Add some service management stuff

strugee · Aug 3, 2017 · dd327c8 · dd327c8
1 parent 3e7a8c1
commit dd327c8
Show file tree

Hide file tree

Showing 3 changed files with 145 additions and 0 deletions.
diff --git a/etc/rc.conf b/etc/rc.conf
@@ -0,0 +1,10 @@
+ec2_configinit_enable=YES
+ec2_fetchkey_enable=YES
+ec2_ephemeralswap_enable=YES
+ec2_loghostkey_enable=YES
+firstboot_freebsd_update_enable=YES
+firstboot_pkgs_enable=YES
+growfs_enable="YES"
+ifconfig_DEFAULT="SYNCDHCP"
+sshd_enable="YES"
+firstboot_pkgs_list="awscli"
diff --git a/set-perms.sh b/set-perms.sh
@@ -2,3 +2,5 @@
 
 chmod 644 usr/local/etc/torrc
 chown root:wheel usr/local/etc/torrc
+chmod 644 etc/rc.conf
+chown root:wheel etc/rc.conf
diff --git a/usr/local/etc/rc.d/tor b/usr/local/etc/rc.d/tor
@@ -0,0 +1,133 @@
+#!/bin/sh
+#
+# $FreeBSD: branches/2017Q3/security/tor/files/tor.in 443770 2017-06-17 10:54:54Z joneum $
+#
+# PROVIDE: tor
+# REQUIRE: DAEMON FILESYSTEMS
+# BEFORE: LOGIN
+#
+# Add the following lines to /etc/rc.conf to enable tor.
+# All these options will overide any settings in your local torrc as
+# they are command line options.
+#
+# tor_enable (bool):	Set it to "YES" to enable tor. Default: NO
+# tor_instances (str):	List of instances. Default: ""
+# tor_conf (str):	Points to your torrc file.
+#			Default: /usr/local/etc/tor/torrc
+# tor_user (str):	Tor daemon user. Default: _tor
+# tor_group (str):	Tor group. Default: _tor
+# tor_pidfile (str):	Tor pid file.  Default: /var/run/tor/tor.pid
+# tor_datadir (str):	Tor datadir.  Default: /var/db/tor
+# tor_disable_default_instance (str):	Doesn't run the default instance.
+#			Only valid when tor_instances is used.
+#			Default: NO
+# tor_setuid (str):	Runtime setuid.  Default: NO
+#
+# The instance definition that tor_instances expects:
+# inst_name{:inst_conf:inst_user:inst_group:inst_pidfile:inst_data_dir}
+#
+
+. /etc/rc.subr
+
+name="tor"
+rcvar=tor_enable
+exit_code=0
+
+load_rc_config ${name}
+
+: ${tor_enable="NO"}
+: ${tor_instances=""}
+: ${tor_conf="/usr/local/etc/tor/torrc"}
+: ${tor_user="_tor"}
+: ${tor_group="_tor"}
+: ${tor_pidfile="/var/run/tor/tor.pid"}
+: ${tor_datadir="/var/db/tor"}
+: ${tor_disable_default_instance="NO"}
+: ${tor_setuid="NO"}
+
+instance=${slave_instance}
+if [ -n "${instance}" ]; then
+  inst_def=${instance}
+  inst_name=${inst_def%%:*}
+  [ "${inst_name}" != "main" ] || err 1 "${name} instance can't be named 'main'"
+  inst_def=${inst_def#$inst_name}
+  if [ -n "$inst_def" ]; then
+    # extended instance: parameters are set explicitly
+    inst_def=${inst_def#:}
+    tor_conf=${inst_def%%:*}
+    inst_def=${inst_def#$tor_conf:}
+    tor_user=${inst_def%%:*}
+    inst_def=${inst_def#$tor_user:}
+    tor_group=${inst_def%%:*}
+    inst_def=${inst_def#$tor_group:}
+    tor_pidfile=${inst_def%%:*}
+    tor_datadir=${inst_def#$tor_pidfile:}
+    if [ -z "${tor_conf}" -o -z "${tor_user}" -o -z "${tor_group}" -o -z "${tor_pidfile}" -o -z "${tor_datadir}" ]; then
+      warn "invalid tor instance ${inst_name} settings: ${instance}"
+      exit 1
+    fi
+  else
+    # regular instance: default parameters are used
+    tor_conf=${tor_conf}@${inst_name}
+    tor_pidfile=${tor_pidfile}@${inst_name}
+    tor_datadir=${tor_datadir}/instance@${inst_name}
+  fi
+  if ! [ -r ${tor_conf} ]; then
+    warn "tor instance ${inst_name} config file ${tor_conf} doesn't exist or isn't readable"
+    warn "you can copy the sample config /usr/local/etc/tor/torrc.sample and modify it"
+    exit 1
+  fi
+  if ! [ -d ${tor_datadir} ]; then
+    mkdir -p ${tor_datadir} &&
+    chown ${tor_user}:${tor_group} ${tor_datadir} &&
+    chmod 0700 ${tor_datadir} &&
+    echo "${name}: created the instance data directory ${tor_datadir}"
+  fi
+fi
+
+if [ -z "${instance}" -a -n "${tor_instances}" ]; then
+  inst_only="$2"
+  inst_done=0
+  for i in ${tor_instances}; do
+    inst_name=${i%%:*}
+    if [ -z "${inst_only}" -o "${inst_name}" = "${inst_only}" ]; then
+      echo -n "${name} instance ${inst_name}: "
+      if ! slave_instance=${i} /usr/local/etc/rc.d/tor "$1"; then
+        exit_code=1
+      fi
+      inst_done=$((inst_done+1))
+    fi
+  done
+  if [ -z "${inst_only}" -o "${inst_only}" = "main" ]; then
+    checkyesno tor_disable_default_instance && return $exit_code
+    echo -n "${name} main instance: "
+  elif [ -n "${inst_only}" ]; then
+    [ $inst_done -gt 0 ] || err 1 "${name} instance '$inst_only' isn't defined"
+    return  $exit_code
+  fi
+fi
+
+required_files=${tor_conf}
+required_dirs=${tor_datadir}
+pidfile=${tor_pidfile}
+command="/usr/local/bin/${name}"
+command_args="-f ${tor_conf} --PidFile ${tor_pidfile} --RunAsDaemon 1 --DataDirectory ${tor_datadir}"
+extra_commands="reload"
+
+if [ $tor_setuid = "YES" ]; then
+  if ! grep -q "^User ${tor_user}$" ${tor_conf}; then
+    echo "User ${tor_user}" >> ${tor_conf}
+  fi
+  tor_user="root"
+  tor_group="wheel"
+else
+  if grep -q "^User ${tor_user}$" ${tor_conf}; then
+    sed -i '' -e "s/^User ${tor_user}$//" ${tor_conf}
+  fi
+fi
+
+if ! run_rc_command "$1"; then
+  exit_code=1
+fi
+
+return $exit_code