NUKE

run/anubis.freebsd

@@ -1,71 +0,0 @@
-#!/bin/sh
-
-# PROVIDE: anubis
-# REQUIRE: DAEMON NETWORKING
-# KEYWORD: shutdown
-
-# Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable anubis:
-# anubis_enable (bool):        Set to "NO" by default.
-#                              Set it to "YES" to enable anubis.
-# anubis_user (user):          Set to "www" by default.
-#                              User to run anubis as.
-# anubis_group (group):        Set to "www" by default.
-#                              Group to run anubis as.
-# anubis_bin (str):            Set to "/usr/local/bin/anubis" by default.
-#                              Location of the anubis binary
-# anubis_args (str):           Set to "" by default.
-#                              Extra flags passed to anubis.
-# anubis_env (str):            Set to "" by default.
-#                              List of environment variables to be set before starting..
-# anubis_env_file (str):       Set to "/etc/anubis.env" by default.
-#                              Location of a file containing environment variables.
-#
-# Closely follows the init script from https://cgit.freebsd.org/ports/tree/www/go-anubis/files/anubis.in 
-# with a couple of adjustments for more flexible environment variable handling
-
-. /etc/rc.subr
-
-name=anubis
-rcvar=anubis_enable
-
-load_rc_config ${name}
-
-: ${anubis_enable="NO"}
-: ${anubis_user="www"}
-: ${anubis_group="www"}
-: ${anubis_bin="/usr/local/bin/anubis"}
-: ${anubis_args=""}
-: ${anubis_env=""}
-: ${anubis_env_file="/etc/anubis.env"}
-
-pidfile=/var/run/${name}.pid
-daemon_pidfile=/var/run/${name}-daemon.pid
-command=/usr/sbin/daemon
-procname=${anubis_bin}
-logfile=/var/log/${name}.log
-command_args="-c -f -R 5 -r -T ${name} -p ${pidfile} -P ${daemon_pidfile} -o ${logfile} ${procname} ${anubis_args}"
-start_precmd=anubis_startprecmd
-stop_postcmd=anubis_stoppostcmd
-
-anubis_startprecmd () {
-    if [ ! -e ${logfile} ]; then
-        install -o ${anubis_user} -g ${anubis_group} /dev/null ${logfile}
-    fi
-    if [ ! -e ${daemon_pidfile} ]; then
-        install -o ${anubis_user} -g ${anubis_group} /dev/null ${daemon_pidfile}
-    fi
-    if [ ! -e ${pidfile} ]; then
-        install -o ${anubis_user} -g ${anubis_group} /dev/null ${pidfile}
-    fi
-}
-
-anubis_stoppostcmd() {
-    if [ -f "${daemon_pidfile}" ]; then
-        pids=$( pgrep -F ${daemon_pidfile} 2>&1 )
-        _err=$?
-        [ ${_err} -eq 0 ] && kill -9 ${pids}
-    fi
-}
-
-
-run_rc_command "$1"

run/anubis@.service

@@ -1,20 +0,0 @@
-[Unit]
-Description="Anubis HTTP defense proxy (instance %i)"
-
-[Service]
-ExecStart=/usr/bin/anubis
-Restart=always
-RestartSec=30s
-EnvironmentFile=/etc/anubis/%i.env
-LimitNOFILE=infinity
-DynamicUser=yes
-CacheDirectory=anubis/%i
-CacheDirectoryMode=0755
-StateDirectory=anubis/%i
-StateDirectoryMode=0755
-RuntimeDirectory=anubis/%i
-RuntimeDirectoryMode=0755
-ReadWritePaths=/run
-
-[Install]
-WantedBy=multi-user.target

run/nuke.freebsd

@@ -0,0 +1,71 @@
+#!/bin/sh
+
+# PROVIDE: nuke
+# REQUIRE: DAEMON NETWORKING
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf to enable nuke:
+# nuke_enable (bool):        Set to "NO" by default.
+#                              Set it to "YES" to enable nuke.
+# nuke_user (user):          Set to "www" by default.
+#                              User to run nuke as.
+# nuke_group (group):        Set to "www" by default.
+#                              Group to run nuke as.
+# nuke_bin (str):            Set to "/usr/local/bin/nuke" by default.
+#                              Location of the nuke binary
+# nuke_args (str):           Set to "" by default.
+#                              Extra flags passed to nuke.
+# nuke_env (str):            Set to "" by default.
+#                              List of environment variables to be set before starting..
+# nuke_env_file (str):       Set to "/etc/nuke.env" by default.
+#                              Location of a file containing environment variables.
+#
+# Closely follows the init script from https://cgit.freebsd.org/ports/tree/www/go-anubis/files/anubis.in
+# with a couple of adjustments for more flexible environment variable handling
+
+. /etc/rc.subr
+
+name=nuke
+rcvar=nuke_enable
+
+load_rc_config ${name}
+
+: ${nuke_enable="NO"}
+: ${nuke_user="www"}
+: ${nuke_group="www"}
+: ${nuke_bin="/usr/local/bin/nuke"}
+: ${nukeargs=""}
+: ${nuke_env=""}
+: ${nuke_env_file="/etc/nuke.env"}
+
+pidfile=/var/run/${name}.pid
+daemon_pidfile=/var/run/${name}-daemon.pid
+command=/usr/sbin/daemon
+procname=${nuke_bin}
+logfile=/var/log/${name}.log
+command_args="-c -f -R 5 -r -T ${name} -p ${pidfile} -P ${daemon_pidfile} -o ${logfile} ${procname} ${nuke_args}"
+start_precmd=nuke_startprecmd
+stop_postcmd=nuke_stoppostcmd
+
+nuke_startprecmd () {
+    if [ ! -e ${logfile} ]; then
+        install -o ${nuke_user} -g ${nuke_group} /dev/null ${logfile}
+    fi
+    if [ ! -e ${daemon_pidfile} ]; then
+        install -o ${nuke_user} -g ${nuke_group} /dev/null ${daemon_pidfile}
+    fi
+    if [ ! -e ${pidfile} ]; then
+        install -o ${nuke_user} -g ${nuke_group} /dev/null ${pidfile}
+    fi
+}
+
+nuke_stoppostcmd() {
+    if [ -f "${daemon_pidfile}" ]; then
+        pids=$( pgrep -F ${daemon_pidfile} 2>&1 )
+        _err=$?
+        [ ${_err} -eq 0 ] && kill -9 ${pids}
+    fi
+}
+
+
+run_rc_command "$1"

run/nuke@.service

@@ -0,0 +1,20 @@
+[Unit]
+Description="Nuke HTTP defense proxy (instance %i)"
+
+[Service]
+ExecStart=/usr/bin/nuke
+Restart=always
+RestartSec=30s
+EnvironmentFile=/etc/nuke/%i.env
+LimitNOFILE=infinity
+DynamicUser=yes
+CacheDirectory=nuke/%i
+CacheDirectoryMode=0755
+StateDirectory=nuke/%i
+StateDirectoryMode=0755
+RuntimeDirectory=nuke/%i
+RuntimeDirectoryMode=0755
+ReadWritePaths=/run
+
+[Install]
+WantedBy=multi-user.target

run/openrc/anubis.confd

@@ -1,24 +0,0 @@
-# The URL of the service that Anubis should forward valid requests to. Supports
-# Unix domain sockets.
-#ANUBIS_TARGET="http://localhost:3923"
-#ANUBIS_TARGET="unix:///path/to/socket"
-
-# The network address that Anubis listens on.
-#
-# If unset, listen on /run/anubis_${instance}/anubis.sock Unix socket instead.
-#ANUBIS_BIND_PORT=":8923"
-
-# The network address that Anubis serves Prometheus metrics on.
-#
-# If unset, listen on /run/anubis_${instance}/metrix.sock Unix socket instead.
-#ANUBIS_METRICS_BIND_PORT=":9090"
-
-# The difficulty of the challenge, or the number of leading zeroes that must be
-# in successful responses.
-#ANUBIS_DIFFICULTY=4
-
-# Additional command-line options for Anubis.
-#ANUBIS_OPTS=""
-
-# Configure the user[:group] Anubis will run as.
-#command_user="anubis:anubis"

run/openrc/anubis.initd

@@ -1,35 +0,0 @@
-#!/sbin/openrc-run
-# shellcheck shell=sh
-
-instance=${RC_SVCNAME#*.}
-
-description="Anubis HTTP defense proxy (instance ${instance})"
-supervisor="supervise-daemon"
-command="/usr/bin/anubis"
-command_args="\
-	-bind ${ANUBIS_BIND_PORT:-/run/anubis_${instance?}/anubis.sock -bind-network unix} \
-	-metrics-bind ${ANUBIS_METRICS_BIND_PORT:-/run/anubis_${instance?}/metrics.sock -metrics-bind-network unix} \
-	-target ${ANUBIS_TARGET:-http://localhost:3923} \
-	-difficulty ${ANUBIS_DIFFICULTY:-4} \
-	${ANUBIS_OPTS}
-"
-command_background=1
-pidfile="/run/anubis_${instance?}/anubis.pid"
-
-: "${command_user:=anubis:anubis}"
-
-depend() {
-	use net firewall
-}
-
-start_pre() {
-	if [ "${instance?}" = "${RC_SVCNAME?}" ]; then
-		eerror "${RC_SVCNAME?} cannot be started directly. You must create"
-		eerror "symbolic links to it for the services you want to start"
-		eerror "and add those to the appropriate runlevels."
-		return 1
-	fi
-
-	rm -rf "/run/anubis_${instance?}"
-	checkpath -D -o "${command_user?}" "/run/anubis_${instance?}"
-}

run/openrc/nuke.confd

@@ -0,0 +1,24 @@
+# The URL of the service that Nuke should forward valid requests to. Supports
+# Unix domain sockets.
+#NUKE_TARGET="http://localhost:3923"
+#NUKE_BIND_PORT_TARGET="unix:///path/to/socket"
+
+# The network address that Nuke listens on.
+#
+# If unset, listen on /run/nuke_${instance}/nuke.sock Unix socket instead.
+#NUKE_BIND_PORT=":8923"
+
+# The network address that Nuke serves Prometheus metrics on.
+#
+# If unset, listen on /run/nuke_${instance}/metrix.sock Unix socket instead.
+#NUKE_METRICS_BIND_PORT=":9090"
+
+# The difficulty of the challenge, or the number of leading zeroes that must be
+# in successful responses.
+#NUKE_DIFFICULTY=4
+
+# Additional command-line options for Nuke.
+#NUKE_OPTS=""
+
+# Configure the user[:group] Nuke will run as.
+#command_user="nuke:nuke"

run/openrc/nuke.initd

@@ -0,0 +1,35 @@
+#!/sbin/openrc-run
+# shellcheck shell=sh
+
+instance=${RC_SVCNAME#*.}
+
+description="Nuke HTTP defense proxy (instance ${instance})"
+supervisor="supervise-daemon"
+command="/usr/bin/nuke"
+command_args="\
+	-bind ${NUKE_BIND_PORT:-/run/nuke_${instance?}/nuke.sock -bind-network unix} \
+	-metrics-bind ${NUKE_METRICS_BIND_PORT:-/run/nuke_${instance?}/metrics.sock -metrics-bind-network unix} \
+	-target ${NUKE_TARGET:-http://localhost:3923} \
+	-difficulty ${NUKE_DIFFICULTY:-4} \
+	${NUKE_OPTS}
+"
+command_background=1
+pidfile="/run/nuke_${instance?}/nuke.pid"
+
+: "${command_user:=nuke:nuke}"
+
+depend() {
+	use net firewall
+}
+
+start_pre() {
+	if [ "${instance?}" = "${RC_SVCNAME?}" ]; then
+		eerror "${RC_SVCNAME?} cannot be started directly. You must create"
+		eerror "symbolic links to it for the services you want to start"
+		eerror "and add those to the appropriate runlevels."
+		return 1
+	fi
+
+	rm -rf "/run/nuke_${instance?}"
+	checkpath -D -o "${command_user?}" "/run/nuke_${instance?}"
+}