From 9dc43479aa23c159724c49f185959d3d7cf1b695 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 29 Jun 2024 23:32:36 -0400 Subject: [PATCH] Add sftp jail. --- ansible/environments/home/host_vars/homeserver | 3 +++ ansible/roles/jail/files/jails/sftp.conf | 14 ++++++++++++++ ansible/roles/jail/templates/new_jail.bash.j2 | 16 ++++++++++++++++ 3 files changed, 33 insertions(+) create mode 100644 ansible/roles/jail/files/jails/sftp.conf diff --git a/ansible/environments/home/host_vars/homeserver b/ansible/environments/home/host_vars/homeserver index b0892d2..c0ea316 100644 --- a/ansible/environments/home/host_vars/homeserver +++ b/ansible/environments/home/host_vars/homeserver @@ -51,6 +51,9 @@ jail_list: - name: dagger conf: src: dagger + - name: sftp + conf: + src: sftp - name: mumble conf: src: mumble diff --git a/ansible/roles/jail/files/jails/sftp.conf b/ansible/roles/jail/files/jails/sftp.conf new file mode 100644 index 0000000..af76611 --- /dev/null +++ b/ansible/roles/jail/files/jails/sftp.conf @@ -0,0 +1,14 @@ +sftp { + path = "/jail/${name}"; + vnet; + exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24"; + exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}"; + vnet.interface += "jail${name}"; + + devfs_ruleset = 14; + mount.devfs; + + exec.start += "/bin/sh /etc/rc"; + exec.stop = "/bin/sh /etc/rc.shutdown jail"; + exec.consolelog = "/var/log/jail_${name}_console.log"; +} diff --git a/ansible/roles/jail/templates/new_jail.bash.j2 b/ansible/roles/jail/templates/new_jail.bash.j2 index af075e2..4db1709 100644 --- a/ansible/roles/jail/templates/new_jail.bash.j2 +++ b/ansible/roles/jail/templates/new_jail.bash.j2 @@ -31,10 +31,26 @@ function by_bin { for component in base ports; do fetch $SOURCEURL/$component.txz -o - | tar -xf - -C "$DESTDIR" ; done } +function by_pkg { + local config + config=$(cat <