Mirrors/BastilleBSD_bastille
1
0
Fork 1
mirror of https://github.com/BastilleBSD/bastille.git synced 2025-12-10 17:09:48 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
1b052719124521422220576080b4cec431f379ab
BastilleBSD_bastille/usr/local/bin/bbsd-create
Christer Edwards 1b05271912 Initial toolkit POC
2018-04-06 13:40:48 -06:00

75 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh -x
#
# create a new jail
if [ $# -lt 3 ] || [ $# -gt 3 ]; then
echo "Required: name repo release."
exit 1
fi
NAME="$1"
TEMPLATE="$2"
RELEASE="$3"
PREFIX=/usr/local
BASTILLE=${PREFIX}/bastille
JAIL_BASE=${BASTILLE}/jails/${NAME}
JAIL_ROOT=${JAIL_BASE}/root
JAIL_CONF=${JAIL_BASE}/jail.conf
PKGS_CONF=${JAIL_BASE}/pkgs.conf
JAIL_JID=${JAIL_BASE}/${jail}.jid
JAIL_FSTAB="${BASTILLE}/fstab/${NAME}.fstab"
BASEJAIL="${BASTILLE}/releases/${RELEASE}"
## create zfs volume
if [ ! -d ${JAIL_ROOT} ]; then
echo "Creating Jail Base..."
zfs create -o mountpoint=${JAIL_BASE}\
-o compression=lz4\
-o atime=off zroot"${JAIL_BASE}"\
&& echo "Created ZFS volume for jail...[OK]." || echo "Failure: ZFS volume creation."
fi
## clone template into volume
if [ $(find "${JAIL_BASE}" -empty) ]; then
echo "Cloning template..."
git clone "${TEMPLATE}" "${JAIL_BASE}" || echo "Template cloning failed; exiting"
echo "Cloning release contents..."
/bin/cp -an "${BASEJAIL}/etc" "${JAIL_ROOT}"
/bin/cp -an "${BASEJAIL}/root" "${JAIL_ROOT}"
fi
## create fstab; IMPORTANT that this goes before pkgs (below)
if [ ! -f ${JAIL_FSTAB} ]; then
/bin/cat << EOF > ${JAIL_FSTAB}
${BASEJAIL}/bin ${JAIL_ROOT}/bin nullfs ro 0 0
${BASEJAIL}/boot ${JAIL_ROOT}/boot nullfs ro 0 0
${BASEJAIL}/lib ${JAIL_ROOT}/lib nullfs ro 0 0
${BASEJAIL}/libexec ${JAIL_ROOT}/libexec nullfs ro 0 0
${BASEJAIL}/rescue ${JAIL_ROOT}/rescue nullfs ro 0 0
${BASEJAIL}/sbin ${JAIL_ROOT}/sbin nullfs ro 0 0
${BASEJAIL}/usr/bin ${JAIL_ROOT}/usr/bin nullfs ro 0 0
${BASEJAIL}/usr/include ${JAIL_ROOT}/usr/include nullfs ro 0 0
${BASEJAIL}/usr/lib ${JAIL_ROOT}/usr/lib nullfs ro 0 0
${BASEJAIL}/usr/libexec ${JAIL_ROOT}/usr/libexec nullfs ro 0 0
${BASEJAIL}/usr/sbin ${JAIL_ROOT}/usr/sbin nullfs ro 0 0
${BASEJAIL}/usr/share ${JAIL_ROOT}/usr/share nullfs ro 0 0
${BASEJAIL}/usr/libdata ${JAIL_ROOT}/usr/libdata nullfs ro 0 0
EOF
echo "Writing jail fstab (basejail)...[OK]"
fi
## install pkgs
if [ -s ${PKGS_CONF} ]; then
echo "Starting jail; installing pkgs..."
jail -c -f "${JAIL_CONF}" -J "${JAIL_JID}" ${NAME}
pfctl -f /etc/pf.conf
pkg -j ${NAME} install -y $(cat ${PKGS_CONF})
jail -r -f "${JAIL_CONF}" ${NAME}
echo "Stopping jail; installation complete."
elif [ ! -s ${PKGS_CONF} ]; then
echo "pkgs.conf appears empty; not installing anything."
echo "complete"
fi
Reference in New Issue View Git Blame Copy Permalink