machine_setup/ansible/environments/home/host_vars/homeserver

os_flavor: "freebsd"
custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"
pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"
zfs_snapshot_datasets:
  - path: zroot/freebsd/computer/be
  - path: zmass/encrypted/vm
  - path: zmass/encrypted/data
users:
  talexander:
    initialize: true
    uid: 11235
    gid: 11235
    groups:
      - name: wheel
      - name: video
      - name: u2f
      - name: operator # To be able to shutdown without root
      - name: webcamd
        gid: 145
    authorized_keys:
      - yubikey
      - main_fido
      - backup_fido
      - homeassistant
    gitconfig: "gitconfig_home"
sshd_enabled: true
sshd_conf: "sshd_config"
prefer_ipv6: true
dummynet_config: "dnctl.conf"
pf_config: "homeserver_pf.conf"
pflog_conf:
  - name: 0
    dev: pflog0
network_rc: "homeserver_network.conf"
rc_conf: "homeserver_rc.conf"
loader_conf: "homeserver_loader.conf"
cputype: "intel"
hwpstate: false
devfs_rules: "homeserver_devfs.rules"
jail_zfs_dataset: zmass/encrypted/jails
jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on"
jail_bemount: "on"
jail_list:
  - name: nat_dhcp
    dataset: zmass/unencrypted/jails
    enabled: true
    conf:
      src: nat_dhcp
  - name: cloak
    conf:
      src: cloak
  - name: dagger
    conf:
      src: dagger
  - name: olddagger
    conf:
      src: olddagger
  - name: sftp
    conf:
      src: sftp
    fstab: sftp_fstab
  - name: bastion
    conf:
      src: bastion
    fstab: fstab_bastion
  - name: certificate
    conf:
      src: certificate
  - name: momlaptop
    conf:
      src: momlaptop
  # - name: mumble
  #   conf:
  #     src: mumble
  #   persist:
  #     - name: mumbledb
  #       mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
bhyve_canmount: "off"
bhyve_mountpoint: "none"
bhyve_bemount: "on"
wireguard_directory: homeserver
enabled_wireguard:
  - wgh
linfi:
  enabled: true
  zfs_dataset: zmass/unencrypted/vm/linfi
  zfs_mountpoint: /vm/linfi
  driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
  pci_blocklist: "6/0/0"
  amd: false
Configure passwordless sudo for wheel group. 2022-10-09 23:14:55 -04:00			`os_flavor: "freebsd"`
Set up home server. 2024-04-22 17:23:20 -04:00			`custom_repo: "https://freebsdpkg.fizz.buzz/repo/14broadwell-default-computer"`
			`pkgbase_url: "https://freebsdpkg.fizz.buzz/pkgbase/14broadwell-repo/FreeBSD:14:amd64/latest"`
Start of zrepl role. Currently only doing FreeBSD. 2022-10-10 22:31:22 -04:00			`zfs_snapshot_datasets:`
Snapshot the VMs on homeserver. 2023-08-21 00:25:33 -04:00			`- path: zroot/freebsd/computer/be`
			`- path: zmass/encrypted/vm`
Update homeserver to pass both udp and tcp. 2024-07-06 11:36:49 -04:00			`- path: zmass/encrypted/data`
Set up home server. 2024-04-22 17:23:20 -04:00			`users:`
			`talexander:`
			`initialize: true`
			`uid: 11235`
			`gid: 11235`
			`groups:`
			`- name: wheel`
			`- name: video`
			`- name: u2f`
			`- name: operator # To be able to shutdown without root`
			`- name: webcamd`
			`gid: 145`
			`authorized_keys:`
			`- yubikey`
			`- main_fido`
			`- backup_fido`
			`- homeassistant`
			`gitconfig: "gitconfig_home"`
Start an sshd role. 2022-10-11 23:51:42 -04:00			`sshd_enabled: true`
Copy over sshd config. 2022-10-12 00:01:57 -04:00			`sshd_conf: "sshd_config"`
Enable ipv6 on homeserver. 2024-07-12 21:44:43 -04:00			`prefer_ipv6: true`
			`dummynet_config: "dnctl.conf"`
Create a firewall role that installs a pf.conf on FreeBSD. Does not yet configure pflog nor does it do anything on Linux. 2022-10-12 21:23:40 -04:00			`pf_config: "homeserver_pf.conf"`
Add pflog configuration. 2022-10-12 22:11:39 -04:00			`pflog_conf:`
			`- name: 0`
			`dev: pflog0`
Add a FreeBSD network role. 2022-10-14 01:29:40 -04:00			`network_rc: "homeserver_network.conf"`
Add copying of rc.conf. 2022-10-14 01:55:15 -04:00			`rc_conf: "homeserver_rc.conf"`
Add loader.conf. 2022-10-14 01:59:15 -04:00			`loader_conf: "homeserver_loader.conf"`
Import the FreeBSD cpu role. 2022-10-15 19:51:54 -04:00			`cputype: "intel"`
Add support for speedshift (hardware p-states). 2022-10-15 20:54:58 -04:00			`hwpstate: false`
Add devfs rules for homeserver. 2023-11-24 10:25:16 -05:00			`devfs_rules: "homeserver_devfs.rules"`
Start migrating jails to fileserver. 2022-11-03 00:07:44 -04:00			`jail_zfs_dataset: zmass/encrypted/jails`
Migrate to abbreviated jail folder structure. 2024-06-29 15:21:27 -04:00			`jail_zfs_dataset_mountpoint: /jail`
Make canmount configurable for bhyve and jails. 2022-11-12 17:04:25 -05:00			`jail_canmount: "on"`
			`jail_bemount: "on"`
Start migrating jails to fileserver. 2022-11-03 00:07:44 -04:00			`jail_list:`
Move the nat_dhcp jail to an unencrypted dataset so it can be available at boot. 2022-12-02 22:13:32 -05:00			`- name: nat_dhcp`
			`dataset: zmass/unencrypted/jails`
			`enabled: true`
			`conf:`
			`src: nat_dhcp`
Start migrating jails to fileserver. 2022-11-03 00:07:44 -04:00			`- name: cloak`
			`conf:`
			`src: cloak`
			`- name: dagger`
			`conf:`
			`src: dagger`
Support launching old dagger. 2024-06-30 16:18:55 -04:00			`- name: olddagger`
			`conf:`
			`src: olddagger`
Add sftp jail. 2024-06-29 23:32:36 -04:00			`- name: sftp`
			`conf:`
			`src: sftp`
Add sftp jail. 2024-06-30 23:02:23 -04:00			`fstab: sftp_fstab`
Add bastion and certificate jails. 2024-07-01 22:01:07 -04:00			`- name: bastion`
			`conf:`
			`src: bastion`
			`fstab: fstab_bastion`
			`- name: certificate`
			`conf:`
			`src: certificate`
Add jail for momlaptop. 2024-08-14 21:25:49 -04:00			`- name: momlaptop`
			`conf:`
			`src: momlaptop`
Use latest packages in jails. 2024-06-30 12:30:46 -04:00			`# - name: mumble`
			`# conf:`
			`# src: mumble`
			`# persist:`
			`# - name: mumbledb`
			`# mount: /var/db/murmur`
Start migrating jails to fileserver. 2022-11-03 00:07:44 -04:00			`bhyve_dataset: zmass/encrypted/vm`
Move my home server over to linfi. 2024-10-13 22:49:12 -04:00			`# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm`
			`bhyve_canmount: "off"`
			`bhyve_mountpoint: "none"`
Make canmount configurable for bhyve and jails. 2022-11-12 17:04:25 -05:00			`bhyve_bemount: "on"`
Add homeserver wireguard config. 2022-12-04 02:37:20 -05:00			`wireguard_directory: homeserver`
			`enabled_wireguard:`
			`- wgh`
Move my home server over to linfi. 2024-10-13 22:49:12 -04:00			`linfi:`
			`enabled: true`
			`zfs_dataset: zmass/unencrypted/vm/linfi`
			`zfs_mountpoint: /vm/linfi`
Try a convert vs stream function instead for video conversion. 2024-11-17 21:29:42 -05:00			`driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"`
Move my home server over to linfi. 2024-10-13 22:49:12 -04:00			`pci_blocklist: "6/0/0"`
			`amd: false`