From f036b9c0da685d11e341d61e5aaeb75cac576111 Mon Sep 17 00:00:00 2001
From: Cullum Smith <cullum@sacredheartsc.com>
Date: Wed, 17 Jul 2024 06:45:00 -0400
Subject: add pkg_repository hostclass

---
 .../usr/local/etc/jailctl.conf.freebsd_hypervisor  |  2 +-
 files/usr/local/etc/nginx/nginx.conf.common        | 44 ++++++++++++
 .../usr/local/etc/nginx/vhosts.conf.pkg_repository | 47 ++++++++++++
 files/usr/local/etc/pkg/repos/FreeBSD.conf.common  |  1 +
 .../local/etc/pkg/repos/onprem.conf.pkg_repository |  5 ++
 files/usr/local/etc/poudriere.conf.pkg_repository  | 16 +++++
 .../local/etc/poudriere.d/make.conf.pkg_repository | 83 ++++++++++++++++++++++
 .../local/etc/poudriere.d/pkglist.pkg_repository   | 33 +++++++++
 files/usr/local/etc/ssl/repo.crt.readme            |  3 +
 files/usr/local/etc/ssl/repo.key.readme            |  4 ++
 10 files changed, 237 insertions(+), 1 deletion(-)
 create mode 100644 files/usr/local/etc/nginx/nginx.conf.common
 create mode 100644 files/usr/local/etc/nginx/vhosts.conf.pkg_repository
 create mode 100644 files/usr/local/etc/pkg/repos/FreeBSD.conf.common
 create mode 100644 files/usr/local/etc/pkg/repos/onprem.conf.pkg_repository
 create mode 100644 files/usr/local/etc/poudriere.conf.pkg_repository
 create mode 100644 files/usr/local/etc/poudriere.d/make.conf.pkg_repository
 create mode 100644 files/usr/local/etc/poudriere.d/pkglist.pkg_repository
 create mode 100644 files/usr/local/etc/ssl/repo.crt.readme
 create mode 100644 files/usr/local/etc/ssl/repo.key.readme

(limited to 'files/usr/local/etc')

diff --git a/files/usr/local/etc/jailctl.conf.freebsd_hypervisor b/files/usr/local/etc/jailctl.conf.freebsd_hypervisor
index a3a37dc..0b51308 100644
--- a/files/usr/local/etc/jailctl.conf.freebsd_hypervisor
+++ b/files/usr/local/etc/jailctl.conf.freebsd_hypervisor
@@ -5,7 +5,7 @@ JAIL_DATASET='${hypervisor_jail_dataset}'
 TRUNK_INTERFACE='${hypervisor_trunk_interface}'
 
 DEFAULT_DOMAIN='${domain}'
-DEFAULT_NAMESERVERS='${resolvers:-1.1.1.1}'
+DEFAULT_NAMESERVERS='1.1.1.1'
 DEFAULT_VLAN='${hypervisor_default_vlan}'
 DEFAULT_NETMASK='$(prefix2netmask "$hypervisor_default_prefix")'
 DEFAULT_OS_QUOTA='${hypervisor_default_os_quota}'
diff --git a/files/usr/local/etc/nginx/nginx.conf.common b/files/usr/local/etc/nginx/nginx.conf.common
new file mode 100644
index 0000000..b0a9a06
--- /dev/null
+++ b/files/usr/local/etc/nginx/nginx.conf.common
@@ -0,0 +1,44 @@
+worker_processes      ${nginx_worker_processes};
+worker_rlimit_nofile  ${nginx_nofile};
+
+events {
+  worker_connections  ${nginx_worker_connections};
+}
+
+http {
+  include       mime.types;
+  default_type  application/octet-stream;
+  index         index.html;
+
+  aio                   threads;
+  aio_write             on;
+  sendfile              on;
+  directio              4m;
+  tcp_nopush            on;
+  tcp_nodelay           on;
+  keepalive_timeout     65;
+  types_hash_max_size   2048;
+  server_tokens         off;
+  client_max_body_size  5m;
+  charset               utf-8;
+  gzip                  on;
+  gzip_http_version     1.0;
+  gzip_types            text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json image/svg+xml;
+
+  proxy_buffers            64 32k;
+  proxy_busy_buffers_size  64k;
+  fastcgi_buffers          64 32k;
+
+  ssl_session_timeout        1d;
+  ssl_session_cache          shared:SSL:10m;
+  ssl_session_tickets        off;
+  ssl_protocols              TLSv1.3;
+  ssl_prefer_server_ciphers  off;
+
+  map \$http_upgrade \$connection_upgrade {
+    default upgrade;
+    '' keep-alive;
+  }
+
+	include vhosts.conf;
+}
diff --git a/files/usr/local/etc/nginx/vhosts.conf.pkg_repository b/files/usr/local/etc/nginx/vhosts.conf.pkg_repository
new file mode 100644
index 0000000..8177626
--- /dev/null
+++ b/files/usr/local/etc/nginx/vhosts.conf.pkg_repository
@@ -0,0 +1,47 @@
+server {
+  listen       0.0.0.0:80 default_server;
+  listen       [::]:80 default_server;
+  server_name  ${fqdn};
+  root         ${poudriere_data_dir}/data/packages;
+
+  include mime.types;
+  types {
+    text/plain  log;
+  }
+
+  location /poudriere/ {
+    alias /usr/local/share/poudriere/html/;
+
+    # Allow caching static resources
+    location ~* ^.+\.(jpg|jpeg|gif|png|ico|svg|woff|css|js|html)$ {
+      add_header Cache-Control "public";
+      expires 2d;
+    }
+
+    location /poudriere/data {
+      alias ${poudriere_data_dir}/data/logs/bulk;
+
+      # Allow caching dynamic files but ensure they get rechecked
+      location ~* ^.+\.(log|txz|tbz|bz2|gz)$ {
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+      }
+
+      # Don't log json requests as they come in frequently and ensure
+      # caching works as expected
+      location ~* ^.+\.(json)$ {
+        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
+        access_log off;
+        log_not_found off;
+      }
+
+      # Allow indexing only in log dirs
+      location ~ /poudriere/data/?.*/(logs|latest-per-pkg)/ {
+        autoindex on;
+      }
+    }
+  }
+
+  location / {
+    autoindex on;
+  }
+}
diff --git a/files/usr/local/etc/pkg/repos/FreeBSD.conf.common b/files/usr/local/etc/pkg/repos/FreeBSD.conf.common
new file mode 100644
index 0000000..22521b5
--- /dev/null
+++ b/files/usr/local/etc/pkg/repos/FreeBSD.conf.common
@@ -0,0 +1 @@
+FreeBSD: { enabled: no }
diff --git a/files/usr/local/etc/pkg/repos/onprem.conf.pkg_repository b/files/usr/local/etc/pkg/repos/onprem.conf.pkg_repository
new file mode 100644
index 0000000..ec75151
--- /dev/null
+++ b/files/usr/local/etc/pkg/repos/onprem.conf.pkg_repository
@@ -0,0 +1,5 @@
+${site}: {
+  enabled: yes,
+  url: "file://${poudriere_data_dir}/data/packages/\${ABI}/latest",
+  signature_type: "none",
+}
diff --git a/files/usr/local/etc/poudriere.conf.pkg_repository b/files/usr/local/etc/poudriere.conf.pkg_repository
new file mode 100644
index 0000000..bc9ca75
--- /dev/null
+++ b/files/usr/local/etc/poudriere.conf.pkg_repository
@@ -0,0 +1,16 @@
+ZPOOL=${poudriere_dataset%%/*}
+ZROOTFS=/${poudriere_dataset#*/}/poudriere
+FREEBSD_HOST=https://download.freebsd.org
+RESOLV_CONF=/etc/resolv.conf
+BASEFS=${poudriere_data_dir}
+POUDRIERE_DATA=\${BASEFS}/data
+PARALLEL_JOBS=${poudriere_jobs}
+USE_PORTLINT=no
+USE_TMPFS=yes
+DISTFILES_CACHE=/usr/ports/distfiles
+PKG_REPO_SIGNING_KEY=/usr/local/etc/ssl/repo.key
+URL_BASE=http://${fqdn}/poudriere/
+ALLOW_MAKE_JOBS_PACKAGES='${poudriere_allow_make_jobs_packages:-}'
+PRIORITY_BOOST='${poudriere_priority_boost:-}'
+CCACHE_DIR=\${BASEFS}/ccache
+CCACHE_DIR_NON_ROOT_SAFE=yes
diff --git a/files/usr/local/etc/poudriere.d/make.conf.pkg_repository b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
new file mode 100644
index 0000000..8348621
--- /dev/null
+++ b/files/usr/local/etc/poudriere.d/make.conf.pkg_repository
@@ -0,0 +1,83 @@
+CFLAGS=-O2 -pipe
+DISABLE_LICENSES=yes
+DEFAULT_VERSIONS+=${poudriere_default_versions:-}
+MAKE_JOBS_NUMBER=${poudriere_make_jobs_number}
+
+# Global port options
+OPTIONS_UNSET=TEST DEBUG GSSAPI_HEIMDAL GSSAPI_BASE GSSAPI_NONE HEIMDAL NLS DOCS AVAHI LIBWRAP MYSQL MSQLND ODBC READLINE PULSEAUDIO UPNP BASH ZSH INFO ALSA SAMBA WAYLAND PLATFORM_WAYLAND PIPEWIRE
+OPTIONS_SET=GSSAPI GSSAPI_MIT NONFREE LIBEDIT
+
+# Per-port options
+databases_akonadi_SET=MYSQL
+databases_luadbi_SET=PGSQL
+databases_postgresql15-client_SET=PAM
+databases_postgresql15-server_SET=PAM
+devel_gitolite_SET=GITUSER
+devel_kio-extras_UNSET=AFC
+devel_librelp_UNSET=GNUTLS
+devel_libudev_devd_SET=GPL
+devel_py-hypothesis_UNSET=CLI CODEMODS DATEUTIL DJANGO DPCONTRACTS GHOSTWRITER LARK NUMPY PANDAS PYTEST PYTZ REDIS
+devel_qca_SET=SASL
+dns_powerdns_SET=OPENLDAP
+dns_powerdns_UNSET=PGSQL SQLITE3
+dns_unbound_SET=TFOCL TFOSE
+dns_unbound_UNSET=DOH
+editors_libreoffice_SET=KF5 PDFIUM
+editors_vim_SET=CTAGS_EXUBERANT XTERM_SAVE
+editors_vim_UNSET=CTAGS_BASE
+finance_gnucash_UNSET=AQBANKING
+graphics_vips_UNSET=MATIO
+irc_znc_SET=CYRUS
+lang_lua53_SET=LIBEDIT_DL
+lang_lua53_UNSET=LIBEDIT
+lang_lua54_SET=LIBEDIT_DL
+lang_lua54_UNSET=LIBEDIT
+mail_dovecot-pigeonhole_SET=LDAP
+mail_dovecot_SET=SOLR LDAP
+mail_mutt_UNSET=HTML
+mail_postfix_SET=LDAP SASL SASLKRB5
+mail_rspamd_SET=HYPERSCAN
+misc_kdeutils_UNSET=KFLOPPY KTEATIME
+multimedia_ffmpeg_SET=OPENSSL
+multimedia_ffmpeg_UNSET=GNUTLS
+multimedia_kdemultimedia_UNSET=KDENLIVE
+multimedia_qt6-multimedia_SET=ALSA
+multimedia_vlc_SET=FLAC MPEG2 X264 X265 VPX DCA FAAD AOM
+net-im_dino_UNSET=RTP
+net-im_py-matrix-synapse_SET=PGSQL URLPREVIEW LDAP
+net_asterisk18_SET=NEWG711 G729 NCURSES
+net_asterisk18_UNSET=DAHDI FREETDS RADIUS NEWT
+net_freeradius3_SET=LDAP MITKRB_PORT
+net_freerdp_SET=OPENH264
+net_kdenetwork_UNSET=FILESHARING KOPETE KRFB
+net_openldap26-server_SET=DEBUG
+net_openldap26-server_UNSET=SMBPWD
+print_cups-filters_UNSET=COLORD
+print_freetype2_SET=LCD_FILTERING
+print_freetype2_UNSET=LCD_RENDERING
+security_cyrus-sasl2-saslauthd_UNSET=BDB1
+security_heimdal-devel_SET=LDAP
+security_heimdal-devel_UNSET=BDB
+security_heimdal_SET=LDAP
+security_heimdal_UNSET=BDB
+security_kf5-kdesu_SET=SUDO
+security_kf5-kdesu_UNSET=SU
+security_krb5_SET=DNS_FOR_REALM
+security_krb5_UNSET=KRB5_HTML KRB5_PDF
+security_pinentry-qt5_SET=LIBSECRET
+security_sudo_SET=LDAP
+security_sudo_UNSET=GSSAPI_MIT
+security_vaultwarden_SET=PGSQL
+shells_bash_UNSET=PORTS_READLINE
+sysutils_htop_SET=LSOF
+sysutils_k3b_UNSET=EMOVIX VCDIMAGER
+sysutils_rsyslog8_SET=GSSAPI RELP OPENSSL
+sysutils_rsyslog8_UNSET=GCRYPT
+www_chromium_SET=WIDEVINE
+www_firefox_UNSET=PROFILE JACK
+www_nginx_SET=HTTPV3 HTTPV3_QTLS HTTP_AUTH_KRB5 HTTP_AUTH_LDAP
+www_nginx_UNSET=MAIL
+www_qt5-webengine_SET=ALSA
+x11-toolkits_gtk30_UNSET=COLORD BROADWAY
+x11_kde5_UNSET=KDEADMIN KDEEDU KDEGAMES
+x11_libinput_UNSET=LIBWACOM
diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
new file mode 100644
index 0000000..80fc5e5
--- /dev/null
+++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository
@@ -0,0 +1,33 @@
+devel/ccache
+devel/git@lite
+dns/bind-tools
+dns/nsd
+dns/powerdns
+dns/unbound
+editors/vim@console
+editors/vim@tiny
+lang/python
+net/nss-pam-ldapd-sasl
+net/openldap26-client
+net/openldap26-server
+net/p5-perl-ldap
+net/py-python-ldap
+net/rsync
+ports-mgmt/poudriere
+security/acme.sh
+security/cyrus-sasl2-saslauthd
+security/kstart
+security/krb5@default
+security/krb5@ldap
+security/pam_krb5@mit
+security/pam_mkhomedir
+security/sshpass
+security/sudo
+sysutils/htop
+sysutils/lsof
+sysutils/p5-Sys-Syslog
+sysutils/pwgen
+sysutils/stow
+sysutils/tmux
+sysutils/tree
+www/nginx
diff --git a/files/usr/local/etc/ssl/repo.crt.readme b/files/usr/local/etc/ssl/repo.crt.readme
new file mode 100644
index 0000000..1c1ad53
--- /dev/null
+++ b/files/usr/local/etc/ssl/repo.crt.readme
@@ -0,0 +1,3 @@
+Generate this file using:
+
+    openssl rsa -in site/files/usr/local/etc/ssl/repo.key.pkg_repository -pubout -out site/files/usr/local/etc/ssl/repo.crt.freebsd
diff --git a/files/usr/local/etc/ssl/repo.key.readme b/files/usr/local/etc/ssl/repo.key.readme
new file mode 100644
index 0000000..3b14bc6
--- /dev/null
+++ b/files/usr/local/etc/ssl/repo.key.readme
@@ -0,0 +1,4 @@
+Generate this file using:
+
+    openssl genrsa -out site/files/usr/local/etc/ssl/repo.key.pkg_repository 4096
+    ./vault encrypt site/files/usr/local/etc/ssl/repo.key.pkg_repository
-- 
cgit v1.2.3