postfix: fix stage path

- provision/*: replace many '|| exit' with 'set -e'
- *: git-lite -> git-tiny
- base: configure dma if available, skip ssmtp
- base: added assure_jail_nic, add devfs to fstab
- base: add TOASTER_BASE_PKGS, so a config options installs packages in the base jail
- dcc: add PF rdr and allow rules
- dns: create dns/control
- dovecot & mongo: add sysvipc to START_EXTRA
- editor: move vim config into include/editor
- editor: added TOASTER_EDITOR setting
- elastic: add post_configure()
- elastic: config stage to work
- elastic: check for dir before create
- elastic: install beats *after* testing ES & kibana
- elastic: kibana registration hoop jumping
- es: set correct kibana rc name
- haproxy: add pf allow rules
- host: direct error handling in plumb_nic
- host: quieter hosts
- mongo: set local db and config *after* testing
- mongo: check for CPU with AVX support
- mta stuff into include/mta (sendmail, dma, ssmtp)
  - added TOASTER_BASE_MTA setting
  - host: use include/mta
- mt: remove lesser known / deprecated opts
- mt: use safe name for jails .conf file
- mt: more error handling
- mt: inline pfrule.sh
- mt: added jail_is_running
- mt: overwrite pfrule.sh (not append)
- nagios: allow raw sockets
- postfix: use port installed newaliases cmd
- rsnapshot: move * outside of quotes so glob works
- shell: in profile, add ll and jexecl
- tinydns: refactor djb installers into include/djb
- unifi: install v8
- unifi: v8 wants openjdk17
- vpopmail: switch back to port build
- vpopmail: install gmake port sooner
- vpopmail: get random pass w/o special shell chars

include/djb.sh

@@ -0,0 +1,174 @@
+#!/bin/sh
+
+set -e
+
+install_daemontools()
+{
+	tell_status "installing daemontools"
+	stage_pkg_install rsync daemontools
+}
+
+install_ucspi_tcp()
+{
+        tell_status "installing ucspi-tcp with IPv6"
+	stage_make_conf sysutils_ucspi-tcp_SET 'sysutils_ucspi-tcp_SET=IPV6'
+	stage_make_conf sysutils_ucspi-tcp_UNSET 'sysutils_ucspi-tcp_UNSET=LIMITS RBL2SMTPD RSS_DIFF SSL'
+	stage_port_install sysutils/ucspi-tcp
+}
+
+install_djbdns()
+{
+	if [ ! -d "$STAGE_MNT/data/home" ]; then
+		mkdir "$STAGE_MNT/data/home"
+	fi
+
+	stage_pkg_install rsync
+
+	stage_exec pw useradd tinydns -d /data/home/tinydns -m
+
+	install_djbdns_source
+}
+
+install_djbdns_port()
+{
+	tell_status "installing djbdns port with IPv6"
+	stage_make_conf dns_djbdns_SET 'dns_djbdns_SET=IP6'
+	stage_port_install dns/djbdns
+}
+
+install_djbdns_source()
+{
+	tell_status "installing djbdns + IPv6 from source"
+
+	store_config "$STAGE_MNT/usr/src/djb.sh" "overwrite" <<EO_DJBDNS_INSTALLER
+#!/bin/sh
+
+set -e
+
+cd /usr/src
+if [ -d djbdns-1.05 ]; then rm -r djbdns-1.05; fi
+fetch -m http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
+fetch -m http://www.fefe.de/dns/djbdns-1.05-test32.diff.xz
+tar -xzf djbdns-1.05.tar.gz
+cd djbdns-1.05
+xzcat ../djbdns-1.05-test32.diff.xz | patch
+echo "cc" > conf-cc
+echo 'cc -s' > conf-ld
+sed -i .bak -e 's/"\/"/auto_home/; s/02755/0755/g' hier.c
+fetch -q -o - https://www.internic.net/domain/named.root \
+    | grep ' A ' \
+    | awk '{ print $4 }' \
+    > dnsroots.global
+make setup check
+EO_DJBDNS_INSTALLER
+	stage_exec sh /usr/src/djb.sh
+}
+
+configure_svscan()
+{
+	if [ ! -d "$STAGE_MNT/var/service" ]; then
+		tell_status "creating default service dir"
+		mkdir -p "$STAGE_MNT/var/service"
+	fi
+
+	if [ ! -d "$STAGE_MNT/data/service" ]; then
+		tell_status "creating local service dir"
+		mkdir -p "$STAGE_MNT/data/service"
+	fi
+
+	stage_sysrc svscan_enable="YES"
+}
+
+configure_tinydns4()
+{
+	tell_status "creating tinydns server"
+	stage_exec tinydns-conf tinydns bin /var/service/tinydns "$(get_jail_ip stage)"
+	store_config "$STAGE_MNT/var/service/tinydns/run" "overwrite" <<EO_TINYDNS_RUN
+#!/bin/sh
+
+# logging enabled
+#exec 2>&1
+
+# logging disabled
+exec 1>/dev/null 2>&1
+
+exec envuidgid tinydns envdir ./env softlimit -d300000 /usr/local/bin/tinydns
+EO_TINYDNS_RUN
+
+	echo "/data/root" > "$STAGE_MNT/var/service/tinydns/env/ROOT"
+}
+
+configure_tinydns6()
+{
+	tell_status "creating tinydns IPv6 server"
+	stage_exec tinydns-conf tinydns bin /var/service/tinydns-v6 "$(get_jail_ip6 stage)"
+	store_config "$STAGE_MNT/var/service/tinydns-v6/run" "overwrite" <<EO_TINYDNS_RUN
+#!/bin/sh
+
+# logging enabled
+#exec 2>&1
+
+# logging disabled
+exec 1>/dev/null 2>&1
+
+exec envuidgid tinydns envdir ./env softlimit -d300000 /usr/local/bin/tinydns
+EO_TINYDNS_RUN
+
+	echo "/data/root" > "$STAGE_MNT/var/service/tinydns-v6/env/ROOT"
+}
+
+configure_axfrdns4()
+{
+	tell_status "creating axfrdns server"
+	stage_exec axfrdns-conf tinydns bin /var/service/axfrdns /data "$(get_jail_ip stage)"
+	store_config "$STAGE_MNT/var/service/axfrdns/run" "overwrite" <<'EO_AXFRDNS_RUN'
+#!/bin/sh
+
+# logging enabled
+#exec 2>&1
+
+# logging disabled
+exec 1>/dev/null 2>&1
+
+exec envdir ./env sh -c '
+        exec envuidgid tinydns softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- "$IP" 53 /usr/local/bin/axfrdns
+'
+EO_AXFRDNS_RUN
+
+	store_config "$STAGE_MNT/var/service/axfrdns/tcp" "overwrite" <<EOTCP
+:allow,AXFR=""
+:deny
+EOTCP
+	stage_exec make -C /var/service/axfrdns
+}
+
+configure_axfrdns6()
+{
+	tell_status "creating axfrdns IPv6 server"
+	stage_exec axfrdns-conf tinydns bin /var/service/axfrdns-v6 /data "$(get_jail_ip6 stage)"
+	store_config "$STAGE_MNT/var/service/axfrdns-v6/run" "overwrite" <<'EO_AXFRDNS_RUN'
+#!/bin/sh
+
+# logging enabled
+#exec 2>&1
+
+# logging disabled
+exec 1>/dev/null 2>&1
+
+exec envdir ./env sh -c '
+        exec envuidgid tinydns softlimit -d300000 tcpserver -vDRHl0 -x tcp.cdb -- "$IP" 53 /usr/local/bin/axfrdns
+'
+EO_AXFRDNS_RUN
+
+	store_config "$STAGE_MNT/var/service/axfrdns-v6/tcp" "overwrite" <<EOTCP6
+:allow,AXFR=""
+:deny
+EOTCP6
+	stage_exec make -C /var/service/axfrdns-v6
+}
+
+start_tinydns()
+{
+	tell_status "starting dns daemons"
+	stage_exec service svscan start
+}

include/editor.sh

@@ -0,0 +1,88 @@
+#!/bin/sh
+
+configure_vim_tiny()
+{
+	if jail_is_running stage; then
+		stage_pkg_install vim-tiny
+	else
+		pkg install vim-tiny
+	fi
+
+	install_vimrc
+
+	# vim-tiny has no syntax or color files, so disable some stuff
+	sed -i '' \
+		-e 's/^syntax on/" syntax on/' \
+		-e 's/^colorscheme/" colorscheme/' \
+		-e 's/^set number/" set number/' \
+		-e 's/^set cursorline/" set cursorline/' \
+		-e 's/^set relativenumber/" set relativenumber/' \
+		"$_base/vimrc"
+}
+
+configure_vim()
+{
+	if jail_is_running stage; then
+		stage_pkg_install vim
+	else
+		pkg install vim
+	fi
+
+	install_vimrc
+
+	sed -i '' \
+		-e 's/set termguicolors/" set termguicolors/' \
+		-e 's/^set number/" set number/' \
+		-e 's/^set cursorline/" set cursorline/' \
+		-e 's/^set relativenumber/" set relativenumber/' \
+		"$_base/vimrc"
+
+	if fetch -m -o /usr/local/share/vim/vim91/colors/gruvbox.vim https://raw.githubusercontent.com/morhetz/gruvbox/master/colors/gruvbox.vim;
+	then
+		sed -i '' \
+			-e 's/^colorscheme.*/colorscheme gruvbox/' \
+			"$_base/vimrc"
+	fi
+}
+
+install_vimrc()
+{
+	tell_status "installing vimrc"
+
+	local _vimdir="$_base/usr/local/etc/vim"
+	if [ ! -d "$_vimdir" ]; then
+		mkdir -p "$_vimdir" || exit
+	fi
+
+	fetch -m -o "$_vimdir/vimrc" https://raw.githubusercontent.com/nandalopes/vim-for-server/main/vimrc
+}
+
+configure_neovim()
+{
+	if jail_is_running stage; then
+		stage_pkg_install neovim
+	else
+		pkg install neovim
+	fi
+
+	# todo
+}
+
+configure_editor()
+{
+	local _base=${1:-""}
+
+	case "$TOASTER_EDITOR" in
+		neovim)
+			configure_neovim
+			;;
+		vim-tiny)
+			configure_vim_tiny
+			;;
+		vim)
+			configure_vim
+			;;
+		vi) ;;
+		*)  ;;
+	esac
+}

include/mta.sh

@@ -0,0 +1,107 @@
+#!/bin/sh
+
+configure_mta()
+{
+	local _base=${1:-""}
+	local _mta=${2:-"$TOASTER_BASE_MTA"}
+
+	if [ "$_mta" = "dma" ] && [ -x "$_base/usr/libexec/dma" ]; then
+		disable_sendmail
+		enable_dma
+	elif [ "$_mta" = "sendmail" ]; then
+		enable_sendmail
+	elif [ -x "$_base/usr/libexec/dma" ]; then
+		disable_sendmail
+		enable_dma
+	else
+		disable_sendmail
+		install_ssmtp
+	fi
+}
+
+enable_sendmail()
+{
+	sysrc -f "$_base/etc/rc.conf" sendmail_enable=YES sendmail_outbound_enable=YES
+
+	if jail_is_running stage; then
+		stage_exec service sendmail start
+	else
+		service sendmail start
+	fi
+
+	set_root_alias
+
+	cp "$_base/usr/share/examples/sendmail/mailer.conf" "$_base/etc/mail/mailer.conf"
+}
+
+disable_sendmail()
+{
+	if jail_is_running stage; then
+		if pgrep -j stage sendmail; then stage_exec service sendmail onestop; fi
+	else
+		if pgrep -j none sendmail; then service sendmail onestop; fi
+	fi
+
+	sysrc -f "$_base/etc/rc.conf" sendmail_enable=NONE sendmail_outbound_enable=NONE
+}
+
+set_root_alias()
+{
+	local _aliases="$_base/etc/mail/aliases"
+
+	if grep -q my.domain "$_aliases"; then
+		tell_status "setting root email in $_aliases to $TOASTER_ADMIN_EMAIL"
+
+		sed -i '' \
+			-e "/^# root:/ s/^# //" \
+			-e "/^root/ s/me@my.domain/$TOASTER_ADMIN_EMAIL/" \
+			"$_aliases"
+	fi
+}
+
+enable_dma()
+{
+	tell_status "setting up dma"
+	cp "$_base/usr/share/examples/dma/mailer.conf" "$_base/etc/mail/mailer.conf"
+
+	echo "dma.conf: $_base/etc/dma/dma.conf"
+	sed -i '' \
+		-e "s/^#SMARTHOST/SMARTHOST $TOASTER_MSA/" \
+		"$_base/etc/dma/dma.conf"
+
+	set_root_alias
+}
+
+install_ssmtp()
+{
+	tell_status "installing ssmtp"
+
+	if jail_is_running stage; then
+		stage_pkg_install ssmtp
+	else
+		pkg install ssmtp
+	fi
+
+	tell_status "configuring ssmtp"
+	if [ ! -f "$_base/usr/local/etc/ssmtp/revaliases" ]; then
+		cp "$_base/usr/local/etc/ssmtp/revaliases.sample" \
+		   "$_base/usr/local/etc/ssmtp/revaliases"
+	fi
+
+	sed -e "/^root=/ s/postmaster/$TOASTER_ADMIN_EMAIL/" \
+		-e "/^mailhub=/ s/=mail/=$TOASTER_MSA/" \
+		-e "/^rewriteDomain=/ s/=\$/=$TOASTER_MAIL_DOMAIN/" \
+		-e '/^#FromLineOverride=YES/ s/#//' \
+		"$_base/usr/local/etc/ssmtp/ssmtp.conf.sample" \
+		> "$_base/usr/local/etc/ssmtp/ssmtp.conf" || exit
+
+	tee "$_base/etc/mail/mailer.conf" <<EO_MAILER_CONF
+sendmail	/usr/local/sbin/ssmtp
+send-mail	/usr/local/sbin/ssmtp
+mailq		/usr/local/sbin/ssmtp
+newaliases	/usr/local/sbin/ssmtp
+hoststat	/usr/bin/true
+purgestat	/usr/bin/true
+EO_MAILER_CONF
+
+}

include/shell.sh

@@ -41,6 +41,7 @@ export HISTIGNORE="&:[bf]g:exit"
 shopt -s histappend
 shopt -s cdspell
 alias h="history 200"
+alias ll="ls -alFG"
 EO_BASH_PROFILE
 
 	if ! grep -qs profile "$1"; then
@@ -66,6 +67,13 @@ case $(id -u) in
     0) PS1="${PS1}# ";;
     *) PS1="${PS1}$ ";;
 esac
+
+jexecl() {
+  if   [ -z "$1" ]; then /usr/sbin/jexec;
+  elif [ -n "$2" ]; then /usr/sbin/jexec ${@:1};
+  else /usr/sbin/jexec $1 login -f -h $(hostname) root;
+  fi
+}
 EO_BOURNE_SHELL
 	fi