Rough guide on how to set up a new jail, 2019-09-02.
NAME= N= NV6=
ns.dfri.se
knotc zone-begin 193.25.171.in-addr.arpa; knotc zone-set 193.25.171.in-addr.arpa set $N 86400 PTR $NAME.dfri.se.; knotc zone-commit dfri.se knotc zone-begin c.9.8.2.c.7.6.0.1.0.0.2.ip6.arpa; knotc zone-set c.9.8.2.c.7.6.0.1.0.0.2.ip6.arpa $NV6 86400 PTR $NAME.dfri.se.; knotc zone-commit c.9.8.2.c.7.6.0.1.0.0.2.ip6.arpa knotc zone-begin dfri.se; knotc zone-set dfri.se $NAME 86400 A 171.25.193.$N; knotc zone-set dfri.se $NAME 86400 AAAA 2001:67c:289c::$NV6; knotc zone-commit dfri.se
.dfri.se
/usr/local/bin/dfrijai.sh install $NAME
new jail
$EDITOR /etc/ssh/sshd_config # allow root login mkdir /root/.ssh; chmod 700 /root/.ssh; cat > /root/.ssh/authorized_keys # paste your ssh pubkey sysrc sshd_enable=yes service sshd start ssh-keygen -r $(hostname). | egrep 'SSHFP [134] 2'
ns.dfri.se
add the three SSHFP records using knotc
laptop
$EDITOR dfri/ansible/role/ansible/files/prod # add $NAME.dfri.se in various places
commit and push
cd dfri/ansible; ./mkbootstrap $NAME.dfri.se
new jail
cd /root; ./dfri-ansible/bootstrap -f prod