diff --git a/.gitattributes b/.gitattributes index 505af13..cf5db54 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ cargo_credentials.toml filter=git-crypt diff=git-crypt **/wireguard_configs/** filter=git-crypt diff=git-crypt +*.key filter=git-crypt diff=git-crypt diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf index 2b3ff41..8b0e368 100644 --- a/ansible/roles/poudriere/files/poudriere.conf +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -1,7 +1,7 @@ # Poudriere can optionally use ZFS for its ports/jail storage. For # ZFS define ZPOOL, otherwise set NO_ZFS=yes -# +# #### ZFS # The pool where poudriere will create all the filesystems it needs # poudriere will use ${ZPOOL}/${ZROOTFS} as its root @@ -10,6 +10,7 @@ # poudriere. # #ZPOOL=zroot +ZPOOL=zroot ### NO ZFS # To not use ZFS, define NO_ZFS=yes @@ -17,6 +18,7 @@ # root of the poudriere zfs filesystem, by default /poudriere # ZROOTFS=/poudriere +ZROOTFS=/poudriere # the host where to download sets for the jails setup # You can specify here a host or an IP @@ -27,7 +29,7 @@ # Also note that every protocols supported by fetch(1) are supported here, even # file:/// # Suggested: https://download.FreeBSD.org -FREEBSD_HOST=_PROTO_://_CHANGE_THIS_ +FREEBSD_HOST=https://download.FreeBSD.org # By default the jails have no /etc/resolv.conf, you will need to set # RESOLV_CONF to a file on your hosts system that will be copied has @@ -64,11 +66,14 @@ USE_PORTLINT=no # yes - Enables tmpfs(5) for wrkdir and data # no - Disable use of tmpfs(5) # EXAMPLE: USE_TMPFS="wrkdir data" -USE_TMPFS=yes +USE_TMPFS=all +# USE_TMPFS=yes +# USE_TMPFS=no # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) #TMPFS_LIMIT=8 +TMPFS_LIMIT=16 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) @@ -132,10 +137,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # Default: no #BAD_PKGNAME_DEPS_ARE_FATAL=yes + # Path to the RSA key to sign the PKG repo with. See pkg-repo(8) -# This produces a repo that supports SIGNATURE_TYPE=PUBKEY -# Default: not set #PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key +PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.d/poudriere.key # Command to sign the PKG repo with. See pkg-repo(8) # This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS @@ -181,6 +186,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # # Example to define PARALLEL_JOBS to one single job # PARALLEL_JOBS=1 +PARALLEL_JOBS=1 # How many jobs should be used for preparing the build? These tend to # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 @@ -190,9 +196,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs # SAVE_WRKDIR=yes -# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz,tzst +# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz # default is tbz # WRKDIR_ARCHIVE_FORMAT=tbz +WRKDIR_ARCHIVE_FORMAT=txz # Disable Linux support # NOLINUX=yes @@ -215,6 +222,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # By default MAKE_JOBS is disabled to allow only one process per cpu # Use the following to allow it anyway # ALLOW_MAKE_JOBS=yes +ALLOW_MAKE_JOBS=yes # List of packages that will always be allowed to use MAKE_JOBS # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports @@ -228,16 +236,19 @@ DISTFILES_CACHE=/usr/ports/distfiles # URL where your POUDRIERE_DATA/logs are hosted # This will be used for giving URL hints to the HTML output when # scheduling and starting builds -#URL_BASE=http://yourdomain.com/poudriere/ +# URL_BASE=https://freebsdpkg.fizz.buzz/logs # This defines the max time (in seconds) that a command may run for a build # before it is killed for taking too long. Default: 86400 #MAX_EXECUTION_TIME=86400 +# 2 days +MAX_EXECUTION_TIME=172800 # This defines the time (in seconds) before a command is considered to # be in a runaway state for having no output on stdout. Default: 7200 #NOHANG_TIME=7200 +NOHANG_TIME=14400 # The repository is updated atomically if set yes. This leaves the @@ -254,6 +265,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # are encountered. # Default: yes #COMMIT_PACKAGES_ON_FAILURE=yes +COMMIT_PACKAGES_ON_FAILURE=no # Keep older package repositories. This can be used to rollback a system # or to bisect issues by changing the repository to one of the older @@ -330,6 +342,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # Set to hosted to use the /data directory instead of inline style HTML # Default: inline #HTML_TYPE="hosted" +HTML_TYPE="hosted" # Set to track remaining ports in the HTML interface. This can slow down # processing of the queue slightly, especially for bulk -a builds. diff --git a/ansible/roles/poudriere/files/poudriere.key b/ansible/roles/poudriere/files/poudriere.key new file mode 100644 index 0000000..7f11634 Binary files /dev/null and b/ansible/roles/poudriere/files/poudriere.key differ diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 1f7d636..7fd2099 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -41,18 +41,18 @@ # - /opt/poudriere/build_configs # - /usr/local/poudriere/data/logs/bulk -# - name: Install Configuration -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ item.dest }}" -# mode: 0600 -# owner: root -# group: wheel -# loop: -# - src: poudriere.conf -# dest: /usr/local/etc/poudriere.conf -# - src: poudriere.key -# dest: /usr/local/etc/poudriere.d/poudriere.key +- name: Install Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0600 + owner: root + group: wheel + loop: + - src: poudriere.conf + dest: /usr/local/etc/poudriere.conf + - src: poudriere.key + dest: /usr/local/etc/poudriere.d/poudriere.key # - src: poudriere_deploy_ed25519 # dest: /usr/local/etc/poudriere.d/poudriere_deploy_ed25519