diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/hostclass/asterisk_server | 4 | ||||
| -rw-r--r-- | scripts/hostclass/cups_server | 1 | ||||
| -rw-r--r-- | scripts/hostclass/desktop | 6 | ||||
| -rw-r--r-- | scripts/hostclass/idm_server/10-slapd | 5 | ||||
| -rw-r--r-- | scripts/hostclass/imap_server/10-solr | 4 | ||||
| -rw-r--r-- | scripts/hostclass/imap_server/30-dovecot | 5 | ||||
| -rw-r--r-- | scripts/hostclass/nfs_server/10-nfs (renamed from scripts/hostclass/nfs_server) | 0 | ||||
| -rw-r--r-- | scripts/hostclass/nfs_server/20-syncthing | 61 | ||||
| -rw-r--r-- | scripts/hostclass/pkg_repository | 3 | ||||
| -rw-r--r-- | scripts/hostclass/postgresql_server | 5 | ||||
| -rw-r--r-- | scripts/hostclass/public_webserver | 4 | ||||
| -rw-r--r-- | scripts/hostclass/smtp_server/10-rspamd | 4 | ||||
| -rw-r--r-- | scripts/hostclass/unifi_controller | 4 | ||||
| -rw-r--r-- | scripts/hostclass/znc_server | 4 | ||||
| -rw-r--r-- | scripts/hostname/nfs1/10-homedirs | 6 | ||||
| -rw-r--r-- | scripts/hostname/nfs1/20-shares | 5 | ||||
| -rw-r--r-- | scripts/os/80-zfs | 1 | ||||
| -rw-r--r-- | scripts/os/freebsd/20-zfs | 2 | ||||
| -rw-r--r-- | scripts/os/freebsd/50-idm | 17 | ||||
| -rw-r--r-- | scripts/os/freebsd/90-snapshots | 10 |
20 files changed, 147 insertions, 4 deletions
diff --git a/scripts/hostclass/asterisk_server b/scripts/hostclass/asterisk_server index d519730..fe10f51 100644 --- a/scripts/hostclass/asterisk_server +++ b/scripts/hostclass/asterisk_server @@ -44,6 +44,10 @@ pkg install -y \ # Create ZFS dataset for Asterisk DB. create_dataset -o "mountpoint=${asterisk_db_dir}" "${state_dataset}/asterisk" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/asterisk" install_directory -o "$asterisk_user" -g "$asterisk_user" -m 0755 "$asterisk_db_dir" # Generate asterisk configuration. diff --git a/scripts/hostclass/cups_server b/scripts/hostclass/cups_server index d9b6e66..0fd624c 100644 --- a/scripts/hostclass/cups_server +++ b/scripts/hostclass/cups_server @@ -11,6 +11,7 @@ cups_tls_key="${cups_tls_dir}/${fqdn}.key" # Create dataset for persistent CUPS configuration. create_dataset -o "mountpoint=${cups_conf_dir}" "${state_dataset}/cups" +zfs set com.sun:auto-snapshot:daily=true "${state_dataset}/cups" # Install required packages. pkg install -y cups cups-filters diff --git a/scripts/hostclass/desktop b/scripts/hostclass/desktop index ed71393..ac8bdda 100644 --- a/scripts/hostclass/desktop +++ b/scripts/hostclass/desktop @@ -1,6 +1,5 @@ #!/bin/sh -: ${desktop_access_role:='desktop-access'} : ${desktop_access_gid:='40000'} : ${sddm_min_uid:='10000'} : ${sddm_max_uid:='19999'} @@ -38,6 +37,11 @@ install_file -m 0555 \ # Create ZFS dataset for local homedirs. create_dataset -o mountpoint=/usr/local/home "${state_dataset}/home" +zfs set \ + com.sun:auto-snapshot:hourly=true \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/home" # Enable sndio. sysrc -v sndiod_enable=YES diff --git a/scripts/hostclass/idm_server/10-slapd b/scripts/hostclass/idm_server/10-slapd index d01db70..12640a4 100644 --- a/scripts/hostclass/idm_server/10-slapd +++ b/scripts/hostclass/idm_server/10-slapd @@ -36,6 +36,11 @@ pkg install -y \ # Create ZFS dataset for OpenLDAP DB. create_dataset -o "mountpoint=${slapd_data_dir}" "${state_dataset}/openldap-data" +zfs set \ + com.sun:auto-snapshot:hourly=true \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/openldap-data" # To prevent a circular dependency in poudriere, we have to make a special "set" # of packages for the IDM hosts in which cyrus-sasl-gssapi is built with the diff --git a/scripts/hostclass/imap_server/10-solr b/scripts/hostclass/imap_server/10-solr index 252a8c3..a30d6fd 100644 --- a/scripts/hostclass/imap_server/10-solr +++ b/scripts/hostclass/imap_server/10-solr @@ -28,6 +28,10 @@ add_user \ # Create ZFS dataset for solr DB. create_dataset -o "mountpoint=${solr_data_dir}" "${state_dataset}/solr" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/solr" # Set ownership on solr DB dir. install_directory -m 0770 -o "$solr_user" -g "$solr_user" "$solr_data_dir" diff --git a/scripts/hostclass/imap_server/30-dovecot b/scripts/hostclass/imap_server/30-dovecot index ff41da5..66edd1d 100644 --- a/scripts/hostclass/imap_server/30-dovecot +++ b/scripts/hostclass/imap_server/30-dovecot @@ -35,6 +35,11 @@ add_user \ # Create ZFS dataset for virtual maildirs. create_dataset -o "mountpoint=${dovecot_vmail_dir}" "${state_dataset}/mailboxes" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + com.sun:auto-snapshot:monthly=true \ + "${state_dataset}/mailboxes" # Set ownership on vmail dir. install_directory -m 0770 -o "$dovecot_vmail_user" -g "$dovecot_vmail_user" "$dovecot_vmail_dir" diff --git a/scripts/hostclass/nfs_server b/scripts/hostclass/nfs_server/10-nfs index a775859..a775859 100644 --- a/scripts/hostclass/nfs_server +++ b/scripts/hostclass/nfs_server/10-nfs diff --git a/scripts/hostclass/nfs_server/20-syncthing b/scripts/hostclass/nfs_server/20-syncthing new file mode 100644 index 0000000..095b55c --- /dev/null +++ b/scripts/hostclass/nfs_server/20-syncthing @@ -0,0 +1,61 @@ +#!/bin/sh + +# syncthing_users='user1 user2' +# syncthing_user1_port=22000 +# syncthing_user2_port=22001 + +if [ -z "${syncthing_users:-}" ]; then + return 0 +fi + +syncthing_https_cert="${nginx_conf_dir}/syncthing.crt" +syncthing_https_key="${nginx_conf_dir}/syncthing.key" +syncthing_conf_dir=/var/db/syncthing +nginx_keytab="${keytab_dir}/nginx.keytab" + +pkg install -y \ + syncthing \ + nginx + +# Create ZFS dataset for syncthing configuration. +create_dataset -o "mountpoint=$syncthing_conf_dir" "${state_dataset}/syncthing" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/syncthing" +install_directory -m 0755 "$syncthing_conf_dir" + +# Copy syncthing_user rc script. +install_file -m 0644 /usr/local/etc/syncthing.template.xml +install_file -m 0555 /usr/local/etc/rc.d/syncthing_user + +# Generate nginx configuration. +install_template -m 0644 \ + /usr/local/etc/nginx/nginx.conf \ + /usr/local/etc/nginx/vhosts.conf + +# Create HTTP service principal and keytab. +add_principal -nokey -x "containerdn=${services_basedn}" "HTTP/${fqdn}" + +ktadd -k "$nginx_keytab" "HTTP/${fqdn}" +chgrp "$nginx_user" "$nginx_keytab" +chmod 640 "$nginx_keytab" + +# Copy TLS certificate for nginx. +install_certificate nginx "$syncthing_https_cert" +install_certificate_key nginx "$syncthing_https_key" + +# Enable and start daemons. +sysrc -v nginx_enable=YES +service nginx restart + +sysrc -v \ + syncthing_user_enable=YES \ + "syncthing_user_instances+=${syncthing_users}" + +for user in $syncthing_users; do + eval "port=\$syncthing_${user}_port" + sysrc -v "syncthing_user_${user}_port=${port}" +done + +service syncthing_user restart diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 969dff7..7044f96 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -18,6 +18,9 @@ poudriere_patch_dir="${poudriere_conf_dir}/patches" # Create poudriere datasets. create_dataset -o "mountpoint=${poudriere_data_dir}" "${state_dataset}/poudriere" create_dataset -o "mountpoint=${poudriere_conf_dir}" "${state_dataset}/poudriere-config" +zfs set com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/poudriere" \ + "${state_dataset}/poudriere-config" # Since we're doing a ton of compilation, disable sync on the poudriere dataset. # Possibly snakeoil, but my hope is that most file I/O will end up in the ARC cache diff --git a/scripts/hostclass/postgresql_server b/scripts/hostclass/postgresql_server index 10bafc8..dbb84b4 100644 --- a/scripts/hostclass/postgresql_server +++ b/scripts/hostclass/postgresql_server @@ -28,6 +28,11 @@ create_dataset \ -o primarycache=metadata \ -o atime=off \ "${state_dataset}/postgres" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + com.sun:auto-snapshot:monthly=true \ + "${state_dataset}/postgres" install_directory -m 0755 -o "$postgres_user" -g "$postgres_user" "$postgres_home" # Initialize the database. diff --git a/scripts/hostclass/public_webserver b/scripts/hostclass/public_webserver index ccf5991..721cbfc 100644 --- a/scripts/hostclass/public_webserver +++ b/scripts/hostclass/public_webserver @@ -14,6 +14,10 @@ pkg install -y \ # Create ZFS dataset for webroots. create_dataset -o "mountpoint=${vhosts_dir}" "${state_dataset}/vhosts" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/vhosts" # Configure nginx. install_template -m 0644 /usr/local/etc/nginx/nginx.conf diff --git a/scripts/hostclass/smtp_server/10-rspamd b/scripts/hostclass/smtp_server/10-rspamd index 7b1aae9..215788b 100644 --- a/scripts/hostclass/smtp_server/10-rspamd +++ b/scripts/hostclass/smtp_server/10-rspamd @@ -33,6 +33,10 @@ pkg install -y \ # Create ZFS dataset for Redis DBs. create_dataset -o "mountpoint=${redis_data_dir}" "${state_dataset}/redis" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/redis" # Generate config files for redis instances. install_template -m 0644 \ diff --git a/scripts/hostclass/unifi_controller b/scripts/hostclass/unifi_controller index 32df063..9fd161e 100644 --- a/scripts/hostclass/unifi_controller +++ b/scripts/hostclass/unifi_controller @@ -11,6 +11,10 @@ pkg install -y unifi8 # Create ZFS dataset for unifi data. create_dataset -o "mountpoint=${unifi_home}/data" "${state_dataset}/unifi" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/unifi" # Set ownership on unifi data dir. install_directory -o "$unifi_user" -g "$unifi_user" -m 0700 "${unifi_home}/data" diff --git a/scripts/hostclass/znc_server b/scripts/hostclass/znc_server index 58f1d8a..e2c2fa6 100644 --- a/scripts/hostclass/znc_server +++ b/scripts/hostclass/znc_server @@ -18,6 +18,10 @@ pkg install -y \ # Create ZFS dataset for ZNC configs. create_dataset -o "mountpoint=${znc_home}" "${state_dataset}/znc" +zfs set \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${state_dataset}/znc" # Set ownership on ZNC dir. install_directory -o "$znc_user" -g "$znc_user" -m 0755 "$znc_home" diff --git a/scripts/hostname/nfs1/10-homedirs b/scripts/hostname/nfs1/10-homedirs index f2cd25c..3a6d923 100644 --- a/scripts/hostname/nfs1/10-homedirs +++ b/scripts/hostname/nfs1/10-homedirs @@ -14,6 +14,9 @@ for userquota in ${nfs_homedirs:-}; do zfs set "refquota=${privquota:-$default_priv_quota}" "${nfs_dataset}/user/${user}/priv" zfs set "refquota=${pubquota:-$default_pub_quota}" "${nfs_dataset}/user/${user}/pub" + zfs set 'com.sun:auto-snapshot=true' \ + "${nfs_dataset}/user/${user}/priv" \ + "${nfs_dataset}/user/${user}/pub" chown "${user}:${user}" \ "${nfs_root}/user/${user}/priv" \ @@ -34,6 +37,9 @@ for groupquota in ${nfs_groupdirs:-}; do zfs set "refquota=${privquota:-$default_priv_quota}" "${nfs_dataset}/group/${group}/priv" zfs set "refquota=${pubquota:-$default_pub_quota}" "${nfs_dataset}/group/${group}/pub" + zfs set 'com.sun:auto-snapshot=true' \ + "${nfs_dataset}/group/${group}/priv" \ + "${nfs_dataset}/group/${group}/pub" chown "root:${group}" \ "${nfs_root}/group/${group}/priv" \ diff --git a/scripts/hostname/nfs1/20-shares b/scripts/hostname/nfs1/20-shares index ef013cc..beb3b11 100644 --- a/scripts/hostname/nfs1/20-shares +++ b/scripts/hostname/nfs1/20-shares @@ -2,6 +2,11 @@ # media/music create_dataset -p "${nfs_dataset}/media/music" +zfs set \ + compression=off \ + com.sun:auto-snapshot:daily=true \ + com.sun:auto-snapshot:weekly=true \ + "${nfs_dataset}/media/music" chgrp media-admin "${nfs_root}/media/music" chmod 2770 "${nfs_root}/media/music" set_facl "${nfs_root}/media/music" \ diff --git a/scripts/os/80-zfs b/scripts/os/80-zfs new file mode 100644 index 0000000..1a24852 --- /dev/null +++ b/scripts/os/80-zfs @@ -0,0 +1 @@ +#!/bin/sh diff --git a/scripts/os/freebsd/20-zfs b/scripts/os/freebsd/20-zfs index 1cdc465..5d86df4 100644 --- a/scripts/os/freebsd/20-zfs +++ b/scripts/os/freebsd/20-zfs @@ -7,5 +7,5 @@ create_dataset -o mountpoint=none "$state_dataset" # If this is baremetal host or a VM, trim the zpools periodically. if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then - install_file -m 0644 /etc/cron.d/zfs-trim + install_file -m 0644 /etc/cron.d/zfs fi diff --git a/scripts/os/freebsd/50-idm b/scripts/os/freebsd/50-idm index ab7c2fd..1585c6f 100644 --- a/scripts/os/freebsd/50-idm +++ b/scripts/os/freebsd/50-idm @@ -15,14 +15,20 @@ pkg install -y \ pam_krb5 \ perl5 \ p5-perl-ldap \ - p5-Authen-SASL + p5-Authen-SASL \ + pam_mkhomedir # Configure PAM/NSS integration. install_file -m 0644 \ /etc/nsswitch.conf \ + /etc/pam.d/system \ /etc/pam.d/login \ /etc/pam.d/sshd \ - /etc/pam.d/sudo + /etc/pam.d/sudo \ + /etc/pam.d/su \ + /etc/pam.d/other + +install_template -m 0644 /etc/login.access install_template -m 0644 \ /etc/krb5.conf \ @@ -30,6 +36,13 @@ install_template -m 0644 \ /usr/local/etc/openldap/ldap.conf \ /usr/local/etc/nslcd.conf +# Ensure /home exists and configure skel files. +install_directory -m 0755 /home +install_file -m 0644 \ + /usr/share/skel/dot.login \ + /usr/share/skel/dot.profile \ + /usr/share/skel/dot.shrc + # Create ldap.conf symlink. ln -snfv /usr/local/etc/openldap/ldap.conf /usr/local/etc/ldap.conf diff --git a/scripts/os/freebsd/90-snapshots b/scripts/os/freebsd/90-snapshots new file mode 100644 index 0000000..fce9c34 --- /dev/null +++ b/scripts/os/freebsd/90-snapshots @@ -0,0 +1,10 @@ +#!/bin/sh + +# Don't run autosnapshot within jails. Otherwise we will create duplicate +# snapshots with the host system. +if [ "$BOXCONF_VIRTUALIZATION_TYPE" = jail ]; then + return 0 +fi + +pkg install -y zfstools +install_file -m 0644 /etc/cron.d/zfs-autosnapshot |