Anki-Sync_Server/Bastillefile hinzugefügt
This commit is contained in:
135
Anki-Sync_Server/Bastillefile
Normal file
135
Anki-Sync_Server/Bastillefile
Normal file
@@ -0,0 +1,135 @@
|
||||
# Bastillefile: anki-sync-server
|
||||
#
|
||||
# Dieses Template setzt einen Anki Sync Server (Python, anki.syncserver) in einem Bastille-Jail auf.
|
||||
# - Installiert Build-Tools (für das Rust-Bridge-Modul), Python + pip
|
||||
# - Erstellt ein Virtualenv und installiert Anki via pip
|
||||
# - Legt ein rc.d-Script an, das den Syncserver per daemon(8) startet
|
||||
# - Startet den Dienst und lauscht standardmäßig auf Port 27701 (HTTP)
|
||||
#
|
||||
# WICHTIG:
|
||||
# - Falls Builds im Jail /dev/fd brauchen, sorge im Host-Jail-Setup für: "mount.fdescfs;"
|
||||
# - Für produktiven Betrieb die Zugangsdaten (SYNC_USER1, ggf. mehrere) anpassen!
|
||||
#
|
||||
# Verzeichnisse und Pfade:
|
||||
# Virtualenv: /opt/anki-sync/venv
|
||||
# Datenverzeichnis / Sync-Store: /var/db/anki-sync
|
||||
# Logfile: /var/log/anki-sync.log
|
||||
# rc.d-Script: /usr/local/etc/rc.d/anki_sync
|
||||
|
||||
# --- Basis / Pakete ---
|
||||
CMD pkg update -f
|
||||
CMD pkg upgrade -y
|
||||
CMD pkg install -y python311 py311-pip rust cmake gmake pkgconf ca_root_nss git nano
|
||||
|
||||
# --- Dienstnutzer anlegen (optional; root ginge auch) ---
|
||||
CMD pw user add anki -m -s /bin/sh || true
|
||||
|
||||
# --- Verzeichnisse ---
|
||||
CMD mkdir -p /opt/anki-sync/venv
|
||||
CMD mkdir -p /var/db/anki-sync
|
||||
CMD mkdir -p /usr/local/etc/rc.d
|
||||
CMD mkdir -p /var/log
|
||||
|
||||
# Rechte auf Daten/Log
|
||||
CMD chown -R anki:anki /var/db/anki-sync
|
||||
CMD touch /var/log/anki-sync.log
|
||||
CMD chown anki:anki /var/log/anki-sync.log
|
||||
|
||||
# --- Python Virtualenv + Anki installieren ---
|
||||
CMD /usr/local/bin/python3.11 -m venv /opt/anki-sync/venv
|
||||
CMD /opt/anki-sync/venv/bin/python -m pip install --upgrade pip wheel setuptools
|
||||
# Anki installieren (neueste Version; alternativ Version pinnen, z.B.: anki==2.1.65)
|
||||
CMD /opt/anki-sync/venv/bin/python -m pip install --no-cache-dir anki
|
||||
|
||||
# --- rc.d-Script schreiben ---
|
||||
CMD /bin/sh -c 'cat > /usr/local/etc/rc.d/anki_sync << "EOF"
|
||||
#!/bin/sh
|
||||
# PROVIDE: anki_sync
|
||||
# REQUIRE: LOGIN
|
||||
# KEYWORD: jail
|
||||
|
||||
. /etc/rc.subr
|
||||
|
||||
name="anki_sync"
|
||||
rcvar="${name}_enable"
|
||||
|
||||
load_rc_config $name
|
||||
|
||||
: ${anki_sync_enable:="NO"}
|
||||
: ${anki_sync_user:="anki"}
|
||||
: ${anki_sync_base:="/var/db/anki-sync"}
|
||||
: ${anki_sync_bin:="/opt/anki-sync/venv/bin/python"}
|
||||
: ${anki_sync_host:="0.0.0.0"}
|
||||
: ${anki_sync_port:="27701"}
|
||||
: ${anki_sync_log:="/var/log/anki-sync.log"}
|
||||
: ${anki_sync_pidfile:="/var/run/anki-sync.pid"}
|
||||
: ${anki_sync_env_users:=""}
|
||||
: ${anki_sync_module:="-m anki.syncserver"}
|
||||
|
||||
start_cmd="${name}_start"
|
||||
stop_cmd="${name}_stop"
|
||||
status_cmd="${name}_status"
|
||||
|
||||
build_env() {
|
||||
_env="SYNC_BASE=${anki_sync_base} SYNC_HOST=${anki_sync_host} SYNC_PORT=${anki_sync_port}"
|
||||
[ -n "${anki_sync_env_users}" ] && _env="${_env} ${anki_sync_env_users}"
|
||||
echo "${_env}"
|
||||
}
|
||||
|
||||
anki_sync_start()
|
||||
{
|
||||
# Mindestens ein User?
|
||||
case " ${anki_sync_env_users} " in
|
||||
*" SYNC_USER"*) ;;
|
||||
*) echo "ERROR: No users defined. Set anki_sync_env_users in /etc/rc.conf (e.g. SYNC_USER1=user:pass)"; return 1 ;;
|
||||
esac
|
||||
|
||||
install -d -m 0755 "${anki_sync_base}" || true
|
||||
touch "${anki_sync_log}" || true
|
||||
[ -d "/var/run" ] || install -d -m 0755 /var/run
|
||||
chown -f "${anki_sync_user}":"${anki_sync_user}" "${anki_sync_log}" "${anki_sync_base}" 2>/dev/null || true
|
||||
|
||||
/usr/sbin/daemon -f -r \
|
||||
-P "${anki_sync_pidfile}" \
|
||||
-o "${anki_sync_log}" \
|
||||
-u "${anki_sync_user}" \
|
||||
env $(build_env) "${anki_sync_bin}" ${anki_sync_module}
|
||||
}
|
||||
|
||||
anki_sync_stop()
|
||||
{
|
||||
if [ -f "${anki_sync_pidfile}" ]; then
|
||||
kill "$(cat "${anki_sync_pidfile}")" 2>/dev/null || true
|
||||
rm -f "${anki_sync_pidfile}"
|
||||
else
|
||||
pkill -f "${anki_sync_bin} ${anki_sync_module}" 2>/dev/null || true
|
||||
fi
|
||||
}
|
||||
|
||||
anki_sync_status()
|
||||
{
|
||||
if [ -f "${anki_sync_pidfile}" ] && kill -0 "$(cat "${anki_sync_pidfile}")" 2>/dev/null; then
|
||||
echo "${name} is running as pid $(cat "${anki_sync_pidfile}")"
|
||||
exit 0
|
||||
fi
|
||||
pgrep -lf "${anki_sync_bin} ${anki_sync_module}" && exit 0
|
||||
echo "${name} is not running"
|
||||
exit 1
|
||||
}
|
||||
|
||||
run_rc_command "$1"
|
||||
EOF'
|
||||
|
||||
CMD chmod +x /usr/local/etc/rc.d/anki_sync
|
||||
|
||||
# --- rc.conf: Dienst aktivieren + Standard-ENV (BITTE ändern!) ---
|
||||
SYSRC anki_sync_enable="YES"
|
||||
SYSRC anki_sync_user="anki"
|
||||
SYSRC anki_sync_base="/var/db/anki-sync"
|
||||
SYSRC anki_sync_host="0.0.0.0"
|
||||
SYSRC anki_sync_port="27701"
|
||||
# Test-User setzen (unbedingt ersetzen!)
|
||||
SYSRC anki_sync_env_users='SYNC_USER1=demo:demo'
|
||||
|
||||
# --- Dienst starten ---
|
||||
SERVICE anki_sync start
|
||||
Reference in New Issue
Block a user