Add odo FreeBSD.

2022-10-15 00:54:11 -04:00 · 2022-10-15 00:54:11 -04:00 · 487547aeb4
commit 487547aeb4
parent c41dfa799c
6 changed files with 69 additions and 0 deletions
--- a/ansible/environments/laptop/host_vars/odofreebsd
+++ b/ansible/environments/laptop/host_vars/odofreebsd
@ -0,0 +1,12 @@
+os_flavor: "freebsd"
+zfs_snapshot_datasets:
+  - zroot/freebsd/release/be/default
+sshd_enabled: true
+sshd_conf: "sshd_config"
+pf_config: "odofreebsd_pf.conf"
+pflog_conf:
+  - name: 0
+    dev: pflog0
+network_rc: "odofreebsd_network.conf"
+rc_conf: "odofreebsd_rc.conf"
+loader_conf: "odofreebsd_loader.conf"
--- a/ansible/environments/laptop/hosts
+++ b/ansible/environments/laptop/hosts
@ -1,2 +1,3 @@
 [gui]
 odolinux ansible_connection=local ansible_host=127.0.0.1
+odofreebsd ansible_connection=local ansible_host=127.0.0.1
--- a/ansible/roles/base/files/odofreebsd_loader.conf
+++ b/ansible/roles/base/files/odofreebsd_loader.conf
@ -0,0 +1,6 @@
+security.bsd.allow_destructive_dtrace=0
+kern.geom.label.disk_ident.enable="0"
+kern.geom.label.gptid.enable="0"
+cryptodev_load="YES"
+zfs_load="YES"
+
--- a/ansible/roles/base/files/odofreebsd_rc.conf
+++ b/ansible/roles/base/files/odofreebsd_rc.conf
@ -0,0 +1,15 @@
+clear_tmp_enable="YES"
+syslogd_flags="-ss"
+sendmail_enable="NONE"
+hostname="odo"
+wlans_ath0="wlan0"
+ifconfig_wlan0="WPA DHCP"
+ifconfig_wlan0_ipv6="inet6 accept_rtadv"
+local_unbound_enable="YES"
+sshd_enable="YES"
+ntpd_enable="YES"
+powerd_enable="YES"
+# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
+dumpdev="NO"
+zfs_enable="YES"
+
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@ -0,0 +1,33 @@
+ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
+
+dhcp = "{ bootpc, bootps }"
+# allow = "{ }"
+
+tcp_pass_in = "{ 22 }"
+udp_pass_in = "{ 53 51820 }"
+
+# Rules must be in order: options, normalization, queueing, translation, filtering
+
+# options
+set skip on lo
+
+# redirections
+
+# filtering
+block log all
+pass out on $ext_if
+
+# We pass on the interfaces listed in allow rather than skipping on
+# them because changes to pass rules will update when running a
+# `service pf reload` but interfaces that we `skip` will not update (I
+# forget if its from adding, removing, or both. TODO: test to figure
+# it out)
+# pass quick on $allow
+
+pass on $ext_if proto icmp all
+pass on $ext_if proto icmp6 all
+
+pass in on $ext_if proto tcp to any port $tcp_pass_in
+pass in on $ext_if proto udp to any port $udp_pass_in
+
+pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
--- a/ansible/run.bash
+++ b/ansible/run.bash
@ -20,6 +20,8 @@ if [ "$target" = "homeserver" ]; then
    ansible-playbook -v -i environments/home playbook.yaml --diff --limit homeserver "${@}"
 elif [ "$target" = "odolinux" ]; then
    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odolinux "${@}"
+elif [ "$target" = "odofreebsd" ]; then
+    ansible-playbook -v -i environments/laptop playbook.yaml --diff --limit odofreebsd "${@}"
 else
    die 1 "Unrecognized target"
 fi