Prefer ipv6.

2024-07-12 19:58:50 -04:00 · 2024-07-12 19:58:50 -04:00 · 0e2c7adaf9
parent f6152d92f1
commit 0e2c7adaf9
9 changed files with 50 additions and 9 deletions
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@ -9,6 +9,7 @@ pf_config: "odofreebsd_pf.conf"
 pflog_conf:
 - name: 0
   dev: pflog0
+prefer_ipv6: true
 dummynet_config: "dnctl.conf"
 network_rc: "odofreebsd_network.conf"
 rc_conf: "odofreebsd_rc.conf"
@ -41,6 +42,7 @@ users:
 devfs_rules: "odo_devfs.rules"
 jail_zfs_dataset: zroot/freebsd/current/jails
 jail_zfs_dataset_mountpoint: /jail
+jail_canmount: "on"
 jail_list:
  - name: nat_dhcp
    enabled: true
--- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
+++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash
@ -105,7 +105,8 @@ function start_vm {
    local bridge_name="$BRIDGE_NAME"
    local ip_range="$IP_RANGE" # for raw this value does not matter

-    local mac_address=$(calculate_mac_address "$name")
+    local mac_address
+    mac_address=$(calculate_mac_address "$name")

    local additional_args=()

@ -245,7 +246,8 @@ function ng_exists {

 function calculate_mac_address {
    local name="$1"
-    local source=$(md5 -r -s "$name" | awk '{print $1}')
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
 }

--- a/ansible/roles/firefox/defaults/main.yaml
+++ b/ansible/roles/firefox/defaults/main.yaml
@ -13,3 +13,11 @@ firefox_config:
  browser.newtabpage.activity-stream.feeds.section.topstories: false
  browser.newtabpage.pinned: "[]"
  browser.newtabpage.activity-stream.section.highlights.includePocket: false
+  # Disable cache when devtools are open.
+  devtools.cache.disabled: true
+  # Do not track header.
+  privacy.donottrackheader.enabled: true
+  # Tell websites not to share or sell my data.
+  privacy.globalprivacycontrol.enabled: true
+  # Disable "studies" (slice testing)
+  app.shield.optoutstudies.enabled: false
--- a/ansible/roles/jail/files/jail_netgraph_bridge.bash
+++ b/ansible/roles/jail/files/jail_netgraph_bridge.bash
@ -23,11 +23,15 @@ function start_jail {
    jail_interface_name=$(sanitize_interface_name "$2")
    ip_range="$3"

+    local mac_address
+    mac_address=$(calculate_mac_address "$jail_interface_name")
+
    assert_bridge "$host_interface_name" "$bridge_name" "$ip_range"

    bridge_link_name=$(detect_available_link "${bridge_name}")
    ngctl -d -f - <<EOF
 mkpeer ${bridge_name}: eiface $bridge_link_name ether
+msg ${bridge_name}:$bridge_link_name set $mac_address
 name ${bridge_name}:$bridge_link_name $jail_interface_name
 EOF
    ifconfig $(ngctl msg "${jail_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${jail_interface_name}" up
@ -121,4 +125,11 @@ function sanitize_interface_name {
    echo "${1:0:15}"
 }

+function calculate_mac_address {
+    local name="$1"
+    local source
+    source=$(md5 -r -s "$name" | awk '{print $1}')
+    echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
+}
+
 main "${@}"
--- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
+++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf
@ -80,13 +80,13 @@
                        "ip-address": "10.215.1.215"
                    },
                    {
-                        // sftp
-                        "hw-address": "58:9c:fc:10:ff:ab",
+                        // sftp - hard-coded in rc.conf, reproduced here to reserve ip
+                        "hw-address": "06:7b:e0:08:16:5d",
                        "ip-address": "10.215.1.216"
                    },
                    {
-                        // bastion
-                        "hw-address": "58:9c:fc:10:ff:a2",
+                        // bastion - hard-coded in rc.conf, reproduced here to reserve ip
+                        "hw-address": "06:ca:1a:10:74:09",
                        "ip-address": "10.215.1.217"
                    }
                ]
--- a/ansible/roles/network/defaults/main.yaml
+++ b/ansible/roles/network/defaults/main.yaml
@ -0,0 +1 @@
+prefer_ipv6: false
--- a/ansible/roles/network/files/odofreebsd_network.conf
+++ b/ansible/roles/network/files/odofreebsd_network.conf
@ -1,3 +1,4 @@
 wlans_iwlwifi0="wlan0"
 ifconfig_wlan0="WPA DHCP"
 ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+ipv6_cpe_wanif="wlan0"
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@ -42,8 +42,6 @@
    state: present
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
-    - name: net.inet6.ip6.accept_rtadv # Enable stateless autoconfiguration (SLAAC)
-      value: "1"
    - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
      value: "1"
    - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
@ -58,3 +56,20 @@
    group: wheel
  loop:
    - local_unbound
+
+- name: Prefer ipv6
+  when: prefer_ipv6
+  sysctl:
+    name: "{{ item.name }}"
+    value: "{{ item.value }}"
+    state: present
+    sysctl_file: "/etc/rc.conf.d/ip6addrctl"
+  loop:
+    - name: ip6addrctl_policy
+      value: "ipv6_prefer"
+
+- name: Don't Prefer ipv6
+  when: not prefer_ipv6
+  file:
+    path: "/etc/rc.conf.d/ip6addrctl"
+    state: absent
--- a/ansible/roles/vscode/files/settings.json
+++ b/ansible/roles/vscode/files/settings.json
@ -33,5 +33,6 @@
  },
  "black-formatter.importStrategy": "fromEnvironment",
  "workbench.statusBar.visible": false,
-  "git.openRepositoryInParentFolders": "never"
+  "git.openRepositoryInParentFolders": "never",
+  "files.autoSave": "afterDelay"
 }