Add sftp jail.

2024-06-29 23:32:36 -04:00 · 2024-06-29 23:32:36 -04:00 · 9dc43479aa
commit 9dc43479aa
parent 62e70554be
3 changed files with 33 additions and 0 deletions
--- a/ansible/environments/home/host_vars/homeserver
+++ b/ansible/environments/home/host_vars/homeserver
@ -51,6 +51,9 @@ jail_list:
  - name: dagger
    conf:
      src: dagger
+  - name: sftp
+    conf:
+      src: sftp
  - name: mumble
    conf:
      src: mumble
--- a/ansible/roles/jail/files/jails/sftp.conf
+++ b/ansible/roles/jail/files/jails/sftp.conf
@ -0,0 +1,14 @@
+sftp {
+    path = "/jail/${name}";
+    vnet;
+    exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
+    exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";
+    vnet.interface += "jail${name}";
+
+    devfs_ruleset = 14;
+    mount.devfs;
+
+    exec.start += "/bin/sh /etc/rc";
+    exec.stop = "/bin/sh /etc/rc.shutdown jail";
+    exec.consolelog = "/var/log/jail_${name}_console.log";
+}
--- a/ansible/roles/jail/templates/new_jail.bash.j2
+++ b/ansible/roles/jail/templates/new_jail.bash.j2
@ -31,10 +31,26 @@ function by_bin {
    for component in base ports; do fetch $SOURCEURL/$component.txz -o - | tar -xf - -C "$DESTDIR" ; done
 }

+function by_pkg {
+    local config
+    config=$(cat <<EOF
+base: {
+    url: "https://pkg.freebsd.org/FreeBSD:14:amd64/base_latest",
+    mirror_type: "none",
+    enabled: yes,
+    priority: 100
+}
+EOF
+             )
+    IGNORE_OSVERSION=yes pkg --rootdir "$DESTDIR" --config <(cat <<<"$config") install --repository base --yes --glob 'FreeBSD-*'
+}
+
 if [ "$1" = "src" ]; then
    by_src
 elif [ "$1" = "bin" ]; then
    by_bin
+elif [ "$1" = "pkg" ]; then
+    by_pkg
 else
    die "First argument must be either 'src' or 'bin', got $1"
 fi