add private provision scripts

- beaded: updates - ns1.cad: add install_sentry - move tnpi scripts into ./tnpi/ - tnpi: add ns3.art, ns3.cad, wp_sim, sigels - beaded: enable promotion - move whmcs to tnpi - tnpi/*: remove dialog4ports, chmod +x - tinydns: refactor djb installers into include/djb - update ns1.theartfarm to use include/djb
msimerson · Mar 24, 2024 · 5e9766b · 5e9766b
1 parent 0da71c1
commit 5e9766b
Show file tree

Hide file tree

Showing 13 changed files with 1,055 additions and 1 deletion.
diff --git a/provision/dovecot.sh b/provision/dovecot.sh
@@ -672,7 +672,7 @@ base_snapshot_exists || exit
 create_staged_fs dovecot
 mkdir -p "$STAGE_MNT/usr/local/vpopmail"
 start_staged_jail dovecot
-allow_sysvipc_stage
+#allow_sysvipc_stage
 install_dovecot
 configure_dovecot
 stage_resolv_conf

diff --git a/tnpi/beaded-api.sh b/tnpi/beaded-api.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# shellcheck disable=1091
+. mail-toaster.sh || exit
+
+mt6-include user
+
+install_beaded_api()
+{
+	tell_status "installing beadedstream API"
+	stage_pkg_install npm-node16 git-lite mongodb44 mongodb-tools ssmtp
+	stage_exec bash -c "cd /data/db && npm install"
+	stage_exec bash -c "cd /data/db/api && npm install"
+	stage_exec npm install -g pm2
+}
+
+configure_beaded_api()
+{
+	tell_status "configuring beaded_api"
+
+	preserve_passdb beaded_api
+	preserve_ssh_host_keys beaded_api
+
+	cp /data/beaded_api/rc.d/pm2_beaded "$STAGE_MNT/usr/local/etc/rc.d/"
+	stage_sysrc pm2_beaded_enable="YES"
+	stage_sysrc sshd_enable="YES"
+}
+
+start_beaded_api()
+{
+	tell_status "configuring beaded_api"
+	stage_exec service pm2_beaded start
+}
+
+test_beaded_api()
+{
+	tell_status "testing beaded_api"
+	stage_listening 3000
+	echo "it works"
+}
+
+base_snapshot_exists || exit
+create_staged_fs beaded_api
+start_staged_jail beaded_api
+install_beaded_api
+configure_beaded_api
+start_beaded_api
+test_beaded_api
+promote_staged_jail beaded_api
diff --git a/tnpi/isaac.sh b/tnpi/isaac.sh
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# shellcheck disable=1091
+. mail-toaster.sh || exit
+
+install_isaac()
+{
+	tell_status "installing Isaac"
+	stage_pkg_install python37
+}
+
+configure_isaac()
+{
+	tell_status "configuring isaac"
+	echo "WARN: manually copy passwd & group files over"
+}
+
+start_isaac()
+{
+	tell_status "configuring isaac"
+}
+
+test_isaac()
+{
+	tell_status "testing isaac"
+}
+
+base_snapshot_exists || exit
+create_staged_fs isaac
+start_staged_jail isaac
+install_isaac
+configure_isaac
+start_isaac
+test_isaac
+promote_staged_jail isaac
diff --git a/tnpi/mike.sh b/tnpi/mike.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# shellcheck disable=1091
+. mail-toaster.sh || exit
+
+install_mike()
+{
+	tell_status "installing Mike"
+	stage_pkg_install mtr-nox11
+}
+
+configure_mike()
+{
+	tell_status "configuring mike"
+}
+
+start_mike()
+{
+	tell_status "configuring mike"
+}
+
+test_mike()
+{
+	tell_status "testing mike"
+}
+
+base_snapshot_exists || exit
+create_staged_fs mike
+start_staged_jail mike
+install_mike
+configure_mike
+start_mike
+test_mike
+promote_staged_jail mike
diff --git a/tnpi/ns1.cadillac.net.sh b/tnpi/ns1.cadillac.net.sh
@@ -0,0 +1,77 @@
+#!/bin/sh
+
+# shellcheck disable=1091
+. mail-toaster.sh || exit
+
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+
+mt6-include user
+
+install_knot()
+{
+	tell_status "installing Knot DNS 3"
+	stage_pkg_install knot3 rsync || exit
+
+	if [ ! -d "$STAGE_MNT/data/home" ]; then
+		mkdir -p "$STAGE_MNT/data/home" || exit
+	fi
+
+	install_nrpe
+	install_sentry
+}
+
+
+install_nrpe()
+{
+	if [ -z "$TOASTER_NRPE" ]; then
+		echo "TOASTER_NRPE unset, skipping nrpe plugin"
+		return
+	fi
+
+	tell_status "installing nrpe plugin"
+	stage_pkg_install nrpe3
+	stage_sysrc nrpe3_enable=YES
+	stage_sysrc nrpe3_configfile="/data/etc/nrpe.cfg"
+}
+
+configure_knot()
+{
+	stage_sysrc sshd_enable=YES
+	stage_sysrc knot_enable=YES
+	stage_sysrc knot_config=/data/etc/knot.conf
+
+	preserve_passdb ns1.cadillac.net
+	stage_exec pw user mod knot -d /data/home/knot -s /bin/sh
+	stage_exec pw user mod root -d /data/home/root -s /usr/local/bin/bash
+}
+
+start_knot()
+{
+	tell_status "starting knot daemon"
+	stage_exec service knot start || exit
+}
+
+test_knot()
+{
+	tell_status "testing knot"
+	stage_test_running knot
+
+	stage_listening 53 8
+	echo "it worked."
+
+	tell_status "testing UDP DNS query"
+	drill    ns1.cadillac.net @"$(get_jail_ip stage)" || exit
+
+	tell_status "testing TCP DNS query"
+	drill -t ns1.cadillac.net @"$(get_jail_ip stage)" || exit
+}
+
+base_snapshot_exists || exit
+create_staged_fs ns1.cadillac.net
+start_staged_jail ns1.cadillac.net
+install_knot
+configure_knot
+start_knot
+test_knot
+promote_staged_jail ns1.cadillac.net
diff --git a/tnpi/ns1.theartfarm.com.sh b/tnpi/ns1.theartfarm.com.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -e
+
+. mail-toaster.sh
+. include/djb.sh
+
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
+configure_tinydns()
+{
+	configure_svscan
+	configure_tinydns4
+	configure_tinydns_data
+	configure_tinydns6
+	stage_sysrc sshd_enable="YES"
+}
+
+configure_tinydns_data()
+{
+	_data_root="$ZFS_DATA_MNT/ns1.theartfarm.com/root"
+	if [ -d "$_data_root" ]; then
+		tell_status "tinydns data already configured"
+		return
+	fi
+
+	tell_status "configuring tinydns data"
+	mv "$STAGE_MNT/var/service/tinydns/root" "$_data_root"
+	tee -a "$_data_root/data" <<EO_EXAMPLE
+.example.com:1.2.3.4:a:259200
+=www.example.com:1.2.3.5:86400
+EO_EXAMPLE
+	stage_exec make -C /data/root
+	stage_exec chown -R tinydns /data/root
+}
+
+test_tinydns()
+{
+	tell_status "testing tinydns"
+	stage_test_running tinydns
+
+	stage_listening 53
+	echo "tinydns is running."
+
+	local _fqdn="ns1.theartfarm.com"
+
+	tell_status "testing UDP DNS query for $_fqdn"
+	drill    "$_fqdn" @"$(get_jail_ip stage)" || exit
+
+	tell_status "testing TCP DNS query for $_fqdn"
+	drill -t "$_fqdn" @"$(get_jail_ip stage)" || exit
+
+	tell_status "switching tinydns IP to deployment IP"
+	get_jail_ip tinydns | tee "$STAGE_MNT/var/service/tinydns/env/IP" "$STAGE_MNT/var/service/axfrdns/env/IP"
+	get_jail_ip6 tinydns | tee "$STAGE_MNT/var/service/tinydns-v6/env/IP" "$STAGE_MNT/var/service/axfrdns-v6/env/IP"
+
+	stage_exec service svscan stop || exit
+	for d in tinydns axfrdns tinydns-v6 axfrdns-v6
+	do
+		if [ -d "$ZFS_DATA_MNT/ns1.theartfarm.com/service/$d" ]; then
+			tell_status "preserving $d service definition"
+		else
+			tell_status "moving $d from staging to production"
+			mv "$STAGE_MNT/var/service/$d" "$ZFS_DATA_MNT/ns1.theartfarm.com/service/"
+		fi
+	done
+	stage_sysrc svscan_servicedir="/data/service"
+}
+
+base_snapshot_exists || exit
+create_staged_fs ns1.theartfarm.com
+start_staged_jail ns1.theartfarm.com
+install_daemontools
+install_ucspi_tcp
+install_djbdns
+configure_tinydns
+configure_axfrdns4
+configure_axfrdns6
+start_tinydns
+test_tinydns
+promote_staged_jail ns1.theartfarm.com
diff --git a/tnpi/ns2.cadillac.net.sh b/tnpi/ns2.cadillac.net.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+set -e
+
+. mail-toaster.sh
+. include/djb.sh
+
+export JAIL_START_EXTRA=""
+export JAIL_CONF_EXTRA=""
+export JAIL_FSTAB=""
+
+configure_tinydns()
+{
+	configure_svscan
+	configure_tinydns4
+	configure_tinydns_data
+	configure_tinydns6
+	stage_sysrc sshd_enable="YES"
+}
+
+configure_tinydns_data()
+{
+	_data_root="$ZFS_DATA_MNT/ns2.cadillac.net/root"
+	if [ -d "$_data_root" ]; then
+		tell_status "tinydns data already configured"
+		return
+	fi
+
+	tell_status "configuring tinydns data"
+	mv "$STAGE_MNT/var/service/tinydns/root" "$_data_root"
+	tee -a "$_data_root/data" <<EO_EXAMPLE
+.example.com:1.2.3.4:a:259200
+=www.example.com:1.2.3.5:86400
+EO_EXAMPLE
+	stage_exec make -C /data/root
+	stage_exec chown -R tinydns /data/root
+}
+
+test_tinydns()
+{
+	tell_status "testing tinydns"
+	stage_test_running tinydns
+
+	stage_listening 53
+	echo "tinydns is running."
+
+	local _fqdn="ns2.cadillac.net"
+
+	tell_status "testing UDP DNS query for $_fqdn"
+	drill    "$_fqdn" @"$(get_jail_ip stage)" || exit
+
+	tell_status "testing TCP DNS query for $_fqdn"
+	drill -t "$_fqdn" @"$(get_jail_ip stage)" || exit
+
+	tell_status "switching tinydns IP to deployment IP"
+	get_jail_ip tinydns | tee "$STAGE_MNT/var/service/tinydns/env/IP" "$STAGE_MNT/var/service/axfrdns/env/IP"
+	get_jail_ip6 tinydns | tee "$STAGE_MNT/var/service/tinydns-v6/env/IP" "$STAGE_MNT/var/service/axfrdns-v6/env/IP"
+
+	stage_exec service svscan stop || exit
+	for d in tinydns axfrdns tinydns-v6 axfrdns-v6
+	do
+		if [ -d "$ZFS_DATA_MNT/ns2.cadillac.net/service/$d" ]; then
+			tell_status "preserving $d service definition"
+		else
+			tell_status "moving $d from staging to production"
+			mv "$STAGE_MNT/var/service/$d" "$ZFS_DATA_MNT/ns2.cadillac.net/service/"
+		fi
+	done
+	stage_sysrc svscan_servicedir="/data/service"
+}
+
+base_snapshot_exists || exit
+create_staged_fs ns2.cadillac.net
+start_staged_jail ns2.cadillac.net
+install_daemontools
+install_ucspi_tcp
+install_djbdns
+configure_tinydns
+configure_axfrdns4
+configure_axfrdns6
+start_tinydns
+test_tinydns
+promote_staged_jail ns2.cadillac.net