= Portax installation notes

== Common setup

=== {{{/etc/profile}}}
{{{
cat >> /etc/profile <<EOF
if [ $(id -u) == 0 ]; then
    export PS1='\[\033[01;31m\]\h\[\033[01;34m\] \w \$\[\033[00m\] '
else
    export PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
fi
export EDITOR=vim
alias vi=vim
EOF
. /etc/profile
}}}

=== Add portax user/group
{{{
pw group add -g 1000 -n portax
pw user add -d /usr/local/portax -u 1000 -n portax -g portax -c portax portax
}}}

=== Add repositories
{{{
pkg bootstrap -y
pkg install -y ca_root_nss vim bash screen
mkdir -p /usr/local/etc/pkg/repos
cat > /usr/local/etc/pkg/repos/portax.conf <<EOF
portax: {
  url: "https://pkg.portax.pl/pkg/12-2-amd64-portax",
  enabled: yes
}
EOF
pkg update
}}}

=== VIM config
{{{
cat > ~/.vimrc <<EOF
set nocompatible
set exrc
set nojoinspaces
map <F9> :set number!<CR>
set laststatus=2
set statusline=%<%f%h%m%r%=row:%-3.6l\ \ \col:%-2.2c%V\ \ \%2.3p%%
set bs=2
syntax on
set nowrap
inoremap <Up> <Esc>g<Up>a
inoremap <Down> <Esc>g<Down>a
set hlsearch
set incsearch
set tabstop=2
set smartindent
set shiftwidth=2
set background=dark
syntax on
EOF
}}}

= Datasets

- /tank/rrd

 recordsize=4k, noatime

- /tank/postgres

 recordsize=8k, noatime


== Database server

- PostgreSQL

 /mnt/tank/pg -> /data/pg
{{{
createuser -Upostgres -s portax
createdb -Upostgres -O portax -E UTF-8 --lc-collate=cs_CZ.UTF-8 --lc-ctype=cs_CZ.UTF-8 --template=template0 portax
}}}

- MySQL

 /mnt/tank/mysql -> /var/db/mysql
{{{
innodb_doublewrite = 0
skip-name-resolve
}}}

 fix root password
{{{
SET PASSWORD = PASSWORD('your_new_password');
}}}

- redis
 {{{
pkg install -y redis
echo "bind 0.0.0.0" >> /usr/local/etc/redis.conf
}}}

== DHCP servers
TODO attach {{{slapd.conf}}}, {{{ldap.conf}}}, schema files {{{acme-check-domain.sh}}}
- openldap-server24
{{{
pw group add tftp
pw user add -g tftp -c tftp -n tftp -d /var/tftp tftp
pw group add acme
pw user add -g acme -n acme -c acme -d /usr/local/etc/acme -n acme acme
mkdir /var/run/apache && chown www:www /var/run/apache
mkdir -p /www/registrace && mkdir -p /www/nastenka
}}}

- acme crontab
{{{
MAILTO=""
BASH_ENV="/etc/profile"

@daily	$HOME/acme-check-domain.sh registrace.xgbe.cz
}}}

- TODO {{{/var/unbound/unbound.conf}}}

- {{{/usr/local/etc/sudoers.d/portax}}}
{{{
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd configtest
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd restart
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd status
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd6 configtest
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd6 restart
%portax  ALL=NOPASSWD:/usr/sbin/service isc-dhcpd6 status
}}}

- {{{/usr/local/etc/newsyslog.conf.d/dhcp-portax.conf}}}
{{{
/var/log/dhcpd.log  644 7 * @T00  JNC
/var/log/dhcpd6.log  644 7 * @T00  JNC
}}}

- TODO attach {{{dhcp*conf}}}

== RRD cache server
- append {{{/etc/rc.conf}}}
{{{
sysrc rrdcached_enable="YES"
sysrc rrdcached_flags="-V LOG_INFO -G portax -U portax -w 86400 -z 86400 -t 4 -f 172800 -b /data/rrd -B -R -O -j /data/journal -l 0.0.0.0 -l unix:/tmp/rrdcached.sock"
}}}

== Application server
- {{{/var/at/at.allow}}}
{{{
portax
}}}

== Genieacs server (TR-069)
- TODO
{{{
pw group add -n genieacs
pw user add -d /usr/local/genieacs -n genieacs -g genieacs -c genieacs genieacs
}}}

=== MOTD
[http://patorjk.com/software/taag/#p=display&f=ANSI%20Shadow&t=app01]