
|
||||||
ifconfig bridge1 addm tap83 up
|
ifconfig bridge1 addm tap83 up
|
||||||
ifconfig tap83 up
|
ifconfig tap83 up
|
||||||
@ -33,6 +43,21 @@ ifconfig bridge1 addm tap85 up
|
|||||||
ifconfig tap85 up
|
ifconfig tap85 up
|
||||||
ifconfig tap85 inet6 auto_linklocal
|
ifconfig tap85 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap86 create
|
||||||
|
ifconfig bridge1 addm tap86 up
|
||||||
|
ifconfig tap86 up
|
||||||
|
ifconfig tap86 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap1086 create
|
||||||
|
ifconfig bridge10 addm tap1086 up
|
||||||
|
ifconfig tap1086 up
|
||||||
|
ifconfig tap1086 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap2086 create
|
||||||
|
ifconfig bridge9 addm tap2086 up
|
||||||
|
ifconfig tap2086 up
|
||||||
|
ifconfig tap2086 inet6 auto_linklocal
|
||||||
|
|
||||||
ifconfig tap90 create
|
ifconfig tap90 create
|
||||||
ifconfig bridge1 addm tap90 up
|
ifconfig bridge1 addm tap90 up
|
||||||
ifconfig tap90 up
|
ifconfig tap90 up
|
||||||
@ -42,3 +67,33 @@ ifconfig tap190 create
|
|||||||
ifconfig bridge2 addm tap190 up
|
ifconfig bridge2 addm tap190 up
|
||||||
ifconfig tap190 up
|
ifconfig tap190 up
|
||||||
ifconfig tap190 inet6 auto_linklocal
|
ifconfig tap190 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap97 create
|
||||||
|
ifconfig bridge1 addm tap97 up
|
||||||
|
ifconfig tap97 up
|
||||||
|
ifconfig tap97 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap1097 create
|
||||||
|
ifconfig bridge10 addm tap1097 up
|
||||||
|
ifconfig tap1097 up
|
||||||
|
ifconfig tap1097 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap2097 create
|
||||||
|
ifconfig bridge9 addm tap2097 up
|
||||||
|
ifconfig tap2097 up
|
||||||
|
ifconfig tap2097 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap96 create
|
||||||
|
ifconfig bridge1 addm tap96 up
|
||||||
|
ifconfig tap96 up
|
||||||
|
ifconfig tap96 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap1096 create
|
||||||
|
ifconfig bridge10 addm tap1096 up
|
||||||
|
ifconfig tap1096 up
|
||||||
|
ifconfig tap1096 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap2096 create
|
||||||
|
ifconfig bridge9 addm tap2096 up
|
||||||
|
ifconfig tap2096 up
|
||||||
|
ifconfig tap2096 inet6 auto_linklocal
|
||||||
|
70
jails/config/vm/cvm-a.sh
Executable file
70
jails/config/vm/cvm-a.sh
Executable file
@ -0,0 +1,70 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# ./cvm-a.sh under tmux
|
||||||
|
|
||||||
|
# clean cached state
|
||||||
|
bhyvectl --destroy --vm=cvm-a
|
||||||
|
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
|
||||||
|
bhyve -c 4 -m 16G -A -H -P \
|
||||||
|
-s 0,hostbridge \
|
||||||
|
-s 3,ahci-cd \
|
||||||
|
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-a \
|
||||||
|
-s 5,virtio-net,tap97,mac=00:0A:0B:0C:0D:97 \
|
||||||
|
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-a_data \
|
||||||
|
-s 8,virtio-net,tap1097,mac=00:0A:0B:0C:8D:97 \
|
||||||
|
-s 9,virtio-net,tap2097,mac=00:0A:0B:0C:9D:97 \
|
||||||
|
-s 29,fbuf,tcp=0.0.0.0:5997,w=1600,h=900 \
|
||||||
|
-s 30,xhci,tablet \
|
||||||
|
-s 31,lpc -l com1,/dev/nmdm97A \
|
||||||
|
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
|
||||||
|
cvm-a
|
||||||
|
|
||||||
|
bhyve_exit=$?
|
||||||
|
# bhyve returns the following status codes:
|
||||||
|
# 0 - VM has been reset
|
||||||
|
# 1 - VM has been powered off
|
||||||
|
# 2 - VM has been halted
|
||||||
|
# 3 - VM generated a triple fault
|
||||||
|
# all other non-zero status codes are errors
|
||||||
|
#
|
||||||
|
if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ]
|
||||||
|
then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo `date` - restarting cvm-a in 5 seconds - press ctrl-c to stop
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $?
|
||||||
|
|
||||||
|
# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \
|
||||||
|
|
||||||
|
# bhyvectl --get-all --vm=cvm-a
|
||||||
|
|
||||||
|
# cu -l /dev/nmdm97B
|
||||||
|
# (This uses cu() so press ~+Ctrl-D to exit)
|
||||||
|
|
||||||
|
#on base system:
|
||||||
|
#zfs create -V 32G -o refreservation=none ship/raw/cvm-a - docker partition
|
||||||
|
#zfs create -V 128G -o refreservation=none ship/raw/cvm-a_data - root partition
|
||||||
|
# on boot
|
||||||
|
#ifconfig tap97 create
|
||||||
|
#ifconfig bridge1 addm tap97 up
|
||||||
|
#ifconfig tap97 up
|
||||||
|
#ifconfig tap97 inet6 auto_linklocal
|
||||||
|
#ifconfig tap1097 create
|
||||||
|
#ifconfig bridge10 addm tap1097 up
|
||||||
|
#ifconfig tap1097 up
|
||||||
|
#ifconfig tap1097 inet6 auto_linklocal
|
70
jails/config/vm/cvm-b.sh
Executable file
70
jails/config/vm/cvm-b.sh
Executable file
@ -0,0 +1,70 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# ./cvm-b.sh under tmux
|
||||||
|
|
||||||
|
# clean cached state
|
||||||
|
bhyvectl --destroy --vm=cvm-b
|
||||||
|
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
|
||||||
|
bhyve -c 4 -m 16G -A -H -P \
|
||||||
|
-s 0,hostbridge \
|
||||||
|
-s 3,ahci-cd \
|
||||||
|
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \
|
||||||
|
-s 5,virtio-net,tap96,mac=00:0A:0B:0C:0D:96 \
|
||||||
|
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-b_data \
|
||||||
|
-s 8,virtio-net,tap1096,mac=00:0A:0B:0C:8D:96 \
|
||||||
|
-s 9,virtio-net,tap2096,mac=00:0A:0B:0C:9D:96 \
|
||||||
|
-s 29,fbuf,tcp=0.0.0.0:5996,w=1600,h=900 \
|
||||||
|
-s 30,xhci,tablet \
|
||||||
|
-s 31,lpc -l com1,/dev/nmdm96A \
|
||||||
|
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
|
||||||
|
cvm-b
|
||||||
|
|
||||||
|
bhyve_exit=$?
|
||||||
|
# bhyve returns the following status codes:
|
||||||
|
# 0 - VM has been reset
|
||||||
|
# 1 - VM has been powered off
|
||||||
|
# 2 - VM has been halted
|
||||||
|
# 3 - VM generated a triple fault
|
||||||
|
# all other non-zero status codes are errors
|
||||||
|
#
|
||||||
|
if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ]
|
||||||
|
then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo `date` - restarting cvm-b in 5 seconds - press ctrl-c to stop
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $?
|
||||||
|
|
||||||
|
# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \
|
||||||
|
|
||||||
|
# bhyvectl --get-all --vm=cvm-b
|
||||||
|
|
||||||
|
# cu -l /dev/nmdm96B
|
||||||
|
# (This uses cu() so press ~+Ctrl-D to exit)
|
||||||
|
|
||||||
|
#on base system:
|
||||||
|
#zfs create -V 32G -o refreservation=none ship/raw/cvm-b - docker partition
|
||||||
|
#zfs create -V 128G -o refreservation=none ship/raw/cvm-b_data - root partition
|
||||||
|
# on boot
|
||||||
|
#ifconfig tap96 create
|
||||||
|
#ifconfig bridge1 addm tap96 up
|
||||||
|
#ifconfig tap96 up
|
||||||
|
#ifconfig tap96 inet6 auto_linklocal
|
||||||
|
#ifconfig tap1096 create
|
||||||
|
#ifconfig bridge10 addm tap1096 up
|
||||||
|
#ifconfig tap1096 up
|
||||||
|
#ifconfig tap1096 inet6 auto_linklocal
|
@ -1,6 +1,6 @@
|
|||||||
#!/usr/local/bin/bash
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
# Copyright (c) 2018-2020, diyIT.org
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
# All rights reserved.
|
# All rights reserved.
|
||||||
#
|
#
|
||||||
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
77
jails/config/vm/kali.sh
Executable file
77
jails/config/vm/kali.sh
Executable file
@ -0,0 +1,77 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
# ./kali.sh under tmux
|
||||||
|
|
||||||
|
# clean cached state
|
||||||
|
bhyvectl --destroy --vm=kali
|
||||||
|
|
||||||
|
while true
|
||||||
|
do
|
||||||
|
|
||||||
|
bhyve -c 2 -m 4G -A -H -P \
|
||||||
|
-s 0,hostbridge \
|
||||||
|
-s 3,ahci-cd \
|
||||||
|
-s 4,virtio-blk,/dev/zvol/ship/raw/kali \
|
||||||
|
-s 5,virtio-net,tap86,mac=00:0A:0B:0C:0D:86 \
|
||||||
|
-s 8,virtio-net,tap1086,mac=00:0A:0B:0C:8D:86 \
|
||||||
|
-s 9,virtio-net,tap2086,mac=00:0A:0B:0C:9D:86 \
|
||||||
|
-s 29,fbuf,tcp=0.0.0.0:5986,w=1280,h=720 \
|
||||||
|
-s 30,xhci,tablet \
|
||||||
|
-s 31,lpc -l com1,/dev/nmdm86A \
|
||||||
|
-l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \
|
||||||
|
kali
|
||||||
|
|
||||||
|
bhyve_exit=$?
|
||||||
|
# bhyve returns the following status codes:
|
||||||
|
# 0 - VM has been reset
|
||||||
|
# 1 - VM has been powered off
|
||||||
|
# 2 - VM has been halted
|
||||||
|
# 3 - VM generated a triple fault
|
||||||
|
# all other non-zero status codes are errors
|
||||||
|
#
|
||||||
|
if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ]
|
||||||
|
then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo `date` - restarting kali in 5 seconds - press ctrl-c to stop
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
exit $?
|
||||||
|
|
||||||
|
#-s 3,ahci-cd,/mnt/linux/kali-linux-2020.4-installer-amd64.iso \
|
||||||
|
##-s 6,virtio-blk,/dev/zvol/ship/raw/kali_data \
|
||||||
|
|
||||||
|
# bhyvectl --get-all --vm=kali
|
||||||
|
|
||||||
|
# cu -l /dev/nmdm86B
|
||||||
|
# (This uses cu() so press ~+Ctrl-D to exit)
|
||||||
|
|
||||||
|
#on base system:
|
||||||
|
#zfs create -V 128G -o refreservation=none ship/raw/kali
|
||||||
|
##zfs create -V 128G -o refreservation=none ship/raw/kali_data
|
||||||
|
# on boot
|
||||||
|
#ifconfig tap86 create
|
||||||
|
#ifconfig bridge1 addm tap86 up
|
||||||
|
#ifconfig tap86 up
|
||||||
|
#ifconfig tap86 inet6 auto_linklocal
|
||||||
|
#ifconfig tap1086 create
|
||||||
|
#ifconfig bridge10 addm tap1086 up
|
||||||
|
#ifconfig tap1086 up
|
||||||
|
#ifconfig tap1086 inet6 auto_linklocal
|
||||||
|
|
||||||
|
# Install VNC
|
||||||
|
# curl -o turbovnc_2.2.5_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.5/turbovnc_2.2.5_amd64.deb/download#
|
||||||
|
# sudo apt install gdebi-core
|
||||||
|
# sudo gdebi turbovnc_2.2.5_amd64.deb
|
||||||
|
# sudo killall Xvnc; /opt/TurboVNC/bin/vncserver -name kali -geometry 1920x1080 :4
|
||||||
|
# systemctl enable ssh.service; service ssh start
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user