talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add odo FreeBSD.

Browse Source
This commit is contained in:
Tom Alexander 2022-10-15 00:54:11 -04:00
parent c41dfa799c
commit 487547aeb4
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
6 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ansible/environments/laptop/host_vars/odofreebsd Normal file
View File

@ -0,0 +1,12 @@
os_flavor: "freebsd"
zfs_snapshot_datasets:
- zroot/freebsd/release/be/default
sshd_enabled: true
sshd_conf: "sshd_config"
pf_config: "odofreebsd_pf.conf"
pflog_conf:
- name: 0
dev: pflog0
network_rc: "odofreebsd_network.conf"
rc_conf: "odofreebsd_rc.conf"
loader_conf: "odofreebsd_loader.conf"

1
ansible/environments/laptop/hosts
View File

@ -1,2 +1,3 @@
[gui] [gui]
odolinux ansible_connection=local ansible_host=127.0.0.1 odolinux ansible_connection=local ansible_host=127.0.0.1
odofreebsd ansible_connection=local ansible_host=127.0.0.1

6
ansible/roles/base/files/odofreebsd_loader.conf Normal file
View File

@ -0,0 +1,6 @@
security.bsd.allow_destructive_dtrace=0
kern.geom.label.disk_ident.enable="0"
kern.geom.label.gptid.enable="0"
cryptodev_load="YES"
zfs_load="YES"

15
ansible/roles/base/files/odofreebsd_rc.conf Normal file
View File

@ -0,0 +1,15 @@
clear_tmp_enable="YES"
syslogd_flags="-ss"
sendmail_enable="NONE"
hostname="odo"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
local_unbound_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"

33
ansible/roles/firewall/files/odofreebsd_pf.conf Normal file
View File

@ -0,0 +1,33 @@
ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
dhcp = "{ bootpc, bootps }"
# allow = "{ }"
tcp_pass_in = "{ 22 }"
udp_pass_in = "{ 53 51820 }"
# Rules must be in order: options, normalization, queueing, translation, filtering
# options
set skip on lo
# redirections
# filtering
block log all
pass out on $ext_if
# We pass on the interfaces listed in allow rather than skipping on
# them because changes to pass rules will update when running a
# `service pf reload` but interfaces that we `skip` will not update (I
# forget if its from adding, removing, or both. TODO: test to figure
# it out)
# pass quick on $allow
pass on $ext_if proto icmp all
pass on $ext_if proto icmp6 all
pass in on $ext_if proto tcp to any port $tcp_pass_in
pass in on $ext_if proto udp to any port $udp_pass_in
pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp

2
ansible/run.bash
View File

@ -20,6 +20,8 @@ if [ "$target" = "homeserver" ]; then
ansible-playbook -v -i environments/home playbook.yaml --diff --limit homeserver "${@}" ansible-playbook -v -i environments/home playbook.yaml --diff --limit homeserver "${@}"
elif [ "$target" = "odolinux" ]; then elif [ "$target" = "odolinux" ]; then
ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}" ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
elif [ "$target" = "odofreebsd" ]; then
ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
else else
die 1 "Unrecognized target" die 1 "Unrecognized target"
fi fi