provision/*: always declare JAIL_START_EXTRA, JAIL_CONF_EXTRA, JAIL_F…

…STAB
msimerson · Mar 24, 2024 · 4f86e4b · 4f86e4b
1 parent c2ee636
commit 4f86e4b
Show file tree

Hide file tree

Showing 58 changed files with 105 additions and 13 deletions.
diff --git a/provision/borg.sh b/provision/borg.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_borg()
 {

diff --git a/provision/bsd_cache.sh b/provision/bsd_cache.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include nginx
 

diff --git a/provision/clamav.sh b/provision/clamav.sh
@@ -2,6 +2,10 @@
 
 set -e
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 . mail-toaster.sh
 
 install_clamav_fangfrisch()

diff --git a/provision/dcc.sh b/provision/dcc.sh
@@ -6,6 +6,7 @@ set -e
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_dcc_cleanup()
 {

diff --git a/provision/dhcp.sh b/provision/dhcp.sh
@@ -1,17 +1,20 @@
 #!/bin/sh
 
-. mail-toaster.sh || exit
+set -e -u
+
+. mail-toaster.sh
 
 export JAIL_START_EXTRA="devfs_ruleset=7
 		allow.raw_sockets=1"
 export JAIL_CONF_EXTRA="
 		devfs_ruleset = 7;
 		allow.raw_sockets = 1;"
+export JAIL_FSTAB=""
 
 install_dhcpd()
 {
 	tell_status "installing dhcpd"
-	stage_pkg_install isc-dhcp44-server || exit
+	stage_pkg_install isc-dhcp44-server
 }
 
 configure_dhcpd()
@@ -34,11 +37,11 @@ rdr inet6 proto tcp from any to <ext_ips> port { 67 68 } -> $(get_jail_ip6 dhcp)
 EO_PF_RDR
 
 	if [ ! -d "$ZFS_DATA_MNT/dhcp/etc" ]; then
-		mkdir -p "$ZFS_DATA_MNT/dhcp/etc" || exit
+		mkdir -p "$ZFS_DATA_MNT/dhcp/etc"
 	fi
 
 	if [ ! -d "$ZFS_DATA_MNT/dhcp/db" ]; then
-		mkdir -p "$ZFS_DATA_MNT/dhcp/db" || exit
+		mkdir -p "$ZFS_DATA_MNT/dhcp/db"
 	fi
 
 	get_public_ip
@@ -79,7 +82,7 @@ EO_DHCP
 start_dhcpd()
 {
 	tell_status "starting dhcpd"
-	stage_exec service isc-dhcpd start || exit
+	stage_exec service isc-dhcpd start
 }
 
 test_dhcpd()

diff --git a/provision/dns.sh b/provision/dns.sh
@@ -7,6 +7,7 @@ set -e
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA="
 		allow.raw_sockets;"
+export JAIL_FSTAB=""
 
 install_unbound()
 {

diff --git a/provision/dovecot.sh b/provision/dovecot.sh
@@ -5,6 +5,7 @@ set -e
 . mail-toaster.sh
 
 export JAIL_START_EXTRA="allow.sysvipc=1"
+export JAIL_CONF_EXTRA=""
 export JAIL_FSTAB="$ZFS_DATA_MNT/vpopmail/home $ZFS_JAIL_MNT/dovecot/usr/local/vpopmail nullfs rw 0 0"
 
 mt6-include vpopmail

diff --git a/provision/dspam.sh b/provision/dspam.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include mysql
 

diff --git a/provision/elasticsearch.sh b/provision/elasticsearch.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-set -e
+set -e -u
 
 . mail-toaster.sh
 

diff --git a/provision/geoip.sh b/provision/geoip.sh
@@ -4,6 +4,10 @@ set -e
 
 . mail-toaster.sh
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 preflight_check() {
 	if [ -z "$MAXMIND_LICENSE_KEY" ]; then
 		echo "ERROR: edit mail-toaster.conf and set MAXMIND_LICENSE_KEY"

diff --git a/provision/ghost.sh b/provision/ghost.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_ghost()
 {

diff --git a/provision/gitlab.sh b/provision/gitlab.sh
@@ -6,6 +6,7 @@ export JAIL_START_EXTRA="allow.sysvipc=1"
 export JAIL_CONF_EXTRA="
 		allow.sysvipc;
 "
+export JAIL_FSTAB=""
 
 # https://docs.gitlab.com/ee/install/relative_url.html
 # https://gitlab.fechner.net/mfechner/Gitlab-docu/blob/master/install/15.10-freebsd.md

diff --git a/provision/gitlab_runner.sh b/provision/gitlab_runner.sh
@@ -2,6 +2,10 @@
 
 . mail-toaster.sh || exit
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 # https://wiki.freebsd.org/Docker
 # https://docs.gitlab.com/runner/install/freebsd.html
 

diff --git a/provision/grafana.sh b/provision/grafana.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_grafana()
 {

diff --git a/provision/haproxy.sh b/provision/haproxy.sh
@@ -4,6 +4,10 @@ set -e
 
 . mail-toaster.sh
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 install_haproxy()
 {
 	case "$TLS_LIBRARY" in

diff --git a/provision/horde.sh b/provision/horde.sh
@@ -2,6 +2,8 @@
 
 . mail-toaster.sh || exit
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
 export JAIL_FSTAB="$ZFS_DATA_MNT/vpopmail/home $ZFS_JAIL_MNT/horde/usr/local/vpopmail nullfs rw 0 0"
 
 mt6-include php

diff --git a/provision/host.sh b/provision/host.sh
@@ -6,6 +6,7 @@ set -e
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include shell
 mt6-include mta

diff --git a/provision/influxdb.sh b/provision/influxdb.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_influxdb()
 {

diff --git a/provision/jekyll.sh b/provision/jekyll.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_jekyll()
 {

diff --git a/provision/joomla.sh b/provision/joomla.sh
@@ -3,8 +3,8 @@
 . mail-toaster.sh || exit
 
 export JAIL_START_EXTRA=""
-# shellcheck disable=2016
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include php
 mt6-include nginx

diff --git a/provision/knot.sh b/provision/knot.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include user
 

diff --git a/provision/letsencrypt.sh b/provision/letsencrypt.sh
@@ -4,6 +4,10 @@ set -e
 
 . mail-toaster.sh
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 install_letsencrypt()
 {
 	tell_status "installing ACME.sh & Let's Encrypt"

diff --git a/provision/mailtest.sh b/provision/mailtest.sh
@@ -7,7 +7,7 @@ set -e
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA="
 		allow.raw_sockets;"
-
+export JAIL_FSTAB=""
 
 install_mailtest()
 {

diff --git a/provision/mediawiki.sh b/provision/mediawiki.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include php
 mt6-include nginx

diff --git a/provision/memcached.sh b/provision/memcached.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_memcached()
 {

diff --git a/provision/minecraft.sh b/provision/minecraft.sh
@@ -6,6 +6,7 @@ export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA="
 		mount += \"$ZFS_DATA_MNT/minecraft/etc \$path/usr/local/etc/minecraft-server nullfs rw 0 0\";
 		mount += \"$ZFS_DATA_MNT/minecraft/db \$path/var/db/minecraft-server nullfs rw 0 0\";"
+export JAIL_FSTAB=""
 
 install_minecraft()
 {

diff --git a/provision/mongodb.sh b/provision/mongodb.sh
@@ -9,6 +9,7 @@ export JAIL_CONF_EXTRA="
 		allow.raw_sockets;
 		allow.sysvipc;
 		allow.mlock;"
+export JAIL_FSTAB=""
 
 install_mongodb()
 {

diff --git a/provision/munin.sh b/provision/munin.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_lighttpd()
 {

diff --git a/provision/mysql.sh b/provision/mysql.sh
@@ -4,6 +4,10 @@ set -e
 
 . mail-toaster.sh
 
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
 install_db_server()
 {
 	for _d in etc db; do

diff --git a/provision/nagios.sh b/provision/nagios.sh
@@ -5,6 +5,7 @@
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA="
 		allow.raw_sockets;"
+export JAIL_FSTAB=""
 
 mt6-include php
 mt6-include nginx

diff --git a/provision/nginx.sh b/provision/nginx.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_nginx()
 {

diff --git a/provision/nictool.sh b/provision/nictool.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 export NICTOOL_VER=${NICTOOL_VER:="2.33"}
 export NICTOOL_UPGRADE=""

diff --git a/provision/nsd.sh b/provision/nsd.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include user
 

diff --git a/provision/php7.sh b/provision/php7.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 mt6-include php
 

diff --git a/provision/postfix.sh b/provision/postfix.sh
@@ -6,6 +6,7 @@ set -e -u
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 _dkim_private_key="$ZFS_DATA_MNT/postfix/dkim/$TOASTER_MAIL_DOMAIN.private"
 
@@ -47,12 +48,12 @@ configure_opendkim()
 configure_postfix_main_cf()
 {
 	local _main_cf="$ZFS_DATA_MNT/postfix/etc/main.cf"
-	if [ -f "$_main_cf" ];
-	then
+	if [ -f "$_main_cf" ]; then
 		tell_status "preserving $_main_cf"
 		return
 	fi
-
+
+	stage_exec install -m 0644 /usr/local/etc/postfix/main.cf /data/etc/main.cf
 	stage_exec postconf -e "myhostname = postfix.$TOASTER_HOSTNAME"
 	stage_exec postconf -e 'smtp_tls_security_level = may'
 	stage_exec postconf -e 'smtpd_tls_security_level = may'
@@ -78,13 +79,25 @@ configure_postfix_main_cf()
 	fi
 }
 
+configure_postfix_master_cf
+{
+	local _master_cf="$ZFS_DATA_MNT/postfix/etc/master.cf"
+	if [ -f "$_main_cf" ]; then
+		tell_status "preserving $_master_cf"
+	else
+		tell_status "installing $_master_cf"
+		stage_exec install -m 0644 /usr/local/etc/postfix/master.cf /data/etc/master.cf
+	fi
+}
+
 configure_postfix()
 {
 	stage_sysrc sendmail_enable=NONE
 	stage_sysrc postfix_enable=YES
 	stage_sysrc postfix_flags="-c /data/etc"
 
 	configure_postfix_main_cf
+	configure_postfix_master_cf
 
 	# postconf will break symlinks to files. To get all of postfix to always
 	# look at /data/etc for config, symlink the config dir

diff --git a/provision/prometheus.sh b/provision/prometheus.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_prometheus()
 {

diff --git a/provision/puppeteer.sh b/provision/puppeteer.sh
@@ -4,6 +4,7 @@
 
 export JAIL_START_EXTRA=""
 export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
 
 install_puppeteer()
 {