diyIT/FreeBSD
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Feb 25, 2020

Browse Source
This commit is contained in:
Charlie Root
2020-02-25 11:28:31 -08:00
commit f26cf87f5a
436 changed files with 67904 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
jails/config/pkgp/freebsd-update.conf Normal file
View File

@ -0,0 +1,76 @@
# $FreeBSD: releng/12.1/usr.sbin/freebsd-update/freebsd-update.conf 337338 2018-08-04 22:25:41Z brd $
# Trusted keyprint. Changing this is a Bad Idea unless you've received
# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
# change it and explaining why.
KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
# Server or server pool from which to fetch updates. You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName update.FreeBSD.org
# Components of the base system which should be kept updated.
Components src world
# Example for updating the userland and the kernel source code only:
# Components src/base src/sys world
# Paths which start with anything matching an entry in an IgnorePaths
# statement will be ignored.
IgnorePaths
# Paths which start with anything matching an entry in an IDSIgnorePaths
# statement will be ignored by "freebsd-update IDS".
IDSIgnorePaths /usr/share/man/cat
IDSIgnorePaths /usr/share/man/whatis
IDSIgnorePaths /var/db/locate.database
IDSIgnorePaths /var/log
# Paths which start with anything matching an entry in an UpdateIfUnmodified
# statement will only be updated if the contents of the file have not been
# modified by the user (unless changes are merged; see below).
UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
# When upgrading to a new FreeBSD release, files which match MergeChanges
# will have any local changes merged into the version from the new release.
MergeChanges /etc/ /boot/device.hints
### Default configuration options:
# Directory in which to store downloaded updates and temporary
# files used by FreeBSD Update.
# WorkDir /var/db/freebsd-update
# Destination to send output of "freebsd-update cron" if an error
# occurs or updates have been downloaded.
# MailTo root
# Is FreeBSD Update allowed to create new files?
# AllowAdd yes
# Is FreeBSD Update allowed to delete files?
# AllowDelete yes
# If the user has modified file ownership, permissions, or flags, should
# FreeBSD Update retain this modified metadata when installing a new version
# of that file?
# KeepModifiedMetadata yes
# When upgrading between releases, should the list of Components be
# read strictly (StrictComponents yes) or merely as a list of components
# which *might* be installed of which FreeBSD Update should figure out
# which actually are installed and upgrade those (StrictComponents no)?
# StrictComponents no
# When installing a new kernel perform a backup of the old one first
# so it is possible to boot the old kernel in case of problems.
# BackupKernel yes
# If BackupKernel is enabled, the backup kernel is saved to this
# directory.
# BackupKernelDir /boot/kernel.old
# When backing up a kernel also back up debug symbol files?
# BackupKernelSymbolFiles no

2
jails/config/pkgp/make.conf Normal file
View File

@ -0,0 +1,2 @@
WANT_OPENLDAP_SASL=yes
LICENSES_ACCEPTED+=DCC

95
jails/config/pkgp/mime.types Normal file
View File

@ -0,0 +1,95 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt log;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/svg+xml svg svgz;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/webp webp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
application/font-woff woff;
application/java-archive jar war ear;
application/json json;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.apple.mpegurl m3u8;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/vnd.ms-excel xls;
application/vnd.ms-fontobject eot;
application/vnd.ms-powerpoint ppt;
application/vnd.oasis.opendocument.graphics odg;
application/vnd.oasis.opendocument.presentation odp;
application/vnd.oasis.opendocument.spreadsheet ods;
application/vnd.oasis.opendocument.text odt;
application/vnd.openxmlformats-officedocument.presentationml.presentation
pptx;
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
xlsx;
application/vnd.openxmlformats-officedocument.wordprocessingml.document
docx;
application/vnd.wap.wmlc wmlc;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/xspf+xml xspf;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp2t ts;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}

15
jails/config/pkgp/mypkgs Normal file
View File

@ -0,0 +1,15 @@
net/haproxy
net/openldap24-server
net/openldap24-client
net/openldap24-sasl-client
security/cyrus-sasl2
www/apache24
devel/apr1
net/php73-ldap
mail/postfix
mail/dovecot
mail/dovecot-pigeonhole
mail/rspamd
mail/dcc-dccd
net/netatalk3
net/samba410

194
jails/config/pkgp/nginx.conf Normal file
View File

@ -0,0 +1,194 @@
user www wheel;
worker_processes 8;
error_log /var/log/nginx/error.log;
events {
}
http {
include mime.types;
default_type application/octet-stream;
# access_log /var/log/nginx/access.log;
access_log off;
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
aio on;
resolver 192.168.0.5 [2603:3024:3f6:e1::5];
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $proxy_host;
server {
listen *:80;
listen [::]:80;
server_name pkgp.ahlawat.com;
root /usr/local/share/poudriere/html;
location /data {
alias /mnt/poudriere/data/logs/bulk;
autoindex on;
}
location /packages {
root /mnt/poudriere/data;
autoindex on;
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
server {
listen *:443 ssl;
listen [::]:443 ssl;
server_name pkgp.ahlawat.com;
root /usr/local/share/poudriere/html;
ssl_certificate /mnt/certs/fullchain.pem;
ssl_certificate_key /mnt/certs/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /data {
alias /mnt/poudriere/data/logs/bulk;
autoindex on;
}
location /packages {
root /mnt/poudriere/data;
autoindex on;
}
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
proxy_cache_path /mnt/cache/pkg/ levels=1:2 keys_zone=pkg_cache:10m max_size=10g inactive=10d use_temp_path=off;
server {
listen *:80;
listen [::]:80;
server_name pkgp-freebsd-pkg.ahlawat.com;
root /mnt/cache/pkg/;
autoindex on;
if_modified_since before;
location / {
proxy_cache pkg_cache;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_next_upstream error timeout invalid_header http_404;
proxy_pass http://pkg-mirrors;
# add_header X-Proxy-Cache $upstream_cache_status;
}
}
upstream pkg-mirrors {
server localhost:8001;
server localhost:8002 backup;
server localhost:8003 backup;
}
server {
listen *:8001;
listen [::]:8001;
server_name localhost;
location / {
proxy_pass http://pkg0.isc.FreeBSD.org;
}
}
server {
listen *:8002;
listen [::]:8002;
server_name localhost;
location / {
proxy_pass http://pkg0.cyb.FreeBSD.org;
}
}
server {
listen *:8003;
listen [::]:8003;
server_name localhost;
location / {
proxy_pass http://pkg0.nyi.FreeBSD.org;
}
}
proxy_cache_path /mnt/cache/update/ levels=1:2 keys_zone=update_cache:10m max_size=10g inactive=10d use_temp_path=off;
server {
listen *:80;
listen [::]:80;
server_name pkgp-freebsd-update.ahlawat.com;
root /mnt/cache/update/;
if_modified_since before;
location / {
proxy_cache update_cache;
proxy_cache_revalidate on;
proxy_cache_lock on;
proxy_next_upstream error timeout invalid_header http_404;
proxy_pass http://update-mirrors;
# add_header X-Proxy-Cache $upstream_cache_status;
}
}
upstream update-mirrors {
keepalive 4;
server localhost:8011;
server localhost:8012;
server localhost:8013;
server localhost:8014;
}
server {
listen *:8011;
listen [::]:8011;
server_name localhost;
location / {
proxy_pass http://update1.FreeBSD.org;
}
}
server {
listen *:8012;
listen [::]:8012;
server_name localhost;
location / {
proxy_pass http://update2.FreeBSD.org;
}
}
server {
listen *:8013;
listen [::]:8013;
server_name localhost;
location / {
proxy_pass http://update3.FreeBSD.org;
}
}
server {
listen *:8014;
listen [::]:8014;
server_name localhost;
location / {
proxy_pass http://update4.FreeBSD.org;
}
}
}

320
jails/config/pkgp/poudriere.conf Normal file
View File

@ -0,0 +1,320 @@
# Poudriere can optionally use ZFS for its ports/jail storage. For
# ZFS define ZPOOL, otherwise set NO_ZFS=yes
#
#### ZFS
# The pool where poudriere will create all the filesystems it needs
# poudriere will use ${ZPOOL}/${ZROOTFS} as its root
#
# You need at least 7GB of free space in this pool to have a working
# poudriere.
#
#ZPOOL=zroot
ZPOOL=ship
### NO ZFS
# To not use ZFS, define NO_ZFS=yes
#NO_ZFS=yes
# root of the poudriere zfs filesystem, by default /poudriere
# ZROOTFS=/poudriere
ZROOTFS=/iocage/jails/pkgp/data
# the host where to download sets for the jails setup
# You can specify here a host or an IP
# replace _PROTO_ by http or ftp
# replace _CHANGE_THIS_ by the hostname of the mirrors where you want to fetch
# by default: ftp://ftp.freebsd.org
#
# Also note that every protocols supported by fetch(1) are supported here, even
# file:///
# Suggested: https://download.FreeBSD.org
FREEBSD_HOST=https://download.FreeBSD.org
# By default the jails have no /etc/resolv.conf, you will need to set
# RESOLV_CONF to a file on your hosts system that will be copied has
# /etc/resolv.conf for the jail, except if you don't need it (using an http
# proxy for example)
RESOLV_CONF=/etc/resolv.conf
# The directory where poudriere will store jails and ports
BASEFS=/poudriere
# The directory where the jail will store the packages and logs
# by default a zfs filesystem will be created and set to
# ${BASEFS}/data
#
#POUDRIERE_DATA=${BASEFS}/data
# Use portlint to check ports sanity
USE_PORTLINT=no
# When building packages, a memory device can be used to speedup the build.
# Only one of MFSSIZE or USE_TMPFS is supported. TMPFS is generally faster
# and will expand to the needed amount of RAM. MFS is a slower since it
# uses UFS and several abstraction layers.
# If set WRKDIRPREFIX will be mdmfs of the given size (mM or gG)
#MFSSIZE=4G
# Use tmpfs(5)
# This can be a space-separated list of options:
# wrkdir - Use tmpfs(5) for port building WRKDIRPREFIX
# data - Use tmpfs(5) for poudriere cache/temp build data
# localbase - Use tmpfs(5) for LOCALBASE (installing ports for packaging/testing)
# all - Run the entire build in memory, including builder jails.
# yes - Enables tmpfs(5) for wrkdir and data
# no - Disable use of tmpfs(5)
# EXAMPLE: USE_TMPFS="wrkdir data"
USE_TMPFS="wrkdir localbase"
# let ZFS do its caching magic
# How much memory to limit tmpfs size to for *each builder* in GiB
# (default: none)
#TMPFS_LIMIT=8
# How much memory to limit jail processes to for *each builder*
# in GiB (default: none)
MAX_MEMORY=8
# How many file descriptors to limit each jail process to (default: 1024)
# This can also be set per PKGBASE, such as MAX_FILES_RStudio=2048.
# Package names with hyphens (-) should be replaced with underscores (_).
#MAX_FILES=1024
# If set the given directory will be used for the distfiles
# This allows to share the distfiles between jails and ports tree
# If this is "no", poudriere must be supplied a ports tree that already has
# the required distfiles.
DISTFILES_CACHE=/usr/ports/distfiles
# If set the ports tree or source tree marked to use svn will use the defined
# mirror (default: svn.FreeBSD.org)
# The SSL fingerprints are published here:
# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html#svn-mirrors
#SVN_HOST=svn.FreeBSD.org
# Automatic OPTION change detection
# When bulk building packages, compare the options from kept packages to
# the current options to be built. If they differ, the existing package
# will be deleted and the port will be rebuilt.
# Valid options: yes, no, verbose
# verbose will display the old and new options
CHECK_CHANGED_OPTIONS=verbose
# Automatic Dependency change detection
# When bulk building packages, compare the dependencies from kept packages to
# the current dependencies for every port. If they differ, the existing package
# will be deleted and the port will be rebuilt. This helps catch changes such
# as DEFAULT_RUBY_VERSION, PERL_VERSION, WITHOUT_X11 that change dependencies
# for many ports.
# Valid options: yes, no
# Default: yes
CHECK_CHANGED_DEPS=yes
# Consider bad dependency lines on the wrong PKGNAME as fatal.
# For example:
# BUILD_DEPENDS= p5-List-MoreUtils>=0:lang/p5-List-MoreUtils
# If this port's PKGNAME were really "List-MoreUtils" then it would
# not be recorded into the resulting package. The next build with
# CHECK_CHANGED_DEPS enabled would consider it a "new dependency"
# since it is in the port but not in the package. This is usually
# a warning but can be made fatal instead by enabling this option.
# Default: no
#BAD_PKGNAME_DEPS_ARE_FATAL=yes
# Path to the RSA key to sign the PKG repo with. See pkg-repo(8)
#PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key
PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/keys/poudriere.key
# ccache support. Supply the path to your ccache cache directory.
# It will be mounted into the jail and be shared among all jails.
# It is recommended that extra ccache configuration be done with
# ccache -o rather than from the environment.
#CCACHE_DIR=/var/cache/ccache
# Static ccache support from host. This uses the existing
# ccache from the host in the build jail. This is useful for
# using ccache+memcached which cannot easily be bootstrapped
# otherwise. The path to the PREFIX where ccache was installed
# must be used here, and ccache must have been built statically.
# Note also that ccache+memcached will require network access
# which is normally disabled. Separately setting RESTRICT_NETWORKING=no
# may be required for non-localhost memcached servers.
#CCACHE_STATIC_PREFIX=/usr/local
# The jails normally only allow network access during the 'make fetch'
# phase. This is a security restriction to prevent random things
# ran during a build from accessing the network. Disabling this
# is not advised. ALLOW_NETWORKING_PACKAGES may be used to allow networking
# for a subset of packages only.
#RESTRICT_NETWORKING=yes
#ALLOW_NETWORKING_PACKAGES="npm-foo"
# parallel build support.
#
# By default poudriere uses hw.ncpu to determine the number of builders.
# You can override this default by changing PARALLEL_JOBS here, or
# by specifying the -J flag to bulk/testport.
#
# Example to define PARALLEL_JOBS to one single job
PARALLEL_JOBS=8
# How many jobs should be used for preparing the build? These tend to
# be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25
# PREPARE_PARALLEL_JOBS=1
# If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs
# SAVE_WRKDIR=yes
# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz
# default is tbz
# WRKDIR_ARCHIVE_FORMAT=tbz
# Disable linux support
# NOLINUX=yes
NOLINUX=yes
# By default poudriere sets FORCE_PACKAGE
# To disable it (useful when building public packages):
# NO_FORCE_PACKAGE=yes
# By default poudriere sets PACKAGE_BUILDING
# To disable it:
# NO_PACKAGE_BUILDING=yes
# If you are using a proxy define it here:
# export HTTP_PROXY=bla
# export FTP_PROXY=bla
#
# Cleanout the restricted packages
# NO_RESTRICTED=yes
# By default MAKE_JOBS is disabled to allow only one process per cpu
# Use the following to allow it anyway
# ALLOW_MAKE_JOBS=yes
# List of packages that will always be allowed to use MAKE_JOBS
# regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports
# which holdup the rest of the queue to build more quickly.
#ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py*"
# Timestamp every line of build logs
# Default: no
#TIMESTAMP_LOGS=no
# URL where your POUDRIERE_DATA/logs are hosted
# This will be used for giving URL hints to the HTML output when
# scheduling and starting builds
#URL_BASE=http://yourdomain.com/poudriere/
URL_BASE=https://pkgp.ahlawat.com/
# This defines the max time (in seconds) that a command may run for a build
# before it is killed for taking too long. Default: 86400
#MAX_EXECUTION_TIME=86400
# This defines the time (in seconds) before a command is considered to
# be in a runaway state for having no output on stdout. Default: 7200
#NOHANG_TIME=7200
# The repository is updated atomically if set yes. This leaves the
# repository untouched until the build completes. This involves using
# hardlinks and symlinks. The operations are fast, but can be intrusive
# for remote syncing or backups.
# Recommended to always keep on.
# Default: yes
#ATOMIC_PACKAGE_REPOSITORY=yes
# When using ATOMIC_PACKAGE_REPOSITORY, commit the packages if some
# packages fail to build. Ignored ports are considered successful.
# This can be set to 'no' to only commit the packages once no failures
# are encountered.
# Default: yes
#COMMIT_PACKAGES_ON_FAILURE=yes
# Keep older package repositories. This can be used to rollback a system
# or to bisect issues by changing the repository to one of the older
# versions and reinstalling everything with `pkg upgrade -f`
# ATOMIC_PACKAGE_REPOSITORY is required for this.
# Default: no
#KEEP_OLD_PACKAGES=no
# How many old package repositories to keep with KEEP_OLD_PACKAGES
# Default: 5
#KEEP_OLD_PACKAGES_COUNT=5
# Make testing errors fatal.
# If set to 'no', ports with test failure will be marked as failed but still
# packaged to permit testing dependent ports (useful for bulk -t -a)
# Default: yes
#PORTTESTING_FATAL=yes
# Define the building jail hostname to be used when building the packages
# Some port/packages hardcode the hostname of the host during build time
# This is a necessary setup for reproducible builds.
#BUILDER_HOSTNAME=pkg.FreeBSD.org
BUILDER_HOSTNAME=pkgp.ahlawat.com
# Define to get a predictable timestamp on the ports tree
# This is a necessary setup for reproducible builds.
#PRESERVE_TIMESTAMP=yes
PRESERVE_TIMESTAMP=yes
# Define to yes to build and stage as a regular user
# Default: yes, unless CCACHE_DIR is set and CCACHE_DIR_NON_ROOT_SAFE is not
# set. Note that to use ccache with BUILD_AS_NON_ROOT you will need to
# use a non-shared CCACHE_DIR that is only built by PORTBUILD_USER and chowned
# to that user. Then set CCACHE_DIR_NON_ROOT_SAFE to yes.
#BUILD_AS_NON_ROOT=no
# Define to the username to build as when BUILD_AS_NON_ROOT is yes.
# Default: nobody (uid PORTBUILD_UID)
#PORTBUILD_USER=nobody
# Define to the uid to use for PORTBUILD_USER if the user does not
# already exist in the jail.
# Default: 65532
#PORTBUILD_UID=65534
# Define pkgname globs to boost priority for
# Default: none
#PRIORITY_BOOST="pypy openoffice*"
# Define format for buildnames
# Default: %Y-%m-%d_%Hh%Mm%Ss
# ISO8601:
#BUILDNAME_FORMAT="%FT%TZ"
# Define format for build duration times
# Default: %H:%M:%S
#DURATION_FORMAT="%H:%M:%S"
# Use colors when in a TTY
# Default: yes
#USE_COLORS=yes
# Only build what is requested. Do not rebuild build deps if nothing requested
# depends on them. This can create an inconsistent repository if you often
# build one-off packages but expect the repository to stay consistent.
# Defaut: yes
#TRIM_ORPHANED_BUILD_DEPS=yes
# A list of directories to exclude from leftover and filesystem violation
# mtree checks. Ccache is used here as an example but is already
# excluded by default. There is no need to add it here unless a
# special configuration is used where it is a problem.
# Default: none
#LOCAL_MTREE_EXCLUDES="/usr/obj /var/tmp/ccache"
# Set to hosted to use the /data directory instead of inline style HTML
# Default: inline
#HTML_TYPE="hosted"
# Set to track remaining ports in the HTML interface. This can slow down
# processing of the queue slightly, especially for bulk -a builds.
# Default: no
#HTML_TRACK_REMAINING=yes