talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add sftp jail.

Browse Source
This commit is contained in:
Tom Alexander
2024-06-30 23:02:23 -04:00
parent 0363a462a0
commit 566b7dfd0b
27 changed files with 220 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/jail/files/jails/admin_git.conf
View File

@@ -7,6 +7,7 @@ admin_git {
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";

1
ansible/roles/jail/files/jails/cloak.conf
View File

@@ -11,6 +11,7 @@ cloak {
devfs_ruleset = 13;
mount.devfs; # To expose tun device
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";

2
ansible/roles/jail/files/jails/dagger.conf
View File

@@ -6,6 +6,8 @@ dagger {
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";

2
ansible/roles/jail/files/jails/mumble.conf
View File

@@ -3,6 +3,8 @@ cloak {
vnet;
vnet.interface += "host_link3";
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";

3
ansible/roles/jail/files/jails/nat_dhcp.conf
View File

@@ -7,8 +7,9 @@ nat_dhcp {
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.start += "/bin/sh -c 'mkdir /var/run/kea && exec /bin/sh /etc/rc'";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";
}

2
ansible/roles/jail/files/jails/olddagger.conf
View File

@@ -6,6 +6,8 @@ olddagger {
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_${name}_console.log";

1
ansible/roles/jail/files/jails/public_dns.conf
View File

@@ -7,6 +7,7 @@ public_dns {
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";

1
ansible/roles/jail/files/jails/sample.conf
View File

@@ -7,6 +7,7 @@ sample {
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";

1
ansible/roles/jail/files/jails/sftp.conf
View File

@@ -7,6 +7,7 @@ sftp {
devfs_ruleset = 14;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";

10
ansible/roles/jail/files/sftp_fstab Normal file
View File

@@ -0,0 +1,10 @@
tmpfs /jail/sftp/tmp tmpfs rw,mode=777 0 0
tmpfs /jail/sftp/var/run tmpfs rw,mode=755 0 0
/data /jail/sftp/chroot/readonly/library nullfs ro,noexec 0 0
/jail/dagger/incomplete /jail/sftp/chroot/readonly/incomplete nullfs ro,noexec 0 0
/jail/dagger/downloads /jail/sftp/chroot/readonly/downloads nullfs ro,noexec 0 0
/data /jail/sftp/chroot/readwrite/library nullfs rw,noexec 0 0
/jail/dagger/incomplete /jail/sftp/chroot/readwrite/incomplete nullfs rw,noexec 0 0
/jail/dagger/downloads /jail/sftp/chroot/readwrite/downloads nullfs rw,noexec 0 0