Overview
This is a development flavour containing the nginx webserver, along with acme.sh, openssl, rsync and ssh.
It has been put together specifically for use in custom images and you MUST copy in files and set the parameter to 1 to enable:
- sshd_config
- authorized_keys
- nginx.conf
- rsyncd.conf
- setup.sh
- postsetup.sh
You can adjust this flavour and rebuild your own pot image if you have other requirements.
Installation
- Create a ZFS data set on the parent system beforehand, for example:
zfs create -o mountpoint=/mnt/<name> zroot/jaildata_<name> - Create your local jail from the image or the flavour files.
- Clone the local jail
- Mount in the ZFS data set you created:
pot mount-in -p <jailname> -d <src> -m <dest> - Optionally copy in SSH authorized_keys file:
pot copy-in -p <jailname> -s /path/to/authorized_keys -d /root/authorized_keys_in - Optionally copy in SSH private key file file:
pot copy-in -p <jailname> -s /path/to/id_rsa -d /root/.ssh/id_rsa - Optionally copy in SSH public key file:
pot copy-in -p <jailname> -s /path/to/id_rsa.pub -d /root/.ssh/id_rsa.pub - Optionally copy in SSH sshd_config file:
pot copy-in -p <jailname> -s /path/to/sshd_config -d /root/sshd_config_in - Optionally copy in nginx.conf file:
pot copy-in -p <jailname> -s /path/to/nginx.conf -d /root/nginx.conf - Optionally copy in rsyncd.conf file:
pot copy-in -p <jailname> -s /path/to/rsyncd.conf -d /root/rsyncd.conf - Optionally copy in setup.sh file for early commands to run:
pot copy-in -p <jailname> -s /path/to/setup.sh -d /root/setup.sh - Optionally copy in postsetup.sh file for late commands to run after services are setup:
pot copy-in -p <jailname> -s /path/to/postsetup.sh -d /root/postsetup.sh - Optionally export the ports after creating the jail:
pot export-ports -p <jailname> -e 80:80 - Adjust to your environment:
sudo pot set-env -p <jailname> \ -E DATACENTER=<datacentername> \ -E NODENAME=<nodename> \ -E IP=<IP address of this system> \ -E CONSULSERVERS="<comma-deliminated list of consul servers>" \ -E GOSSIPKEY=<32 byte Base64 key from consul keygen> \ -E SETUPSCRIPT=<1 | 0 default> \ -E IMPORTAUTHKEY=<1 | 0 default> \ -E IMPORTSSH=<1 | 0 default> \ -E IMPORTNGINX=<1 | 0 default> \ -E IMPORTRSYNC=<1 | 0 default> \ -E POSTSCRIPT=<1 | 0 default> \ [ -E REMOTELOG=<IP of syslog-ng server> ]
Required Paramaters
The DATACENTER parameter defines a common datacenter.
The NODENAME parameter defines the name of this node.
The IP parameter is the IP address which will be used to access services.
The CONSULSERVERS parameter is a comma-deliminated list of IP addresses for the consul server or cluster. Do not include spaces!
e.g. CONSULSERVERS="10.0.0.2" or CONSULSERVERS="10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5,10.0.0.6"
The GOSSIPKEY parameter is the gossip encryption key for consul agent. We’re using a default key if you do not set the parameter, do not use the default key for production encryption, instead provide your own.
Optional Parameters
SETUPSCRIPT will run copied-in /root/setup.sh when set to 1. You can set custom commands here like creating directories needed for nginx.
IMPORTAUTHKEY will add copied-in /root/authorized_keys_in to /root/.ssh/authorized_keys when set to 1.
IMPORTSSH will add copied-in /root/sshd_config_in to /etc/sshd/sshd_config when set to 1. You can specify a custom sshd_config this way.
IMPORTNGINX will add copied-in /root/nginx.conf to /usr/local/etc/nginx/nginx.conf when set to 1. You can specify a custom nginx.conf this way.
IMPORTRSYNC will add copied-in /root/rsyncd.conf to /usr/local/etc/rsync/rsyncd.conf when set to 1. You can specify a custom rsyncd.conf this way.
POSTSCRIPT will run copied-in /root/postsetup.sh when set to 1. You can add additional commands to run to a script postsetup.sh here, which run AFTER all the services have been setup.
The REMOTELOG parameter is the IP address of a destination syslog-ng server, such as with the loki flavour, or beast-of-argh flavour.
Usage
To access nginx if enabled with IMPORTNGINX=1:
- http://hostname
Persistent storage
To use persistent storage make sure to mount-in a pre-configured data set to the applicable directory.
Getting Started
- Image Readme
- How To Use The Ready-Made Image
- Alternatively: Create a Jail With This Flavour Yourself
- Version History
- Manual Image Download Links
- Jenkins Pot Creation Logs
How To Use The Ready-Made Image
FreeBSD 14.2:
pot import -p nginx-rsync-ssh-amd64-14_2 -t 0.28.1 -U https://potluck.honeyguide.net/nginx-rsync-ssh
With Signify Verification:
fetch https://potluck.honeyguide.net/potluck.pub; pot import -p nginx-rsync-ssh-amd64-14_2 -t 0.28.1 -C potluck.pub -U https://potluck.honeyguide.net/nginx-rsync-ssh
If you don’t want to use the default pot bridged network configuration but instead need an individual network setup (e.g. assign a host IP address), after importing it you can simply clone the jail like that (em0 is the host network adapter in this example):
pot clone -P nginx-rsync-ssh-amd64-14_2 -p my-cloned-jail -N alias -i "em0|10.10.10.10"
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Alternatively: Create a Jail With This Flavour Yourself
1. Create Flavour Files
Save all files and directories from https://codeberg.org/bsdpot/potluck/tree/master/nginx-rsync-ssh to /usr/local/etc/pot/flavours/
2. Create Jail From Flavour
Run
pot create -b <FreeBSD Version> -p <jailname> -t single -N public-bridge -f fbsd-update
with your FreeBSD version (e.g. 14.1) and the name your jail should get.
Note: Some images might require specific network configuration, double check the Overview-chapter at the top.
Version History
0.28
- Version bump for new base image
0.27
- Version bump for new base image
- Adjust pot image to allow for copying in own SSH key pair
- Remove consul client_addr setting, remove misguided ipv6-only option
0.26
- Version bump for new base image
- Add IPV6ONLY option
0.25
- Version bump for new base image
0.24
- Version bump for new base image
- Quote PATH statements
- Fix consul labels and set IP parameters
0.23
- Version bump for new base image
- Update for rsync security issue
0.22
- Version bump for new base image 14.2
0.21
- Version bump for new base image
- Enable milliseconds in syslog-ng for all log timestamps
- Update syslog-ng config to use modern config options
0.20
- Version bump for new base image 14.1
- Extra steps to trim image size
0.19
- Version bump for new base image
- Force SSH restart for changed sshd config
0.18
- Version bump for new base image
0.17
- Version bump for new base image
0.16
- Version bump for new base image
0.15
- Version bump for new base image
- Fix node_exporter zfs issue
- Fix naming in consul published services
0.14
- Version bump for new base image
- FBSD14 base image
0.13
- Version bump for new base image
0.12
- Version bump for new base image
0.11
- Version bump for new base image
0.10
- Version bump for new base image
0.9
- Version bump for new base image
0.8
- Version bump for new base image
- Fix syslog-ng problems for 4.2 version, remove stats_freq option
- Add local unbound and consul DNS services
- Update README with consul DNS info
- fix local_unbound dns resolution with missing parameters for access control
- Disable consul DNS option with local_unbound as is only practical in VNET jails with a localhost
0.7
- Version bump for new base image
0.6
- Version bump for new base image
- Signified
- Fix nologin shell for nodeexport user
0.5
- Version increment for new feature
- Pass in consul servers as a comma-deliminated list
0.4
- Version bump for new base image
- Update syslog-ng.conf stats_freq(0); -> stats(freq(0));
0.3
- Version bump for new base image
- Fix goaccess error
0.2
- Version bump for new base image
0.1
- New pot image format
- Updates to add additional functionality
- Fix ssh setup to start not restart
- Adjust goaccess config due to startup error
- Minor fixes, version bump
0.0.9
- Version bump for rebuild to fix missing images on potluck site
0.0.8
- Version bump for p3 rebuild
0.0.7
- Version bump for FreeBSD-13.1 image
0.0.6
- Fixing goaccess conf parameter as not working. Using custom goaccess.conf now.
0.0.5
- Adding syslog-ng and remote logging
0.0.4
- Fixing goaccess.conf error as installs to /usr/local/etc instead of /usr/local/etc/goaccess
0.0.3
- Header and tags fixes
0.0.2
- Typos and README fixes
0.0.1
- Standard image with nginx, rsync, ssh all requiring files be copied in
0.0.0
- Initiate file
These images were built on Thu Jul 3 22:18:08 UTC 2025
Manual Image Download Links
nginx-rsync-ssh-amd64-14_2_0.28.1.xz (
)
nginx-rsync-ssh-amd64-14_2_0.28.1.xz.skein (
)
nginx-rsync-ssh-amd64-14_2_0.28.1.xz.skein.sig (
)
nginx-rsync-ssh-amd64-14_2_0.28.1.xz.meta (
)
Jenkins Pot Creation Logs
nginx-rsync-ssh-amd64-14_2_0.28.1:
nginx-rsync-ssh/nginx-rsync-ssh:
copy-in -s /usr/local/etc/pot/flavours/nginx-rsync-ssh.d/local -d /root/.pot_local
nginx-rsync-ssh/nginx-rsync-ssh.sh:
#!/bin/sh
# Based on POTLUCK TEMPLATE v3.0
# Altered by Michael Gmelin
#
# EDIT THE FOLLOWING FOR NEW FLAVOUR:
# 1. RUNS_IN_NOMAD - true or false
# 2. If RUNS_IN_NOMAD is false, can delete the <flavour>+4 file, else
# make sure pot create command doesn't include it
# 3. Create a matching <flavour> file with this <flavour>.sh file that
# contains the copy-in commands for the config files from <flavour>.d/
# Remember that the package directories don't exist yet, so likely copy
# to /root
# 4. Adjust package installation between BEGIN & END PACKAGE SETUP
# 5. Adjust jail configuration script generation between BEGIN & END COOK
# Configure the config files that have been copied in where necessary
# Set this to true if this jail flavour is to be created as a nomad
# (i.e. blocking) jail.
# You can then query it in the cook script generation below and the script
# is installed appropriately at the end of this script
RUNS_IN_NOMAD=false
# set the cook log path/filename
COOKLOG=/var/log/cook.log
# check if cooklog exists, create it if not
if [ ! -e $COOKLOG ]
then
echo "Creating $COOKLOG" | tee -a $COOKLOG
else
echo "WARNING $COOKLOG already exists" | tee -a $COOKLOG
fi
date >> $COOKLOG
# -------------------- COMMON ---------------
STEPCOUNT=0
step() {
STEPCOUNT=$(("$STEPCOUNT" + 1))
STEP="$*"
echo "Step $STEPCOUNT: $STEP" | tee -a $COOKLOG
}
exit_ok() {
trap - EXIT
exit 0
}
FAILED=" failed"
exit_error() {
STEP="$*"
FAILED=""
exit 1
}
set -e
trap 'echo ERROR: $STEP$FAILED | (>&2 tee -a $COOKLOG)' EXIT
# -------------- BEGIN PACKAGE SETUP -------------
step "Bootstrap package repo"
mkdir -p /usr/local/etc/pkg/repos
# only modify repo if not already done in base image
# shellcheck disable=SC2016
test -e /usr/local/etc/pkg/repos/FreeBSD.conf || \
echo 'FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/quarterly" }' \
>/usr/local/etc/pkg/repos/FreeBSD.conf
ASSUME_ALWAYS_YES=yes pkg bootstrap
step "Touch /etc/rc.conf"
touch /etc/rc.conf
# this is important, otherwise running /etc/rc from cook will
# overwrite the IP address set in tinirc
step "Remove ifconfig_epair0b from config"
# shellcheck disable=SC2015
sysrc -cq ifconfig_epair0b && sysrc -x ifconfig_epair0b || true
step "Disable sendmail"
service sendmail onedisable
step "Enable SSH"
service sshd enable
# this might be redundant, but it must be created if not existing to
# allow copying own key pair in
step "Create /root/.ssh directory"
mkdir -p /root/.ssh
chmod 700 /root/.ssh
step "Create /usr/local/etc/rc.d"
mkdir -p /usr/local/etc/rc.d
step "Clean freebsd-update"
rm -rf /var/db/freebsd-update
mkdir -p /var/db/freebsd-update
# we need consul for consul agent
step "Install package consul"
pkg install -y consul
step "Install package openssl"
pkg install -y openssl
step "Install package sudo"
pkg install -y sudo
# necessary if installing curl now
step "Install package ca_root_nss"
pkg install -y ca_root_nss
step "Install package curl"
pkg install -y curl
step "Install package jq"
pkg install -y jq
step "Install package jo"
pkg install -y jo
step "Install package nano"
pkg install -y nano
step "Install package bash"
pkg install -y bash
step "Install package rsync"
pkg install -y rsync
step "Install package node_exporter"
pkg install -y node_exporter
step "Install package nginx"
pkg install -y nginx
step "Install package goaccess"
pkg install -y goaccess
step "Install package acme.sh"
pkg install -y acme.sh
step "Install package syslog-ng"
pkg install -y syslog-ng
step "Clean package installation"
pkg autoremove -y
pkg clean -ay
# -------------- END PACKAGE SETUP -------------
#
# Now generate the run command script "cook"
# It configures the system on the first run by creating the config file(s)
# On subsequent runs, it only starts sleeps (if nomad-jail) or simply exits
#
# this runs when image boots
# ----------------- BEGIN COOK ------------------
step "Clean cook artifacts"
rm -rf /usr/local/bin/cook /usr/local/share/cook
step "Install pot local"
tar -C /root/.pot_local -cf - . | tar -C /usr/local -xf -
rm -rf /root/.pot_local
step "Set file ownership on cook scripts"
chown -R root:wheel /usr/local/bin/cook /usr/local/share/cook
chmod 755 /usr/local/share/cook/bin/*
# ----------------- END COOK ------------------
# ---------- NO NEED TO EDIT BELOW ------------
step "Make cook script executable"
if [ -e /usr/local/bin/cook ]
then
echo "setting executable bit on /usr/local/bin/cook" | tee -a $COOKLOG
chmod u+x /usr/local/bin/cook
else
exit_error "there is no /usr/local/bin/cook to make executable"
fi
#
# There are two ways of running a pot jail: "Normal", non-blocking mode and
# "Nomad", i.e. blocking mode (the pot start command does not return until
# the jail is stopped).
# For the normal mode, we create a /usr/local/etc/rc.d script that starts
# the "cook" script generated above each time, for the "Nomad" mode, the cook
# script is started by pot (configuration through flavour file), therefore
# we do not need to do anything here.
#
# Create rc.d script for "normal" mode:
step "Create rc.d script to start cook"
echo "creating rc.d script to start cook" | tee -a $COOKLOG
# shellcheck disable=SC2016
echo '#!/bin/sh
#
# PROVIDE: cook
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
. /etc/rc.subr
name="cook"
rcvar="cook_enable"
load_rc_config $name
: ${cook_enable:="NO"}
: ${cook_env:=""}
command="/usr/local/bin/cook"
command_args=""
run_rc_command "$1"
' > /usr/local/etc/rc.d/cook
step "Make rc.d script to start cook executable"
if [ -e /usr/local/etc/rc.d/cook ]
then
echo "Setting executable bit on cook rc file" | tee -a $COOKLOG
chmod u+x /usr/local/etc/rc.d/cook
else
exit_error "/usr/local/etc/rc.d/cook does not exist"
fi
if [ "$RUNS_IN_NOMAD" != "true" ]
then
step "Enable cook service"
# This is a non-nomad (non-blocking) jail, so we need to make sure the script
# gets started when the jail is started:
# Otherwise, /usr/local/bin/cook will be set as start script by the pot
# flavour
echo "enabling cook" | tee -a $COOKLOG
service cook enable
fi
# -------------------- DONE ---------------
exit_ok
nginx-rsync-ssh/nginx-rsync-ssh+1:
nginx-rsync-ssh/nginx-rsync-ssh+1.sh:
nginx-rsync-ssh/nginx-rsync-ssh+2:
nginx-rsync-ssh/nginx-rsync-ssh+2.sh:
nginx-rsync-ssh/nginx-rsync-ssh+3:
nginx-rsync-ssh/nginx-rsync-ssh+3.sh:
nginx-rsync-ssh/nginx-rsync-ssh+4:
nginx-rsync-ssh/nginx-rsync-ssh+4.sh:
=====> Create conf dir (/mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/conf)
=====> Cloning freebsd-potluck-amd64-14_2_0_0_39 with snap
=====> clone zroot/srv/pot/jails/freebsd-potluck-amd64-14_2_0_0_39/m@1751565675 into zroot/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m
=====> Flavour: fbsd-update
=====> Starting nginx-rsync-ssh-amd64-14_2 pot for the initial bootstrap
=====> mount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===> Starting the pot nginx-rsync-ssh-amd64-14_2
=====> Pot nginx-rsync-ssh-amd64-14_2 jail params are: allow.set_hostname=false allow.raw_sockets allow.socket_af allow.chflags exec.clean mount.devfs enforce_statfs=2 sysvshm=new sysvsem=new sysvmsg=new children.max=0 devfs_ruleset=4 stop.timeout=10 name=nginx-rsync-ssh-amd64-14_2 host.hostname=nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net osrelease=14.2-RELEASE-p4 path=/mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m persist vnet vnet.interface=epair0b
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:83:3c:2d:fa:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Clearing /tmp (X related).
Updating /var/run/os-release done.
Creating and/or trimming log files.
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting cron.
Thu Jul 3 22:16:10 UTC 2025
/usr/local/etc/pot/flavours/fbsd-update.sh -> /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp/fbsd-update.sh
=====> Executing fbsd-update script on nginx-rsync-ssh-amd64-14_2
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from update1.freebsd.org... done.
Fetching metadata signature for 14.2-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
No updates needed to update system to 14.2-RELEASE-p4.
WARNING: FreeBSD 14.2-RELEASE-p4 is approaching its End-of-Life date.
It is strongly recommended that you upgrade to a newer
release within the next 2 months.
No updates are available to install.
=====> Stop the pot nginx-rsync-ssh-amd64-14_2
=====> Remove p468670129e97e epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/dev
=====> Flavour: nginx-rsync-ssh
=====> Executing nginx-rsync-ssh pot commands on nginx-rsync-ssh-amd64-14_2
=====> mount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
=====> Source /usr/local/etc/pot/flavours/nginx-rsync-ssh.d/local copied in the pot nginx-rsync-ssh-amd64-14_2
=====> unmount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
=====> /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/dev is already unmounted
=====> Starting nginx-rsync-ssh-amd64-14_2 pot for the initial bootstrap
=====> mount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
defaultrouter: 10.192.0.1 -> 10.192.0.1
===> Starting the pot nginx-rsync-ssh-amd64-14_2
=====> Pot nginx-rsync-ssh-amd64-14_2 jail params are: allow.set_hostname=false allow.raw_sockets allow.socket_af allow.chflags exec.clean mount.devfs enforce_statfs=2 sysvshm=new sysvsem=new sysvmsg=new children.max=0 devfs_ruleset=4 stop.timeout=10 name=nginx-rsync-ssh-amd64-14_2 host.hostname=nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net osrelease=14.2-RELEASE-p4 path=/mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m persist vnet vnet.interface=epair0b
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/local/lib/compat/pkg
32-bit compatibility ldconfig path: /usr/lib32
Starting Network: lo0 epair0b.
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:20:27:17:74:0b
inet 10.192.0.3 netmask 0xffc00000 broadcast 10.255.255.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
add host 127.0.0.1: gateway lo0 fib 0: route already in table
add net default: gateway 10.192.0.1
add host ::1: gateway lo0 fib 0: route already in table
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Clearing /tmp (X related).
Updating /var/run/os-release done.
Creating and/or trimming log files.
Updating motd:.
Starting syslogd.
Starting sendmail_submit.
Starting cron.
Thu Jul 3 22:16:38 UTC 2025
/usr/local/etc/pot/flavours/nginx-rsync-ssh.sh -> /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp/nginx-rsync-ssh.sh
=====> Executing nginx-rsync-ssh script on nginx-rsync-ssh-amd64-14_2
WARNING /var/log/cook.log already exists
Step 1: Bootstrap package repo
pkg already bootstrapped at /usr/local/sbin/pkg
Step 2: Touch /etc/rc.conf
Step 3: Remove ifconfig_epair0b from config
Step 4: Disable sendmail
sendmail disabled in /etc/rc.conf
sendmail_submit disabled in /etc/rc.conf
sendmail_msp_queue disabled in /etc/rc.conf
Step 5: Enable SSH
sshd enabled in /etc/rc.conf
Step 6: Create /root/.ssh directory
Step 7: Create /usr/local/etc/rc.d
Step 8: Clean freebsd-update
Step 9: Install package consul
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
consul: 1.20.5
Number of packages to be installed: 1
The process will require 117 MiB more space.
24 MiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching consul-1.20.5.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Installing consul-1.20.5...
===> Creating groups
Creating group 'consul' with gid '469'
===> Creating users
Creating user 'consul' with uid '469'
===> Creating homedir(s)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting consul-1.20.5: ..... done
Step 10: Install package openssl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 11: Install package sudo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 12: Install package ca_root_nss
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 13: Install package curl
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 14: Install package jq
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 15: Install package jo
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 16: Install package nano
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 17: Install package bash
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 18: Install package rsync
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The most recent versions of packages are already installed
Step 19: Install package node_exporter
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
node_exporter: 1.8.2_1
Number of packages to be installed: 1
The process will require 11 MiB more space.
4 MiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Fetching node_exporter-1.8.2_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Installing node_exporter-1.8.2_1...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/1] Extracting node_exporter-1.8.2_1: .......... done
=====
Message from node_exporter-1.8.2_1:
--
If upgrading from a version of node_exporter <0.15.0 you'll need to update any
custom command line flags that you may have set as it now requires a
double-dash (--flag) instead of a single dash (-flag).
The collector flags in 0.15.0 have now been replaced with individual boolean
flags and the -collector.procfs` and -collector.sysfs` flags have been renamed
to --path.procfs and --path.sysfs respectively.
Step 20: Install package nginx
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
nginx: 1.26.3_3,3
pcre2: 10.45
Number of packages to be installed: 2
The process will require 9 MiB more space.
2 MiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Fetching nginx-1.26.3_3,3.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Fetching pcre2-10.45.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Installing nginx-1.26.3_3,3...
===> Creating groups
Using existing group 'www'
===> Creating users
Using existing user 'www'
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Extracting nginx-1.26.3_3,3: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Installing pcre2-10.45...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Extracting pcre2-10.45: .......... done
=====
Message from nginx-1.26.3_3,3:
--
Recent version of the NGINX introduces dynamic modules support. In
FreeBSD ports tree this feature was enabled by default with the DSO
knob. Several vendor's and third-party modules have been converted
to dynamic modules. Unset the DSO knob builds an NGINX without
dynamic modules support.
To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks. When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.
Default path for the NGINX dynamic modules is
/usr/local/libexec/nginx.
Step 21: Install package goaccess
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
goaccess: 1.9.3_1
libmaxminddb: 1.12.2
Number of packages to be installed: 2
The process will require 2 MiB more space.
471 KiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Fetching libmaxminddb-1.12.2.pkg: ...... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Fetching goaccess-1.9.3_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Installing goaccess-1.9.3_1...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Extracting goaccess-1.9.3_1: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Installing libmaxminddb-1.12.2...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Extracting libmaxminddb-1.12.2: .......... done
Step 22: Install package acme.sh
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 2 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
acme.sh: 3.1.0
socat: 1.8.0.3
Number of packages to be installed: 2
The process will require 2 MiB more space.
443 KiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Fetching acme.sh-3.1.0.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Fetching socat-1.8.0.3.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Installing acme.sh-3.1.0...
===> Creating groups
Creating group 'acme' with gid '169'
===> Creating users
Creating user 'acme' with uid '169'
===> Creating homedir(s)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/2] Extracting acme.sh-3.1.0: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Installing socat-1.8.0.3...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/2] Extracting socat-1.8.0.3: .......... done
=====
Message from acme.sh-3.1.0:
--
This script will create the following directories if they do not exist:
~acme/.acme.sh
~acme/certs
The script will also install ~acme/.acme.sh/account.conf.sample which has
sane defaults. Copy this to ~acme/.acme.sh/account.conf and edit contents
to suit.
If you have EXAMPLES on:
* In the /usr/local/share/examples/acme.sh directory, you can find the dnsapi
scripts which will be useful if you decide to use dns-01 challenges. Also
included are the deploy scripts.
* A newsyslog.conf sample file is installed at
/usr/local/etc/newsyslog.conf.d/acme.sh.conf - you must modify it by
at least uncommenting the line.
* If you run `newsyslog -NC` it will create the required logfiles.
* Please review /usr/local/share/examples/acme.sh/acme.sh-cron.d - instructions are
contained in that file.
Step 23: Install package syslog-ng
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 9 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
e2fsprogs-libuuid: 1.47.2
glib: 2.80.5_1,2
ivykis: 0.43.2
json-c: 0.18
libffi: 3.4.6
mpdecimal: 4.0.0
py311-packaging: 24.2
python311: 3.11.12_1
syslog-ng: 4.8.2_1
Number of packages to be installed: 9
The process will require 235 MiB more space.
32 MiB to be downloaded.
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/9] Fetching ivykis-0.43.2.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/9] Fetching mpdecimal-4.0.0.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [3/9] Fetching py311-packaging-24.2.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [4/9] Fetching glib-2.80.5_1,2.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [5/9] Fetching syslog-ng-4.8.2_1.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [6/9] Fetching libffi-3.4.6.pkg: ........ done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [7/9] Fetching json-c-0.18.pkg: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [8/9] Fetching e2fsprogs-libuuid-1.47.2.pkg: ....... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [9/9] Fetching python311-3.11.12_1.pkg: .......... done
Checking integrity... done (0 conflicting)
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/9] Installing syslog-ng-4.8.2_1...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [1/9] Extracting syslog-ng-4.8.2_1: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/9] Installing e2fsprogs-libuuid-1.47.2...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [2/9] Extracting e2fsprogs-libuuid-1.47.2: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [3/9] Installing glib-2.80.5_1,2...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [3/9] Extracting glib-2.80.5_1,2: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [4/9] Installing ivykis-0.43.2...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [4/9] Extracting ivykis-0.43.2: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [5/9] Installing json-c-0.18...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [5/9] Extracting json-c-0.18: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [6/9] Installing py311-packaging-24.2...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [6/9] Extracting py311-packaging-24.2: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [7/9] Installing python311-3.11.12_1...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [7/9] Extracting python311-3.11.12_1: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [8/9] Installing libffi-3.4.6...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [8/9] Extracting libffi-3.4.6: .......... done
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [9/9] Installing mpdecimal-4.0.0...
[nginx-rsync-ssh-amd64-14_2.vsf00002.cpt.za.honeyguide.net] [9/9] Extracting mpdecimal-4.0.0: .......... done
==> Running trigger: gio-modules.ucl
Generating GIO modules cache
==> Running trigger: glib-schemas.ucl
Compiling glib schemas
No schema files found: doing nothing.
=====
Message from syslog-ng-4.8.2_1:
--
syslog-ng is now installed! To replace FreeBSD's standard syslogd
(/usr/sbin/syslogd), complete these steps:
1. Create a configuration file named /usr/local/etc/syslog-ng.conf
(a sample named syslog-ng.conf.sample has been included in
/usr/local/etc). Note that this is a change in 2.0.2
version, previous ones put the config file in
/usr/local/etc/syslog-ng/syslog-ng.conf, so if this is an update
move that file in the right place
2. Configure syslog-ng to start automatically by adding the following
to /etc/rc.conf:
syslog_ng_enable="YES"
3. Prevent the standard FreeBSD syslogd from starting automatically by
adding a line to the end of your /etc/rc.conf file that reads:
syslogd_enable="NO"
4. Shut down the standard FreeBSD syslogd:
kill `cat /var/run/syslog.pid`
5. Start syslog-ng:
/usr/local/etc/rc.d/syslog-ng start
=====
Message from python311-3.11.12_1:
--
Note that some standard Python modules are provided as separate ports
as they require additional dependencies. They are available as:
py311-gdbm databases/py-gdbm@py311
py311-sqlite3 databases/py-sqlite3@py311
py311-tkinter x11-toolkits/py-tkinter@py311
Step 24: Clean package installation
Checking integrity... done (0 conflicting)
Nothing to do.
The following package files will be deleted:
/var/cache/pkg/goaccess-1.9.3_1~4890ea7cb1.pkg
/var/cache/pkg/ivykis-0.43.2.pkg
/var/cache/pkg/nginx-1.26.3_3,3.pkg
/var/cache/pkg/python311-3.11.12_1~090d19032a.pkg
/var/cache/pkg/py311-packaging-24.2~5dc8a10a47.pkg
/var/cache/pkg/mpdecimal-4.0.0.pkg
/var/cache/pkg/json-c-0.18~18cb3a81e4.pkg
/var/cache/pkg/python311-3.11.12_1.pkg
/var/cache/pkg/e2fsprogs-libuuid-1.47.2~1056dc8e10.pkg
/var/cache/pkg/e2fsprogs-libuuid-1.47.2.pkg
/var/cache/pkg/syslog-ng-4.8.2_1.pkg
/var/cache/pkg/nginx-1.26.3_3,3~a03332fe29.pkg
/var/cache/pkg/acme.sh-3.1.0~195cd3a76c.pkg
/var/cache/pkg/glib-2.80.5_1,2.pkg
/var/cache/pkg/libmaxminddb-1.12.2~058ad332dc.pkg
/var/cache/pkg/libffi-3.4.6~5b384f8767.pkg
/var/cache/pkg/py311-packaging-24.2.pkg
/var/cache/pkg/pcre2-10.45~a9848dc181.pkg
/var/cache/pkg/pcre2-10.45.pkg
/var/cache/pkg/node_exporter-1.8.2_1.pkg
/var/cache/pkg/socat-1.8.0.3~f19a24e177.pkg
/var/cache/pkg/ivykis-0.43.2~8d63344ec6.pkg
/var/cache/pkg/consul-1.20.5.pkg
/var/cache/pkg/syslog-ng-4.8.2_1~46285fca64.pkg
/var/cache/pkg/libffi-3.4.6.pkg
/var/cache/pkg/consul-1.20.5~952916ce42.pkg
/var/cache/pkg/json-c-0.18.pkg
/var/cache/pkg/mpdecimal-4.0.0~134034a2cd.pkg
/var/cache/pkg/libmaxminddb-1.12.2.pkg
/var/cache/pkg/socat-1.8.0.3.pkg
/var/cache/pkg/glib-2.80.5_1,2~60ef40d44f.pkg
/var/cache/pkg/acme.sh-3.1.0.pkg
/var/cache/pkg/goaccess-1.9.3_1.pkg
/var/cache/pkg/node_exporter-1.8.2_1~270aba3cab.pkg
The cleanup will free 63 MiB
Deleting files: .......... done
Step 25: Clean cook artifacts
Step 26: Install pot local
Step 27: Set file ownership on cook scripts
Step 28: Make cook script executable
setting executable bit on /usr/local/bin/cook
Step 29: Create rc.d script to start cook
creating rc.d script to start cook
Step 30: Make rc.d script to start cook executable
Setting executable bit on cook rc file
Step 31: Enable cook service
enabling cook
cook enabled in /etc/rc.conf
=====> Stop the pot nginx-rsync-ssh-amd64-14_2
=====> Remove p468670145e97e epair network interfaces
=====> unmount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/tmp
=====> unmount /mnt/srv/pot/jails/nginx-rsync-ssh-amd64-14_2/m/dev
===> exporting nginx-rsync-ssh-amd64-14_2 @ 1751581033 to /tmp/nginx-rsync-ssh-amd64-14_2_0.28.1.xz