.
This commit is contained in:
parent
5cee123a3c
commit
90c5709862
43
configs/etc/hosts
Normal file
43
configs/etc/hosts
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
# $FreeBSD: releng/12.2/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
|
||||||
|
#
|
||||||
|
# Host Database
|
||||||
|
#
|
||||||
|
# This file should contain the addresses and aliases for local hosts that
|
||||||
|
# share this file. Replace 'my.domain' below with the domainname of your
|
||||||
|
# machine.
|
||||||
|
#
|
||||||
|
# In the presence of the domain name service or NIS, this file may
|
||||||
|
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
::1 localhost localhost.my.domain
|
||||||
|
127.0.0.1 localhost localhost.my.domain
|
||||||
|
|
||||||
|
192.168.0.10 nas nas.ahlawat.com
|
||||||
|
fd01::10 nas nas.ahlawat.com
|
||||||
|
192.168.1.10 nas nas.ahlawat.com
|
||||||
|
fd02::10 nas nas.ahlawat.com
|
||||||
|
192.168.2.10 nas nas.ahlawat.com
|
||||||
|
fd05::10 nas nas.ahlawat.com
|
||||||
|
192.168.200.10 nas nas.ahlawat.com
|
||||||
|
fd09::10 nas nas.ahlawat.com
|
||||||
|
192.168.10.10 nas nas.ahlawat.com
|
||||||
|
fd0a::10 nas nas.ahlawat.com
|
||||||
|
192.168.48.10 nas nas.ahlawat.com
|
||||||
|
2001:470:f835::10 nas nas.ahlawat.com
|
||||||
|
|
||||||
|
#
|
||||||
|
# Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend
|
||||||
|
#
|
||||||
|
# According to RFC 1918, you can use the following IP networks for
|
||||||
|
# private nets which will never be connected to the Internet:
|
||||||
|
#
|
||||||
|
# 10.0.0.0 - 10.255.255.255
|
||||||
|
# 172.16.0.0 - 172.31.255.255
|
||||||
|
# 192.168.0.0 - 192.168.255.255
|
||||||
|
#
|
||||||
|
# In case you want to be able to connect to the Internet, you need
|
||||||
|
# real official assigned numbers. Do not try to invent your own network
|
||||||
|
# numbers but instead get one from your network provider (if any) or
|
||||||
|
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
|
||||||
|
#
|
@ -6,7 +6,8 @@ kld_list="nmdm vmm ipfw ipdivert linux64"
|
|||||||
geli_autodetach="NO"
|
geli_autodetach="NO"
|
||||||
|
|
||||||
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
|
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
|
||||||
dumpdev="/dev/ada2p3"
|
#dumpdev="/dev/ada2p3"
|
||||||
|
dumpdev="NO"
|
||||||
dumpdir="/var/crash"
|
dumpdir="/var/crash"
|
||||||
savecore_enable="YES"
|
savecore_enable="YES"
|
||||||
|
|
||||||
@ -31,49 +32,46 @@ firewall_logif="YES"
|
|||||||
|
|
||||||
# interfaces
|
# interfaces
|
||||||
cloned_interfaces_sticky="YES"
|
cloned_interfaces_sticky="YES"
|
||||||
cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9"
|
cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10"
|
||||||
|
|
||||||
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
|
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
|
||||||
ifconfig_igb0="up"
|
ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
|
||||||
ifconfig_igb1="up"
|
ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
|
||||||
|
|
||||||
vlans_lagg0="1 2 5 9"
|
vlans_lagg0="1 2 5 9 10"
|
||||||
|
|
||||||
ipv6_activate_all_interfaces="YES"
|
ipv6_activate_all_interfaces="YES"
|
||||||
rtsold_enable="YES"
|
rtsold_enable="YES"
|
||||||
|
|
||||||
ifconfig_lagg0_1="inet 192.168.0.10/24"
|
ifconfig_lagg0_1="inet 192.168.0.10/24"
|
||||||
ifconfig_lagg0_1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
|
ifconfig_lagg0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"
|
||||||
ifconfig_lagg0_2="inet 192.168.1.10/24"
|
ifconfig_lagg0_2="inet 192.168.1.10/24"
|
||||||
ifconfig_lagg0_2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
|
ifconfig_lagg0_2_ipv6="inet6 fd02::10/64 auto_linklocal accept_rtadv"
|
||||||
ifconfig_lagg0_5="inet 192.168.2.10/24"
|
ifconfig_lagg0_5="inet 192.168.2.10/24"
|
||||||
ifconfig_lagg0_5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
|
ifconfig_lagg0_5_ipv6="inet6 fd05::10/64 auto_linklocal accept_rtadv"
|
||||||
ifconfig_lagg0_9="inet 192.168.200.10/24"
|
ifconfig_lagg0_9="inet 192.168.200.10/24"
|
||||||
ifconfig_lagg0_9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
|
ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv"
|
||||||
|
ifconfig_lagg0_10="inet 192.168.10.10/24"
|
||||||
|
ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"
|
||||||
|
|
||||||
ifconfig_bridge1="addm lagg0.1 up"
|
ifconfig_bridge1="addm lagg0.1 up"
|
||||||
ifconfig_bridge2="addm lagg0.2 up"
|
ifconfig_bridge2="addm lagg0.2 up"
|
||||||
ifconfig_bridge5="addm lagg0.5 up"
|
ifconfig_bridge5="addm lagg0.5 up"
|
||||||
ifconfig_bridge9="addm lagg0.9 up"
|
ifconfig_bridge9="addm lagg0.9 up"
|
||||||
|
ifconfig_bridge10="addm lagg0.10 up"
|
||||||
|
|
||||||
# adding IP to bridges does not work
|
# adding IP to bridges does not work
|
||||||
#ifconfig_bridge1="inet 192.168.0.10/24"
|
#ifconfig_bridge1="inet 192.168.0.10/24"
|
||||||
#ifconfig_bridge1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
|
#ifconfig_bridge1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"
|
||||||
#ifconfig_bridge2="inet 192.168.1.10/24"
|
|
||||||
#ifconfig_bridge2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
|
|
||||||
#ifconfig_bridge5="inet 192.168.2.10/24"
|
|
||||||
#ifconfig_bridge5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
|
|
||||||
#ifconfig_bridge9="inet 192.168.200.10/24"
|
|
||||||
#ifconfig_bridge9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
|
|
||||||
|
|
||||||
defaultrouter="192.168.0.5"
|
defaultrouter="192.168.0.5"
|
||||||
ipv6_defaultrouter="2603:3024:3f6:e1::5"
|
ipv6_defaultrouter="fd01::5"
|
||||||
# interfaces
|
# interfaces
|
||||||
|
|
||||||
hostname="nas.ahlawat.com"
|
hostname="nas.ahlawat.com"
|
||||||
|
|
||||||
syslogd_enable="YES"
|
syslogd_enable="YES"
|
||||||
syslogd_flags="-ss"
|
syslogd_flags="-C -O rfc5424 -ss"
|
||||||
|
|
||||||
syslog_ng_enable="NO"
|
syslog_ng_enable="NO"
|
||||||
syslog_ng_config="-u daemon"
|
syslog_ng_config="-u daemon"
|
||||||
|
1
configs/etc/rctl.conf
Normal file
1
configs/etc/rctl.conf
Normal file
@ -0,0 +1 @@
|
|||||||
|
jail:ioc-jump:vmemoryuse:deny=4G/jail
|
@ -1,4 +1,4 @@
|
|||||||
# $FreeBSD: releng/12.1/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
|
# $FreeBSD: releng/12.2/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
|
||||||
#
|
#
|
||||||
# This file is read when going to multi-user and its contents piped thru
|
# This file is read when going to multi-user and its contents piped thru
|
||||||
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
|
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
|
||||||
@ -7,6 +7,7 @@
|
|||||||
# Uncomment this to prevent users from seeing information about processes that
|
# Uncomment this to prevent users from seeing information about processes that
|
||||||
# are being run under another UID.
|
# are being run under another UID.
|
||||||
security.bsd.see_other_uids=0
|
security.bsd.see_other_uids=0
|
||||||
|
security.bsd.see_other_gids=0
|
||||||
security.bsd.unprivileged_read_msgbuf=0
|
security.bsd.unprivileged_read_msgbuf=0
|
||||||
security.bsd.unprivileged_proc_debug=0
|
security.bsd.unprivileged_proc_debug=0
|
||||||
kern.randompid=1
|
kern.randompid=1
|
||||||
@ -32,6 +33,13 @@ hw.intr_storm_threshold=9000
|
|||||||
kern.ipc.maxsockbuf=16777216
|
kern.ipc.maxsockbuf=16777216
|
||||||
kern.ipc.shm_use_phys=1
|
kern.ipc.shm_use_phys=1
|
||||||
kern.ipc.soacceptqueue=1024
|
kern.ipc.soacceptqueue=1024
|
||||||
|
|
||||||
|
kern.ipc.nmbclusters=24513148
|
||||||
|
kern.ipc.nmbjumbop=9192430
|
||||||
|
kern.ipc.nmbjumbo9=2723683
|
||||||
|
kern.ipc.nmbjumbo16=1532071
|
||||||
|
kern.ipc.nmbufs=117663120
|
||||||
|
|
||||||
kern.maxvnodes=4194304
|
kern.maxvnodes=4194304
|
||||||
kern.random.harvest.mask=351
|
kern.random.harvest.mask=351
|
||||||
kern.threads.max_threads_per_proc=9000
|
kern.threads.max_threads_per_proc=9000
|
||||||
@ -67,7 +75,7 @@ net.inet.tcp.recvbuf_inc=65536
|
|||||||
net.inet.tcp.recvbuf_max=16777216
|
net.inet.tcp.recvbuf_max=16777216
|
||||||
net.inet.tcp.recvspace=262144
|
net.inet.tcp.recvspace=262144
|
||||||
net.inet.tcp.rfc6675_pipe=1
|
net.inet.tcp.rfc6675_pipe=1
|
||||||
net.inet.tcp.sendbuf_inc=32768
|
net.inet.tcp.sendbuf_inc=65536
|
||||||
net.inet.tcp.sendbuf_max=16777216
|
net.inet.tcp.sendbuf_max=16777216
|
||||||
net.inet.tcp.sendspace=262144
|
net.inet.tcp.sendspace=262144
|
||||||
net.inet.tcp.syncache.rexmtlimit=0
|
net.inet.tcp.syncache.rexmtlimit=0
|
||||||
@ -95,7 +103,7 @@ vfs.zfs.arc_max=51539607552
|
|||||||
vfs.zfs.delay_min_dirty_percent=96
|
vfs.zfs.delay_min_dirty_percent=96
|
||||||
vfs.zfs.dirty_data_max=12884901888
|
vfs.zfs.dirty_data_max=12884901888
|
||||||
vfs.zfs.prefetch_disable=0
|
vfs.zfs.prefetch_disable=0
|
||||||
vfs.zfs.top_maxinflight=128
|
#vfs.zfs.top_maxinflight=128
|
||||||
vfs.zfs.trim.txg_delay=2
|
vfs.zfs.trim.txg_delay=2
|
||||||
vfs.zfs.txg.timeout=90
|
vfs.zfs.txg.timeout=90
|
||||||
vfs.zfs.vdev.aggregation_limit=1048576
|
vfs.zfs.vdev.aggregation_limit=1048576
|
||||||
@ -116,3 +124,12 @@ net.inet.tcp.rack.data_after_close=0
|
|||||||
#Cheap Disk Issues
|
#Cheap Disk Issues
|
||||||
kern.cam.ada.default_timeout=60
|
kern.cam.ada.default_timeout=60
|
||||||
kern.cam.da.default_timeout=90
|
kern.cam.da.default_timeout=90
|
||||||
|
|
||||||
|
# best way to see misconfigured or non operational services
|
||||||
|
net.inet.tcp.log_in_vain: 1
|
||||||
|
net.inet.udp.log_in_vain: 1
|
||||||
|
|
||||||
|
# Disable File Handle Affinity for NFS write operations.
|
||||||
|
# It improves NFS write throughput with ZFS sync=always on ship/pxe
|
||||||
|
vfs.nfsd.fha.write=0
|
||||||
|
vfs.nfsd.fha.max_nfsds_per_fh=32
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
# Generated by resolvconf
|
# Generated by resolvconf
|
||||||
search diyit.org
|
search diyit.org
|
||||||
nameserver 192.168.0.5
|
nameserver 192.168.0.5
|
||||||
nameserver 2603:3024:3f6:e1::5
|
nameserver fd01::5
|
||||||
nameserver 2603:3024:3f6:e2::5
|
nameserver fd02::5
|
||||||
nameserver 2603:3024:3f6:e5::5
|
nameserver fd05::5
|
||||||
nameserver 2603:3024:3f6:e9::5
|
nameserver fd09::5
|
||||||
|
86
jails/config/ci/jenkins
Executable file
86
jails/config/ci/jenkins
Executable file
@ -0,0 +1,86 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# $FreeBSD: head/devel/jenkins/files/jenkins.in 544211 2020-08-05 09:10:47Z lwhsu $
|
||||||
|
#
|
||||||
|
# PROVIDE: jenkins
|
||||||
|
# REQUIRE: LOGIN
|
||||||
|
# KEYWORD: shutdown
|
||||||
|
|
||||||
|
#
|
||||||
|
# Configuration settings for jenkins in /etc/rc.conf:
|
||||||
|
#
|
||||||
|
# jenkins_enable (bool):
|
||||||
|
# Set to "NO" by default.
|
||||||
|
# Set it to "YES" to enable jenkins
|
||||||
|
#
|
||||||
|
# jenkins_args (str):
|
||||||
|
# Extra arguments passed to start command
|
||||||
|
#
|
||||||
|
# jenkins_home (str)
|
||||||
|
# Set to "/usr/local/jenkins" by default.
|
||||||
|
# Set the JENKINS_HOME variable for jenkins process
|
||||||
|
#
|
||||||
|
# jenkins_java_home (str):
|
||||||
|
# Set to "/usr/local/openjdk8" by default.
|
||||||
|
# Set the Java virtual machine to run jenkins
|
||||||
|
#
|
||||||
|
# jenkins_java_opts (str):
|
||||||
|
# Set to "" by default.
|
||||||
|
# Java VM args to use.
|
||||||
|
#
|
||||||
|
# jenkins_user (str):
|
||||||
|
# Set to "jenkins" by default.
|
||||||
|
# User to run jenkins as.
|
||||||
|
#
|
||||||
|
# jenkins_group (str):
|
||||||
|
# Set to "jenkins" by default.
|
||||||
|
# Group for data file ownership.
|
||||||
|
#
|
||||||
|
# jenkins_log_file (str):
|
||||||
|
# Set to "/var/log/jenkins.log" by default.
|
||||||
|
# Log file location.
|
||||||
|
#
|
||||||
|
|
||||||
|
. /etc/rc.subr
|
||||||
|
|
||||||
|
name=jenkins
|
||||||
|
desc="Jenkins automation server"
|
||||||
|
rcvar=jenkins_enable
|
||||||
|
|
||||||
|
load_rc_config "${name}"
|
||||||
|
|
||||||
|
: ${jenkins_enable:=NO}
|
||||||
|
: ${jenkins_home="/usr/local/jenkins"}
|
||||||
|
: ${jenkins_args="--webroot=${jenkins_home}/war"}
|
||||||
|
: ${jenkins_java_home="/usr/local/openjdk8"}
|
||||||
|
: ${jenkins_user="jenkins"}
|
||||||
|
: ${jenkins_group="jenkins"}
|
||||||
|
: ${jenkins_log_file="/var/log/jenkins.log"}
|
||||||
|
|
||||||
|
pidfile=/var/run/jenkins/jenkins.pid
|
||||||
|
command=/usr/sbin/daemon
|
||||||
|
java_cmd="${jenkins_java_home}/bin/java"
|
||||||
|
procname="${java_cmd}"
|
||||||
|
command_args="-p ${pidfile} ${java_cmd} -Xmx1g -DJENKINS_HOME=${jenkins_home} ${jenkins_java_opts} -jar /usr/local/share/jenkins/jenkins.war ${jenkins_args} >> ${jenkins_log_file} 2>&1"
|
||||||
|
required_files="${java_cmd}"
|
||||||
|
|
||||||
|
start_precmd=jenkins_prestart
|
||||||
|
start_cmd=jenkins_start
|
||||||
|
|
||||||
|
jenkins_prestart()
|
||||||
|
{
|
||||||
|
if [ ! -f "${jenkins_log_file}" ]; then
|
||||||
|
install -o "${jenkins_user}" -g "${jenkins_group}" -m 640 /dev/null "${jenkins_log_file}"
|
||||||
|
fi
|
||||||
|
if [ ! -d "/var/run/jenkins" ]; then
|
||||||
|
install -d -o "${jenkins_user}" -g "${jenkins_group}" -m 750 "/var/run/jenkins"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
jenkins_start()
|
||||||
|
{
|
||||||
|
check_startmsgs && echo "Starting ${name}."
|
||||||
|
su -l ${jenkins_user} -c "exec ${command} ${command_args} ${rc_arg}"
|
||||||
|
}
|
||||||
|
|
||||||
|
run_rc_command "$1"
|
2
jails/config/common/resolvconf.conf
Normal file
2
jails/config/common/resolvconf.conf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
export search_domains=ahlawat.com
|
||||||
|
export name_servers="192.168.0.5 fd01::5"
|
@ -12,7 +12,7 @@
|
|||||||
# TO_IDENT sets O Timeout.ident=0s - to stop sendmail from making ident connections
|
# TO_IDENT sets O Timeout.ident=0s - to stop sendmail from making ident connections
|
||||||
echo "define(\`SMART_HOST', \`mail')" >> /etc/mail/$HOSTNAME.mc
|
echo "define(\`SMART_HOST', \`mail')" >> /etc/mail/$HOSTNAME.mc
|
||||||
echo "define(\`confDOMAIN_NAME', \`$HOSTNAME')" >> /etc/mail/$HOSTNAME.mc
|
echo "define(\`confDOMAIN_NAME', \`$HOSTNAME')" >> /etc/mail/$HOSTNAME.mc
|
||||||
IP6=`ifconfig -f inet6:cidr | grep "2603:3024:3f6:e1::" | cut -d" " -f 2 | cut -d "/" -f 1`
|
IP6=`ifconfig -f inet6:cidr | grep "fd01::" | cut -d" " -f 2 | cut -d "/" -f 1`
|
||||||
echo "CLIENT_OPTIONS(\`Family=inet6, Address=$IP6')" >> /etc/mail/$HOSTNAME.mc
|
echo "CLIENT_OPTIONS(\`Family=inet6, Address=$IP6')" >> /etc/mail/$HOSTNAME.mc
|
||||||
echo "define(\`confDH_PARAMETERS', \`/mnt/certs/dhparam2048.pem')" >> /etc/mail/$HOSTNAME.mc
|
echo "define(\`confDH_PARAMETERS', \`/mnt/certs/dhparam2048.pem')" >> /etc/mail/$HOSTNAME.mc
|
||||||
echo "define(\`confTO_CONNECT', \`1m')" >> /etc/mail/$HOSTNAME.mc
|
echo "define(\`confTO_CONNECT', \`1m')" >> /etc/mail/$HOSTNAME.mc
|
||||||
|
18
jails/config/dns/update6.sh
Executable file
18
jails/config/dns/update6.sh
Executable file
@ -0,0 +1,18 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
SIM="-s"
|
||||||
|
#SIM=""
|
||||||
|
|
||||||
|
rpl $SIM -v -R "2603:3024:3f6:21::" "2603:3024:3f6:1::" ./namedb
|
||||||
|
rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.2" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1" ./namedb
|
||||||
|
rpl $SIM -v -R "2021030900" "2021031100" ./namedb
|
||||||
|
|
||||||
|
service $SIM named $SIM restart
|
10
jails/config/elk/elasticsearch-xpack.yml
Normal file
10
jails/config/elk/elasticsearch-xpack.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Module: elasticsearch
|
||||||
|
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-elasticsearch.html
|
||||||
|
|
||||||
|
- module: elasticsearch
|
||||||
|
xpack.enabled: true
|
||||||
|
period: 10s
|
||||||
|
hosts: ["https://elk.diyit.org:9200"]
|
||||||
|
#username: "user"
|
||||||
|
#password: "secret"
|
||||||
|
|
@ -19,8 +19,18 @@
|
|||||||
# Xms represents the initial size of total heap space
|
# Xms represents the initial size of total heap space
|
||||||
# Xmx represents the maximum size of total heap space
|
# Xmx represents the maximum size of total heap space
|
||||||
|
|
||||||
-Xms4g
|
-Xmn4G
|
||||||
-Xmx4g
|
-Xms8G
|
||||||
|
-Xmx8G
|
||||||
|
-XX:MaxMetaspaceSize=2G
|
||||||
|
-Xss2G
|
||||||
|
|
||||||
|
-Xnoclassgc
|
||||||
|
-XX:MaxDirectMemorySize=2G
|
||||||
|
|
||||||
|
-XX:InitialRAMPercentage=80
|
||||||
|
-XX:MaxRAMPercentage=80
|
||||||
|
-XX:MinRAMPercentage=80
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
## Expert settings
|
## Expert settings
|
||||||
@ -33,7 +43,7 @@
|
|||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
## GC configuration
|
## GC configuration
|
||||||
8-13:-XX:+UseConcMarkSweepGC
|
8-9:-XX:+UseConcMarkSweepGC
|
||||||
8-13:-XX:CMSInitiatingOccupancyFraction=75
|
8-13:-XX:CMSInitiatingOccupancyFraction=75
|
||||||
8-13:-XX:+UseCMSInitiatingOccupancyOnly
|
8-13:-XX:+UseCMSInitiatingOccupancyOnly
|
||||||
|
|
||||||
@ -43,9 +53,9 @@
|
|||||||
# following three lines to your version of the JDK
|
# following three lines to your version of the JDK
|
||||||
# 10-13:-XX:-UseConcMarkSweepGC
|
# 10-13:-XX:-UseConcMarkSweepGC
|
||||||
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
|
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
|
||||||
14-:-XX:+UseG1GC
|
11-:-XX:+UseG1GC
|
||||||
14-:-XX:G1ReservePercent=25
|
11-:-XX:G1ReservePercent=25
|
||||||
14-:-XX:InitiatingHeapOccupancyPercent=30
|
11-:-XX:InitiatingHeapOccupancyPercent=30
|
||||||
|
|
||||||
## JVM temporary directory
|
## JVM temporary directory
|
||||||
-Djava.io.tmpdir=${ES_TMPDIR}
|
-Djava.io.tmpdir=${ES_TMPDIR}
|
||||||
@ -58,10 +68,10 @@
|
|||||||
|
|
||||||
# specify an alternative path for heap dumps; ensure the directory exists and
|
# specify an alternative path for heap dumps; ensure the directory exists and
|
||||||
# has sufficient space
|
# has sufficient space
|
||||||
-XX:HeapDumpPath=data
|
-XX:HeapDumpPath=/data
|
||||||
|
|
||||||
# specify an alternative path for JVM fatal error logs
|
# specify an alternative path for JVM fatal error logs
|
||||||
-XX:ErrorFile=logs/hs_err_pid%p.log
|
-XX:ErrorFile=/var/log/hs_err_pid%p.log
|
||||||
|
|
||||||
## JDK 8 GC logging
|
## JDK 8 GC logging
|
||||||
8:-XX:+PrintGCDetails
|
8:-XX:+PrintGCDetails
|
||||||
|
10
jails/config/elk/kibana-xpack.yml
Normal file
10
jails/config/elk/kibana-xpack.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Module: kibana
|
||||||
|
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-kibana.html
|
||||||
|
|
||||||
|
- module: kibana
|
||||||
|
xpack.enabled: true
|
||||||
|
period: 10s
|
||||||
|
hosts: ["localhost:5601"]
|
||||||
|
#basepath: ""
|
||||||
|
#username: "user"
|
||||||
|
#password: "secret"
|
189
jails/config/elk/metricbeat.yml
Normal file
189
jails/config/elk/metricbeat.yml
Normal file
@ -0,0 +1,189 @@
|
|||||||
|
###################### Metricbeat Configuration Example #######################
|
||||||
|
|
||||||
|
# This file is an example configuration file highlighting only the most common
|
||||||
|
# options. The metricbeat.reference.yml file from the same directory contains all the
|
||||||
|
# supported options with more comments. You can use it as a reference.
|
||||||
|
#
|
||||||
|
# You can find the full configuration reference here:
|
||||||
|
# https://www.elastic.co/guide/en/beats/metricbeat/index.html
|
||||||
|
|
||||||
|
# =========================== Modules configuration ============================
|
||||||
|
|
||||||
|
metricbeat.config.modules:
|
||||||
|
# Glob pattern for configuration loading
|
||||||
|
path: ${path.config}/metricbeat.modules.d/*.yml
|
||||||
|
|
||||||
|
# Set to true to enable config reloading
|
||||||
|
reload.enabled: false
|
||||||
|
|
||||||
|
# Period on which files under path should be checked for changes
|
||||||
|
#reload.period: 10s
|
||||||
|
|
||||||
|
# ======================= Elasticsearch template setting =======================
|
||||||
|
|
||||||
|
setup.template.settings:
|
||||||
|
index.number_of_shards: 1
|
||||||
|
index.codec: best_compression
|
||||||
|
#_source.enabled: false
|
||||||
|
|
||||||
|
|
||||||
|
# ================================== General ===================================
|
||||||
|
|
||||||
|
# The name of the shipper that publishes the network data. It can be used to group
|
||||||
|
# all the transactions sent by a single shipper in the web interface.
|
||||||
|
#name:
|
||||||
|
|
||||||
|
# The tags of the shipper are included in their own field with each
|
||||||
|
# transaction published.
|
||||||
|
#tags: ["service-X", "web-tier"]
|
||||||
|
|
||||||
|
# Optional fields that you can specify to add additional information to the
|
||||||
|
# output.
|
||||||
|
#fields:
|
||||||
|
# env: staging
|
||||||
|
|
||||||
|
# ================================= Dashboards =================================
|
||||||
|
# These settings control loading the sample dashboards to the Kibana index. Loading
|
||||||
|
# the dashboards is disabled by default and can be enabled either by setting the
|
||||||
|
# options here or by using the `setup` command.
|
||||||
|
#setup.dashboards.enabled: false
|
||||||
|
|
||||||
|
# The URL from where to download the dashboards archive. By default this URL
|
||||||
|
# has a value which is computed based on the Beat name and version. For released
|
||||||
|
# versions, this URL points to the dashboard archive on the artifacts.elastic.co
|
||||||
|
# website.
|
||||||
|
#setup.dashboards.url:
|
||||||
|
|
||||||
|
# =================================== Kibana ===================================
|
||||||
|
|
||||||
|
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
|
||||||
|
# This requires a Kibana endpoint configuration.
|
||||||
|
setup.kibana:
|
||||||
|
|
||||||
|
# Kibana Host
|
||||||
|
# Scheme and port can be left out and will be set to the default (http and 5601)
|
||||||
|
# In case you specify and additional path, the scheme is required: http://localhost:5601/path
|
||||||
|
# IPv6 addresses should always be defined as: https://[2001:db8::1]:5601
|
||||||
|
#host: "localhost:5601"
|
||||||
|
|
||||||
|
# Kibana Space ID
|
||||||
|
# ID of the Kibana Space into which the dashboards should be loaded. By default,
|
||||||
|
# the Default Space will be used.
|
||||||
|
#space.id:
|
||||||
|
|
||||||
|
# =============================== Elastic Cloud ================================
|
||||||
|
|
||||||
|
# These settings simplify using Metricbeat with the Elastic Cloud (https://cloud.elastic.co/).
|
||||||
|
|
||||||
|
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
|
||||||
|
# `setup.kibana.host` options.
|
||||||
|
# You can find the `cloud.id` in the Elastic Cloud web UI.
|
||||||
|
#cloud.id:
|
||||||
|
|
||||||
|
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
|
||||||
|
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
|
||||||
|
#cloud.auth:
|
||||||
|
|
||||||
|
# ================================== Outputs ===================================
|
||||||
|
|
||||||
|
# Configure what output to use when sending the data collected by the beat.
|
||||||
|
|
||||||
|
# ---------------------------- Elasticsearch Output ----------------------------
|
||||||
|
output.elasticsearch:
|
||||||
|
# Array of hosts to connect to.
|
||||||
|
hosts: ["elk.diyit.org:9200"]
|
||||||
|
|
||||||
|
# Protocol - either `http` (default) or `https`.
|
||||||
|
protocol: "https"
|
||||||
|
|
||||||
|
# Authentication credentials - either API key or username/password.
|
||||||
|
#api_key: "id:api_key"
|
||||||
|
#username: "elastic"
|
||||||
|
#password: "changeme"
|
||||||
|
|
||||||
|
# ------------------------------ Logstash Output -------------------------------
|
||||||
|
#output.logstash:
|
||||||
|
# The Logstash hosts
|
||||||
|
#hosts: ["localhost:5044"]
|
||||||
|
|
||||||
|
# Optional SSL. By default is off.
|
||||||
|
# List of root certificates for HTTPS server verifications
|
||||||
|
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
|
||||||
|
|
||||||
|
# Certificate for SSL client authentication
|
||||||
|
#ssl.certificate: "/etc/pki/client/cert.pem"
|
||||||
|
|
||||||
|
# Client Certificate Key
|
||||||
|
#ssl.key: "/etc/pki/client/cert.key"
|
||||||
|
|
||||||
|
# ================================= Processors =================================
|
||||||
|
|
||||||
|
# Configure processors to enhance or manipulate events generated by the beat.
|
||||||
|
|
||||||
|
processors:
|
||||||
|
- add_host_metadata: ~
|
||||||
|
- add_cloud_metadata: ~
|
||||||
|
# - add_docker_metadata: ~
|
||||||
|
# - add_kubernetes_metadata: ~
|
||||||
|
|
||||||
|
|
||||||
|
# ================================== Logging ===================================
|
||||||
|
|
||||||
|
# Sets log level. The default log level is info.
|
||||||
|
# Available log levels are: error, warning, info, debug
|
||||||
|
#logging.level: debug
|
||||||
|
|
||||||
|
# At debug level, you can selectively enable logging only for some components.
|
||||||
|
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
|
||||||
|
# "publish", "service".
|
||||||
|
#logging.selectors: ["*"]
|
||||||
|
|
||||||
|
# ============================= X-Pack Monitoring ==============================
|
||||||
|
# Metricbeat can export internal metrics to a central Elasticsearch monitoring
|
||||||
|
# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The
|
||||||
|
# reporting is disabled by default.
|
||||||
|
|
||||||
|
# Set to true to enable the monitoring reporter.
|
||||||
|
#monitoring.enabled: false
|
||||||
|
|
||||||
|
# Sets the UUID of the Elasticsearch cluster under which monitoring data for this
|
||||||
|
# Metricbeat instance will appear in the Stack Monitoring UI. If output.elasticsearch
|
||||||
|
# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch.
|
||||||
|
#monitoring.cluster_uuid:
|
||||||
|
|
||||||
|
# Uncomment to send the metrics to Elasticsearch. Most settings from the
|
||||||
|
# Elasticsearch output are accepted here as well.
|
||||||
|
# Note that the settings should point to your Elasticsearch *monitoring* cluster.
|
||||||
|
# Any setting that is not set is automatically inherited from the Elasticsearch
|
||||||
|
# output configuration, so if you have the Elasticsearch output configured such
|
||||||
|
# that it is pointing to your Elasticsearch monitoring cluster, you can simply
|
||||||
|
# uncomment the following line.
|
||||||
|
#monitoring.elasticsearch:
|
||||||
|
|
||||||
|
# ============================== Instrumentation ===============================
|
||||||
|
|
||||||
|
# Instrumentation support for the metricbeat.
|
||||||
|
#instrumentation:
|
||||||
|
# Set to true to enable instrumentation of metricbeat.
|
||||||
|
#enabled: false
|
||||||
|
|
||||||
|
# Environment in which metricbeat is running on (eg: staging, production, etc.)
|
||||||
|
#environment: ""
|
||||||
|
|
||||||
|
# APM Server hosts to report instrumentation results to.
|
||||||
|
#hosts:
|
||||||
|
# - http://localhost:8200
|
||||||
|
|
||||||
|
# API Key for the APM Server(s).
|
||||||
|
# If api_key is set then secret_token will be ignored.
|
||||||
|
#api_key:
|
||||||
|
|
||||||
|
# Secret token for the APM Server(s).
|
||||||
|
#secret_token:
|
||||||
|
|
||||||
|
|
||||||
|
# ================================= Migration ==================================
|
||||||
|
|
||||||
|
# This allows to enable 6.7 migration aliases
|
||||||
|
#migration.6_to_7.enabled: true
|
||||||
|
|
4
jails/config/hass/hass-upgrade.sh
Executable file
4
jails/config/hass/hass-upgrade.sh
Executable file
@ -0,0 +1,4 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
source /data/homeassistant/bin/activate
|
||||||
|
#pip install --upgrade git+git://github.com/home-assistant/home-assistant.git@dev
|
||||||
|
pip install --upgrade homeassistant
|
@ -23,21 +23,21 @@ FILES="/var/log/auth.log"
|
|||||||
#### OPTIONS ####
|
#### OPTIONS ####
|
||||||
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
||||||
# Most attacks have a score of 10. (optional, default 30)
|
# Most attacks have a score of 10. (optional, default 30)
|
||||||
THRESHOLD=30
|
THRESHOLD=10
|
||||||
|
|
||||||
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
||||||
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
|
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
|
||||||
BLOCK_TIME=120
|
BLOCK_TIME=1200
|
||||||
|
|
||||||
# Remember potential attackers for up to DETECTION_TIME seconds before
|
# Remember potential attackers for up to DETECTION_TIME seconds before
|
||||||
# resetting their score. (optional, default 1800)
|
# resetting their score. (optional, default 1800)
|
||||||
DETECTION_TIME=1800
|
DETECTION_TIME=18000
|
||||||
|
|
||||||
# Size of IPv6 'subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
|
# Size of IPv6 'subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
|
||||||
IPV6_SUBNET=128
|
IPV6_SUBNET=64
|
||||||
|
|
||||||
# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
|
# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
|
||||||
IPV4_SUBNET=32
|
IPV4_SUBNET=24
|
||||||
|
|
||||||
#### EXTRAS ####
|
#### EXTRAS ####
|
||||||
# !! Warning: These features may not work correctly with sandboxing. !!
|
# !! Warning: These features may not work correctly with sandboxing. !!
|
||||||
|
@ -63,8 +63,8 @@ $cmd 01300 check-state
|
|||||||
# Allow access to DNS
|
# Allow access to DNS
|
||||||
$cmd 02110 $skip tcp from any to 192.168.0.5 53 out via $rif setup keep-state
|
$cmd 02110 $skip tcp from any to 192.168.0.5 53 out via $rif setup keep-state
|
||||||
$cmd 02111 $skip udp from any to 192.168.0.5 53 out via $rif keep-state
|
$cmd 02111 $skip udp from any to 192.168.0.5 53 out via $rif keep-state
|
||||||
$cmd 02112 $skip tcp from any to 2603:3024:3f6:e1::5 53 out via $rif setup keep-state
|
$cmd 02112 $skip tcp from any to fd01::5 53 out via $rif setup keep-state
|
||||||
$cmd 02113 $skip udp from any to 2603:3024:3f6:e1::5 53 out via $rif keep-state
|
$cmd 02113 $skip udp from any to fd01::5 53 out via $rif keep-state
|
||||||
|
|
||||||
# Allow access to ISP's DHCP server for cable/DSL configurations.
|
# Allow access to ISP's DHCP server for cable/DSL configurations.
|
||||||
# Use the first rule and check log for IP address.
|
# Use the first rule and check log for IP address.
|
||||||
|
12
jails/config/jump/branding/css/login-override.css
Normal file
12
jails/config/jump/branding/css/login-override.css
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
.login-ui .login-dialog .logo {
|
||||||
|
background-image: url('app/ext/tempnamespace/images/logo-placeholder.png');
|
||||||
|
width: 5em;
|
||||||
|
-webkit-background-size: 5em auto;
|
||||||
|
}
|
||||||
|
div.login-ui {
|
||||||
|
background: #666;
|
||||||
|
background-color: #666;
|
||||||
|
}
|
||||||
|
.login-ui .login-dialog {
|
||||||
|
background-color: white;
|
||||||
|
}
|
20
jails/config/jump/branding/guac-manifest.json
Normal file
20
jails/config/jump/branding/guac-manifest.json
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
"guacamoleVersion" : "*",
|
||||||
|
"name" : "Tempname",
|
||||||
|
"namespace" : "tempnamespace",
|
||||||
|
"translations" : [
|
||||||
|
"translations/en.json"
|
||||||
|
],
|
||||||
|
|
||||||
|
"css" : [
|
||||||
|
"css/login-override.css"
|
||||||
|
],
|
||||||
|
|
||||||
|
"html" : [
|
||||||
|
"loginDisclaimer.html"
|
||||||
|
],
|
||||||
|
|
||||||
|
"resources" : {
|
||||||
|
"images/logo-placeholder.png" : "image/png"
|
||||||
|
}
|
||||||
|
}
|
BIN
jails/config/jump/branding/images/logo-placeholder.png
Normal file
BIN
jails/config/jump/branding/images/logo-placeholder.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 8.5 KiB |
6
jails/config/jump/branding/loginDisclaimer.html
Normal file
6
jails/config/jump/branding/loginDisclaimer.html
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<meta name="after" content=".login-ui .login-dialog">
|
||||||
|
|
||||||
|
<div class="welcome">
|
||||||
|
Ahlawat Network's Remote Access Server
|
||||||
|
<p>Restricted Access - only use if you have permission<p>
|
||||||
|
</div>
|
5
jails/config/jump/branding/translations/en.json
Normal file
5
jails/config/jump/branding/translations/en.json
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"APP":{
|
||||||
|
"NAME" : "Ahlawat Net RAS"
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,12 @@
|
|||||||
|
.login-ui .login-dialog .logo {
|
||||||
|
background-image: url('app/ext/tempnamespace/images/logo-placeholder.png');
|
||||||
|
width: 5em;
|
||||||
|
-webkit-background-size: 5em auto;
|
||||||
|
}
|
||||||
|
div.login-ui {
|
||||||
|
background: #666;
|
||||||
|
background-color: #666;
|
||||||
|
}
|
||||||
|
.login-ui .login-dialog {
|
||||||
|
background-color: white;
|
||||||
|
}
|
@ -0,0 +1,20 @@
|
|||||||
|
{
|
||||||
|
"guacamoleVersion" : "*",
|
||||||
|
"name" : "Tempname",
|
||||||
|
"namespace" : "tempnamespace",
|
||||||
|
"translations" : [
|
||||||
|
"translations/en.json"
|
||||||
|
],
|
||||||
|
|
||||||
|
"css" : [
|
||||||
|
"css/login-override.css"
|
||||||
|
],
|
||||||
|
|
||||||
|
"html" : [
|
||||||
|
"loginDisclaimer.html"
|
||||||
|
],
|
||||||
|
|
||||||
|
"resources" : {
|
||||||
|
"images/logo-placeholder.png" : "image/png"
|
||||||
|
}
|
||||||
|
}
|
Binary file not shown.
After Width: | Height: | Size: 8.5 KiB |
@ -0,0 +1,6 @@
|
|||||||
|
<meta name="after" content=".login-ui .login-dialog">
|
||||||
|
|
||||||
|
<div class="welcome">
|
||||||
|
Ahlawat Network's Remote Access Server
|
||||||
|
<p>Restricted Access - only use if you have permission<p>
|
||||||
|
</div>
|
@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
"APP":{
|
||||||
|
"NAME" : "Ahlawat Net RAS"
|
||||||
|
}
|
||||||
|
}
|
BIN
jails/config/jump/guacamole-client/extensions/branding.jar
Normal file
BIN
jails/config/jump/guacamole-client/extensions/branding.jar
Normal file
Binary file not shown.
Binary file not shown.
@ -34,14 +34,14 @@
|
|||||||
<param name="port">22</param>
|
<param name="port">22</param>
|
||||||
<param name="font-name">monospace</param>
|
<param name="font-name">monospace</param>
|
||||||
</connection>
|
</connection>
|
||||||
<connection name="vnc-rpi3">
|
<connection name="vnc-rpi">
|
||||||
<protocol>vnc</protocol>
|
<protocol>vnc</protocol>
|
||||||
<param name="hostname">192.168.200.192</param>
|
<param name="hostname">192.168.200.192</param>
|
||||||
<param name="port">5901</param>
|
<param name="port">5901</param>
|
||||||
<param name="password">vncpass</param>
|
<param name="password">vncpass</param>
|
||||||
<param name="color-depth">24</param>
|
<param name="color-depth">24</param>
|
||||||
</connection>
|
</connection>
|
||||||
<connection name="ssh-rpi3">
|
<connection name="ssh-rpi">
|
||||||
<protocol>ssh</protocol>
|
<protocol>ssh</protocol>
|
||||||
<param name="hostname">192.168.200.192</param>
|
<param name="hostname">192.168.200.192</param>
|
||||||
<param name="port">22</param>
|
<param name="port">22</param>
|
||||||
@ -58,14 +58,14 @@
|
|||||||
<authorize username="inseego" password="7cc6a3864acc736437f606146083abad" encoding="md5">
|
<authorize username="inseego" password="7cc6a3864acc736437f606146083abad" encoding="md5">
|
||||||
<connection name="vnc">
|
<connection name="vnc">
|
||||||
<protocol>vnc</protocol>
|
<protocol>vnc</protocol>
|
||||||
<param name="hostname">192.168.200.212</param>
|
<param name="hostname">192.168.200.192</param>
|
||||||
<param name="port">5901</param>
|
<param name="port">5901</param>
|
||||||
<param name="password">vncpass</param>
|
<param name="password">vncpass</param>
|
||||||
<param name="color-depth">24</param>
|
<param name="color-depth">24</param>
|
||||||
</connection>
|
</connection>
|
||||||
<connection name="ssh">
|
<connection name="ssh">
|
||||||
<protocol>ssh</protocol>
|
<protocol>ssh</protocol>
|
||||||
<param name="hostname">192.168.200.212</param>
|
<param name="hostname">192.168.200.192</param>
|
||||||
<param name="port">22</param>
|
<param name="port">22</param>
|
||||||
<param name="font-name">monospace</param>
|
<param name="font-name">monospace</param>
|
||||||
</connection>
|
</connection>
|
||||||
|
@ -578,6 +578,16 @@ Include etc/apache24/Includes/*.conf
|
|||||||
Require all granted
|
Require all granted
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
Alias /ssp "/usr/local/www/self-service-password"
|
||||||
|
<Directory "/usr/local/www/self-service-password">
|
||||||
|
AllowOverride None
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
<Directory "/usr/local/www/self-service-password/scripts">
|
||||||
|
AllowOverride None
|
||||||
|
Require all denied
|
||||||
|
</Directory>
|
||||||
|
|
||||||
ErrorLog "/var/log/ssl-error.log"
|
ErrorLog "/var/log/ssl-error.log"
|
||||||
CustomLog "/var/log/ssl-access_log" combined
|
CustomLog "/var/log/ssl-access_log" combined
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
6
jails/config/ldap-mgr/index.html
Normal file
6
jails/config/ldap-mgr/index.html
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
<head>
|
||||||
|
<meta http-equiv="refresh" content="0; URL=https://ldap-mgr.ahlawat.com/ssp" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<p>If you are not redirected in zero seconds, <a href="https://ldap-mgr.ahlawat.com/ssp">click here</a>.</p>
|
||||||
|
</body>
|
@ -797,8 +797,10 @@ smtpd_sender_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_n
|
|||||||
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
|
||||||
# !!! THE LAST SETTING PREVENTS YOU FROM BEING AN OPEN RELAY !!!
|
# !!! THE LAST SETTING PREVENTS YOU FROM BEING AN OPEN RELAY !!!
|
||||||
# !!! DO NOT REMOVE IT UNDER ANY CIRCUMSTANCES !!!
|
# !!! DO NOT REMOVE IT UNDER ANY CIRCUMSTANCES !!!
|
||||||
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unverified_recipient
|
smtpd_recipient_restrictions = permit_mynetworks,check_recipient_access hash:/usr/local/etc/postfix/protected_destinations,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unverified_recipient
|
||||||
smtpd_data_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_multi_recipient_bounce,reject_unauth_pipelining
|
smtpd_data_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_multi_recipient_bounce,reject_unauth_pipelining
|
||||||
|
smtpd_restriction_classes = good_senders_only
|
||||||
|
good_senders_only = check_sender_access hash:/usr/local/etc/postfix/restricted_senders,permit
|
||||||
|
|
||||||
# deliver mail for virtual users to Dovecot's LMTP socket
|
# deliver mail for virtual users to Dovecot's LMTP socket
|
||||||
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
virtual_transport = lmtp:unix:private/dovecot-lmtp
|
||||||
|
4
jails/config/mail/postfix/protected_destinations
Normal file
4
jails/config/mail/postfix/protected_destinations
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# not everyone can send to these destinations
|
||||||
|
# we restrict some of them
|
||||||
|
|
||||||
|
ahlawat.com good_senders_only
|
@ -1,10 +1,13 @@
|
|||||||
# update aliases.db
|
# update aliases.db
|
||||||
newaliases
|
newaliases
|
||||||
|
|
||||||
#rm /usr/local/etc/postfix/system-virtual-mailboxes.db
|
|
||||||
#postmap /usr/local/etc/postfix/system-virtual-mailboxes
|
|
||||||
|
|
||||||
rm /usr/local/etc/postfix/virtual-maillist-alias-maps.db
|
rm /usr/local/etc/postfix/virtual-maillist-alias-maps.db
|
||||||
postmap /usr/local/etc/postfix/virtual-maillist-alias-maps
|
postmap /usr/local/etc/postfix/virtual-maillist-alias-maps
|
||||||
|
|
||||||
|
rm /usr/local/etc/postfix/protected_destinations.db
|
||||||
|
postmap /usr/local/etc/postfix/protected_destinations
|
||||||
|
|
||||||
|
rm /usr/local/etc/postfix/restricted_senders.db
|
||||||
|
postmap /usr/local/etc/postfix/restricted_senders
|
||||||
|
|
||||||
service postfix reload
|
service postfix reload
|
||||||
|
5
jails/config/mail/postfix/restricted_senders
Normal file
5
jails/config/mail/postfix/restricted_senders
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# We do not want mail from these folks, generally
|
||||||
|
|
||||||
|
cyou REJECT 521
|
||||||
|
qq.com REJECT 521
|
||||||
|
163.com REJECT 521
|
@ -14,30 +14,30 @@
|
|||||||
|
|
||||||
. /etc/rc.subr
|
. /etc/rc.subr
|
||||||
|
|
||||||
: ${mapsserver_enable="NO"}
|
: ${maps_enable="NO"}
|
||||||
|
|
||||||
name=mapsserver
|
name=maps
|
||||||
rcvar=${name}_enable
|
rcvar=${name}_enable
|
||||||
|
|
||||||
start_cmd="${name}_start"
|
start_cmd="${name}_start"
|
||||||
stop_cmd="${name}_stop"
|
stop_cmd="${name}_stop"
|
||||||
restart_cmd="${name}_restart"
|
restart_cmd="${name}_restart"
|
||||||
|
|
||||||
mapsserver_start()
|
maps_start()
|
||||||
{
|
{
|
||||||
cd /data/networkmaps; ./server.js --config /usr/local/etc/networkmaps/config.json &
|
cd /data/networkmaps; ./server.js --config /usr/local/etc/networkmaps/config.json &
|
||||||
cd /data/networkmaps; ./smtp_daemon.js --config /usr/local/etc/networkmaps/config.json &
|
cd /data/networkmaps; ./smtp_daemon.js --config /usr/local/etc/networkmaps/config.json &
|
||||||
}
|
}
|
||||||
|
|
||||||
mapsserver_stop()
|
maps_stop()
|
||||||
{
|
{
|
||||||
ps ax | grep -ie server.js | grep -v grep | awk '{print $1}' | xargs kill -9
|
ps ax | grep -ie server.js | grep -v grep | awk '{print $1}' | xargs kill -9
|
||||||
ps ax | grep -ie smtp_daemon.js | grep -v grep | awk '{print $1}' | xargs kill -9
|
ps ax | grep -ie smtp_daemon.js | grep -v grep | awk '{print $1}' | xargs kill -9
|
||||||
}
|
}
|
||||||
mapsserver_restart()
|
maps_restart()
|
||||||
{
|
{
|
||||||
mapsserver_stop
|
maps_stop
|
||||||
mapsserver_start
|
maps_start
|
||||||
}
|
}
|
||||||
|
|
||||||
load_rc_config ${name}
|
load_rc_config ${name}
|
||||||
|
@ -1,9 +1,46 @@
|
|||||||
|
# $FreeBSD: releng/12.2/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
|
||||||
|
#
|
||||||
|
# Host Database
|
||||||
|
#
|
||||||
|
# This file should contain the addresses and aliases for local hosts that
|
||||||
|
# share this file. Replace 'my.domain' below with the domainname of your
|
||||||
|
# machine.
|
||||||
|
#
|
||||||
|
# In the presence of the domain name service or NIS, this file may
|
||||||
|
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
|
||||||
|
#
|
||||||
|
#
|
||||||
|
::1 localhost localhost.my.domain
|
||||||
|
127.0.0.1 localhost localhost.my.domain meet
|
||||||
|
#
|
||||||
|
# Imaginary network.
|
||||||
|
#10.0.0.2 myname.my.domain myname
|
||||||
|
#10.0.0.3 myfriend.my.domain myfriend
|
||||||
|
#
|
||||||
|
# According to RFC 1918, you can use the following IP networks for
|
||||||
|
# private nets which will never be connected to the Internet:
|
||||||
|
#
|
||||||
|
# 10.0.0.0 - 10.255.255.255
|
||||||
|
# 172.16.0.0 - 172.31.255.255
|
||||||
|
# 192.168.0.0 - 192.168.255.255
|
||||||
|
#
|
||||||
|
# In case you want to be able to connect to the Internet, you need
|
||||||
|
# real official assigned numbers. Do not try to invent your own network
|
||||||
|
# numbers but instead get one from your network provider (if any) or
|
||||||
|
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
|
||||||
|
#
|
||||||
|
192.168.0.67 meet
|
||||||
|
192.168.0.67 meet meet.ahlawat.com
|
||||||
|
fd01::67 meet meet.ahlawat.com
|
||||||
|
|
||||||
192.168.0.67 auth.meet.ahlawat.com
|
192.168.0.67 auth.meet.ahlawat.com
|
||||||
2603:3024:3f6:e1::67 auth.meet.ahlawat.com
|
fd01::67 auth.meet.ahlawat.com
|
||||||
|
|
||||||
192.168.0.67 confrence.meet.ahlawat.com
|
192.168.0.67 confrence.meet.ahlawat.com
|
||||||
2603:3024:3f6:e1::67 conference.meet.ahlawat.com
|
fd01::67 conference.meet.ahlawat.com
|
||||||
|
|
||||||
192.168.0.67 focus.meet.ahlawat.com
|
192.168.0.67 focus.meet.ahlawat.com
|
||||||
2603:3024:3f6:e1::67 focus.meet.ahlawat.com
|
fd01::67 focus.meet.ahlawat.com
|
||||||
|
|
||||||
192.168.0.67 jistsi-videobridge.meet.ahlawat.com
|
192.168.0.67 jistsi-videobridge.meet.ahlawat.com
|
||||||
2603:3024:3f6:e1::67 jitsi-videobridge.meet.ahlawat.com
|
fd01::67 jitsi-videobridge.meet.ahlawat.com
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
-- blanks. Good luck, and happy Jabbering!
|
-- blanks. Good luck, and happy Jabbering!
|
||||||
|
|
||||||
pidfile = "/var/run/prosody/prosody.pid"
|
pidfile = "/var/run/prosody/prosody.pid"
|
||||||
-- interfaces = { "192.168.0.67", "2603:3024:3f6:e1::67" }
|
-- interfaces = { "192.168.0.67", "fd01::67" }
|
||||||
|
|
||||||
---------- Server-wide settings ----------
|
---------- Server-wide settings ----------
|
||||||
-- Settings in this section apply to the whole server and are the default settings
|
-- Settings in this section apply to the whole server and are the default settings
|
||||||
|
@ -17,7 +17,7 @@ http {
|
|||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
aio on;
|
aio on;
|
||||||
|
|
||||||
resolver 192.168.0.5 [2603:3024:3f6:e1::5];
|
resolver 192.168.0.5 [fd01::5];
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Connection "";
|
proxy_set_header Connection "";
|
||||||
@ -182,7 +182,7 @@ http {
|
|||||||
listen [::]:8013;
|
listen [::]:8013;
|
||||||
server_name localhost;
|
server_name localhost;
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://update3.FreeBSD.org;
|
proxy_pass http://update5.FreeBSD.org;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
|
@ -66,7 +66,7 @@ frontend ft
|
|||||||
# prevent browser from using non-secure
|
# prevent browser from using non-secure
|
||||||
http-response add-header Strict-Transport-Security: max-age=15768000
|
http-response add-header Strict-Transport-Security: max-age=15768000
|
||||||
|
|
||||||
acl network_allowed src 192.168.0.0/24 192.168.100.0/24 2603:3024:3f6:e1::/64
|
acl network_allowed src 192.168.0.0/24 fd01::/64
|
||||||
acl restricted_page path -i -m sub /wp-admin
|
acl restricted_page path -i -m sub /wp-admin
|
||||||
acl restricted_page path -i -m sub /wp-login
|
acl restricted_page path -i -m sub /wp-login
|
||||||
http-request deny if restricted_page !network_allowed
|
http-request deny if restricted_page !network_allowed
|
||||||
@ -80,7 +80,6 @@ frontend ft
|
|||||||
use_backend bk_ahlawat-nivi if { ssl_fc_sni nivedita.ahlawat.com }
|
use_backend bk_ahlawat-nivi if { ssl_fc_sni nivedita.ahlawat.com }
|
||||||
use_backend bk_ahlawat-rishabh if { ssl_fc_sni rishabh.ahlawat.com }
|
use_backend bk_ahlawat-rishabh if { ssl_fc_sni rishabh.ahlawat.com }
|
||||||
|
|
||||||
# use_backend bk_ahlawat-book if { ssl_fc_sni book.ahlawat.com }
|
|
||||||
use_backend bk_ahlawat-book-443 if { ssl_fc_sni book.ahlawat.com }
|
use_backend bk_ahlawat-book-443 if { ssl_fc_sni book.ahlawat.com }
|
||||||
use_backend bk_ahlawat-book-444 if { ssl_fc_sni book1.ahlawat.com }
|
use_backend bk_ahlawat-book-444 if { ssl_fc_sni book1.ahlawat.com }
|
||||||
use_backend bk_ahlawat-book-445 if { ssl_fc_sni book2.ahlawat.com }
|
use_backend bk_ahlawat-book-445 if { ssl_fc_sni book2.ahlawat.com }
|
||||||
@ -93,6 +92,7 @@ frontend ft
|
|||||||
use_backend bk_ahlawat-meet if { ssl_fc_sni meet.ahlawat.com }
|
use_backend bk_ahlawat-meet if { ssl_fc_sni meet.ahlawat.com }
|
||||||
use_backend bk_ahlawat-monitor if { ssl_fc_sni monitor.ahlawat.com }
|
use_backend bk_ahlawat-monitor if { ssl_fc_sni monitor.ahlawat.com }
|
||||||
use_backend bk_ahlawat-jump if { ssl_fc_sni jump.ahlawat.com }
|
use_backend bk_ahlawat-jump if { ssl_fc_sni jump.ahlawat.com }
|
||||||
|
use_backend bk_ahlawat-hass if { ssl_fc_sni hass.ahlawat.com }
|
||||||
|
|
||||||
use_backend bk_diyit if { ssl_fc_sni diyit.org }
|
use_backend bk_diyit if { ssl_fc_sni diyit.org }
|
||||||
use_backend bk_diyit if { ssl_fc_sni www.diyit.org }
|
use_backend bk_diyit if { ssl_fc_sni www.diyit.org }
|
||||||
@ -113,6 +113,7 @@ frontend ft
|
|||||||
use_backend bk_beyondbell-ci if { ssl_fc_sni ci.beyondbell.com }
|
use_backend bk_beyondbell-ci if { ssl_fc_sni ci.beyondbell.com }
|
||||||
use_backend bk_beyondbell-git if { ssl_fc_sni git.beyondbell.com }
|
use_backend bk_beyondbell-git if { ssl_fc_sni git.beyondbell.com }
|
||||||
use_backend bk_beyondbell-repo if { ssl_fc_sni repo.beyondbell.com }
|
use_backend bk_beyondbell-repo if { ssl_fc_sni repo.beyondbell.com }
|
||||||
|
use_backend bk_beyondbell-dashboard if { ssl_fc_sni dashboard.beyondbell.com }
|
||||||
use_backend bk_beyondbell-web-moonglade if { ssl_fc_sni moonglade.beyondbell.com }
|
use_backend bk_beyondbell-web-moonglade if { ssl_fc_sni moonglade.beyondbell.com }
|
||||||
use_backend bk_beyondbell-web-moonglade-private if { ssl_fc_sni moonglade-private.beyondbell.com }
|
use_backend bk_beyondbell-web-moonglade-private if { ssl_fc_sni moonglade-private.beyondbell.com }
|
||||||
use_backend bk_beyondbell-r-windows if { ssl_fc_sni moonglade-server.beyondbell.com }
|
use_backend bk_beyondbell-r-windows if { ssl_fc_sni moonglade-server.beyondbell.com }
|
||||||
@ -131,7 +132,7 @@ backend bk_ahlawat
|
|||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-sharad
|
backend bk_ahlawat-sharad
|
||||||
balance roundrobin
|
# balance roundrobin
|
||||||
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
@ -154,26 +155,24 @@ backend bk_ahlawat-rishabh
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
#backend bk_ahlawat-book
|
|
||||||
# server srv1 bookx.ahlawat.com:443 check ssl verify none
|
|
||||||
|
|
||||||
backend bk_ahlawat-book-443
|
backend bk_ahlawat-book-443
|
||||||
# server srv1 2603:3024:3f6:e1::57:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
server srv1 bookx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-book-444
|
backend bk_ahlawat-book-444
|
||||||
# server srv1 2603:3024:3f6:e1::57:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
server srv1 bookx.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:444 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-book-445
|
backend bk_ahlawat-book-445
|
||||||
# server srv1 2603:3024:3f6:e1::57:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
server srv1 bookx.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 bookx.ahlawat.com:445 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-cam
|
backend bk_ahlawat-cam
|
||||||
server srv1 192.168.0.54:8765 check
|
server srv1 192.168.0.54:8765 check
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_ahlawat-ci
|
backend bk_ahlawat-ci
|
||||||
@ -215,6 +214,12 @@ backend bk_ahlawat-monitor
|
|||||||
|
|
||||||
backend bk_ahlawat-jump
|
backend bk_ahlawat-jump
|
||||||
server srv1 jumpx.ahlawat.com:8080 check
|
server srv1 jumpx.ahlawat.com:8080 check
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
backend bk_ahlawat-hass
|
||||||
|
server srv1 hassx.ahlawat.com:8123 check
|
||||||
|
server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
|
||||||
@ -239,9 +244,6 @@ backend bk_diyit-kibana
|
|||||||
|
|
||||||
backend bk_diyit-maps
|
backend bk_diyit-maps
|
||||||
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
|
server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
# server srv1 mapsx.diyit.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
# server srv2 web.diyit.org:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
|
||||||
# http-response add-header X-Frame-Options: SAMEORIGIN
|
# http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
|
|
||||||
@ -281,6 +283,12 @@ backend bk_beyondbell-repo
|
|||||||
# http-response del-header Strict-Transport-Security
|
# http-response del-header Strict-Transport-Security
|
||||||
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
|
# http-response add-header Content-Security-Policy: upgrade-insecure-requests
|
||||||
|
|
||||||
|
backend bk_beyondbell-dashboard
|
||||||
|
http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2
|
||||||
|
http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2
|
||||||
|
server srv1 192.168.0.92:8080
|
||||||
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_beyondbell-web-moonglade
|
backend bk_beyondbell-web-moonglade
|
||||||
server srv1 192.168.0.74:8000
|
server srv1 192.168.0.74:8000
|
||||||
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
@ -297,6 +305,6 @@ backend bk_beyondbell-r-windows
|
|||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
|
||||||
backend bk_beyondbell-windows
|
backend bk_beyondbell-windows
|
||||||
server srv1 192.168.0.81:26900 check
|
server srv1 192.168.0.81:26900
|
||||||
server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2
|
||||||
http-response add-header X-Frame-Options: SAMEORIGIN
|
http-response add-header X-Frame-Options: SAMEORIGIN
|
||||||
|
@ -28,6 +28,11 @@ ifconfig bridge9 addm tap2082 up
|
|||||||
ifconfig tap2082 up
|
ifconfig tap2082 up
|
||||||
ifconfig tap2082 inet6 auto_linklocal
|
ifconfig tap2082 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap4882 create
|
||||||
|
ifconfig bridge48 addm tap4882 up
|
||||||
|
ifconfig tap4882 up
|
||||||
|
ifconfig tap4882 inet6 auto_linklocal
|
||||||
|
|
||||||
ifconfig tap83 create
|
ifconfig tap83 create
|
||||||
ifconfig bridge1 addm tap83 up
|
ifconfig bridge1 addm tap83 up
|
||||||
ifconfig tap83 up
|
ifconfig tap83 up
|
||||||
@ -58,6 +63,11 @@ ifconfig bridge9 addm tap2086 up
|
|||||||
ifconfig tap2086 up
|
ifconfig tap2086 up
|
||||||
ifconfig tap2086 inet6 auto_linklocal
|
ifconfig tap2086 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap4886 create
|
||||||
|
ifconfig bridge48 addm tap4886 up
|
||||||
|
ifconfig tap4886 up
|
||||||
|
ifconfig tap4886 inet6 auto_linklocal
|
||||||
|
|
||||||
ifconfig tap90 create
|
ifconfig tap90 create
|
||||||
ifconfig bridge1 addm tap90 up
|
ifconfig bridge1 addm tap90 up
|
||||||
ifconfig tap90 up
|
ifconfig tap90 up
|
||||||
@ -83,6 +93,11 @@ ifconfig bridge9 addm tap2097 up
|
|||||||
ifconfig tap2097 up
|
ifconfig tap2097 up
|
||||||
ifconfig tap2097 inet6 auto_linklocal
|
ifconfig tap2097 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap4897 create
|
||||||
|
ifconfig bridge48 addm tap4897 up
|
||||||
|
ifconfig tap4897 up
|
||||||
|
ifconfig tap4897 inet6 auto_linklocal
|
||||||
|
|
||||||
ifconfig tap96 create
|
ifconfig tap96 create
|
||||||
ifconfig bridge1 addm tap96 up
|
ifconfig bridge1 addm tap96 up
|
||||||
ifconfig tap96 up
|
ifconfig tap96 up
|
||||||
@ -97,3 +112,8 @@ ifconfig tap2096 create
|
|||||||
ifconfig bridge9 addm tap2096 up
|
ifconfig bridge9 addm tap2096 up
|
||||||
ifconfig tap2096 up
|
ifconfig tap2096 up
|
||||||
ifconfig tap2096 inet6 auto_linklocal
|
ifconfig tap2096 inet6 auto_linklocal
|
||||||
|
|
||||||
|
ifconfig tap4896 create
|
||||||
|
ifconfig bridge48 addm tap4896 up
|
||||||
|
ifconfig tap4896 up
|
||||||
|
ifconfig tap4896 inet6 auto_linklocal
|
||||||
|
@ -22,6 +22,7 @@ bhyve -c 4 -m 16G -A -H -P \
|
|||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-a \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-a \
|
||||||
-s 5,virtio-net,tap97,mac=00:0A:0B:0C:0D:97 \
|
-s 5,virtio-net,tap97,mac=00:0A:0B:0C:0D:97 \
|
||||||
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-a_data \
|
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-a_data \
|
||||||
|
-s 7,virtio-net,tap4897,mac=00:0A:0B:0C:7D:97 \
|
||||||
-s 8,virtio-net,tap1097,mac=00:0A:0B:0C:8D:97 \
|
-s 8,virtio-net,tap1097,mac=00:0A:0B:0C:8D:97 \
|
||||||
-s 9,virtio-net,tap2097,mac=00:0A:0B:0C:9D:97 \
|
-s 9,virtio-net,tap2097,mac=00:0A:0B:0C:9D:97 \
|
||||||
-s 29,fbuf,tcp=0.0.0.0:5997,w=1600,h=900 \
|
-s 29,fbuf,tcp=0.0.0.0:5997,w=1600,h=900 \
|
||||||
@ -59,12 +60,3 @@ exit $?
|
|||||||
#on base system:
|
#on base system:
|
||||||
#zfs create -V 32G -o refreservation=none ship/raw/cvm-a - docker partition
|
#zfs create -V 32G -o refreservation=none ship/raw/cvm-a - docker partition
|
||||||
#zfs create -V 128G -o refreservation=none ship/raw/cvm-a_data - root partition
|
#zfs create -V 128G -o refreservation=none ship/raw/cvm-a_data - root partition
|
||||||
# on boot
|
|
||||||
#ifconfig tap97 create
|
|
||||||
#ifconfig bridge1 addm tap97 up
|
|
||||||
#ifconfig tap97 up
|
|
||||||
#ifconfig tap97 inet6 auto_linklocal
|
|
||||||
#ifconfig tap1097 create
|
|
||||||
#ifconfig bridge10 addm tap1097 up
|
|
||||||
#ifconfig tap1097 up
|
|
||||||
#ifconfig tap1097 inet6 auto_linklocal
|
|
||||||
|
@ -22,6 +22,7 @@ bhyve -c 4 -m 16G -A -H -P \
|
|||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \
|
||||||
-s 5,virtio-net,tap96,mac=00:0A:0B:0C:0D:96 \
|
-s 5,virtio-net,tap96,mac=00:0A:0B:0C:0D:96 \
|
||||||
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-b_data \
|
-s 6,virtio-blk,/dev/zvol/ship/raw/cvm-b_data \
|
||||||
|
-s 7,virtio-net,tap4896,mac=00:0A:0B:0C:7D:96 \
|
||||||
-s 8,virtio-net,tap1096,mac=00:0A:0B:0C:8D:96 \
|
-s 8,virtio-net,tap1096,mac=00:0A:0B:0C:8D:96 \
|
||||||
-s 9,virtio-net,tap2096,mac=00:0A:0B:0C:9D:96 \
|
-s 9,virtio-net,tap2096,mac=00:0A:0B:0C:9D:96 \
|
||||||
-s 29,fbuf,tcp=0.0.0.0:5996,w=1600,h=900 \
|
-s 29,fbuf,tcp=0.0.0.0:5996,w=1600,h=900 \
|
||||||
@ -59,12 +60,3 @@ exit $?
|
|||||||
#on base system:
|
#on base system:
|
||||||
#zfs create -V 32G -o refreservation=none ship/raw/cvm-b - docker partition
|
#zfs create -V 32G -o refreservation=none ship/raw/cvm-b - docker partition
|
||||||
#zfs create -V 128G -o refreservation=none ship/raw/cvm-b_data - root partition
|
#zfs create -V 128G -o refreservation=none ship/raw/cvm-b_data - root partition
|
||||||
# on boot
|
|
||||||
#ifconfig tap96 create
|
|
||||||
#ifconfig bridge1 addm tap96 up
|
|
||||||
#ifconfig tap96 up
|
|
||||||
#ifconfig tap96 inet6 auto_linklocal
|
|
||||||
#ifconfig tap1096 create
|
|
||||||
#ifconfig bridge10 addm tap1096 up
|
|
||||||
#ifconfig tap1096 up
|
|
||||||
#ifconfig tap1096 inet6 auto_linklocal
|
|
||||||
|
@ -16,7 +16,7 @@ bhyvectl --destroy --vm=freebsd
|
|||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|
||||||
bhyve -c 4 -m 8G -A -H -P \
|
bhyve -c 2 -m 4G -A -H -P \
|
||||||
-s 0,hostbridge \
|
-s 0,hostbridge \
|
||||||
-s 3,ahci-cd \
|
-s 3,ahci-cd \
|
||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/freebsd \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/freebsd \
|
||||||
|
@ -10,6 +10,9 @@
|
|||||||
|
|
||||||
# ./kali.sh under tmux
|
# ./kali.sh under tmux
|
||||||
|
|
||||||
|
# disabled for now
|
||||||
|
exit
|
||||||
|
|
||||||
# clean cached state
|
# clean cached state
|
||||||
bhyvectl --destroy --vm=kali
|
bhyvectl --destroy --vm=kali
|
||||||
|
|
||||||
@ -21,6 +24,7 @@ bhyve -c 2 -m 4G -A -H -P \
|
|||||||
-s 3,ahci-cd \
|
-s 3,ahci-cd \
|
||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/kali \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/kali \
|
||||||
-s 5,virtio-net,tap86,mac=00:0A:0B:0C:0D:86 \
|
-s 5,virtio-net,tap86,mac=00:0A:0B:0C:0D:86 \
|
||||||
|
-s 7,virtio-net,tap4886,mac=00:0A:0B:0C:8D:86 \
|
||||||
-s 8,virtio-net,tap1086,mac=00:0A:0B:0C:8D:86 \
|
-s 8,virtio-net,tap1086,mac=00:0A:0B:0C:8D:86 \
|
||||||
-s 9,virtio-net,tap2086,mac=00:0A:0B:0C:9D:86 \
|
-s 9,virtio-net,tap2086,mac=00:0A:0B:0C:9D:86 \
|
||||||
-s 29,fbuf,tcp=0.0.0.0:5986,w=1280,h=720 \
|
-s 29,fbuf,tcp=0.0.0.0:5986,w=1280,h=720 \
|
||||||
@ -59,15 +63,6 @@ exit $?
|
|||||||
#on base system:
|
#on base system:
|
||||||
#zfs create -V 128G -o refreservation=none ship/raw/kali
|
#zfs create -V 128G -o refreservation=none ship/raw/kali
|
||||||
##zfs create -V 128G -o refreservation=none ship/raw/kali_data
|
##zfs create -V 128G -o refreservation=none ship/raw/kali_data
|
||||||
# on boot
|
|
||||||
#ifconfig tap86 create
|
|
||||||
#ifconfig bridge1 addm tap86 up
|
|
||||||
#ifconfig tap86 up
|
|
||||||
#ifconfig tap86 inet6 auto_linklocal
|
|
||||||
#ifconfig tap1086 create
|
|
||||||
#ifconfig bridge10 addm tap1086 up
|
|
||||||
#ifconfig tap1086 up
|
|
||||||
#ifconfig tap1086 inet6 auto_linklocal
|
|
||||||
|
|
||||||
# Install VNC
|
# Install VNC
|
||||||
# curl -o turbovnc_2.2.5_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.5/turbovnc_2.2.5_amd64.deb/download#
|
# curl -o turbovnc_2.2.5_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.5/turbovnc_2.2.5_amd64.deb/download#
|
||||||
|
@ -16,7 +16,7 @@ bhyvectl --destroy --vm=pbx
|
|||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|
||||||
bhyve -c 2 -m 8G -A -H -P \
|
bhyve -c 2 -m 4G -A -H -P \
|
||||||
-s 0,hostbridge \
|
-s 0,hostbridge \
|
||||||
-s 3,ahci-cd \
|
-s 3,ahci-cd \
|
||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/pbx \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/pbx \
|
||||||
|
@ -10,13 +10,16 @@
|
|||||||
|
|
||||||
# ./r-windows.sh under tmux
|
# ./r-windows.sh under tmux
|
||||||
|
|
||||||
|
# disabled for now
|
||||||
|
exit
|
||||||
|
|
||||||
# clean cached state
|
# clean cached state
|
||||||
bhyvectl --destroy --vm=r-windows
|
bhyvectl --destroy --vm=r-windows
|
||||||
|
|
||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|
||||||
bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \
|
bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \
|
||||||
-s 0,hostbridge \
|
-s 0,hostbridge \
|
||||||
-s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \
|
-s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \
|
||||||
-s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \
|
-s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \
|
||||||
|
@ -22,6 +22,7 @@ bhyve -c 8 -m 16G -A -H -P \
|
|||||||
-s 4,virtio-blk,/dev/zvol/ship/raw/ubuntu \
|
-s 4,virtio-blk,/dev/zvol/ship/raw/ubuntu \
|
||||||
-s 5,virtio-net,tap82,mac=00:0A:0B:0C:0D:82 \
|
-s 5,virtio-net,tap82,mac=00:0A:0B:0C:0D:82 \
|
||||||
-s 6,virtio-blk,/dev/zvol/ship/raw/ubuntu_data \
|
-s 6,virtio-blk,/dev/zvol/ship/raw/ubuntu_data \
|
||||||
|
-s 7,virtio-net,tap4882,mac=00:0A:0B:0C:7D:82 \
|
||||||
-s 8,virtio-net,tap1082,mac=00:0A:0B:0C:8D:82 \
|
-s 8,virtio-net,tap1082,mac=00:0A:0B:0C:8D:82 \
|
||||||
-s 9,virtio-net,tap2082,mac=00:0A:0B:0C:9D:82 \
|
-s 9,virtio-net,tap2082,mac=00:0A:0B:0C:9D:82 \
|
||||||
-s 29,fbuf,tcp=0.0.0.0:5982,w=1600,h=900 \
|
-s 29,fbuf,tcp=0.0.0.0:5982,w=1600,h=900 \
|
||||||
@ -59,12 +60,3 @@ exit $?
|
|||||||
#on base system:
|
#on base system:
|
||||||
#zfs create -V 32G -o refreservation=none ship/raw/ubuntu
|
#zfs create -V 32G -o refreservation=none ship/raw/ubuntu
|
||||||
#zfs create -V 128G -o refreservation=none ship/raw/ubuntu_data
|
#zfs create -V 128G -o refreservation=none ship/raw/ubuntu_data
|
||||||
# on boot
|
|
||||||
#ifconfig tap82 create
|
|
||||||
#ifconfig bridge1 addm tap82 up
|
|
||||||
#ifconfig tap82 up
|
|
||||||
#ifconfig tap82 inet6 auto_linklocal
|
|
||||||
#ifconfig tap1082 create
|
|
||||||
#ifconfig bridge10 addm tap1082 up
|
|
||||||
#ifconfig tap1082 up
|
|
||||||
#ifconfig tap1082 inet6 auto_linklocal
|
|
||||||
|
@ -16,7 +16,7 @@ bhyvectl --destroy --vm=windows
|
|||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|
||||||
bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \
|
bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \
|
||||||
-s 0,hostbridge \
|
-s 0,hostbridge \
|
||||||
-s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \
|
-s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \
|
||||||
-s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \
|
-s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \
|
||||||
|
@ -62,8 +62,8 @@ $cmd 01300 check-state
|
|||||||
# Allow access to DNS
|
# Allow access to DNS
|
||||||
#$cmd 02110 $skip tcp from any to 192.168.0.5 53 out via $rif setup keep-state
|
#$cmd 02110 $skip tcp from any to 192.168.0.5 53 out via $rif setup keep-state
|
||||||
#$cmd 02111 $skip udp from any to 192.168.0.5 53 out via $rif keep-state
|
#$cmd 02111 $skip udp from any to 192.168.0.5 53 out via $rif keep-state
|
||||||
#$cmd 02112 $skip tcp from any to 2603:3024:3f6:e1::5 53 out via $rif setup keep-state
|
#$cmd 02112 $skip tcp from any to fd01::5 53 out via $rif setup keep-state
|
||||||
#$cmd 02113 $skip udp from any to 2603:3024:3f6:e1::5 53 out via $rif keep-state
|
#$cmd 02113 $skip udp from any to fd01::5 53 out via $rif keep-state
|
||||||
|
|
||||||
# Allow access to ISP's DHCP server for cable/DSL configurations.
|
# Allow access to ISP's DHCP server for cable/DSL configurations.
|
||||||
# Use the first rule and check log for IP address.
|
# Use the first rule and check log for IP address.
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
export search_domains="datavpc.com mydatavpc.com ahlawat.com"
|
export search_domains="datavpc.com mydatavpc.com ahlawat.com"
|
||||||
export name_servers="192.168.0.5 2603:3024:3f6:e1::5"
|
export name_servers="192.168.0.5 fd01::5"
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
export search_domains="diyit.org diyit.space ahlawat.com"
|
export search_domains="diyit.org ahlawat.com"
|
||||||
export name_servers="192.168.0.5 2603:3024:3f6:e1::5"
|
export name_servers="192.168.0.5 fd01::5"
|
||||||
|
16
jails/config/web/ahlawat.com.ini
Normal file
16
jails/config/web/ahlawat.com.ini
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
imap_host = "mail.ahlawat.com"
|
||||||
|
imap_port = 993
|
||||||
|
imap_secure = "SSL"
|
||||||
|
imap_short_login = On
|
||||||
|
sieve_use = Off
|
||||||
|
sieve_allow_raw = Off
|
||||||
|
sieve_host = ""
|
||||||
|
sieve_port = 4190
|
||||||
|
sieve_secure = "None"
|
||||||
|
smtp_host = "mail.ahlawat.com"
|
||||||
|
smtp_port = 587
|
||||||
|
smtp_secure = "TLS"
|
||||||
|
smtp_short_login = On
|
||||||
|
smtp_auth = On
|
||||||
|
smtp_php_mail = Off
|
||||||
|
white_list = ""
|
1
jails/config/web/disabled
Normal file
1
jails/config/web/disabled
Normal file
@ -0,0 +1 @@
|
|||||||
|
outlook.com,qq.com,yahoo.com,gmail.com
|
4
jails/config/web/htaccess-rainloop
Normal file
4
jails/config/web/htaccess-rainloop
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Deny from all
|
||||||
|
<IfModule mod_autoindex.c>
|
||||||
|
Options -Indexes
|
||||||
|
</ifModule>
|
9
jails/config/web/plugin-ldap-change-password.ini
Normal file
9
jails/config/web/plugin-ldap-change-password.ini
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
; RainLoop Webmail plugin (ldap-change-password)
|
||||||
|
|
||||||
|
[plugin]
|
||||||
|
hostname = "ldaps://ldap.ahlawat.com"
|
||||||
|
port = 636
|
||||||
|
user_dn_format = "cn={imap:login},ou=people,dc=infra"
|
||||||
|
password_field = "userPassword"
|
||||||
|
password_enc_type = "SSHA"
|
||||||
|
allowed_emails = "*"
|
@ -29,11 +29,11 @@ JAILUSERVNC=$7
|
|||||||
I6CONFIG=true
|
I6CONFIG=true
|
||||||
|
|
||||||
I4NW="192.168.0"
|
I4NW="192.168.0"
|
||||||
I6NW="2603:3024:3f6:e1"
|
I6NW="fd01"
|
||||||
I4GW="192.168.0.5"
|
I4GW="192.168.0.5"
|
||||||
I6GW="2603:3024:3f6:e1::5"
|
I6GW="fd01::5"
|
||||||
I4NS="192.168.0.5"
|
I4NS="192.168.0.5"
|
||||||
I6NS="2603:3024:3f6:e1::5"
|
I6NS="fd01::5"
|
||||||
# these IP spaces are diyit deployment specific
|
# these IP spaces are diyit deployment specific
|
||||||
|
|
||||||
echo "$JAIL / $JAILIP / $JAILHOSTNAME / $JAILDOMAIN / $JAILUSER / $JAILUSERID / $JAILUSERVNC"
|
echo "$JAIL / $JAILIP / $JAILHOSTNAME / $JAILDOMAIN / $JAILUSER / $JAILUSERID / $JAILUSERVNC"
|
||||||
@ -69,15 +69,6 @@ if $I6CONFIG; then
|
|||||||
iocage exec $JAIL "echo '$I6NW::$JAILIP $JAILHOSTNAME $JAILHOSTNAME.$JAILDOMAIN' >> /etc/hosts"
|
iocage exec $JAIL "echo '$I6NW::$JAILIP $JAILHOSTNAME $JAILHOSTNAME.$JAILDOMAIN' >> /etc/hosts"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create resolvconf.conf - IPv6 SLAAC on freebsd removes all ipv4 configuraton from resolv.conf
|
|
||||||
iocage exec $JAIL "echo 'export search_domains=$JAILDOMAIN' > /etc/resolvconf.conf"
|
|
||||||
if $I6CONFIG; then
|
|
||||||
iocage exec $JAIL "echo 'export name_servers=\"$I4NS $I6NS\"' >> /etc/resolvconf.conf"
|
|
||||||
else
|
|
||||||
iocage exec $JAIL "echo 'export name_servers=\"$I4NS\"' >> /etc/resolvconf.conf"
|
|
||||||
fi
|
|
||||||
iocage exec $JAIL "resolvconf -u"
|
|
||||||
|
|
||||||
iocage exec $JAIL "mkdir -p /mnt/certs"
|
iocage exec $JAIL "mkdir -p /mnt/certs"
|
||||||
iocage fstab -a $JAIL /mnt/ship/certs /mnt/certs nullfs ro 0 0
|
iocage fstab -a $JAIL /mnt/ship/certs /mnt/certs nullfs ro 0 0
|
||||||
iocage exec $JAIL "mkdir -p /mnt/config"
|
iocage exec $JAIL "mkdir -p /mnt/config"
|
||||||
@ -87,6 +78,10 @@ iocage fstab -a $JAIL /var/db/freebsd-update/files /var/db/freebsd-update/files
|
|||||||
iocage exec $JAIL "mkdir -p /mnt/common"
|
iocage exec $JAIL "mkdir -p /mnt/common"
|
||||||
iocage fstab -a $JAIL /root/FreeBSD/jails/config/common /mnt/common nullfs ro 0 0
|
iocage fstab -a $JAIL /root/FreeBSD/jails/config/common /mnt/common nullfs ro 0 0
|
||||||
|
|
||||||
|
# create resolvconf.conf - IPv6 SLAAC/DHCP on freebsd removes all ipv4 configuraton from resolv.conf
|
||||||
|
iocage exec $JAIL "[ -f /mnt/config/resolv.conf ] && cp /mnt/config/resolvconf.conf /etc/ || cp /mnt/common/resolvconf.conf /etc/"
|
||||||
|
iocage exec $JAIL "resolvconf -u"
|
||||||
|
|
||||||
iocage exec $JAIL "mkdir -p /usr/local/etc/pkg/repos"
|
iocage exec $JAIL "mkdir -p /usr/local/etc/pkg/repos"
|
||||||
iocage exec $JAIL "[ -f /mnt/config/pkgp.conf ] && cp /mnt/config/pkgp.conf /usr/local/etc/pkg/repos/ || cp /mnt/common/pkgp.conf /usr/local/etc/pkg/repos/"
|
iocage exec $JAIL "[ -f /mnt/config/pkgp.conf ] && cp /mnt/config/pkgp.conf /usr/local/etc/pkg/repos/ || cp /mnt/common/pkgp.conf /usr/local/etc/pkg/repos/"
|
||||||
|
|
||||||
|
@ -8,6 +8,9 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
|
echo "checking pkgp jail nginx instance is running"
|
||||||
|
iocage exec pkgp "service nginx status"
|
||||||
|
|
||||||
web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc ldap-mgr r-ldap-mgr monitor)
|
web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc ldap-mgr r-ldap-mgr monitor)
|
||||||
|
|
||||||
for i in ${web_jails[@]};
|
for i in ${web_jails[@]};
|
||||||
@ -35,7 +38,3 @@ do
|
|||||||
iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf"
|
iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf"
|
||||||
iocage exec $i "service apache24 restart"
|
iocage exec $i "service apache24 restart"
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ""
|
|
||||||
echo "checking pkgp jail nginx instance is running"
|
|
||||||
iocage exec pkgp "service nginx status"
|
|
||||||
|
@ -37,6 +37,9 @@ iocage exec mail "service dovecot restart"
|
|||||||
echo "restarting ELK in jail elk after SSL update"
|
echo "restarting ELK in jail elk after SSL update"
|
||||||
iocage exec elk "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs"
|
iocage exec elk "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs"
|
||||||
iocage exec elk "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs"
|
iocage exec elk "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs"
|
||||||
|
|
||||||
|
exit
|
||||||
|
|
||||||
iocage exec elk "service elasticsearch restart"
|
iocage exec elk "service elasticsearch restart"
|
||||||
iocage exec elk "service kibana restart"
|
iocage exec elk "service kibana restart"
|
||||||
|
|
||||||
|
@ -99,3 +99,5 @@ echo "check hub for index.html and adminer version"
|
|||||||
echo ""
|
echo ""
|
||||||
echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\""
|
echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\""
|
||||||
echo "iocage exec cert \"/mnt/config/backup.sh\""
|
echo "iocage exec cert \"/mnt/config/backup.sh\""
|
||||||
|
echo ""
|
||||||
|
echo "iocage exec hass \"/mnt/config/hass-upgrade.sh\""
|
||||||
|
@ -13,7 +13,7 @@ these certifcates need to be updated with /mnt/certs
|
|||||||
|
|
||||||
vpngw:
|
vpngw:
|
||||||
service openvpn onestart
|
service openvpn onestart
|
||||||
service ipfw restart
|
service natd restart
|
||||||
|
|
||||||
|
|
||||||
ibm:
|
ibm:
|
||||||
|
@ -52,7 +52,7 @@ read -p "update pkgp jail (y/N)? " RESP
|
|||||||
if [ ! -z $RESP ] && [ $RESP == "y" ]; then
|
if [ ! -z $RESP ] && [ $RESP == "y" ]; then
|
||||||
JAIL="pkgp"
|
JAIL="pkgp"
|
||||||
update_jail
|
update_jail
|
||||||
/root/FreeBSD/jail/jails-update-pkgs.sh pkgp-only
|
/root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only
|
||||||
fi
|
fi
|
||||||
|
|
||||||
read -p "update all jails (y/N)? " RESP
|
read -p "update all jails (y/N)? " RESP
|
||||||
|
16
scripts/find-sonewconn.sh
Executable file
16
scripts/find-sonewconn.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/usr/local/bin/bash
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
for jail in $(jls -h name | tail +2); do
|
||||||
|
sudo jexec $jail netstat -LAan 2>/dev/null | grep -q $1;
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
echo "found in jail $jail";
|
||||||
|
fi;
|
||||||
|
done
|
74
scripts/mbuf.sh
Executable file
74
scripts/mbuf.sh
Executable file
@ -0,0 +1,74 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Copyright (c) 2018-2021, diyIT.org
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License")
|
||||||
|
# https://diyit.org/license/
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
MCLBYTES=2048
|
||||||
|
MSIZE=256
|
||||||
|
PHYSMEM=`sysctl -n hw.physmem`
|
||||||
|
PAGE_SIZE=`sysctl -n hw.pagesize`
|
||||||
|
VM_KMEM_SIZE=`sysctl -n vm.kmem_size`
|
||||||
|
REALMEM=${VM_KMEM_SIZE}
|
||||||
|
MAXMBUFMEM=`expr $REALMEM / 4 \* 3`
|
||||||
|
MJUMPAGESIZE=$PAGE_SIZE
|
||||||
|
MJUM9BYTES=`expr 9 \* 1024`
|
||||||
|
MJUM16BYTES=`expr 16 \* 1024`
|
||||||
|
|
||||||
|
#NMBCLUSTERS=`expr $MAXMBUFMEM / $MCLBYTES / 4` # higher # of jails
|
||||||
|
NMBCLUSTERS=`expr $MAXMBUFMEM / $MCLBYTES / 3`
|
||||||
|
NMBJUMBOP=`expr $MAXMBUFMEM / $MJUMPAGESIZE / 4`
|
||||||
|
NMBJUMBO9=`expr $MAXMBUFMEM / $MJUM9BYTES / 6`
|
||||||
|
NMBJUMBO16=`expr $MAXMBUFMEM / $MJUM16BYTES / 6`
|
||||||
|
|
||||||
|
NMBUFS=`sysctl -n kern.ipc.nmbufs`
|
||||||
|
NMMAX1=`expr $NMBCLUSTERS + $NMBJUMBOP + $NMBJUMBO9 + $NMBJUMBO16`
|
||||||
|
NMMAX2=`expr $MAXMBUFMEM / $MSIZE / 5`
|
||||||
|
if [ $NMMAX1 -gt $NMMAX2 ]; then
|
||||||
|
NMBUFS=$NMMAX1
|
||||||
|
else
|
||||||
|
NMBUFS=$NMMAX2
|
||||||
|
fi
|
||||||
|
|
||||||
|
show()
|
||||||
|
{
|
||||||
|
echo "# `basename $0 ` suggested settings:"
|
||||||
|
echo "kern.ipc.maxmbufmem=$MAXMBUFMEM"
|
||||||
|
echo "kern.ipc.nmbclusters=$NMBCLUSTERS"
|
||||||
|
echo "kern.ipc.nmbjumbop=$NMBJUMBOP"
|
||||||
|
echo "kern.ipc.nmbjumbo9=$NMBJUMBO9"
|
||||||
|
echo "kern.ipc.nmbjumbo16=$NMBJUMBO16"
|
||||||
|
echo "kern.ipc.nmbufs=$NMBUFS"
|
||||||
|
}
|
||||||
|
|
||||||
|
compare()
|
||||||
|
{
|
||||||
|
echo "kern.ipc.maxmbufmem: `sysctl -n kern.ipc.maxmbufmem` (current)"
|
||||||
|
echo " --> $MAXMBUFMEM (suggested)"
|
||||||
|
echo "kern.ipc.nmbclusters: `sysctl -n kern.ipc.nmbclusters`"
|
||||||
|
echo " --> $NMBCLUSTERS"
|
||||||
|
echo "kern.ipc.nmbjumbop: `sysctl -n kern.ipc.nmbjumbop`"
|
||||||
|
echo " --> $NMBJUMBOP"
|
||||||
|
echo "kern.ipc.nmbjumbo9: `sysctl -n kern.ipc.nmbjumbo9`"
|
||||||
|
echo " --> $NMBJUMBO9"
|
||||||
|
echo "kern.ipc.nmbjumbo16: `sysctl -n kern.ipc.nmbjumbo16`"
|
||||||
|
echo " --> $NMBJUMBO16"
|
||||||
|
echo "kern.ipc.nmbufs: `sysctl -n kern.ipc.nmbufs`"
|
||||||
|
echo " --> $NMBUFS"
|
||||||
|
vmstat -z|grep -E '^ITEM|mbuf'
|
||||||
|
netstat -m
|
||||||
|
# vmstat -m
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ $# -gt 0 ]; then
|
||||||
|
if [ $1 == '-c' ]; then
|
||||||
|
compare
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
show
|
Loading…
Reference in New Issue
Block a user