#!/bin/sh # # create a new jail if [ $# -lt 3 ] || [ $# -gt 3 ]; then echo "Required: name repo release." exit 1 fi NAME="$1" TEMPLATE="$2" RELEASE="$3" PREFIX=/usr/local BASTILLE=${PREFIX}/bastille JAIL_BASE=${BASTILLE}/jails/${NAME} JAIL_ROOT=${JAIL_BASE}/root JAIL_CONF=${JAIL_BASE}/jail.conf PKGS_CONF=${JAIL_BASE}/pkgs.conf JAIL_JID=${JAIL_BASE}/${jail}.jid JAIL_FSTAB="${BASTILLE}/fstab/${NAME}.fstab" BASEJAIL="${BASTILLE}/releases/${RELEASE}" ## create zfs volume if [ ! -d ${JAIL_ROOT} ]; then echo "Creating Jail Base..." zfs create -o mountpoint=${JAIL_BASE}\ -o compression=lz4\ -o atime=off zroot"${JAIL_BASE}"\ && echo "Created ZFS volume for jail...[OK]." || echo "Failure: ZFS volume creation." fi ## clone template into volume if [ $(find "${JAIL_BASE}" -empty) ]; then echo "Cloning template..." git clone "${TEMPLATE}" "${JAIL_BASE}" || echo "Template cloning failed; exiting" echo "Cloning release contents..." /bin/cp -an "${BASEJAIL}/etc" "${JAIL_ROOT}" /bin/cp -an "${BASEJAIL}/root" "${JAIL_ROOT}" fi ## create fstab; IMPORTANT that this goes before pkgs (below) if [ ! -f ${JAIL_FSTAB} ]; then /bin/cat << EOF > ${JAIL_FSTAB} ${BASEJAIL}/bin ${JAIL_ROOT}/bin nullfs ro 0 0 ${BASEJAIL}/boot ${JAIL_ROOT}/boot nullfs ro 0 0 ${BASEJAIL}/lib ${JAIL_ROOT}/lib nullfs ro 0 0 ${BASEJAIL}/libexec ${JAIL_ROOT}/libexec nullfs ro 0 0 ${BASEJAIL}/rescue ${JAIL_ROOT}/rescue nullfs ro 0 0 ${BASEJAIL}/sbin ${JAIL_ROOT}/sbin nullfs ro 0 0 ${BASEJAIL}/usr/bin ${JAIL_ROOT}/usr/bin nullfs ro 0 0 ${BASEJAIL}/usr/include ${JAIL_ROOT}/usr/include nullfs ro 0 0 ${BASEJAIL}/usr/lib ${JAIL_ROOT}/usr/lib nullfs ro 0 0 ${BASEJAIL}/usr/libexec ${JAIL_ROOT}/usr/libexec nullfs ro 0 0 ${BASEJAIL}/usr/sbin ${JAIL_ROOT}/usr/sbin nullfs ro 0 0 ${BASEJAIL}/usr/share ${JAIL_ROOT}/usr/share nullfs ro 0 0 ${BASEJAIL}/usr/libdata ${JAIL_ROOT}/usr/libdata nullfs ro 0 0 EOF echo "Writing jail fstab (basejail)...[OK]" fi ## install pkgs if [ -s ${PKGS_CONF} ]; then echo "Starting jail; installing pkgs..." jail -c -f "${JAIL_CONF}" -J "${JAIL_JID}" ${NAME} pfctl -f /etc/pf.conf pkg -j ${NAME} install -y $(cat ${PKGS_CONF}) jail -r -f "${JAIL_CONF}" ${NAME} echo "Stopping jail; installation complete." elif [ ! -s ${PKGS_CONF} ]; then echo "pkgs.conf appears empty; not installing anything." echo "complete" fi