From 7de6bc92310739de8077f5041aee3c8fb623021d Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 15:29:19 -0500 Subject: [PATCH 01/23] Add a role for portshaker. --- .../environments/laptop/host_vars/odofreebsd | 4 ++ ansible/playbook.yaml | 1 + ansible/roles/hosts/tasks/common.yaml | 2 +- ansible/roles/portshaker/files/freebsd | 10 ++++ ansible/roles/portshaker/files/myrepo | 10 ++++ .../roles/portshaker/files/portshaker.conf | 8 +++ ansible/roles/portshaker/tasks/common.yaml | 15 ++++++ ansible/roles/portshaker/tasks/freebsd.yaml | 50 +++++++++++++++++++ ansible/roles/portshaker/tasks/linux.yaml | 21 ++++++++ ansible/roles/portshaker/tasks/main.yaml | 2 + ansible/roles/portshaker/tasks/peruser.yaml | 29 +++++++++++ .../portshaker/tasks/peruser_freebsd.yaml | 0 .../roles/portshaker/tasks/peruser_linux.yaml | 0 .../roles/sway/files/launch_sway_freebsd.bash | 2 + .../roles/sway/files/launch_sway_linux.bash | 2 + 15 files changed, 155 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/portshaker/files/freebsd create mode 100644 ansible/roles/portshaker/files/myrepo create mode 100644 ansible/roles/portshaker/files/portshaker.conf create mode 100644 ansible/roles/portshaker/tasks/common.yaml create mode 100644 ansible/roles/portshaker/tasks/freebsd.yaml create mode 100644 ansible/roles/portshaker/tasks/linux.yaml create mode 100644 ansible/roles/portshaker/tasks/main.yaml create mode 100644 ansible/roles/portshaker/tasks/peruser.yaml create mode 100644 ansible/roles/portshaker/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/portshaker/tasks/peruser_linux.yaml diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd index 2e2ac18..e74ec32 100644 --- a/ansible/environments/laptop/host_vars/odofreebsd +++ b/ansible/environments/laptop/host_vars/odofreebsd @@ -53,3 +53,7 @@ sway_conf_files: wireguard_directory: odo enabled_wireguard: - wgh +poudriere_builds: + - jail: current + ports: default + set: framework diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 26470e7..d19ced0 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -36,6 +36,7 @@ - google_cloud_sdk - ansible - wireguard + - portshaker - hosts: nat_dhcp:homeserver_nat_dhcp vars: diff --git a/ansible/roles/hosts/tasks/common.yaml b/ansible/roles/hosts/tasks/common.yaml index 32cb8ba..654e56f 100644 --- a/ansible/roles/hosts/tasks/common.yaml +++ b/ansible/roles/hosts/tasks/common.yaml @@ -1,7 +1,7 @@ - name: Set the /etc/hosts ansible.builtin.lineinfile: path: /etc/hosts - regexp: '^{{ item.key | regex_escape() }}' + regexp: '^{{ item.key | regex_escape() }}\s+' line: "{{ item.key }} {{ item.value | join(' ') }}" loop: "{{ etc_hosts | dict2items }}" diff --git a/ansible/roles/portshaker/files/freebsd b/ansible/roles/portshaker/files/freebsd new file mode 100644 index 0000000..78bbe59 --- /dev/null +++ b/ansible/roles/portshaker/files/freebsd @@ -0,0 +1,10 @@ +#!/bin/sh +. /usr/local/share/portshaker/portshaker.subr +if [ "$1" != '--' ]; then + err 1 "Extra arguments" +fi +shift +method="git" +git_clone_uri="https://github.com/freebsd/freebsd-ports.git" +git_branch="main" +run_portshaker_command $* diff --git a/ansible/roles/portshaker/files/myrepo b/ansible/roles/portshaker/files/myrepo new file mode 100644 index 0000000..cbfb281 --- /dev/null +++ b/ansible/roles/portshaker/files/myrepo @@ -0,0 +1,10 @@ +#!/bin/sh +. /usr/local/share/portshaker/portshaker.subr +if [ "$1" != '--' ]; then + err 1 "Extra arguments" +fi +shift +method="git" +git_clone_uri="https://code.fizz.buzz/talexander/ta_ports.git" +git_branch="master" +run_portshaker_command $* diff --git a/ansible/roles/portshaker/files/portshaker.conf b/ansible/roles/portshaker/files/portshaker.conf new file mode 100644 index 0000000..0f92d26 --- /dev/null +++ b/ansible/roles/portshaker/files/portshaker.conf @@ -0,0 +1,8 @@ +#---[ Base directory for mirrored Ports Trees ]--- +mirror_base_dir="/var/cache/portshaker" + +#---[ Directories where to merge ports ]--- +ports_trees="main" + +main_ports_tree="/usr/local/portshaker/trees/main" +main_merge_from="freebsd myrepo" diff --git a/ansible/roles/portshaker/tasks/common.yaml b/ansible/roles/portshaker/tasks/common.yaml new file mode 100644 index 0000000..fef1101 --- /dev/null +++ b/ansible/roles/portshaker/tasks/common.yaml @@ -0,0 +1,15 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/portshaker/tasks/freebsd.yaml b/ansible/roles/portshaker/tasks/freebsd.yaml new file mode 100644 index 0000000..1cb2abc --- /dev/null +++ b/ansible/roles/portshaker/tasks/freebsd.yaml @@ -0,0 +1,50 @@ +# Update ports tree: +# portshaker -U +# portshaker -M +# +# Force build: +# poudriere bulk -J 4 -C -j current -p default -z testing sysutils/kubectx +# +# Test build with interactive shell +# poudriere testport -i -J 4 -j current -p default -z testing sysutils/kubectx +# optional add -w to save the work directory + +- name: Install packages + package: + name: + - portshaker + state: present + +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /usr/local/portshaker/trees + +- name: Install Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + loop: + - src: portshaker.conf + dest: /usr/local/etc/portshaker.conf + +- name: Install Scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: root + group: wheel + loop: + - src: freebsd + dest: /usr/local/etc/portshaker.d/freebsd + - src: myrepo + dest: /usr/local/etc/portshaker.d/myrepo diff --git a/ansible/roles/portshaker/tasks/linux.yaml b/ansible/roles/portshaker/tasks/linux.yaml new file mode 100644 index 0000000..429ad91 --- /dev/null +++ b/ansible/roles/portshaker/tasks/linux.yaml @@ -0,0 +1,21 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present diff --git a/ansible/roles/portshaker/tasks/main.yaml b/ansible/roles/portshaker/tasks/main.yaml new file mode 100644 index 0000000..87fe19a --- /dev/null +++ b/ansible/roles/portshaker/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + when: poudriere_builds is defined and poudriere_builds diff --git a/ansible/roles/portshaker/tasks/peruser.yaml b/ansible/roles/portshaker/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/portshaker/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/portshaker/tasks/peruser_freebsd.yaml b/ansible/roles/portshaker/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/portshaker/tasks/peruser_linux.yaml b/ansible/roles/portshaker/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/sway/files/launch_sway_freebsd.bash b/ansible/roles/sway/files/launch_sway_freebsd.bash index ba743c0..dfb1225 100644 --- a/ansible/roles/sway/files/launch_sway_freebsd.bash +++ b/ansible/roles/sway/files/launch_sway_freebsd.bash @@ -11,6 +11,8 @@ if [[ ! -v XDG_RUNTIME_DIR ]]; then fi +export XDG_CURRENT_DESKTOP=sway + # Enable wayland support for firefox export MOZ_ENABLE_WAYLAND=1 diff --git a/ansible/roles/sway/files/launch_sway_linux.bash b/ansible/roles/sway/files/launch_sway_linux.bash index f7d9561..d1e10a3 100644 --- a/ansible/roles/sway/files/launch_sway_linux.bash +++ b/ansible/roles/sway/files/launch_sway_linux.bash @@ -5,4 +5,6 @@ set -euo pipefail IFS=$'\n\t' DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +export XDG_CURRENT_DESKTOP=sway + exec sway -d &> $HOME/.config/swaylog From 2fdb47e1a186ea21e1fd7ddc431cd34e2723fe85 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 16:33:45 -0500 Subject: [PATCH 02/23] Starting the poudriere role. --- ansible/playbook.yaml | 69 ++++++++++--------- ansible/roles/poudriere/meta/main.yaml | 2 + ansible/roles/poudriere/tasks/common.yaml | 15 ++++ ansible/roles/poudriere/tasks/freebsd.yaml | 64 +++++++++++++++++ ansible/roles/poudriere/tasks/linux.yaml | 21 ++++++ ansible/roles/poudriere/tasks/main.yaml | 2 + ansible/roles/poudriere/tasks/peruser.yaml | 29 ++++++++ .../poudriere/tasks/peruser_freebsd.yaml | 0 .../roles/poudriere/tasks/peruser_linux.yaml | 0 9 files changed, 168 insertions(+), 34 deletions(-) create mode 100644 ansible/roles/poudriere/meta/main.yaml create mode 100644 ansible/roles/poudriere/tasks/common.yaml create mode 100644 ansible/roles/poudriere/tasks/freebsd.yaml create mode 100644 ansible/roles/poudriere/tasks/linux.yaml create mode 100644 ansible/roles/poudriere/tasks/main.yaml create mode 100644 ansible/roles/poudriere/tasks/peruser.yaml create mode 100644 ansible/roles/poudriere/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/poudriere/tasks/peruser_linux.yaml diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index d19ced0..2d5f617 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -2,41 +2,42 @@ vars: ansible_become: True roles: - - sudo + # - sudo - users - - package_manager - - zrepl - - zsh - - network - - sshd - - base - - firewall - - cpu - - ntp - - hosts - - build - - sound - - graphics - - gpg - - fonts - - alacritty - - sway - - emacs - - firefox - - devfs - - ssh_client - - sshfs - - jail - - fuse - - autofs - - exfat - - bhyve - - media - - kubernetes - - google_cloud_sdk - - ansible - - wireguard - - portshaker + # - package_manager + # - zrepl + # - zsh + # - network + # - sshd + # - base + # - firewall + # - cpu + # - ntp + # - hosts + # - build + # - sound + # - graphics + # - gpg + # - fonts + # - alacritty + # - sway + # - emacs + # - firefox + # - devfs + # - ssh_client + # - sshfs + # - jail + # - fuse + # - autofs + # - exfat + # - bhyve + # - media + # - kubernetes + # - google_cloud_sdk + # - ansible + # - wireguard + # - portshaker + - poudriere - hosts: nat_dhcp:homeserver_nat_dhcp vars: diff --git a/ansible/roles/poudriere/meta/main.yaml b/ansible/roles/poudriere/meta/main.yaml new file mode 100644 index 0000000..c762ec6 --- /dev/null +++ b/ansible/roles/poudriere/meta/main.yaml @@ -0,0 +1,2 @@ +dependencies: + - portshaker diff --git a/ansible/roles/poudriere/tasks/common.yaml b/ansible/roles/poudriere/tasks/common.yaml new file mode 100644 index 0000000..fef1101 --- /dev/null +++ b/ansible/roles/poudriere/tasks/common.yaml @@ -0,0 +1,15 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml new file mode 100644 index 0000000..79477e9 --- /dev/null +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -0,0 +1,64 @@ +# +# Get CPU type: +# sh -c "clang -v -fsyntax-only -march=native -x c /dev/null 2>&1 | grep -e '-target-cpu' | sed -e 's|.*-target-cpu \([[:alnum:]]*\) .*|\1|'" +# +# Check the CPU type: +# make -C /usr/src CPUTYPE=broadwell -V MACHINE_CPU +# +# Generate options file for ports +# poudriere options -j 12amd64 -p default -z stream -f /usr/local/etc/poudriere.d/12amd64-default-stream-pkglist +# +# Generate options file for specific ports +# poudriere options -j 12amd64 -p default -z stream -c lang/gcc48 +# +# Build the packages +# poudriere bulk -j 12amd64 -p default -z stream -f /usr/local/etc/poudriere.d/12amd64-default-stream-pkglist +# +# List installed packages +# pkg query -e '%a = 0' '%o' | sort + +- name: Install packages + package: + name: + - poudriere + - bash + - rsync + - flock + state: present + +# - name: Create directories +# file: +# name: "{{ item }}" +# state: directory +# mode: 0755 +# owner: root +# group: wheel +# loop: +# - /usr/ports/distfiles +# - /opt/poudriere/build_configs +# - /usr/local/poudriere/data/logs/bulk + +# - name: Install Configuration +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0600 +# owner: root +# group: wheel +# loop: +# - src: poudriere.conf +# dest: /usr/local/etc/poudriere.conf +# - src: poudriere.key +# dest: /usr/local/etc/poudriere.d/poudriere.key +# - src: poudriere_deploy_ed25519 +# dest: /usr/local/etc/poudriere.d/poudriere_deploy_ed25519 + +# - name: Install Configuration directory +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# owner: root +# group: wheel +# loop: +# - src: poudriere.d +# dest: /usr/local/etc/ diff --git a/ansible/roles/poudriere/tasks/linux.yaml b/ansible/roles/poudriere/tasks/linux.yaml new file mode 100644 index 0000000..429ad91 --- /dev/null +++ b/ansible/roles/poudriere/tasks/linux.yaml @@ -0,0 +1,21 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present diff --git a/ansible/roles/poudriere/tasks/main.yaml b/ansible/roles/poudriere/tasks/main.yaml new file mode 100644 index 0000000..87fe19a --- /dev/null +++ b/ansible/roles/poudriere/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + when: poudriere_builds is defined and poudriere_builds diff --git a/ansible/roles/poudriere/tasks/peruser.yaml b/ansible/roles/poudriere/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/poudriere/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/poudriere/tasks/peruser_freebsd.yaml b/ansible/roles/poudriere/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/poudriere/tasks/peruser_linux.yaml b/ansible/roles/poudriere/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 From 85d9b4a569c6a2d6070a86cbac3e0b7cbe9819f4 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 17:19:13 -0500 Subject: [PATCH 03/23] Fix sending dns servers in dhcp response. --- ansible/playbook.yaml | 4 ++-- ansible/roles/bhyve/files/arch.conf | 2 +- ansible/roles/firewall/files/odofreebsd_pf.conf | 2 +- ansible/roles/jail_nat_dhcp/files/dhcpd.conf | 1 + ansible/roles/poudriere/tasks/freebsd.yaml | 3 +++ 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 2d5f617..3cba5ab 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -10,7 +10,7 @@ # - network # - sshd # - base - # - firewall + - firewall # - cpu # - ntp # - hosts @@ -30,7 +30,7 @@ # - fuse # - autofs # - exfat - # - bhyve + - bhyve # - media # - kubernetes # - google_cloud_sdk diff --git a/ansible/roles/bhyve/files/arch.conf b/ansible/roles/bhyve/files/arch.conf index ef6ff6d..18bbf6b 100644 --- a/ansible/roles/bhyve/files/arch.conf +++ b/ansible/roles/bhyve/files/arch.conf @@ -13,7 +13,7 @@ console="tmux" cpu=1 memory=1024M -disk0_type="virtio-blk" +disk0_type="nvme" disk0_name="disk0" disk0_dev="sparse-zvol" virt_random="yes" # virtio-rnd diff --git a/ansible/roles/firewall/files/odofreebsd_pf.conf b/ansible/roles/firewall/files/odofreebsd_pf.conf index 16c77e8..ecb4691 100644 --- a/ansible/roles/firewall/files/odofreebsd_pf.conf +++ b/ansible/roles/firewall/files/odofreebsd_pf.conf @@ -42,4 +42,4 @@ pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp pass in on host_uplink0 proto udp from any to any port { 53 51820 } pass out on host_uplink0 proto tcp from any to any port 8081 -pass in on host_uplink1 +pass on host_uplink1 diff --git a/ansible/roles/jail_nat_dhcp/files/dhcpd.conf b/ansible/roles/jail_nat_dhcp/files/dhcpd.conf index 36d1f19..aa36935 100644 --- a/ansible/roles/jail_nat_dhcp/files/dhcpd.conf +++ b/ansible/roles/jail_nat_dhcp/files/dhcpd.conf @@ -9,4 +9,5 @@ subnet 10.213.177.0 netmask 255.255.255.0 { range 10.213.177.10 10.213.177.250; option broadcast-address 10.213.177.255; option routers 10.213.177.1; + option domain-name-servers 10.213.177.1; } diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 79477e9..1f7d636 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -16,6 +16,9 @@ # # List installed packages # pkg query -e '%a = 0' '%o' | sort +# +# Consider setting the following in the poudriere vm-bhyve config: +# priority="20" - name: Install packages package: From 8e412456d21cff6a036ed361af80cd2eb0b69c39 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 17:43:44 -0500 Subject: [PATCH 04/23] Add notes to the bhyve template. --- ansible/roles/bhyve/files/arch.conf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/ansible/roles/bhyve/files/arch.conf b/ansible/roles/bhyve/files/arch.conf index 18bbf6b..2104df9 100644 --- a/ansible/roles/bhyve/files/arch.conf +++ b/ansible/roles/bhyve/files/arch.conf @@ -20,3 +20,14 @@ virt_random="yes" # virtio-rnd # Creates a link to host_bridge1's link3 hook to the vmlink hook on a type socket bhyve_options="-s 2:0,virtio-net,netgraph,path=host_bridge1:,peerhook=link3" + +# Share a host directory to the guest via 9pfs. +# +# Inside the VM run: +# mount -t virtfs -o trans=virtio sharename /some/vm/path +# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p +# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 sharename /path/to/mountpoint +# bhyve_options="-s 28,virtio-9p,sharename=/" + +# Enable Sound +# bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp" From 93dab7081790e5469506453c1c74660354673aa5 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 17:55:44 -0500 Subject: [PATCH 05/23] Move poudriere to inside a VM. --- ansible/environments/laptop/host_vars/odofreebsd | 4 ---- ansible/environments/vm/host_vars/poudriereodo | 5 +++++ ansible/environments/vm/hosts | 2 ++ ansible/playbook.yaml | 11 +++++++++-- ansible/run.bash | 3 ++- 5 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 ansible/environments/vm/host_vars/poudriereodo create mode 100644 ansible/environments/vm/hosts diff --git a/ansible/environments/laptop/host_vars/odofreebsd b/ansible/environments/laptop/host_vars/odofreebsd index e74ec32..2e2ac18 100644 --- a/ansible/environments/laptop/host_vars/odofreebsd +++ b/ansible/environments/laptop/host_vars/odofreebsd @@ -53,7 +53,3 @@ sway_conf_files: wireguard_directory: odo enabled_wireguard: - wgh -poudriere_builds: - - jail: current - ports: default - set: framework diff --git a/ansible/environments/vm/host_vars/poudriereodo b/ansible/environments/vm/host_vars/poudriereodo new file mode 100644 index 0000000..ac36095 --- /dev/null +++ b/ansible/environments/vm/host_vars/poudriereodo @@ -0,0 +1,5 @@ +os_flavor: "freebsd" +poudriere_builds: + - jail: 13amd64 + ports: default + set: framework diff --git a/ansible/environments/vm/hosts b/ansible/environments/vm/hosts new file mode 100644 index 0000000..9213441 --- /dev/null +++ b/ansible/environments/vm/hosts @@ -0,0 +1,2 @@ +[vm] +poudriereodo ansible_user=builder ansible_host=10.213.177.11 diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 3cba5ab..d4f4ef6 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -1,4 +1,4 @@ -- hosts: all:!jail +- hosts: all:!jail:!vm vars: ansible_become: True roles: @@ -37,10 +37,17 @@ # - ansible # - wireguard # - portshaker - - poudriere + # - poudriere - hosts: nat_dhcp:homeserver_nat_dhcp vars: ansible_become: True roles: - jail_nat_dhcp + +- hosts: poudriereodo + vars: + ansible_become: True + roles: + - portshaker + - poudriere diff --git a/ansible/run.bash b/ansible/run.bash index 2f37517..2d7eba8 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -26,7 +26,8 @@ elif [ "$target" = "jail_nat_dhcp" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}" elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}" - # +elif [ "$target" = "vm_poudriereodo" ]; then + ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}" else die 1 "Unrecognized target" fi From 50161440471bdcbb156d5ba84400bac8a1c9b2ab Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:00:10 -0500 Subject: [PATCH 06/23] Add sample poudriere conf. --- ansible/roles/poudriere/files/poudriere.conf | 337 +++++++++++++++++++ 1 file changed, 337 insertions(+) create mode 100644 ansible/roles/poudriere/files/poudriere.conf diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf new file mode 100644 index 0000000..2b3ff41 --- /dev/null +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -0,0 +1,337 @@ + +# Poudriere can optionally use ZFS for its ports/jail storage. For +# ZFS define ZPOOL, otherwise set NO_ZFS=yes +# +#### ZFS +# The pool where poudriere will create all the filesystems it needs +# poudriere will use ${ZPOOL}/${ZROOTFS} as its root +# +# You need at least 7GB of free space in this pool to have a working +# poudriere. +# +#ZPOOL=zroot + +### NO ZFS +# To not use ZFS, define NO_ZFS=yes +#NO_ZFS=yes + +# root of the poudriere zfs filesystem, by default /poudriere +# ZROOTFS=/poudriere + +# the host where to download sets for the jails setup +# You can specify here a host or an IP +# replace _PROTO_ by http or ftp +# replace _CHANGE_THIS_ by the hostname of the mirrors where you want to fetch +# by default: ftp://ftp.freebsd.org +# +# Also note that every protocols supported by fetch(1) are supported here, even +# file:/// +# Suggested: https://download.FreeBSD.org +FREEBSD_HOST=_PROTO_://_CHANGE_THIS_ + +# By default the jails have no /etc/resolv.conf, you will need to set +# RESOLV_CONF to a file on your hosts system that will be copied has +# /etc/resolv.conf for the jail, except if you don't need it (using an http +# proxy for example) +RESOLV_CONF=/etc/resolv.conf + +# The directory where poudriere will store jails and ports +BASEFS=/usr/local/poudriere + +# The directory where the jail will store the packages and logs +# by default a zfs filesystem will be created and set to +# ${BASEFS}/data +# +#POUDRIERE_DATA=${BASEFS}/data + +# Use portlint to check ports sanity +USE_PORTLINT=no + +# When building packages, a memory device can be used to speedup the build. +# Only one of MFSSIZE or USE_TMPFS is supported. TMPFS is generally faster +# and will expand to the needed amount of RAM. MFS is a slower since it +# uses UFS and several abstraction layers. + +# If set WRKDIRPREFIX will be mdmfs of the given size (mM or gG) +#MFSSIZE=4G + +# Use tmpfs(5) +# This can be a space-separated list of options: +# wrkdir - Use tmpfs(5) for port building WRKDIRPREFIX +# data - Use tmpfs(5) for poudriere cache/temp build data +# localbase - Use tmpfs(5) for LOCALBASE (installing ports for packaging/testing) +# all - Run the entire build in memory, including builder jails. +# yes - Enables tmpfs(5) for wrkdir and data +# no - Disable use of tmpfs(5) +# EXAMPLE: USE_TMPFS="wrkdir data" +USE_TMPFS=yes + +# How much memory to limit tmpfs size to for *each builder* in GiB +# (default: none) +#TMPFS_LIMIT=8 + +# How much memory to limit jail processes to for *each builder* +# in GiB (default: none) +#MAX_MEMORY=8 + +# How many file descriptors to limit each jail process to (default: 1024) +# This can also be set per PKGBASE, such as MAX_FILES_RStudio=2048. +# Package names with hyphens (-) should be replaced with underscores (_). +#MAX_FILES=1024 + +# If set the given directory will be used for the distfiles +# This allows to share the distfiles between jails and ports tree +# If this is "no", poudriere must be supplied a ports tree that already has +# the required distfiles. +DISTFILES_CACHE=/usr/ports/distfiles + +# If set the ports tree marked to use git will use the defined +# mirror (default: git.FreeBSD.org/port.git) +# +# Example to use github mirror: +#GIT_BASEURL=https://github.com/freebsd/freebsd-src.git + +# If set the source tree marked to use git will use the defined +# mirror (default: git.FreeBSD.org/src.git) +# +# Example to use github mirror: +#GIT_PORTSURL=https://github.com/freebsd/freebsd-ports.git + +# If set the ports tree or source tree marked to use svn will use the defined +# mirror (default: svn.FreeBSD.org) +# The SSL fingerprints are published here: +# https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html#svn-mirrors +#SVN_HOST=svn.FreeBSD.org + +# Automatic OPTION change detection +# When bulk building packages, compare the options from kept packages to +# the current options to be built. If they differ, the existing package +# will be deleted and the port will be rebuilt. +# Valid options: yes, no, verbose +# verbose will display the old and new options +#CHECK_CHANGED_OPTIONS=verbose + +# Automatic Dependency change detection +# When bulk building packages, compare the dependencies from kept packages to +# the current dependencies for every port. If they differ, the existing package +# will be deleted and the port will be rebuilt. This helps catch changes such +# as DEFAULT_RUBY_VERSION, PERL_VERSION, WITHOUT_X11 that change dependencies +# for many ports. +# Valid options: yes, no +# Default: yes +#CHECK_CHANGED_DEPS=yes + +# Consider bad dependency lines on the wrong PKGNAME as fatal. +# For example: +# BUILD_DEPENDS= p5-List-MoreUtils>=0:lang/p5-List-MoreUtils +# If this port's PKGNAME were really "List-MoreUtils" then it would +# not be recorded into the resulting package. The next build with +# CHECK_CHANGED_DEPS enabled would consider it a "new dependency" +# since it is in the port but not in the package. This is usually +# a warning but can be made fatal instead by enabling this option. +# Default: no +#BAD_PKGNAME_DEPS_ARE_FATAL=yes + +# Path to the RSA key to sign the PKG repo with. See pkg-repo(8) +# This produces a repo that supports SIGNATURE_TYPE=PUBKEY +# Default: not set +#PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key + +# Command to sign the PKG repo with. See pkg-repo(8) +# This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS +# Default: not set +#SIGNING_COMMAND=ssh signing-server sign.sh + +# Repo signing command execution context +# If SIGNING_COMMAND is set, run pkg-repo(8) on the host? +# no - Run in the jail +# yes - Run on the host +# Default: no +#PKG_REPO_FROM_HOST=yes + +# ccache support. Supply the path to your ccache cache directory. +# It will be mounted into the jail and be shared among all jails. +# It is recommended that extra ccache configuration be done with +# ccache -o rather than from the environment. +#CCACHE_DIR=/var/cache/ccache + +# Static ccache support from host. This uses the existing +# ccache from the host in the build jail. This is useful for +# using ccache+memcached which cannot easily be bootstrapped +# otherwise. The path to the PREFIX where ccache was installed +# must be used here, and ccache must have been built statically. +# Note also that ccache+memcached will require network access +# which is normally disabled. Separately setting RESTRICT_NETWORKING=no +# may be required for non-localhost memcached servers. +#CCACHE_STATIC_PREFIX=/usr/local + +# The jails normally only allow network access during the 'make fetch' +# phase. This is a security restriction to prevent random things +# ran during a build from accessing the network. Disabling this +# is not advised. ALLOW_NETWORKING_PACKAGES may be used to allow networking +# for a subset of packages only. +#RESTRICT_NETWORKING=yes +#ALLOW_NETWORKING_PACKAGES="npm-foo" + +# parallel build support. +# +# By default poudriere uses hw.ncpu to determine the number of builders. +# You can override this default by changing PARALLEL_JOBS here, or +# by specifying the -J flag to bulk/testport. +# +# Example to define PARALLEL_JOBS to one single job +# PARALLEL_JOBS=1 + +# How many jobs should be used for preparing the build? These tend to +# be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 +# PREPARE_PARALLEL_JOBS=1 + + +# If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs +# SAVE_WRKDIR=yes + +# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz,tzst +# default is tbz +# WRKDIR_ARCHIVE_FORMAT=tbz + +# Disable Linux support +# NOLINUX=yes + +# By default poudriere sets FORCE_PACKAGE +# To disable it (useful when building public packages): +# NO_FORCE_PACKAGE=yes + +# By default poudriere sets PACKAGE_BUILDING +# To disable it: +# NO_PACKAGE_BUILDING=yes + +# If you are using a proxy define it here: +# export HTTP_PROXY=bla +# export FTP_PROXY=bla +# +# Cleanout the restricted packages +# NO_RESTRICTED=yes + +# By default MAKE_JOBS is disabled to allow only one process per cpu +# Use the following to allow it anyway +# ALLOW_MAKE_JOBS=yes + +# List of packages that will always be allowed to use MAKE_JOBS +# regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports +# which holdup the rest of the queue to build more quickly. +#ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py*" + +# Timestamp every line of build logs +# Default: no +#TIMESTAMP_LOGS=no + +# URL where your POUDRIERE_DATA/logs are hosted +# This will be used for giving URL hints to the HTML output when +# scheduling and starting builds +#URL_BASE=http://yourdomain.com/poudriere/ + + +# This defines the max time (in seconds) that a command may run for a build +# before it is killed for taking too long. Default: 86400 +#MAX_EXECUTION_TIME=86400 + +# This defines the time (in seconds) before a command is considered to +# be in a runaway state for having no output on stdout. Default: 7200 +#NOHANG_TIME=7200 + + +# The repository is updated atomically if set yes. This leaves the +# repository untouched until the build completes. This involves using +# hardlinks and symlinks. The operations are fast, but can be intrusive +# for remote syncing or backups. +# Recommended to always keep on. +# Default: yes +#ATOMIC_PACKAGE_REPOSITORY=yes + +# When using ATOMIC_PACKAGE_REPOSITORY, commit the packages if some +# packages fail to build. Ignored ports are considered successful. +# This can be set to 'no' to only commit the packages once no failures +# are encountered. +# Default: yes +#COMMIT_PACKAGES_ON_FAILURE=yes + +# Keep older package repositories. This can be used to rollback a system +# or to bisect issues by changing the repository to one of the older +# versions and reinstalling everything with `pkg upgrade -f` +# ATOMIC_PACKAGE_REPOSITORY is required for this. +# Default: no +#KEEP_OLD_PACKAGES=no + +# How many old package repositories to keep with KEEP_OLD_PACKAGES +# Default: 5 +#KEEP_OLD_PACKAGES_COUNT=5 + +# Make testing errors fatal. +# If set to 'no', ports with test failure will be marked as failed but still +# packaged to permit testing dependent ports (useful for bulk -t -a) +# Default: yes +#PORTTESTING_FATAL=yes + +# Define the building jail hostname to be used when building the packages +# Some port/packages hardcode the hostname of the host during build time +# This is a necessary setup for reproducible builds. +#BUILDER_HOSTNAME=pkg.FreeBSD.org + +# Define to get a predictable timestamp on the ports tree +# This is a necessary setup for reproducible builds. +#PRESERVE_TIMESTAMP=yes + +# Define to yes to build and stage as a regular user +# Default: yes, unless CCACHE_DIR is set and CCACHE_DIR_NON_ROOT_SAFE is not +# set. Note that to use ccache with BUILD_AS_NON_ROOT you will need to +# use a non-shared CCACHE_DIR that is only built by PORTBUILD_USER and chowned +# to that user. Then set CCACHE_DIR_NON_ROOT_SAFE to yes. +#BUILD_AS_NON_ROOT=no + +# Define to the username to build as when BUILD_AS_NON_ROOT is yes. +# Default: nobody (uid PORTBUILD_UID) +#PORTBUILD_USER=nobody + +# Define to the uid to use for PORTBUILD_USER if the user does not +# already exist in the jail. +# Default: 65532 +#PORTBUILD_UID=65534 + +# Define pkgname globs to boost priority for +# Default: none +#PRIORITY_BOOST="pypy openoffice*" + +# Define format for buildnames +# Default: %Y-%m-%d_%Hh%Mm%Ss +# ISO8601: +#BUILDNAME_FORMAT="%FT%T%z" + +# Define format for build duration times +# Default: %H:%M:%S +#DURATION_FORMAT="%H:%M:%S" + +# Use colors when in a TTY +# Default: yes +#USE_COLORS=yes + +# Only build what is requested. Do not rebuild build deps if nothing requested +# depends on them. This can create an inconsistent repository if you often +# build one-off packages but expect the repository to stay consistent. +# Defaut: yes +#TRIM_ORPHANED_BUILD_DEPS=yes + +# A list of directories to exclude from leftover and filesystem violation +# mtree checks. Ccache is used here as an example but is already +# excluded by default. There is no need to add it here unless a +# special configuration is used where it is a problem. +# Default: none +#LOCAL_MTREE_EXCLUDES="/usr/obj /var/tmp/ccache" + +# Set to hosted to use the /data directory instead of inline style HTML +# Default: inline +#HTML_TYPE="hosted" + +# Set to track remaining ports in the HTML interface. This can slow down +# processing of the queue slightly, especially for bulk -a builds. +# Default: no +#HTML_TRACK_REMAINING=yes From 8c8bf93d4c4dcf2adbffb556f367f8f846a80969 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:13:42 -0500 Subject: [PATCH 07/23] Add poudriere config. --- .gitattributes | 1 + ansible/roles/poudriere/files/poudriere.conf | 27 ++++++++++++++----- ansible/roles/poudriere/files/poudriere.key | Bin 0 -> 3265 bytes ansible/roles/poudriere/tasks/freebsd.yaml | 24 ++++++++--------- 4 files changed, 33 insertions(+), 19 deletions(-) create mode 100644 ansible/roles/poudriere/files/poudriere.key diff --git a/.gitattributes b/.gitattributes index 505af13..cf5db54 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ cargo_credentials.toml filter=git-crypt diff=git-crypt **/wireguard_configs/** filter=git-crypt diff=git-crypt +*.key filter=git-crypt diff=git-crypt diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf index 2b3ff41..8b0e368 100644 --- a/ansible/roles/poudriere/files/poudriere.conf +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -1,7 +1,7 @@ # Poudriere can optionally use ZFS for its ports/jail storage. For # ZFS define ZPOOL, otherwise set NO_ZFS=yes -# +# #### ZFS # The pool where poudriere will create all the filesystems it needs # poudriere will use ${ZPOOL}/${ZROOTFS} as its root @@ -10,6 +10,7 @@ # poudriere. # #ZPOOL=zroot +ZPOOL=zroot ### NO ZFS # To not use ZFS, define NO_ZFS=yes @@ -17,6 +18,7 @@ # root of the poudriere zfs filesystem, by default /poudriere # ZROOTFS=/poudriere +ZROOTFS=/poudriere # the host where to download sets for the jails setup # You can specify here a host or an IP @@ -27,7 +29,7 @@ # Also note that every protocols supported by fetch(1) are supported here, even # file:/// # Suggested: https://download.FreeBSD.org -FREEBSD_HOST=_PROTO_://_CHANGE_THIS_ +FREEBSD_HOST=https://download.FreeBSD.org # By default the jails have no /etc/resolv.conf, you will need to set # RESOLV_CONF to a file on your hosts system that will be copied has @@ -64,11 +66,14 @@ USE_PORTLINT=no # yes - Enables tmpfs(5) for wrkdir and data # no - Disable use of tmpfs(5) # EXAMPLE: USE_TMPFS="wrkdir data" -USE_TMPFS=yes +USE_TMPFS=all +# USE_TMPFS=yes +# USE_TMPFS=no # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) #TMPFS_LIMIT=8 +TMPFS_LIMIT=16 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) @@ -132,10 +137,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # Default: no #BAD_PKGNAME_DEPS_ARE_FATAL=yes + # Path to the RSA key to sign the PKG repo with. See pkg-repo(8) -# This produces a repo that supports SIGNATURE_TYPE=PUBKEY -# Default: not set #PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key +PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.d/poudriere.key # Command to sign the PKG repo with. See pkg-repo(8) # This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS @@ -181,6 +186,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # # Example to define PARALLEL_JOBS to one single job # PARALLEL_JOBS=1 +PARALLEL_JOBS=1 # How many jobs should be used for preparing the build? These tend to # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 @@ -190,9 +196,10 @@ DISTFILES_CACHE=/usr/ports/distfiles # If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs # SAVE_WRKDIR=yes -# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz,tzst +# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz # default is tbz # WRKDIR_ARCHIVE_FORMAT=tbz +WRKDIR_ARCHIVE_FORMAT=txz # Disable Linux support # NOLINUX=yes @@ -215,6 +222,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # By default MAKE_JOBS is disabled to allow only one process per cpu # Use the following to allow it anyway # ALLOW_MAKE_JOBS=yes +ALLOW_MAKE_JOBS=yes # List of packages that will always be allowed to use MAKE_JOBS # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports @@ -228,16 +236,19 @@ DISTFILES_CACHE=/usr/ports/distfiles # URL where your POUDRIERE_DATA/logs are hosted # This will be used for giving URL hints to the HTML output when # scheduling and starting builds -#URL_BASE=http://yourdomain.com/poudriere/ +# URL_BASE=https://freebsdpkg.fizz.buzz/logs # This defines the max time (in seconds) that a command may run for a build # before it is killed for taking too long. Default: 86400 #MAX_EXECUTION_TIME=86400 +# 2 days +MAX_EXECUTION_TIME=172800 # This defines the time (in seconds) before a command is considered to # be in a runaway state for having no output on stdout. Default: 7200 #NOHANG_TIME=7200 +NOHANG_TIME=14400 # The repository is updated atomically if set yes. This leaves the @@ -254,6 +265,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # are encountered. # Default: yes #COMMIT_PACKAGES_ON_FAILURE=yes +COMMIT_PACKAGES_ON_FAILURE=no # Keep older package repositories. This can be used to rollback a system # or to bisect issues by changing the repository to one of the older @@ -330,6 +342,7 @@ DISTFILES_CACHE=/usr/ports/distfiles # Set to hosted to use the /data directory instead of inline style HTML # Default: inline #HTML_TYPE="hosted" +HTML_TYPE="hosted" # Set to track remaining ports in the HTML interface. This can slow down # processing of the queue slightly, especially for bulk -a builds. diff --git a/ansible/roles/poudriere/files/poudriere.key b/ansible/roles/poudriere/files/poudriere.key new file mode 100644 index 0000000000000000000000000000000000000000..7f11634ed8296e14c2d9a152e7a9fab70827fbb1 GIT binary patch literal 3265 zcmV;y3_kM!M@dveQdv+`0MEc&{R7mZ{r^KEkTvquws$CHupr1ZhP4N+XbG*gSoHNI zbL3vxp8ap%0Yvska(y@Dp9T8? zN^DqjR^jSSH=ZyR1cc%^{d+)$-Oi+J}a&@skYeY#@s z?@9|+ZlUEEzNO>4bo5klt=a27K*I}bezwx`65RSy`TIkH9KJRtsgt;0p~y;Pr ze?q4EA0gxvZ()t%!g=iXU=5>LL?xk0)!B~zSuI&L*-k6GZOr^O0Go#+4=nYqf~^0f zwnLDIqtBmobd3=9ejbI&W--068h-zz$MMgycdJ4G)BGw6Y_ zfKevJ=m$HZIW+X4L~OpMZtPL1ATND2jTZ5jxAfKb@|*O&rf0pFcTv(>9CyYWwk%C2q>RbaI%$AZHm*I27( z!QLjxs^Kv3Q-XRi#>Qn&*~1EIRtQWL0l-fJls~Hu=VxO$*Eo3K2hbA`&dM+Qlze=H z9I=GT+U|$le4rD7atplcrG5D zBnXKKLAXUeN)8PP7a`G6WXK19_?(SfqS|F`+Nc@tp$C}ycaqkr6N$WciGTnI`V)_} zhS*nh?xAWQY}#ETca0TM9)?)@i)!RQ82mC&Q!=#vyj(*>=9jkzv5gPRG`#!o;8UE; z=4T4*Pz1*6snUc&Zsq1ekFv?LWLp^LOz$x~UTe4~4zV?YBgwf7@|L&5cB5?D?~L-A z;^t>WL=Z7y>9W*M;Y|s%0}Wh|!-Kilo@Q}B&39yfS;D4m_Df{@qIO^56G9F0_y5Y!fu-swb3rd}gVqKfvZc zu?f_=*kZ?TZVf(X{;p&sHU5*9Th&S)&WG;16;-0KNkTdP0c!h<%OCqzNvQ)EGG%9P zcml`GMU^eQFD#~f#v!Bs(R(2x7CP(ad#v%zjK`jT`ef}4&9WDTuN3-u)Gpd%W;ghw zt>2p}F(DEGMT2wMVS>w-JfAq(dVq#K--|*pj+>P7&wq!)JFCp22bW~bR z!@fG8tD=~4VG9_t5u#V<>%t23aK!95K0cwS{hc0FjnqQZS_fLRQGAb^(bmbnQ5as< zY>gp*%*Sn64b=Vp2SG`&j8NB$^q}CFl$eyMttKa?3m^tsa-tf-b1Y;jQm*hhZa$RS zTmFkm0VR5_#^cts)_C*$4T#j8=!3r_3#LY$b=C+(mZ}}$;O2qIQyHP-e&{9VINd|D znwC$l5n=?(gW4OGZRZ*t*rl~U<6B*=b{_aknAG$jFhH5ny!b{Z=sP6VL350-qRck2 zU&T>@s~^sBiDyc#HH`%-$cvY&#l;=78Lbb_pBM1~-FC}bxXBswHU(D!Xxj!RhIcHg z9Kb3hCoe*`wsc~UXBOuS)(Zi~EEst3`tYibN zKEiAeNCi#Z=)dSU%)9u_7&IBV6v=0vN(;3g>+r+_@X39vVBwKlOCzOsX)P=1I%?4? zQ$-G<_;`^@mjpf)ok9U7u^jmG>CE_75TLzU6x+PyCqX=I?Pz@E548S@sJU1IXy=N! z1a>rN6;uNhBFfl9M{&3CZ7jkIPAIOW#>5hKUMO4E3xOYP>%9$?Wx@s%WcCtwJ9kE|V|-ar2~mBhs!WlIwI$Dy+mJoF z_tQlM>6m|f_uwc04K#!*DSf<5=-9KS32>wTe%kMqIX`3wQZvmxW4XtlW7NXl!kRnI z$t`iTi-_u@n8VQbX(VCKy{Tn+2wF^os}`8oIMp!9?1%IaCx`D;usrtQ;MC_<>(|IQ z9u#|7utBe}jl0mJ5BDnts!Vt8QhRWV{+{NS*Oji-!#7)C(`6c52J^T7tM$-m5#{I} zX`F%Mrfx?ChZj8lNaZxj*LG>$KxD&^J)PYiy{u3#M!AVRiTA#9Uf-vl zk##+{ilyjyI+mphB-D&|_yz^UYmJVr9u@tj&6BEUw&{d`gStPvcYoW{s&-n5-%Jl% z=J6WFl0w|Tz~{~*yWdT56Zs0jO7a@I&woWLJ8wwnZ)-NtdbD1q|CtGJnZy0U=rI$? zl?eEsf12F|WnAJ>(JZtH9R&UkDUYJ;^X%?Y_+`e$KnT6q<}vwT(4UlF*5NH= z83Nsh>EY@jzAxx5N;@DyhZpM&cdVsjQnm>%Qvo?pt&;8jvPE&1UWH}}DG4F4cUMOM zs?n53aW_;M^%{r^4dW}yVIn>Z#8I?q<)13|1=g*clEagzf-w(MgbW|8T^?mN;uu`O z*FLoS!-iRU2H*98=;?p zLM?)+1*@hQKPNUYwgrZ1^uznu#Uwx`tLlEiia<~-pR+hgAlJ?B6=NPsda!cq;IHL@ zW`AOhV;8Rf^| zFrb}0(4~^)MEauydd6tU|Br5hrelU_y^HUz5{9hvCrM8U3SmtXNVaaca}L!LWn><< zNOUApD*c%9Q)kk4FFxKbQpj*S`K6A`F#1$y7qPDN6@a>rtHOcJ#8aB$GbkPm=oHkS zCR)g6WLHZsNnf*`^wM3J>^VJUQ#3M1M{l|YzqR1mu?=schL?2HclbV41%f(Wy(^Os z5T?L#{H9m+7u-`dxr~%fzgkA-7+E7m-r-AD_q_(92c63HU zC*=C&cB&}!`{&scJ?^9L;(_u1Tsi>#9=1IJY_AH9+q0l4L^1BQN8N^j@D Date: Sat, 10 Dec 2022 18:21:52 -0500 Subject: [PATCH 08/23] Switch to official FreeBSD ports git repo. --- ansible/roles/portshaker/files/freebsd | 2 +- ansible/roles/portshaker/tasks/freebsd.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/roles/portshaker/files/freebsd b/ansible/roles/portshaker/files/freebsd index 78bbe59..3602760 100644 --- a/ansible/roles/portshaker/files/freebsd +++ b/ansible/roles/portshaker/files/freebsd @@ -5,6 +5,6 @@ if [ "$1" != '--' ]; then fi shift method="git" -git_clone_uri="https://github.com/freebsd/freebsd-ports.git" +git_clone_uri="https://git.FreeBSD.org/ports.git" git_branch="main" run_portshaker_command $* diff --git a/ansible/roles/portshaker/tasks/freebsd.yaml b/ansible/roles/portshaker/tasks/freebsd.yaml index 1cb2abc..88d317c 100644 --- a/ansible/roles/portshaker/tasks/freebsd.yaml +++ b/ansible/roles/portshaker/tasks/freebsd.yaml @@ -13,6 +13,7 @@ package: name: - portshaker + - git state: present - name: Create directories From 60c4d66f1c4bb726dec61218296d1c083d2924c1 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:25:33 -0500 Subject: [PATCH 09/23] Set up the ports tree in poudriere. --- ansible/roles/poudriere/tasks/freebsd.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 7fd2099..95bac7c 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -65,3 +65,18 @@ # loop: # - src: poudriere.d # dest: /usr/local/etc/ + +- name: Get ports tree list + command: poudriere ports -ln + register: ports_tree_list + changed_when: false + check_mode: no + +# - name: Fetch a ports tree +# command: poudriere ports -c +# args: +# creates: /usr/local/poudriere/ports/default + +- name: Configure the ports tree + command: poudriere ports -c -m null -M /usr/local/portshaker/trees/main -p default + when: '"default" not in ports_tree_list.stdout_lines' From 9be646f94389236e3a18f7ede85e7716c1fc232d Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:42:02 -0500 Subject: [PATCH 10/23] Starting a poudboot rc service for building when the poudriere vm launches. --- ansible/roles/poudriere/files/poudboot | 23 ++++++++++++++++ ansible/roles/poudriere/files/poudboot.bash | 17 ++++++++++++ .../13amd64-default-framework-make.conf | 17 ++++++++++++ ansible/roles/poudriere/tasks/freebsd.yaml | 26 +++++++++++++++---- 4 files changed, 78 insertions(+), 5 deletions(-) create mode 100644 ansible/roles/poudriere/files/poudboot create mode 100644 ansible/roles/poudriere/files/poudboot.bash create mode 100644 ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf diff --git a/ansible/roles/poudriere/files/poudboot b/ansible/roles/poudriere/files/poudboot new file mode 100644 index 0000000..17070d7 --- /dev/null +++ b/ansible/roles/poudriere/files/poudboot @@ -0,0 +1,23 @@ +#!/bin/sh +# /usr/local/etc/rc.d/poudboot +# +# REQUIRE: FILESYSTEM kld +# PROVIDE: poudboot +# AFTER: netif + +. /etc/rc.subr +name=poudboot +rcvar=${name}_enable +start_cmd="${name}_start" +stop_cmd="${name}_stop" +load_rc_config $name + +poudboot_start() { + /usr/local/bin/poudboot start +} + +poudboot_stop() { + /usr/local/bin/poudboot stop +} + +run_rc_command "$1" diff --git a/ansible/roles/poudriere/files/poudboot.bash b/ansible/roles/poudriere/files/poudboot.bash new file mode 100644 index 0000000..7b9990a --- /dev/null +++ b/ansible/roles/poudriere/files/poudboot.bash @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +# +# Run poudriere at system boot. Useful for virtual machines so launching the VM also kicks off a build. +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +COMMAND="$1" +shift 1 + +if [ "$COMMAND" = "start" ]; then + echo "foo" +elif [ "$COMMAND" = "stop" ]; then + echo "bar" +else + echo "baz" +fi diff --git a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf new file mode 100644 index 0000000..38a4330 --- /dev/null +++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf @@ -0,0 +1,17 @@ +# Disable CPUTYPE optimizations when compiling gcc48 because tigerlake is not included in gcc4.8 +# +# Disable CPUTYPE optimizations when compiling ripgrep because the build is failing https://github.com/BurntSushi/ripgrep/issues/1721 +# +# Disable CPUTYPE optimizations for firefox due to failing build. +# +# Example from bottom of /usr/share/examples/etc/make.conf +.if ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/textproc/ripgrep*} && ${.CURDIR:N*/www/firefox*} +# Disabling tigerlake optimizations because qemu's TCG does not support avx512 +# +#CPUTYPE?=tigerlake +CPUTYPE?=x86-64-v3 +.endif +OPTIMIZED_CFLAGS=YES +BUILD_OPTIMIZED=YES +WITH_CPUFLAGS=YES +BUILD_STATIC=YES diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 95bac7c..01889c3 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -66,17 +66,33 @@ # - src: poudriere.d # dest: /usr/local/etc/ +- name: Install scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: root + group: wheel + loop: + - src: poudboot.bash + dest: /usr/local/bin/poudboot + - name: Get ports tree list command: poudriere ports -ln register: ports_tree_list changed_when: false check_mode: no -# - name: Fetch a ports tree -# command: poudriere ports -c -# args: -# creates: /usr/local/poudriere/ports/default - - name: Configure the ports tree command: poudriere ports -c -m null -M /usr/local/portshaker/trees/main -p default when: '"default" not in ports_tree_list.stdout_lines' + +- name: Install rc script + copy: + src: "files/{{ item.src }}" + dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}" + owner: root + group: wheel + mode: 0755 + loop: + - src: poudboot From 9599cfb57703d67b8cc48cf01a75f744f72098ba Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 18:58:09 -0500 Subject: [PATCH 11/23] Add script to actually run the build. --- ansible/roles/poudriere/files/poudboot.bash | 72 ++++++++++++++++--- ansible/roles/poudriere/tasks/freebsd.yaml | 29 +++++--- .../roles/poudriere/templates/build_config.j2 | 3 + 3 files changed, 85 insertions(+), 19 deletions(-) create mode 100644 ansible/roles/poudriere/templates/build_config.j2 diff --git a/ansible/roles/poudriere/files/poudboot.bash b/ansible/roles/poudriere/files/poudboot.bash index 7b9990a..f61e5a1 100644 --- a/ansible/roles/poudriere/files/poudboot.bash +++ b/ansible/roles/poudriere/files/poudboot.bash @@ -5,13 +5,67 @@ set -euo pipefail IFS=$'\n\t' DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -COMMAND="$1" -shift 1 +function main { + COMMAND="$1" + shift 1 -if [ "$COMMAND" = "start" ]; then - echo "foo" -elif [ "$COMMAND" = "stop" ]; then - echo "bar" -else - echo "baz" -fi + if [ "$COMMAND" = "start" ]; then + cmd_start "${@}" + elif [ "$COMMAND" = "stop" ]; then + cmd_stop "${@}" + else + die 1 "Unrecognized command: $COMMAND" + fi +} + +function die { + exit_code="$1" + shift 1 + (>&2 echo "${@}") + exit "$exit_code" +} + +function abort_if_jobs_running { + if [[ $(sudo poudriere status) != *"No running builds"* ]]; then + echo "There is already a poudriere build in progress, exiting." + exit 0 + fi +} + +function build { + poudriere pkgclean -y "$@" + poudriere bulk -J "${POUDRIERE_JOBS:-1}" "$@" +} + +function cmd_start { + # Allow command failures without quitting the script because some + # package sets might fail whereas others may succeed based on which + # packages are in each set. + set +e + + for conf in /opt/poudriere/build_configs/*; do + ( + source "$conf" + build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist + ) + done + + # Re-enable exiting on failed commands + set -e + + # Cleanup old unused dist files + for conf in /opt/poudriere/build_configs/*; do + ( + source "$conf" + poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist + ) + done + + poudriere logclean -y 180 +} + +function cmd_stop { + +} + +main "${@}" diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 01889c3..56da4d2 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -29,16 +29,16 @@ - flock state: present -# - name: Create directories -# file: -# name: "{{ item }}" -# state: directory -# mode: 0755 -# owner: root -# group: wheel -# loop: -# - /usr/ports/distfiles -# - /opt/poudriere/build_configs +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + # - /usr/ports/distfiles + - /opt/poudriere/build_configs # - /usr/local/poudriere/data/logs/bulk - name: Install Configuration @@ -77,6 +77,15 @@ - src: poudboot.bash dest: /usr/local/bin/poudboot +- name: Install Configuration + template: + src: "build_config.j2" + dest: "/opt/poudriere/build_configs/{{ item.jail }}-{{ item.ports }}-{{ item.set }}" + owner: root + group: wheel + mode: 0600 + loop: "{{ poudriere_builds }}" + - name: Get ports tree list command: poudriere ports -ln register: ports_tree_list diff --git a/ansible/roles/poudriere/templates/build_config.j2 b/ansible/roles/poudriere/templates/build_config.j2 new file mode 100644 index 0000000..52ee8eb --- /dev/null +++ b/ansible/roles/poudriere/templates/build_config.j2 @@ -0,0 +1,3 @@ +JAIL={{ item.jail }} +PORTS={{ item.ports }} +SET={{ item.set }} From 7915b92345f8b72132459fb08e8a3c144ecdeb88 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 19:01:14 -0500 Subject: [PATCH 12/23] Add check that poudriere is not already running. --- ansible/roles/poudriere/files/poudboot.bash | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/roles/poudriere/files/poudboot.bash b/ansible/roles/poudriere/files/poudboot.bash index f61e5a1..c8fc02e 100644 --- a/ansible/roles/poudriere/files/poudboot.bash +++ b/ansible/roles/poudriere/files/poudboot.bash @@ -38,6 +38,8 @@ function build { } function cmd_start { + abort_if_jobs_running + # Allow command failures without quitting the script because some # package sets might fail whereas others may succeed based on which # packages are in each set. From 1039422052f79b30ae9229eafacd2540a9e6c9b0 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 19:02:50 -0500 Subject: [PATCH 13/23] Fix the script syntax by adding in an echo. --- ansible/roles/poudriere/files/poudboot.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/poudriere/files/poudboot.bash b/ansible/roles/poudriere/files/poudboot.bash index c8fc02e..5645a38 100644 --- a/ansible/roles/poudriere/files/poudboot.bash +++ b/ansible/roles/poudriere/files/poudboot.bash @@ -67,7 +67,7 @@ function cmd_start { } function cmd_stop { - + echo "cmd_stop not implemented." } main "${@}" From 3de4132dae53c9fc7e3f64075e33157e624dce6c Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 19:06:34 -0500 Subject: [PATCH 14/23] The bulk directory needs to exist. --- ansible/roles/poudriere/tasks/freebsd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 56da4d2..68ff4ed 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -39,7 +39,7 @@ loop: # - /usr/ports/distfiles - /opt/poudriere/build_configs -# - /usr/local/poudriere/data/logs/bulk + - /usr/local/poudriere/data/logs/bulk - name: Install Configuration copy: From 4ace8671d0336d13345f5ba5d67cf62a356c08cc Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 20:19:45 -0500 Subject: [PATCH 15/23] Creating the jails. --- .../environments/vm/host_vars/poudriereodo | 8 +++ .../roles/firewall/files/homeserver_pf.conf | 2 +- ansible/roles/poudriere/tasks/freebsd.yaml | 53 +++++++++++++++---- 3 files changed, 52 insertions(+), 11 deletions(-) diff --git a/ansible/environments/vm/host_vars/poudriereodo b/ansible/environments/vm/host_vars/poudriereodo index ac36095..970eaa7 100644 --- a/ansible/environments/vm/host_vars/poudriereodo +++ b/ansible/environments/vm/host_vars/poudriereodo @@ -3,3 +3,11 @@ poudriere_builds: - jail: 13amd64 ports: default set: framework + version: 13.1-RELEASE + - jail: current + ports: default + set: framework + version: CURRENT + revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad + kernel: CUSTOM + branch: main diff --git a/ansible/roles/firewall/files/homeserver_pf.conf b/ansible/roles/firewall/files/homeserver_pf.conf index a374e05..f33724e 100644 --- a/ansible/roles/firewall/files/homeserver_pf.conf +++ b/ansible/roles/firewall/files/homeserver_pf.conf @@ -44,4 +44,4 @@ pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp pass in on host_uplink0 proto udp from any to any port { 53 51820 } pass out on host_uplink0 proto tcp from any to any port 8081 -pass in on host_uplink1 +pass on host_uplink1 diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 68ff4ed..b0ac278 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -86,16 +86,6 @@ mode: 0600 loop: "{{ poudriere_builds }}" -- name: Get ports tree list - command: poudriere ports -ln - register: ports_tree_list - changed_when: false - check_mode: no - -- name: Configure the ports tree - command: poudriere ports -c -m null -M /usr/local/portshaker/trees/main -p default - when: '"default" not in ports_tree_list.stdout_lines' - - name: Install rc script copy: src: "files/{{ item.src }}" @@ -105,3 +95,46 @@ mode: 0755 loop: - src: poudboot + +- name: Get ports tree list + command: poudriere ports -ln + register: poudriere_ports_tree_list + changed_when: false + check_mode: no + +- name: Configure the ports tree + command: poudriere ports -c -m null -M /usr/local/portshaker/trees/main -p default + when: '"default" not in poudriere_ports_tree_list.stdout_lines' + +- name: Get jail list + command: poudriere jail -l -n -q + register: poudriere_jail_list + changed_when: false + check_mode: no + +- name: Create the jails + when: item.version != "CURRENT" + command: |- + poudriere jail -c -j {{ item.jail }} -v {{ item.version }} + args: + creates: "/usr/local/poudriere/jails/{{ item.jail }}" + loop: "{{ poudriere_builds }}" + +- name: Create the jails + when: item.version == "CURRENT" + # -D clones the entire history instead of just the most recent commit + command: |- + poudriere jail -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }} -p {{ item.ports }} -z {{ item.set }} + args: + creates: "/usr/local/poudriere/jails/{{ item.jail }}" + loop: "{{ poudriere_builds }}" + +# - name: Get current jail version +# command: poudriere jail -i -j current +# register: current_jail_version +# changed_when: false +# check_mode: no + +# - name: Set current jail version +# command: "poudriere jail -u {{poudriere_perf_flags}} -j current -t {{ freebsd_version }}" +# when: freebsd_version[:9] not in current_jail_version.stdout From 1c178a5ea0a3e3ff377ff3bf6ed900f1b0a62076 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 20:26:32 -0500 Subject: [PATCH 16/23] Remove useless flags. --- ansible/roles/poudriere/tasks/freebsd.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index b0ac278..a3d06dd 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -124,7 +124,7 @@ when: item.version == "CURRENT" # -D clones the entire history instead of just the most recent commit command: |- - poudriere jail -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }} -p {{ item.ports }} -z {{ item.set }} + poudriere jail -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }} args: creates: "/usr/local/poudriere/jails/{{ item.jail }}" loop: "{{ poudriere_builds }}" From 7f79cc46d48a3d22ad9d564762b854e7f0c120dc Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 20:37:12 -0500 Subject: [PATCH 17/23] Use 16 jobs for poudriere to speed it up because waiting on ansible is annoying. --- ansible/roles/poudriere/defaults/main.yaml | 1 + ansible/roles/poudriere/tasks/freebsd.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/poudriere/defaults/main.yaml diff --git a/ansible/roles/poudriere/defaults/main.yaml b/ansible/roles/poudriere/defaults/main.yaml new file mode 100644 index 0000000..1e514af --- /dev/null +++ b/ansible/roles/poudriere/defaults/main.yaml @@ -0,0 +1 @@ +poudriere_perf_flags: "-J 16" diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index a3d06dd..5675cc0 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -115,7 +115,7 @@ - name: Create the jails when: item.version != "CURRENT" command: |- - poudriere jail -c -j {{ item.jail }} -v {{ item.version }} + poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }} args: creates: "/usr/local/poudriere/jails/{{ item.jail }}" loop: "{{ poudriere_builds }}" @@ -124,7 +124,7 @@ when: item.version == "CURRENT" # -D clones the entire history instead of just the most recent commit command: |- - poudriere jail -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }} + poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }} args: creates: "/usr/local/poudriere/jails/{{ item.jail }}" loop: "{{ poudriere_builds }}" From e9e772f4fa296f8167880b9a9b77e75415e7a6e0 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 10 Dec 2022 22:39:11 -0500 Subject: [PATCH 18/23] Fix creating the connection plugins directory on linux. --- ansible/roles/ansible/tasks/linux.yaml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/ansible/roles/ansible/tasks/linux.yaml b/ansible/roles/ansible/tasks/linux.yaml index bfaf17e..dde105c 100644 --- a/ansible/roles/ansible/tasks/linux.yaml +++ b/ansible/roles/ansible/tasks/linux.yaml @@ -13,16 +13,26 @@ # name: [] # state: present # update_cache: true - + - name: Install packages package: name: - ansible state: present +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /usr/share/ansible/plugins/connection_plugins + - name: Install sshjail plugin ansible.builtin.get_url: url: https://raw.githubusercontent.com/austinhyde/ansible-sshjail/e712c537ecdfc7a660f222fbac4172dd715fc130/sshjail.py dest: /usr/share/ansible/plugins/connection_plugins/sshjail.py - mode: '0555' + mode: "0555" checksum: sha512:730c887ae7bbf2de34da44fb10a45fdeff649e3f2447df821c93ef02a21ecbef7db2fd57f1fc85fcd0b5b86fa30aa2b9ef143865d1e5086620c7dbe0633207cd From 558c71219b53f567a4d7051b62643bde1ee4eb78 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Wed, 14 Dec 2022 22:36:12 -0500 Subject: [PATCH 19/23] Add DNS over TLS. --- ansible/playbook.yaml | 66 +++++++++---------- ansible/roles/base/files/odofreebsd_rc.conf | 1 - .../roles/network/files/local_unbound_rc.conf | 6 ++ .../network/files/mullvlad_dns_over_tls.conf | 3 + ansible/roles/network/tasks/freebsd.yaml | 11 ++++ ansible/roles/network/tasks/linux.yaml | 26 ++++++-- 6 files changed, 73 insertions(+), 40 deletions(-) create mode 100644 ansible/roles/network/files/local_unbound_rc.conf create mode 100644 ansible/roles/network/files/mullvlad_dns_over_tls.conf diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index d4f4ef6..d14443e 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -2,42 +2,42 @@ vars: ansible_become: True roles: - # - sudo + - sudo - users - # - package_manager - # - zrepl - # - zsh - # - network - # - sshd - # - base + - package_manager + - zrepl + - zsh + - network + - sshd + - base - firewall - # - cpu - # - ntp - # - hosts - # - build - # - sound - # - graphics - # - gpg - # - fonts - # - alacritty - # - sway - # - emacs - # - firefox - # - devfs - # - ssh_client - # - sshfs - # - jail - # - fuse - # - autofs - # - exfat + - cpu + - ntp + - hosts + - build + - sound + - graphics + - gpg + - fonts + - alacritty + - sway + - emacs + - firefox + - devfs + - ssh_client + - sshfs + - jail + - fuse + - autofs + - exfat - bhyve - # - media - # - kubernetes - # - google_cloud_sdk - # - ansible - # - wireguard - # - portshaker - # - poudriere + - media + - kubernetes + - google_cloud_sdk + - ansible + - wireguard + - portshaker + - poudriere - hosts: nat_dhcp:homeserver_nat_dhcp vars: diff --git a/ansible/roles/base/files/odofreebsd_rc.conf b/ansible/roles/base/files/odofreebsd_rc.conf index 476c16b..7c02282 100644 --- a/ansible/roles/base/files/odofreebsd_rc.conf +++ b/ansible/roles/base/files/odofreebsd_rc.conf @@ -2,7 +2,6 @@ clear_tmp_enable="YES" syslogd_flags="-ss" sendmail_enable="NONE" hostname="odo" -local_unbound_enable="YES" sshd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO" diff --git a/ansible/roles/network/files/local_unbound_rc.conf b/ansible/roles/network/files/local_unbound_rc.conf new file mode 100644 index 0000000..c839dee --- /dev/null +++ b/ansible/roles/network/files/local_unbound_rc.conf @@ -0,0 +1,6 @@ +# For some unknown reason, enabling local unbound with DNS over TLS breaks network connectivity a couple minutes later +local_unbound_enable="NO" +local_unbound_tls="YES" +local_unbound_forwarders="1.0.0.1@853#cloudflare-dns.com 1.1.1.1@853#cloudflare-dns.com 2606:4700:4700::1111@853#cloudflare-dns.com 2606:4700:4700::1001@853#cloudflare-dns.com" +# local_unbound_forwarders="194.242.2.2@853#doh.mullvad.net" +# local_unbound_forwarders="194.242.2.2@853#doh.mullvad.net 2a07:e340::2@853#doh.mullvad.net 1.0.0.1@853#cloudflare-dns.com 1.1.1.1@853#cloudflare-dns.com 2606:4700:4700::1111@853#cloudflare-dns.com 2606:4700:4700::1001@853#cloudflare-dns.com" diff --git a/ansible/roles/network/files/mullvlad_dns_over_tls.conf b/ansible/roles/network/files/mullvlad_dns_over_tls.conf new file mode 100644 index 0000000..81b18b5 --- /dev/null +++ b/ansible/roles/network/files/mullvlad_dns_over_tls.conf @@ -0,0 +1,3 @@ +[Resolve] +DNS=194.242.2.2#doh.mullvad.net [2a07:e340::2]#doh.mullvad.net +DNSOverTLS=yes diff --git a/ansible/roles/network/tasks/freebsd.yaml b/ansible/roles/network/tasks/freebsd.yaml index 6bc4e2e..49de8b2 100644 --- a/ansible/roles/network/tasks/freebsd.yaml +++ b/ansible/roles/network/tasks/freebsd.yaml @@ -1,3 +1,4 @@ +# MANUAL: I had to run `sudo service local_unbound setup` - name: Install configuration copy: src: "files/{{ item.src }}" @@ -35,3 +36,13 @@ # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses # value: "1" # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses + +- name: Install service configuration + copy: + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" + mode: 0644 + owner: root + group: wheel + loop: + - local_unbound diff --git a/ansible/roles/network/tasks/linux.yaml b/ansible/roles/network/tasks/linux.yaml index e1835f0..e8f1494 100644 --- a/ansible/roles/network/tasks/linux.yaml +++ b/ansible/roles/network/tasks/linux.yaml @@ -1,6 +1,20 @@ -# - name: Install packages -# pacman: -# name: -# - foo -# state: present -# update_cache: true +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /etc/systemd/resolved.conf.d + +- name: Copy files + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0600 + owner: root + group: wheel + loop: + - src: mullvlad_dns_over_tls.conf + dest: /etc/systemd/resolved.conf.d/mullvlad_dns_over_tls.conf From 82b2b9f58d99f1533f3a39d1f5434816c198b120 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Thu, 15 Dec 2022 00:41:53 -0500 Subject: [PATCH 20/23] Fix bug in temporary file deletion script. --- ansible/roles/base/files/cleanup_temporary_files | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/base/files/cleanup_temporary_files b/ansible/roles/base/files/cleanup_temporary_files index 30e91db..43918b0 100644 --- a/ansible/roles/base/files/cleanup_temporary_files +++ b/ansible/roles/base/files/cleanup_temporary_files @@ -1,4 +1,4 @@ #!/usr/bin/env bash # # Delete temporary files on entire disk -find / -type f -name '*.orig' -delete -or -name '*~' -or -name '*.core' -delete -print +find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null From a05f4bfd50660bdae85c911170f1db739f83b3b2 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Thu, 15 Dec 2022 18:32:38 -0500 Subject: [PATCH 21/23] Add a comment about priority in the vm-bhyve template. --- ansible/roles/bhyve/files/arch.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/bhyve/files/arch.conf b/ansible/roles/bhyve/files/arch.conf index 2104df9..447049e 100644 --- a/ansible/roles/bhyve/files/arch.conf +++ b/ansible/roles/bhyve/files/arch.conf @@ -31,3 +31,7 @@ bhyve_options="-s 2:0,virtio-net,netgraph,path=host_bridge1:,peerhook=link3" # Enable Sound # bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp" + +# Lower the priority of the VM [-20 highest, 20 only run when system idle] default: 0 +# +# priority="20" From ee4d35ea40306ed36491dcb775b06a09a2a8b401 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Thu, 15 Dec 2022 21:59:35 -0500 Subject: [PATCH 22/23] Update ip address. --- ansible/environments/vm/hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/environments/vm/hosts b/ansible/environments/vm/hosts index 9213441..33382d9 100644 --- a/ansible/environments/vm/hosts +++ b/ansible/environments/vm/hosts @@ -1,2 +1,2 @@ [vm] -poudriereodo ansible_user=builder ansible_host=10.213.177.11 +poudriereodo ansible_user=builder ansible_host=10.213.177.12 From 6d12a81dae5c44369e7d85f69ca3aaafb70fdffe Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 25 Dec 2022 13:25:34 -0500 Subject: [PATCH 23/23] Disable local unbound on the homeserver. Local unbound has done nothing but cause network issues and overwrite system files. --- ansible/roles/base/files/homeserver_rc.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/base/files/homeserver_rc.conf b/ansible/roles/base/files/homeserver_rc.conf index 4da2afc..f2e45da 100644 --- a/ansible/roles/base/files/homeserver_rc.conf +++ b/ansible/roles/base/files/homeserver_rc.conf @@ -2,7 +2,7 @@ clear_tmp_enable="YES" syslogd_flags="-ss" sendmail_enable="NONE" hostname="computer" -local_unbound_enable="YES" +local_unbound_enable="NO" sshd_enable="YES" # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable dumpdev="NO"