# Bastillefile: anki-sync-server # # Dieses Template setzt einen Anki Sync Server (Python, anki.syncserver) in einem Bastille-Jail auf. # - Installiert Build-Tools (für das Rust-Bridge-Modul), Python + pip # - Erstellt ein Virtualenv und installiert Anki via pip # - Legt ein rc.d-Script an, das den Syncserver per daemon(8) startet # - Startet den Dienst und lauscht standardmäßig auf Port 27701 (HTTP) # # WICHTIG: # - Falls Builds im Jail /dev/fd brauchen, sorge im Host-Jail-Setup für: "mount.fdescfs;" # - Für produktiven Betrieb die Zugangsdaten (SYNC_USER1, ggf. mehrere) anpassen! # # Verzeichnisse und Pfade: # Virtualenv: /opt/anki-sync/venv # Datenverzeichnis / Sync-Store: /var/db/anki-sync # Logfile: /var/log/anki-sync.log # rc.d-Script: /usr/local/etc/rc.d/anki_sync # --- Basis / Pakete --- CMD pkg update -f CMD pkg upgrade -y CMD pkg install -y python311 py311-pip rust cmake gmake pkgconf ca_root_nss git nano # --- Dienstnutzer anlegen (optional; root ginge auch) --- CMD pw user add anki -m -s /bin/sh || true # --- Verzeichnisse --- CMD mkdir -p /opt/anki-sync/venv CMD mkdir -p /var/db/anki-sync CMD mkdir -p /usr/local/etc/rc.d CMD mkdir -p /var/log # Rechte auf Daten/Log CMD chown -R anki:anki /var/db/anki-sync CMD touch /var/log/anki-sync.log CMD chown anki:anki /var/log/anki-sync.log # --- Python Virtualenv + Anki installieren --- CMD /usr/local/bin/python3.11 -m venv /opt/anki-sync/venv CMD /opt/anki-sync/venv/bin/python -m pip install --upgrade pip wheel setuptools # Anki installieren (neueste Version; alternativ Version pinnen, z.B.: anki==2.1.65) CMD /opt/anki-sync/venv/bin/python -m pip install --no-cache-dir anki # --- rc.d-Script schreiben --- CMD /bin/sh -c 'cat > /usr/local/etc/rc.d/anki_sync << "EOF" #!/bin/sh # PROVIDE: anki_sync # REQUIRE: LOGIN # KEYWORD: jail . /etc/rc.subr name="anki_sync" rcvar="${name}_enable" load_rc_config $name : ${anki_sync_enable:="NO"} : ${anki_sync_user:="anki"} : ${anki_sync_base:="/var/db/anki-sync"} : ${anki_sync_bin:="/opt/anki-sync/venv/bin/python"} : ${anki_sync_host:="0.0.0.0"} : ${anki_sync_port:="27701"} : ${anki_sync_log:="/var/log/anki-sync.log"} : ${anki_sync_pidfile:="/var/run/anki-sync.pid"} : ${anki_sync_env_users:=""} : ${anki_sync_module:="-m anki.syncserver"} start_cmd="${name}_start" stop_cmd="${name}_stop" status_cmd="${name}_status" build_env() { _env="SYNC_BASE=${anki_sync_base} SYNC_HOST=${anki_sync_host} SYNC_PORT=${anki_sync_port}" [ -n "${anki_sync_env_users}" ] && _env="${_env} ${anki_sync_env_users}" echo "${_env}" } anki_sync_start() { # Mindestens ein User? case " ${anki_sync_env_users} " in *" SYNC_USER"*) ;; *) echo "ERROR: No users defined. Set anki_sync_env_users in /etc/rc.conf (e.g. SYNC_USER1=user:pass)"; return 1 ;; esac install -d -m 0755 "${anki_sync_base}" || true touch "${anki_sync_log}" || true [ -d "/var/run" ] || install -d -m 0755 /var/run chown -f "${anki_sync_user}":"${anki_sync_user}" "${anki_sync_log}" "${anki_sync_base}" 2>/dev/null || true /usr/sbin/daemon -f -r \ -P "${anki_sync_pidfile}" \ -o "${anki_sync_log}" \ -u "${anki_sync_user}" \ env $(build_env) "${anki_sync_bin}" ${anki_sync_module} } anki_sync_stop() { if [ -f "${anki_sync_pidfile}" ]; then kill "$(cat "${anki_sync_pidfile}")" 2>/dev/null || true rm -f "${anki_sync_pidfile}" else pkill -f "${anki_sync_bin} ${anki_sync_module}" 2>/dev/null || true fi } anki_sync_status() { if [ -f "${anki_sync_pidfile}" ] && kill -0 "$(cat "${anki_sync_pidfile}")" 2>/dev/null; then echo "${name} is running as pid $(cat "${anki_sync_pidfile}")" exit 0 fi pgrep -lf "${anki_sync_bin} ${anki_sync_module}" && exit 0 echo "${name} is not running" exit 1 } run_rc_command "$1" EOF' CMD chmod +x /usr/local/etc/rc.d/anki_sync # --- rc.conf: Dienst aktivieren + Standard-ENV (BITTE ändern!) --- SYSRC anki_sync_enable="YES" SYSRC anki_sync_user="anki" SYSRC anki_sync_base="/var/db/anki-sync" SYSRC anki_sync_host="0.0.0.0" SYSRC anki_sync_port="27701" # Test-User setzen (unbedingt ersetzen!) SYSRC anki_sync_env_users='SYNC_USER1=demo:demo' # --- Dienst starten --- SERVICE anki_sync start