Jail: pkgp
one time
zfs create zroot/pkgp
zfs set atime=on /zroot/pkgp
# atime is off everywhere but a caching system needs it

mkdir /zroot/pkgp/pkg
mkdir /zroot/pkgp/update
mkdir /zroot/pkgp/ccache
chown -R www:wheel /zroot/pkgp
create jail
export JAIL=pkgp
export JAILHOSTNAME=pkgp
export JAILDOMAIN=ahlawat.com
export JAILIP=15
export JAILUSER=X
export JAILUSERID=1000
export JAILUSERVNC=false
export JAILSRC=true

/root/FreeBSD/jails/create.sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC $JAILSRC

iocage set jail_zfs=on children_max=32 securelevel=0 allow_mount_devfs=1 devfs_ruleset=4 allow_mount_tmpfs=1 allow_mount_nullfs=1 allow_mount_procfs=1 allow_mount=1 enforce_statfs=1 allow_chflags=1 allow_socket_af=1 allow_mlock=1 sysvmsg=new sysvsem=new sysvshm=new $JAIL

iocage exec $JAIL "mkdir /mnt/cache"
iocage fstab -a $JAIL /zroot/$JAIL /mnt/cache nullfs rw 0 0
iocage exec $JAIL "mkdir /usr/ports"
iocage fstab -a $JAIL /usr/ports /usr/ports nullfs rw 0 0
iocage exec $JAIL "mkdir /var/db/portsnap"
iocage fstab -a $JAIL /var/db/portsnap /var/db/portsnap nullfs rw 0 0
iocage fstab -l $JAIL

iocage exec $JAIL "zfs set mountpoint=/poudriere ship/iocage/jails/pkgp/data"
iocage exec $JAIL "zfs mount ship/iocage/jails/pkgp/data"
# this link is because of the behavior that iocage mounts only under /mnt even though the mountpoint is set for /
iocage exec $JAIL "ln -s /mnt/poudriere /poudriere"

iocage exec $JAIL "pkg install -y poudriere nginx ccache"
# if you want the latest ports version instead
# iocage console $JAIL
# cd /usr/ports/ports-mgmt/poudriere
# make install clean
# cd /usr/ports/www/nginx
# make install clean

# first time "portsnap fetch extract"
# iocage exec $JAIL "if [ -z /usr/ports ]; then portsnap fetch extract; else portsnap auto; fi"

iocage exec $JAIL "portsnap auto"

iocage exec $JAIL mkdir -p /usr/local/etc/ssl/{keys,certs}
iocage exec $JAIL chmod 0600 /usr/local/etc/ssl/keys

# first time
# openssl genrsa -out /usr/local/etc/ssl/keys/poudriere.key 4096
# openssl rsa -in /usr/local/etc/ssl/keys/poudriere.key -pubout -out /usr/local/etc/ssl/certs/poudriere.cert
# cp keys to /mnt/certs

iocage exec $JAIL "cp /mnt/config/ccache.conf /usr/local/etc"
iocage exec $JAIL "cp /mnt/config/ccache.conf /mnt/cache/ccache"

iocage exec $JAIL "cp /mnt/certs/poudriere.key /usr/local/etc/ssl/keys"
iocage exec $JAIL "cp /mnt/certs/poudriere.cert /usr/local/etc/ssl/certs"
iocage exec $JAIL "cp /mnt/config/poudriere.conf /usr/local/etc"
iocage exec $JAIL "cp /mnt/config/make.conf /usr/local/etc/poudriere.d"

iocage exec $JAIL "sysrc nginx_enable=YES"
iocage exec $JAIL "cp /mnt/config/nginx.conf /usr/local/etc/nginx"
iocage exec $JAIL "cp /mnt/config/mime.types /usr/local/etc/nginx"
iocage exec $JAIL "service nginx restart"
Notes:
# first time
# poudriere ports -c
# poudriere jail -c -j pj123 -v 14.0-RELEASE
# ###


# every time
iocage set securelevel=0 pkgp
iocage exec pkgp "poudriere jail -l"
iocage exec pkgp "poudriere jail -u -j pj123"
iocage set securelevel=2 pkgp

iocage exec pkgp "portsnap auto"

iocage exec pkgp "poudriere ports -l"
iocage exec pkgp "poudriere ports -u"
iocage exec pkgp "poudriere bulk -f /mnt/config/mypkgs -j pj123"
# ###


# add new package
iocage console pkgp
nano /mnt/config/mypkgs
poudriere options -f /mnt/config/mypkgs -j pj123
# ###

# reconfigure existing package
iocage console pkgp
cd /usr/local/etc/poudriere.d/pj123-options
rm package/options
poudriere options -f /mnt/config/mypkgs -j pj123
# ###


# change package configuration (-c = make config / -s = show config)
# also must run after creating a new release jail to configure packages
iocage console pkgp
cat /mnt/config/mypkgs
# poudriere options -s -f /mnt/config/mypkgs -j pj123
poudriere options -c -f /mnt/config/mypkgs -j pj123
# ###
Archived Notes:
Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.
drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89
Networking and Security Technologist.
EngineerĀ andĀ an avid Programmer.

https://sharad.ahlawat.com
strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.
© 2024 Sharad Ahlawat

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.