Fixes to allow deployment on FreeBSD 14 (#415)

* Changing default domain name to hostname, setting default PostgreSQL version to 15

* Adding support for PostgreSQL 14 and 15

* Correcting user and group options for freeswitch runtime

* Copying missing resources/fail2ban/freeswitch-dos.conf from debian dir, adding missing copy of sip-auth-challenge-ip.conf and sip-auth-challenge.conf, setting default setting for allowipv6 directive

* Remove freeswitch database and user

Reason for this change is if FreeSWITCH uses the PostgreSQL then its a good idea for it to use its own instance. This is to prevent blocking FreeSWITCH from accessing the database if there is a long running Query on the FusionPBX database

* Changing default domain name to hostname, setting default PostgreSQL version to 15

* Adding support for PostgreSQL 14 and 15

* Correcting user and group options for freeswitch runtime

* Copying missing resources/fail2ban/freeswitch-dos.conf from debian dir, adding missing copy of sip-auth-challenge-ip.conf and sip-auth-challenge.conf, setting default setting for allowipv6 directive

---------
Co-authored-by: Charlie Root <[email protected]>

freebsd/resources/config.sh

@@ -1,6 +1,6 @@
 
 # FusionPBX Settings
-domain_name=ip_address          # hostname, ip_address or a custom value
+domain_name=hostname            # hostname, ip_address or a custom value
 system_username=admin           # default username admin
 system_password=random          # random or as a pre-set value
 system_branch=master            # master, stable
@@ -16,7 +16,7 @@ database_name=fusionpbx         # Database name (safe characters A-Z, a-z, 0-9)
 database_username=fusionpbx     # Database username (safe characters A-Z, a-z, 0-9)
 database_password=random        # random or a custom value (safe characters A-Z, a-z, 0-9)
 database_enabled=true           # true or false
-database_version=13             # Postgres 14, 13, 12, 11, 10, 9.6
+database_version=15             # Postgres 15, 14, 13, 12, 11, 10, 9.6
 database_host=127.0.0.1         # hostname or IP address
 database_port=5432              # port number
 database_backup=false           # true or false

freebsd/resources/fail2ban.sh

@@ -11,7 +11,7 @@ cd "$(dirname "$0")"
 verbose "Installing Fail2ban"
 
 #add the dependencies
-pkg install --yes py38-fail2ban
+pkg install --yes py39-fail2ban
 
 #enable fail2ban service
 echo 'fail2ban_enable="YES"' >> /etc/rc.conf
@@ -25,6 +25,14 @@ cp fail2ban/fusionpbx.conf /usr/local/etc/fail2ban/filter.d/fusionpbx.conf
 cp fail2ban/nginx-404.conf /usr/local/etc/fail2ban/filter.d/nginx-404.conf
 cp fail2ban/nginx-dos.conf /usr/local/etc/fail2ban/filter.d/nginx-dos.conf
 cp fail2ban/jail.local /usr/local/etc/fail2ban/jail.local
+cp fail2ban/sip-auth-challenge-ip.conf /usr/local/etc/fail2ban/filter.d/sip-auth-challenge-ip.conf
+cp fail2ban/sip-auth-challenge.conf /usr/local/etc/fail2ban/filter.d/sip-auth-challenge.conf
+
+# Fix default setting for allowipv6 directive
+mv /usr/local/etc/fail2ban/fail2ban.conf /usr/local/etc/fail2ban/fail2ban.conf.dist
+cat /usr/local/etc/fail2ban/fail2ban.conf.dist | sed '/^#allowipv6/s//allowipv6/' > /usr/local/etc/fail2ban/fail2ban.conf
+chown root:wheel /usr/local/etc/fail2ban/fail2ban.conf
+chmod 0644 /usr/local/etc/fail2ban/fail2ban.conf
 
 #restart fail2ban
 service fail2ban start

freebsd/resources/fail2ban/freeswitch-dos.conf

@@ -0,0 +1,21 @@
+# Fail2Ban configuration file
+#
+# Author: soapee01
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = \[WARNING\] sofia_reg.c:\d+ SIP auth challenge \(REGISTER\) on sofia profile \'\w+\' for \[.*\] from ip <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =

freebsd/resources/postgresql.sh

@@ -24,6 +24,14 @@ password=$(cat /dev/random | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 20)
 echo "Install PostgreSQL and create the database and users\n"
 
 #postgres install
+if [ ."$database_version" = ."15" ]; then
+	pkg install --yes postgresql15-server
+	#cd /usr/ports/databases/postgresql15-server/ && make install clean BATCH=yes
+fi
+if [ ."$database_version" = ."14" ]; then
+	pkg install --yes postgresql14-server
+	#cd /usr/ports/databases/postgresql14-server/ && make install clean BATCH=yes
+fi
 if [ ."$database_version" = ."13" ]; then
 	pkg install --yes postgresql13-server
 	#cd /usr/ports/databases/postgresql13-server/ && make install clean BATCH=yes
@@ -64,6 +72,12 @@ echo 'postgresql_enable=true' >> /etc/rc.conf
 /usr/local/etc/rc.d/postgresql initdb
 
 #start postgresql
+if [ ."$database_version" = ."15" ]; then
+	sudo -u postgres /usr/local/bin/pg_ctl -D /var/db/postgres/data15 start
+fi
+if [ ."$database_version" = ."14" ]; then
+	sudo -u postgres /usr/local/bin/pg_ctl -D /var/db/postgres/data14 start
+fi
 if [ ."$database_version" = ."13" ]; then
 	sudo -u postgres /usr/local/bin/pg_ctl -D /var/db/postgres/data13 start
 fi

freebsd/resources/switch/package-release.sh

@@ -7,7 +7,7 @@ cd "$(dirname "$0")"
 . ../config.sh
 
 #install dependencies
-pkg install --yes tiff ghostscript9-base memcached sox
+pkg install --yes tiff ghostscript10-10.02.1 memcached sox
 
 #set the current working directory
 cwd=$(pwd)
@@ -35,8 +35,8 @@ cd $cwd
 echo 'memcached_enable="YES"' >> /etc/rc.conf
 echo 'freeswitch_enable="YES"' >> /etc/rc.conf
 echo 'freeswitch_flags="-nonat"' >> /etc/rc.conf
-echo 'freeswitch_user="www"' >> /etc/rc.conf
-echo 'freeswitch_group="www"' >> /etc/rc.conf
+echo 'freeswitch_username="www"' >> /etc/rc.conf
+echo 'freeswitch_groupname="www"' >> /etc/rc.conf
 
 #start the service
 service memcached start