136 lines
4.2 KiB
Plaintext
136 lines
4.2 KiB
Plaintext
# Bastillefile: anki-sync-server
|
|
#
|
|
# Dieses Template setzt einen Anki Sync Server (Python, anki.syncserver) in einem Bastille-Jail auf.
|
|
# - Installiert Build-Tools (für das Rust-Bridge-Modul), Python + pip
|
|
# - Erstellt ein Virtualenv und installiert Anki via pip
|
|
# - Legt ein rc.d-Script an, das den Syncserver per daemon(8) startet
|
|
# - Startet den Dienst und lauscht standardmäßig auf Port 27701 (HTTP)
|
|
#
|
|
# WICHTIG:
|
|
# - Falls Builds im Jail /dev/fd brauchen, sorge im Host-Jail-Setup für: "mount.fdescfs;"
|
|
# - Für produktiven Betrieb die Zugangsdaten (SYNC_USER1, ggf. mehrere) anpassen!
|
|
#
|
|
# Verzeichnisse und Pfade:
|
|
# Virtualenv: /opt/anki-sync/venv
|
|
# Datenverzeichnis / Sync-Store: /var/db/anki-sync
|
|
# Logfile: /var/log/anki-sync.log
|
|
# rc.d-Script: /usr/local/etc/rc.d/anki_sync
|
|
|
|
# --- Basis / Pakete ---
|
|
CMD pkg update -f
|
|
CMD pkg upgrade -y
|
|
CMD pkg install -y python311 py311-pip rust cmake gmake pkgconf ca_root_nss git nano
|
|
|
|
# --- Dienstnutzer anlegen (optional; root ginge auch) ---
|
|
CMD pw user add anki -m -s /bin/sh || true
|
|
|
|
# --- Verzeichnisse ---
|
|
CMD mkdir -p /opt/anki-sync/venv
|
|
CMD mkdir -p /var/db/anki-sync
|
|
CMD mkdir -p /usr/local/etc/rc.d
|
|
CMD mkdir -p /var/log
|
|
|
|
# Rechte auf Daten/Log
|
|
CMD chown -R anki:anki /var/db/anki-sync
|
|
CMD touch /var/log/anki-sync.log
|
|
CMD chown anki:anki /var/log/anki-sync.log
|
|
|
|
# --- Python Virtualenv + Anki installieren ---
|
|
CMD /usr/local/bin/python3.11 -m venv /opt/anki-sync/venv
|
|
CMD /opt/anki-sync/venv/bin/python -m pip install --upgrade pip wheel setuptools
|
|
# Anki installieren (neueste Version; alternativ Version pinnen, z.B.: anki==2.1.65)
|
|
CMD /opt/anki-sync/venv/bin/python -m pip install --no-cache-dir anki
|
|
|
|
# --- rc.d-Script schreiben ---
|
|
CMD /bin/sh -c 'cat > /usr/local/etc/rc.d/anki_sync << "EOF"
|
|
#!/bin/sh
|
|
# PROVIDE: anki_sync
|
|
# REQUIRE: LOGIN
|
|
# KEYWORD: jail
|
|
|
|
. /etc/rc.subr
|
|
|
|
name="anki_sync"
|
|
rcvar="${name}_enable"
|
|
|
|
load_rc_config $name
|
|
|
|
: ${anki_sync_enable:="NO"}
|
|
: ${anki_sync_user:="anki"}
|
|
: ${anki_sync_base:="/var/db/anki-sync"}
|
|
: ${anki_sync_bin:="/opt/anki-sync/venv/bin/python"}
|
|
: ${anki_sync_host:="0.0.0.0"}
|
|
: ${anki_sync_port:="27701"}
|
|
: ${anki_sync_log:="/var/log/anki-sync.log"}
|
|
: ${anki_sync_pidfile:="/var/run/anki-sync.pid"}
|
|
: ${anki_sync_env_users:=""}
|
|
: ${anki_sync_module:="-m anki.syncserver"}
|
|
|
|
start_cmd="${name}_start"
|
|
stop_cmd="${name}_stop"
|
|
status_cmd="${name}_status"
|
|
|
|
build_env() {
|
|
_env="SYNC_BASE=${anki_sync_base} SYNC_HOST=${anki_sync_host} SYNC_PORT=${anki_sync_port}"
|
|
[ -n "${anki_sync_env_users}" ] && _env="${_env} ${anki_sync_env_users}"
|
|
echo "${_env}"
|
|
}
|
|
|
|
anki_sync_start()
|
|
{
|
|
# Mindestens ein User?
|
|
case " ${anki_sync_env_users} " in
|
|
*" SYNC_USER"*) ;;
|
|
*) echo "ERROR: No users defined. Set anki_sync_env_users in /etc/rc.conf (e.g. SYNC_USER1=user:pass)"; return 1 ;;
|
|
esac
|
|
|
|
install -d -m 0755 "${anki_sync_base}" || true
|
|
touch "${anki_sync_log}" || true
|
|
[ -d "/var/run" ] || install -d -m 0755 /var/run
|
|
chown -f "${anki_sync_user}":"${anki_sync_user}" "${anki_sync_log}" "${anki_sync_base}" 2>/dev/null || true
|
|
|
|
/usr/sbin/daemon -f -r \
|
|
-P "${anki_sync_pidfile}" \
|
|
-o "${anki_sync_log}" \
|
|
-u "${anki_sync_user}" \
|
|
env $(build_env) "${anki_sync_bin}" ${anki_sync_module}
|
|
}
|
|
|
|
anki_sync_stop()
|
|
{
|
|
if [ -f "${anki_sync_pidfile}" ]; then
|
|
kill "$(cat "${anki_sync_pidfile}")" 2>/dev/null || true
|
|
rm -f "${anki_sync_pidfile}"
|
|
else
|
|
pkill -f "${anki_sync_bin} ${anki_sync_module}" 2>/dev/null || true
|
|
fi
|
|
}
|
|
|
|
anki_sync_status()
|
|
{
|
|
if [ -f "${anki_sync_pidfile}" ] && kill -0 "$(cat "${anki_sync_pidfile}")" 2>/dev/null; then
|
|
echo "${name} is running as pid $(cat "${anki_sync_pidfile}")"
|
|
exit 0
|
|
fi
|
|
pgrep -lf "${anki_sync_bin} ${anki_sync_module}" && exit 0
|
|
echo "${name} is not running"
|
|
exit 1
|
|
}
|
|
|
|
run_rc_command "$1"
|
|
EOF'
|
|
|
|
CMD chmod +x /usr/local/etc/rc.d/anki_sync
|
|
|
|
# --- rc.conf: Dienst aktivieren + Standard-ENV (BITTE ändern!) ---
|
|
SYSRC anki_sync_enable="YES"
|
|
SYSRC anki_sync_user="anki"
|
|
SYSRC anki_sync_base="/var/db/anki-sync"
|
|
SYSRC anki_sync_host="0.0.0.0"
|
|
SYSRC anki_sync_port="27701"
|
|
# Test-User setzen (unbedingt ersetzen!)
|
|
SYSRC anki_sync_env_users='SYNC_USER1=demo:demo'
|
|
|
|
# --- Dienst starten ---
|
|
SERVICE anki_sync start
|