talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Migrate to abbreviated jail folder structure.

Browse Source
This commit is contained in:
Tom Alexander 2024-06-29 15:21:27 -04:00
parent bc29fd5428
commit 62e70554be
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
13 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/environments/colo/host_vars/mrmanager
View File

@ -21,7 +21,7 @@ wireguard_directory: mrmanager
enabled_wireguard: enabled_wireguard:
- colo - colo
jail_zfs_dataset: zdata/jail jail_zfs_dataset: zdata/jail
jail_zfs_dataset_mountpoint: /jail/main jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on" jail_canmount: "on"
jail_list: jail_list:
- name: nat_dhcp - name: nat_dhcp

2
ansible/environments/home/host_vars/homeserver
View File

@ -36,7 +36,7 @@ cputype: "intel"
hwpstate: false hwpstate: false
devfs_rules: "homeserver_devfs.rules" devfs_rules: "homeserver_devfs.rules"
jail_zfs_dataset: zmass/encrypted/jails jail_zfs_dataset: zmass/encrypted/jails
jail_zfs_dataset_mountpoint: /jail/main jail_zfs_dataset_mountpoint: /jail
jail_canmount: "on" jail_canmount: "on"
jail_bemount: "on" jail_bemount: "on"
jail_list: jail_list:

2
ansible/environments/laptop/host_vars/odofreebsd
View File

@ -39,7 +39,7 @@ users:
gitconfig: "gitconfig_home" gitconfig: "gitconfig_home"
devfs_rules: "odo_devfs.rules" devfs_rules: "odo_devfs.rules"
jail_zfs_dataset: zroot/freebsd/current/jails jail_zfs_dataset: zroot/freebsd/current/jails
jail_zfs_dataset_mountpoint: /jail/main jail_zfs_dataset_mountpoint: /jail
jail_list: jail_list:
- name: nat_dhcp - name: nat_dhcp
enabled: true enabled: true

2
ansible/roles/jail/files/jails/admin_git.conf
View File

@ -1,5 +1,5 @@
admin_git { admin_git {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24"; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

2
ansible/roles/jail/files/jails/cloak.conf
View File

@ -1,5 +1,5 @@
cloak { cloak {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24"; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start restricted_nat jail${name} 10.215.2.1/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop restricted_nat jail${name}";

2
ansible/roles/jail/files/jails/dagger.conf
View File

@ -1,5 +1,5 @@
dagger { dagger {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
vnet.interface += "dagger"; vnet.interface += "dagger";

2
ansible/roles/jail/files/jails/mumble.conf
View File

@ -1,5 +1,5 @@
cloak { cloak {
path = "/jail/main/jails/mumble"; path = "/jail/mumble";
vnet; vnet;
vnet.interface += "host_link3"; vnet.interface += "host_link3";

2
ansible/roles/jail/files/jails/nat_dhcp.conf
View File

@ -1,5 +1,5 @@
nat_dhcp { nat_dhcp {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24"; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

2
ansible/roles/jail/files/jails/public_dns.conf
View File

@ -1,5 +1,5 @@
public_dns { public_dns {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24"; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

2
ansible/roles/jail/files/jails/sample.conf
View File

@ -1,5 +1,5 @@
sample { sample {
path = "/jail/main/jails/${name}"; path = "/jail/${name}";
vnet; vnet;
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24"; exec.prestart += "/usr/local/bin/jail_netgraph_bridge start jail_nat jail${name} 10.215.1.1/24";
exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}"; exec.poststop += "/usr/local/bin/jail_netgraph_bridge stop jail_nat jail${name}";

4
ansible/roles/jail/tasks/freebsd.yaml
View File

@ -10,7 +10,7 @@
zfs: zfs:
name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}" name: "{{ item.dataset|default(jail_zfs_dataset) }}/jails/{{ item.name }}"
state: present state: present
extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.properties|default({})) }}' extra_zfs_properties: '{{ {''mountpoint'': item.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.name}|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.properties|default({})) }}'
loop: "{{ jail_list }}" loop: "{{ jail_list }}"
@ -27,7 +27,7 @@
zfs: zfs:
name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}" name: "{{ item.0.dataset|default(jail_zfs_dataset) }}/persistent/{{ item.0.name }}/{{ item.1.name }}"
state: present state: present
extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/jails/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto''), ''ta:bemount'': jail_bemount|default(''on'')})|combine(item.1.properties|default({})) }}' extra_zfs_properties: '{{ {''mountpoint'': item.0.dataset_mountpoint|default(jail_zfs_dataset_mountpoint) + "/" + item.0.name + item.1.mount }|combine({''canmount'': jail_canmount|default(''noauto'')})|combine(item.1.properties|default({})) }}'
loop: "{{ jail_list|subelements('persist', skip_missing=True) }}" loop: "{{ jail_list|subelements('persist', skip_missing=True) }}"
- name: Install scripts - name: Install scripts

2
ansible/roles/jail/templates/new_jail.bash.j2
View File

@ -5,7 +5,7 @@ set -euo pipefail
IFS=$'\n\t' IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${JAIL_MOUNTPOINT:="{{ jail_zfs_dataset_mountpoint }}/jails"} : ${JAIL_MOUNTPOINT:="{{ jail_zfs_dataset_mountpoint }}"}
function die { function die {
echo >&2 "$@" echo >&2 "$@"

5
ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-pkglist
View File

@ -1,19 +1,20 @@
audio/mixertui audio/mixertui
devel/git devel/git
devel/libccid devel/libccid
devel/pyenv
devel/py-jmespath devel/py-jmespath
devel/py-yamllint devel/py-yamllint
devel/pyenv
editors/emacs@nox editors/emacs@nox
editors/mg editors/mg
ftp/wget ftp/wget
graphics/ImageMagick7 graphics/ImageMagick7
lang/python lang/python
misc/terminfo-db
multimedia/ffmpeg multimedia/ffmpeg
multimedia/v4l-utils multimedia/v4l-utils
multimedia/webcamd multimedia/webcamd
net/google-cloud-sdk
net-mgmt/ipcalc net-mgmt/ipcalc
net/google-cloud-sdk
net/rsync net/rsync
net/tcpdump net/tcpdump
net/wireguard-tools net/wireguard-tools