_XTRAS_LIST & install modes

_XTRAS_LIST is the master variable in /root/.barracuda.cnf that selects which optional packages BOA installs alongside the core stack. Its tokens are matched as three-letter codes inside the BOA source — the installers test [[ "${_XTRAS_LIST}" =~ "ADM" ]] and so on, so what you put in the list is a space-separated set of those codes (plus the umbrella token ALL). The template default is empty (_XTRAS_LIST="").

How it works

In /root/.barracuda.cnf:

_XTRAS_LIST=""                  # absolute minimum — nothing optional
_XTRAS_LIST="ALL"               # the ALL-umbrella set
_XTRAS_LIST="ALL SR9 CSS NPM"   # ALL plus selected explicit items

The list applies on every barracuda install and barracuda upgrade. The set BOA actually installs is the union of your explicit tokens plus a couple added implicitly by the install mode (below). Because tokens are matched anywhere in the string with =~, the ALL umbrella does not literally expand the others — each installer checks for ALL or its own code.

Removing a token from _XTRAS_LIST after install does not uninstall the package. The list is additivebarracuda upgrade will not tear down BIND just because you deleted BND. To remove an installed extra, follow the package-specific removal procedure (or rebuild from scratch). (The one exception is Node/NPM, below: dropping its lshell gate actively removes it.)

The token catalogue

The codes below are the ones the live BOA installers actually test for.

Token Installs
ADM Adminer DB manager (browser-based MySQL UI). Installed when ADM or ALL is present; auto-added in LOCAL mode.
CSF CSF firewall (ConfigServer Security & Firewall). Auto-added in PUBLIC mode.
FTP Pure-FTPd server with forced FTPS (per-tenant FTPS access).
IMG Image-optimisation apt packages — advancecomp, jpegoptim, libjpeg-progs, optipng, pngcrush, pngquant. Installed when IMG or ALL is present, or implicitly on a hosted-BOA system. Some Drupal image modules become [S]-supported only when these are present.
CHV Chive DB manager.
BDD SQL Buddy DB manager.
CGP Collectd Graph Panel (web monitoring under cgp.master.<f-q-d-n>).
CSS Ruby + Gems for Compass (Drupal theme tooling; builds Ruby from source).
NPM Node.js + NPM for Gulp/Bower. Requires the Node/NPM safety gate below.
MNG MongoDB PHP driver (equivalent to _PHP_MONGODB=YES).
TET Tideways profiler PHP extension (equivalent to _PHP_TET=YES).
FMG FFmpeg support (deb-multimedia). Deprecated — current practice uses external services.
BND Bind9 DNS server. Deprecated — unbound is already installed by Barracuda.
BZR Bazaar legacy version-control system (built from source).
WMN Webmin control panel. Deprecated.
SR4 Apache Solr 4 with Jetty 9 (Jetty listens on 127.0.0.1:8099). Not supported on Devuan Excalibur.
SR7 Apache Solr 7 (standalone service, listens on 127.0.0.1:9077). Not supported on Devuan Excalibur.
SR9 Apache Solr 9 — the current Solr (standalone service, listens on 127.0.0.1:9099).

The bare SR prefix also drives the shared Solr/Java base-package install, so any SR4/SR7/SR9 token pulls those in. See Solr for the Solr service detail.

Not an XTRAS token: php-geos

The PHP GEOS extension (geos.so, v1.0.0) is not an _XTRAS_LIST token. BOA builds and enables it unconditionally for every PHP version except 5.6 — there is no opt-in or opt-out. The legacy _PHP_GEOS=YES control variable that once gated this is now read nowhere and has no effect.

Node + NPM safety gate

Node.js is the only optional add-on that requires an explicit opt-in beyond _XTRAS_LIST. With NPM in the list, the installer still checks for the gate marker before doing anything:

touch /root/.allow.node.lshell.cnf

If that marker is absent, the installer not only skips Node — it actively removes any installed nodejs / npm packages. The reason: Node should not be installed on a host with untrusted or shared tenant accounts, because the typical npm install of arbitrary upstream packages can run post-install hooks as the tenant user. On a multi-Octopus BOA host that is a real attack surface. If you control every tenant (single-customer or internal-only install), the marker is safe to create; if you serve third-party clients, leave it off. (This marker stays in /root — it is a security gate, not part of the /etc/boa relocation.)

Install modes — PUBLIC vs LOCAL

_EASY_SETUP in /root/.barracuda.cnf selects one of two install modes (default PUBLIC), and each mode auto-adds one token to _XTRAS_LIST:

  • _EASY_SETUP=PUBLIC (the supported production mode) — auto-adds CSF. Sets up the public-facing stack: Octopus Ægir UI, Adminer, the Master Ægir UI, and CSF + LFD with the integrated abuse guard. Requires a real wildcard-enabled _EASY_HOSTNAME.
  • _EASY_SETUP=LOCAL (workstation / disposable-VM only) — auto-adds ADM and configures local DNS and hostname automatically (_LOCAL_NETWORK_*, aegir.local) so no external DNS is needed. Minimal subset only; not for production.

Customising at upgrade time

You can change _XTRAS_LIST between install and any later barracuda upgrade — new tokens get added, removed tokens stay installed (see the additive warning above). Per-instance Octopus customisation lives in octopus.cnf and follows the same .cnf pattern.

Related