Merge branch 'poudriere'

2023-01-14 14:28:29 -05:00 · 2023-01-14 14:28:29 -05:00 · 9055d7e1ec
commit 9055d7e1ec
parent 5675f317dd 6d12a81dae
45 changed files with 928 additions and 17 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +1,3 @@
 cargo_credentials.toml filter=git-crypt diff=git-crypt
 **/wireguard_configs/** filter=git-crypt diff=git-crypt
 *.key filter=git-crypt diff=git-crypt
--- a/ansible/environments/vm/host_vars/poudriereodo
+++ b/ansible/environments/vm/host_vars/poudriereodo
@ -0,0 +1,13 @@
 os_flavor: "freebsd"
 poudriere_builds:
  - jail: 13amd64
    ports: default
    set: framework
    version: 13.1-RELEASE
  - jail: current
    ports: default
    set: framework
    version: CURRENT
    revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad
    kernel: CUSTOM
    branch: main
--- a/ansible/environments/vm/hosts
+++ b/ansible/environments/vm/hosts
@ -0,0 +1,2 @@
 [vm]
 poudriereodo ansible_user=builder ansible_host=10.213.177.12
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@ -1,4 +1,4 @@
- hosts: all:!jail
+- hosts: all:!jail:!vm
  vars:
    ansible_become: True
  roles:
@ -36,9 +36,18 @@
    - google_cloud_sdk
    - ansible
    - wireguard
    - portshaker
    - poudriere
 - hosts: nat_dhcp:homeserver_nat_dhcp
  vars:
    ansible_become: True
  roles:
    - jail_nat_dhcp
 - hosts: poudriereodo
  vars:
    ansible_become: True
  roles:
    - portshaker
    - poudriere
--- a/ansible/roles/ansible/tasks/linux.yaml
+++ b/ansible/roles/ansible/tasks/linux.yaml
@ -13,16 +13,26 @@
 #     name: []
 #     state: present
 #     update_cache: true
-    
+
 - name: Install packages
  package:
    name:
      - ansible
    state: present
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: wheel
  loop:
    - /usr/share/ansible/plugins/connection_plugins
 - name: Install sshjail plugin
  ansible.builtin.get_url:
    url: https://raw.githubusercontent.com/austinhyde/ansible-sshjail/e712c537ecdfc7a660f222fbac4172dd715fc130/sshjail.py
    dest: /usr/share/ansible/plugins/connection_plugins/sshjail.py
-    mode: '0555'
+    mode: "0555"
    checksum: sha512:730c887ae7bbf2de34da44fb10a45fdeff649e3f2447df821c93ef02a21ecbef7db2fd57f1fc85fcd0b5b86fa30aa2b9ef143865d1e5086620c7dbe0633207cd
--- a/ansible/roles/base/files/cleanup_temporary_files
+++ b/ansible/roles/base/files/cleanup_temporary_files
@ -1,4 +1,4 @@
 #!/usr/bin/env bash
 #
 # Delete temporary files on entire disk
-find / -type f -name '*.orig' -delete -or -name '*~' -or -name '*.core' -delete -print
+find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null
--- a/ansible/roles/base/files/homeserver_rc.conf
+++ b/ansible/roles/base/files/homeserver_rc.conf
@ -2,7 +2,7 @@ clear_tmp_enable="YES"
 syslogd_flags="-ss"
 sendmail_enable="NONE"
 hostname="computer"
-local_unbound_enable="YES"
+local_unbound_enable="NO"
 sshd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
--- a/ansible/roles/base/files/odofreebsd_rc.conf
+++ b/ansible/roles/base/files/odofreebsd_rc.conf
@ -2,7 +2,6 @@ clear_tmp_enable="YES"
 syslogd_flags="-ss"
 sendmail_enable="NONE"
 hostname="odo"
 local_unbound_enable="YES"
 sshd_enable="YES"
 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
 dumpdev="NO"
--- a/ansible/roles/bhyve/files/arch.conf
+++ b/ansible/roles/bhyve/files/arch.conf
@ -13,10 +13,25 @@ console="tmux"
 cpu=1
 memory=1024M
-disk0_type="virtio-blk"
+disk0_type="nvme"
 disk0_name="disk0"
 disk0_dev="sparse-zvol"
 virt_random="yes"  # virtio-rnd
 # Creates a link to host_bridge1's link3 hook to the vmlink hook on a type socket
 bhyve_options="-s 2:0,virtio-net,netgraph,path=host_bridge1:,peerhook=link3"
 # Share a host directory to the guest via 9pfs.
 #
 # Inside the VM run:
 #   mount -t virtfs -o trans=virtio sharename /some/vm/path
 #   mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
 #   mount -t 9p -o trans=virtio,cache=mmap,msize=512000 sharename /path/to/mountpoint
 # bhyve_options="-s 28,virtio-9p,sharename=/"
 # Enable Sound
 # bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
 # Lower the priority of the VM [-20 highest, 20 only run when system idle] default: 0
 #
 # priority="20"
--- a/ansible/roles/firewall/files/homeserver_pf.conf
+++ b/ansible/roles/firewall/files/homeserver_pf.conf
@ -44,4 +44,4 @@ pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
 pass in on host_uplink0 proto udp from any to any port { 53 51820 }
 pass out on host_uplink0 proto tcp from any to any port 8081
-pass in on host_uplink1
+pass on host_uplink1
--- a/ansible/roles/firewall/files/odofreebsd_pf.conf
+++ b/ansible/roles/firewall/files/odofreebsd_pf.conf
@ -42,4 +42,4 @@ pass quick on $ext_if proto udp from any port $dhcp to any port $dhcp
 pass in on host_uplink0 proto udp from any to any port { 53 51820 }
 pass out on host_uplink0 proto tcp from any to any port 8081
-pass in on host_uplink1
+pass on host_uplink1
--- a/ansible/roles/hosts/tasks/common.yaml
+++ b/ansible/roles/hosts/tasks/common.yaml
@ -1,7 +1,7 @@
 - name: Set the /etc/hosts
  ansible.builtin.lineinfile:
    path: /etc/hosts
-    regexp: '^{{ item.key | regex_escape() }}'
+    regexp: '^{{ item.key | regex_escape() }}\s+'
    line: "{{ item.key }}		{{ item.value | join(' ') }}"
  loop: "{{ etc_hosts | dict2items }}"
--- a/ansible/roles/jail_nat_dhcp/files/dhcpd.conf
+++ b/ansible/roles/jail_nat_dhcp/files/dhcpd.conf
@ -9,4 +9,5 @@ subnet 10.213.177.0 netmask 255.255.255.0 {
  range 10.213.177.10 10.213.177.250;
  option broadcast-address 10.213.177.255;
  option routers 10.213.177.1;
  option domain-name-servers 10.213.177.1;
 }
--- a/ansible/roles/network/files/local_unbound_rc.conf
+++ b/ansible/roles/network/files/local_unbound_rc.conf
@ -0,0 +1,6 @@
 # For some unknown reason, enabling local unbound with DNS over TLS breaks network connectivity a couple minutes later
 local_unbound_enable="NO"
 local_unbound_tls="YES"
 local_unbound_forwarders="1.0.0.1@853#cloudflare-dns.com 1.1.1.1@853#cloudflare-dns.com 2606:4700:4700::1111@853#cloudflare-dns.com 2606:4700:4700::1001@853#cloudflare-dns.com"
 # local_unbound_forwarders="194.242.2.2@853#doh.mullvad.net"
 # local_unbound_forwarders="194.242.2.2@853#doh.mullvad.net 2a07:e340::2@853#doh.mullvad.net 1.0.0.1@853#cloudflare-dns.com 1.1.1.1@853#cloudflare-dns.com 2606:4700:4700::1111@853#cloudflare-dns.com 2606:4700:4700::1001@853#cloudflare-dns.com"
--- a/ansible/roles/network/files/mullvlad_dns_over_tls.conf
+++ b/ansible/roles/network/files/mullvlad_dns_over_tls.conf
@ -0,0 +1,3 @@
 [Resolve]
 DNS=194.242.2.2#doh.mullvad.net [2a07:e340::2]#doh.mullvad.net
 DNSOverTLS=yes
--- a/ansible/roles/network/tasks/freebsd.yaml
+++ b/ansible/roles/network/tasks/freebsd.yaml
@ -1,3 +1,4 @@
 # MANUAL: I had to run `sudo service local_unbound setup`
 - name: Install configuration
  copy:
    src: "files/{{ item.src }}"
@ -35,3 +36,13 @@
    # - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
    #   value: "1"
    # - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
 - name: Install service configuration
  copy:
    src: "files/{{ item }}_rc.conf"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - local_unbound
--- a/ansible/roles/network/tasks/linux.yaml
+++ b/ansible/roles/network/tasks/linux.yaml
@ -1,6 +1,20 @@
-# - name: Install packages
+- name: Create directories
-#   pacman:
+  file:
-#     name:
+    name: "{{ item }}"
-#       - foo
+    state: directory
-#     state: present
+    mode: 0755
-#     update_cache: true
+    owner: root
    group: wheel
  loop:
    - /etc/systemd/resolved.conf.d
 - name: Copy files
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0600
    owner: root
    group: wheel
  loop:
    - src: mullvlad_dns_over_tls.conf
      dest: /etc/systemd/resolved.conf.d/mullvlad_dns_over_tls.conf
--- a/ansible/roles/portshaker/files/freebsd
+++ b/ansible/roles/portshaker/files/freebsd
@ -0,0 +1,10 @@
 #!/bin/sh
 . /usr/local/share/portshaker/portshaker.subr
 if [ "$1" != '--' ]; then
  err 1 "Extra arguments"
 fi
 shift
 method="git"
 git_clone_uri="https://git.FreeBSD.org/ports.git"
 git_branch="main"
 run_portshaker_command $*
--- a/ansible/roles/portshaker/files/myrepo
+++ b/ansible/roles/portshaker/files/myrepo
@ -0,0 +1,10 @@
 #!/bin/sh
 . /usr/local/share/portshaker/portshaker.subr
 if [ "$1" != '--' ]; then
  err 1 "Extra arguments"
 fi
 shift
 method="git"
 git_clone_uri="https://code.fizz.buzz/talexander/ta_ports.git"
 git_branch="master"
 run_portshaker_command $*
--- a/ansible/roles/portshaker/files/portshaker.conf
+++ b/ansible/roles/portshaker/files/portshaker.conf
@ -0,0 +1,8 @@
 #---[ Base directory for mirrored Ports Trees ]---
 mirror_base_dir="/var/cache/portshaker"
 #---[ Directories where to merge ports ]---
 ports_trees="main"
 main_ports_tree="/usr/local/portshaker/trees/main"
 main_merge_from="freebsd myrepo"
--- a/ansible/roles/portshaker/tasks/common.yaml
+++ b/ansible/roles/portshaker/tasks/common.yaml
@ -0,0 +1,15 @@
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/portshaker/tasks/freebsd.yaml
+++ b/ansible/roles/portshaker/tasks/freebsd.yaml
@ -0,0 +1,51 @@
 # Update ports tree:
 #   portshaker -U
 #   portshaker -M
 #
 # Force build:
 #   poudriere bulk -J 4 -C -j current -p default -z testing sysutils/kubectx
 #
 # Test build with interactive shell
 #   poudriere testport -i -J 4 -j current -p default -z testing sysutils/kubectx
 #   optional add -w to save the work directory
 - name: Install packages
  package:
    name:
      - portshaker
      - git
    state: present
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: wheel
  loop:
    - /usr/local/portshaker/trees
 - name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - src: portshaker.conf
      dest: /usr/local/etc/portshaker.conf
 - name: Install Scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: freebsd
      dest: /usr/local/etc/portshaker.d/freebsd
    - src: myrepo
      dest: /usr/local/etc/portshaker.d/myrepo
--- a/ansible/roles/portshaker/tasks/linux.yaml
+++ b/ansible/roles/portshaker/tasks/linux.yaml
@ -0,0 +1,21 @@
 # - name: Build aur packages
 #   register: buildaur
 #   become_user: "{{ build_user.name }}"
 #   command: "aurutils-sync --no-view {{ item }}"
 #   args:
 #     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
 #   loop:
 #     - foo
 # - name: Update cache
 #   when: buildaur.changed
 #   pacman:
 #     name: []
 #     state: present
 #     update_cache: true
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
--- a/ansible/roles/portshaker/tasks/main.yaml
+++ b/ansible/roles/portshaker/tasks/main.yaml
@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  when: poudriere_builds is defined and poudriere_builds
--- a/ansible/roles/portshaker/tasks/peruser.yaml
+++ b/ansible/roles/portshaker/tasks/peruser.yaml
@ -0,0 +1,29 @@
 - include_role:
    name: per_user
 # - name: Create directories
 #   file:
 #     name: "{{ account_homedir.stdout }}/{{ item }}"
 #     state: directory
 #     mode: 0700
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - ".config/foo"
 # - name: Copy files
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
 #     mode: 0600
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - src: foo.conf
 #       dest: .config/foo/foo.conf
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/peruser_linux.yaml
  when: 'os_flavor == "linux"'
--- a/ansible/roles/portshaker/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/portshaker/tasks/peruser_freebsd.yaml
--- a/ansible/roles/portshaker/tasks/peruser_linux.yaml
+++ b/ansible/roles/portshaker/tasks/peruser_linux.yaml
--- a/ansible/roles/poudriere/defaults/main.yaml
+++ b/ansible/roles/poudriere/defaults/main.yaml
@ -0,0 +1 @@
 poudriere_perf_flags: "-J 16"
--- a/ansible/roles/poudriere/files/poudboot
+++ b/ansible/roles/poudriere/files/poudboot
@ -0,0 +1,23 @@
 #!/bin/sh
 # /usr/local/etc/rc.d/poudboot
 #
 # REQUIRE: FILESYSTEM kld
 # PROVIDE: poudboot
 # AFTER: netif
 . /etc/rc.subr
 name=poudboot
 rcvar=${name}_enable
 start_cmd="${name}_start"
 stop_cmd="${name}_stop"
 load_rc_config $name
 poudboot_start() {
    /usr/local/bin/poudboot start
 }
 poudboot_stop() {
    /usr/local/bin/poudboot stop
 }
 run_rc_command "$1"
--- a/ansible/roles/poudriere/files/poudboot.bash
+++ b/ansible/roles/poudriere/files/poudboot.bash
@ -0,0 +1,73 @@
 #!/usr/bin/env bash
 #
 # Run poudriere at system boot. Useful for virtual machines so launching the VM also kicks off a build.
 set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 function main {
    COMMAND="$1"
    shift 1
    if [ "$COMMAND" = "start" ]; then
        cmd_start "${@}"
    elif [ "$COMMAND" = "stop" ]; then
        cmd_stop "${@}"
    else
        die 1 "Unrecognized command: $COMMAND"
    fi
 }
 function die {
    exit_code="$1"
    shift 1
    (>&2 echo "${@}")
    exit "$exit_code"
 }
 function abort_if_jobs_running {
    if [[ $(sudo poudriere status) != *"No running builds"* ]]; then
        echo "There is already a poudriere build in progress, exiting."
        exit 0
    fi
 }
 function build {
    poudriere pkgclean -y "$@"
    poudriere bulk -J "${POUDRIERE_JOBS:-1}" "$@"
 }
 function cmd_start {
    abort_if_jobs_running
    # Allow command failures without quitting the script because some
    # package sets might fail whereas others may succeed based on which
    # packages are in each set.
    set +e
    for conf in /opt/poudriere/build_configs/*; do
        (
            source "$conf"
            build -j "$JAIL" -p "$PORTS" -z "$SET" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
        )
    done
    # Re-enable exiting on failed commands
    set -e
    # Cleanup old unused dist files
    for conf in /opt/poudriere/build_configs/*; do
        (
            source "$conf"
            poudriere distclean -y -p "$PORTS" -f /usr/local/etc/poudriere.d/$JAIL-$PORTS-$SET-pkglist
        )
    done
    poudriere logclean -y 180
 }
 function cmd_stop {
    echo "cmd_stop not implemented."
 }
 main "${@}"
--- a/ansible/roles/poudriere/files/poudriere.conf
+++ b/ansible/roles/poudriere/files/poudriere.conf
@ -0,0 +1,350 @@
 # Poudriere can optionally use ZFS for its ports/jail storage. For
 # ZFS define ZPOOL, otherwise set NO_ZFS=yes
 #
 #### ZFS
 # The pool where poudriere will create all the filesystems it needs
 # poudriere will use ${ZPOOL}/${ZROOTFS} as its root
 #
 # You need at least 7GB of free space in this pool to have a working
 # poudriere.
 #
 #ZPOOL=zroot
 ZPOOL=zroot
 ### NO ZFS
 # To not use ZFS, define NO_ZFS=yes
 #NO_ZFS=yes
 # root of the poudriere zfs filesystem, by default /poudriere
 # ZROOTFS=/poudriere
 ZROOTFS=/poudriere
 # the host where to download sets for the jails setup
 # You can specify here a host or an IP
 # replace _PROTO_ by http or ftp
 # replace _CHANGE_THIS_ by the hostname of the mirrors where you want to fetch
 # by default: ftp://ftp.freebsd.org
 #
 # Also note that every protocols supported by fetch(1) are supported here, even
 # file:///
 # Suggested: https://download.FreeBSD.org
 FREEBSD_HOST=https://download.FreeBSD.org
 # By default the jails have no /etc/resolv.conf, you will need to set
 # RESOLV_CONF to a file on your hosts system that will be copied has
 # /etc/resolv.conf for the jail, except if you don't need it (using an http
 # proxy for example)
 RESOLV_CONF=/etc/resolv.conf
 # The directory where poudriere will store jails and ports
 BASEFS=/usr/local/poudriere
 # The directory where the jail will store the packages and logs
 # by default a zfs filesystem will be created and set to
 # ${BASEFS}/data
 #
 #POUDRIERE_DATA=${BASEFS}/data
 # Use portlint to check ports sanity
 USE_PORTLINT=no
 # When building packages, a memory device can be used to speedup the build.
 # Only one of MFSSIZE or USE_TMPFS is supported. TMPFS is generally faster
 # and will expand to the needed amount of RAM. MFS is a slower since it
 # uses UFS and several abstraction layers.
 # If set WRKDIRPREFIX will be mdmfs of the given size (mM or gG)
 #MFSSIZE=4G
 # Use tmpfs(5)
 # This can be a space-separated list of options:
 # wrkdir    - Use tmpfs(5) for port building WRKDIRPREFIX
 # data      - Use tmpfs(5) for poudriere cache/temp build data
 # localbase - Use tmpfs(5) for LOCALBASE (installing ports for packaging/testing)
 # all       - Run the entire build in memory, including builder jails.
 # yes       - Enables tmpfs(5) for wrkdir and data
 # no        - Disable use of tmpfs(5)
 # EXAMPLE: USE_TMPFS="wrkdir data"
 USE_TMPFS=all
 # USE_TMPFS=yes
 # USE_TMPFS=no
 # How much memory to limit tmpfs size to for *each builder* in GiB
 # (default: none)
 #TMPFS_LIMIT=8
 TMPFS_LIMIT=16
 # How much memory to limit jail processes to for *each builder*
 # in GiB (default: none)
 #MAX_MEMORY=8
 # How many file descriptors to limit each jail process to (default: 1024)
 # This can also be set per PKGBASE, such as MAX_FILES_RStudio=2048.
 # Package names with hyphens (-) should be replaced with underscores (_).
 #MAX_FILES=1024
 # If set the given directory will be used for the distfiles
 # This allows to share the distfiles between jails and ports tree
 # If this is "no", poudriere must be supplied a ports tree that already has
 # the required distfiles.
 DISTFILES_CACHE=/usr/ports/distfiles
 # If set the ports tree marked to use git will use the defined
 # mirror (default: git.FreeBSD.org/port.git)
 #
 # Example to use github mirror:
 #GIT_BASEURL=https://github.com/freebsd/freebsd-src.git
 # If set the source tree marked to use git will use the defined
 # mirror (default: git.FreeBSD.org/src.git)
 #
 # Example to use github mirror:
 #GIT_PORTSURL=https://github.com/freebsd/freebsd-ports.git
 # If set the ports tree or source tree marked to use svn will use the defined
 # mirror (default: svn.FreeBSD.org)
 # The SSL fingerprints are published here:
 # https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/svn.html#svn-mirrors
 #SVN_HOST=svn.FreeBSD.org
 # Automatic OPTION change detection
 # When bulk building packages, compare the options from kept packages to
 # the current options to be built. If they differ, the existing package
 # will be deleted and the port will be rebuilt.
 # Valid options: yes, no, verbose
 # verbose will display the old and new options
 #CHECK_CHANGED_OPTIONS=verbose
 # Automatic Dependency change detection
 # When bulk building packages, compare the dependencies from kept packages to
 # the current dependencies for every port. If they differ, the existing package
 # will be deleted and the port will be rebuilt. This helps catch changes such
 # as DEFAULT_RUBY_VERSION, PERL_VERSION, WITHOUT_X11 that change dependencies
 # for many ports.
 # Valid options: yes, no
 # Default: yes
 #CHECK_CHANGED_DEPS=yes
 # Consider bad dependency lines on the wrong PKGNAME as fatal.
 # For example:
 #    BUILD_DEPENDS=  p5-List-MoreUtils>=0:lang/p5-List-MoreUtils
 # If this port's PKGNAME were really "List-MoreUtils" then it would
 # not be recorded into the resulting package.  The next build with
 # CHECK_CHANGED_DEPS enabled would consider it a "new dependency"
 # since it is in the port but not in the package.  This is usually
 # a warning but can be made fatal instead by enabling this option.
 # Default: no
 #BAD_PKGNAME_DEPS_ARE_FATAL=yes
 # Path to the RSA key to sign the PKG repo with. See pkg-repo(8)
 #PKG_REPO_SIGNING_KEY=/etc/ssl/keys/repo.key
 PKG_REPO_SIGNING_KEY=/usr/local/etc/poudriere.d/poudriere.key
 # Command to sign the PKG repo with. See pkg-repo(8)
 # This produces a repo that supports SIGNATURE_TYPE=FINGERPRINTS
 # Default: not set
 #SIGNING_COMMAND=ssh signing-server sign.sh
 # Repo signing command execution context
 # If SIGNING_COMMAND is set, run pkg-repo(8) on the host?
 #   no  -   Run in the jail
 #   yes -   Run on the host
 # Default: no
 #PKG_REPO_FROM_HOST=yes
 # ccache support. Supply the path to your ccache cache directory.
 # It will be mounted into the jail and be shared among all jails.
 # It is recommended that extra ccache configuration be done with
 # ccache -o rather than from the environment.
 #CCACHE_DIR=/var/cache/ccache
 # Static ccache support from host.  This uses the existing
 # ccache from the host in the build jail.  This is useful for
 # using ccache+memcached which cannot easily be bootstrapped
 # otherwise.  The path to the PREFIX where ccache was installed
 # must be used here, and ccache must have been built statically.
 # Note also that ccache+memcached will require network access
 # which is normally disabled.  Separately setting RESTRICT_NETWORKING=no
 # may be required for non-localhost memcached servers.
 #CCACHE_STATIC_PREFIX=/usr/local
 # The jails normally only allow network access during the 'make fetch'
 # phase.  This is a security restriction to prevent random things
 # ran during a build from accessing the network.  Disabling this
 # is not advised.  ALLOW_NETWORKING_PACKAGES may be used to allow networking
 # for a subset of packages only.
 #RESTRICT_NETWORKING=yes
 #ALLOW_NETWORKING_PACKAGES="npm-foo"
 # parallel build support.
 #
 # By default poudriere uses hw.ncpu to determine the number of builders.
 # You can override this default by changing PARALLEL_JOBS here, or
 # by specifying the -J flag to bulk/testport.
 #
 # Example to define PARALLEL_JOBS to one single job
 # PARALLEL_JOBS=1
 PARALLEL_JOBS=1
 # How many jobs should be used for preparing the build? These tend to
 # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25
 # PREPARE_PARALLEL_JOBS=1
 # If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs
 # SAVE_WRKDIR=yes
 # Choose the default format for the workdir packing: could be tar,tgz,tbz,txz
 # default is tbz
 # WRKDIR_ARCHIVE_FORMAT=tbz
 WRKDIR_ARCHIVE_FORMAT=txz
 # Disable Linux support
 # NOLINUX=yes
 # By default poudriere sets FORCE_PACKAGE
 # To disable it (useful when building public packages):
 # NO_FORCE_PACKAGE=yes
 # By default poudriere sets PACKAGE_BUILDING
 # To disable it:
 # NO_PACKAGE_BUILDING=yes
 # If you are using a proxy define it here:
 # export HTTP_PROXY=bla
 # export FTP_PROXY=bla
 #
 # Cleanout the restricted packages
 # NO_RESTRICTED=yes
 # By default MAKE_JOBS is disabled to allow only one process per cpu
 # Use the following to allow it anyway
 # ALLOW_MAKE_JOBS=yes
 ALLOW_MAKE_JOBS=yes
 # List of packages that will always be allowed to use MAKE_JOBS
 # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports
 # which holdup the rest of the queue to build more quickly.
 #ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py*"
 # Timestamp every line of build logs
 # Default: no
 #TIMESTAMP_LOGS=no
 # URL where your POUDRIERE_DATA/logs are hosted
 # This will be used for giving URL hints to the HTML output when
 # scheduling and starting builds
 # URL_BASE=https://freebsdpkg.fizz.buzz/logs
 # This defines the max time (in seconds) that a command may run for a build
 # before it is killed for taking too long. Default: 86400
 #MAX_EXECUTION_TIME=86400
 # 2 days
 MAX_EXECUTION_TIME=172800
 # This defines the time (in seconds) before a command is considered to
 # be in a runaway state for having no output on stdout. Default: 7200
 #NOHANG_TIME=7200
 NOHANG_TIME=14400
 # The repository is updated atomically if set yes. This leaves the
 # repository untouched until the build completes. This involves using
 # hardlinks and symlinks. The operations are fast, but can be intrusive
 # for remote syncing or backups.
 # Recommended to always keep on.
 # Default: yes
 #ATOMIC_PACKAGE_REPOSITORY=yes
 # When using ATOMIC_PACKAGE_REPOSITORY, commit the packages if some
 # packages fail to build. Ignored ports are considered successful.
 # This can be set to 'no' to only commit the packages once no failures
 # are encountered.
 # Default: yes
 #COMMIT_PACKAGES_ON_FAILURE=yes
 COMMIT_PACKAGES_ON_FAILURE=no
 # Keep older package repositories. This can be used to rollback a system
 # or to bisect issues by changing the repository to one of the older
 # versions and reinstalling everything with `pkg upgrade -f`
 # ATOMIC_PACKAGE_REPOSITORY is required for this.
 # Default: no
 #KEEP_OLD_PACKAGES=no
 # How many old package repositories to keep with KEEP_OLD_PACKAGES
 # Default: 5
 #KEEP_OLD_PACKAGES_COUNT=5
 # Make testing errors fatal.
 # If set to 'no', ports with test failure will be marked as failed but still
 # packaged to permit testing dependent ports (useful for bulk -t -a)
 # Default: yes
 #PORTTESTING_FATAL=yes
 # Define the building jail hostname to be used when building the packages
 # Some port/packages hardcode the hostname of the host during build time
 # This is a necessary setup for reproducible builds.
 #BUILDER_HOSTNAME=pkg.FreeBSD.org
 # Define to get a predictable timestamp on the ports tree
 # This is a necessary setup for reproducible builds.
 #PRESERVE_TIMESTAMP=yes
 # Define to yes to build and stage as a regular user
 # Default: yes, unless CCACHE_DIR is set and CCACHE_DIR_NON_ROOT_SAFE is not
 # set.  Note that to use ccache with BUILD_AS_NON_ROOT you will need to
 # use a non-shared CCACHE_DIR that is only built by PORTBUILD_USER and chowned
 # to that user.  Then set CCACHE_DIR_NON_ROOT_SAFE to yes.
 #BUILD_AS_NON_ROOT=no
 # Define to the username to build as when BUILD_AS_NON_ROOT is yes.
 # Default: nobody (uid PORTBUILD_UID)
 #PORTBUILD_USER=nobody
 # Define to the uid to use for PORTBUILD_USER if the user does not
 # already exist in the jail.
 # Default: 65532
 #PORTBUILD_UID=65534
 # Define pkgname globs to boost priority for
 # Default: none
 #PRIORITY_BOOST="pypy openoffice*"
 # Define format for buildnames
 # Default: %Y-%m-%d_%Hh%Mm%Ss
 # ISO8601:
 #BUILDNAME_FORMAT="%FT%T%z"
 # Define format for build duration times
 # Default: %H:%M:%S
 #DURATION_FORMAT="%H:%M:%S"
 # Use colors when in a TTY
 # Default: yes
 #USE_COLORS=yes
 # Only build what is requested. Do not rebuild build deps if nothing requested
 # depends on them. This can create an inconsistent repository if you often
 # build one-off packages but expect the repository to stay consistent.
 # Defaut: yes
 #TRIM_ORPHANED_BUILD_DEPS=yes
 # A list of directories to exclude from leftover and filesystem violation
 # mtree checks.  Ccache is used here as an example but is already
 # excluded by default.  There is no need to add it here unless a
 # special configuration is used where it is a problem.
 # Default: none
 #LOCAL_MTREE_EXCLUDES="/usr/obj /var/tmp/ccache"
 # Set to hosted to use the /data directory instead of inline style HTML
 # Default: inline
 #HTML_TYPE="hosted"
 HTML_TYPE="hosted"
 # Set to track remaining ports in the HTML interface.  This can slow down
 # processing of the queue slightly, especially for bulk -a builds.
 # Default: no
 #HTML_TRACK_REMAINING=yes
--- a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf
+++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf
@ -0,0 +1,17 @@
 # Disable CPUTYPE optimizations when compiling gcc48 because tigerlake is not included in gcc4.8
 #
 # Disable CPUTYPE optimizations when compiling ripgrep because the build is failing https://github.com/BurntSushi/ripgrep/issues/1721
 #
 # Disable CPUTYPE optimizations for firefox due to failing build.
 #
 # Example from bottom of /usr/share/examples/etc/make.conf
 .if ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/textproc/ripgrep*} && ${.CURDIR:N*/www/firefox*}
 # Disabling tigerlake optimizations because qemu's TCG does not support avx512
 #
 #CPUTYPE?=tigerlake
 CPUTYPE?=x86-64-v3
 .endif
 OPTIMIZED_CFLAGS=YES
 BUILD_OPTIMIZED=YES
 WITH_CPUFLAGS=YES
 BUILD_STATIC=YES
--- a/ansible/roles/poudriere/files/poudriere.key
+++ b/ansible/roles/poudriere/files/poudriere.key
--- a/ansible/roles/poudriere/meta/main.yaml
+++ b/ansible/roles/poudriere/meta/main.yaml
@ -0,0 +1,2 @@
 dependencies:
  - portshaker
--- a/ansible/roles/poudriere/tasks/common.yaml
+++ b/ansible/roles/poudriere/tasks/common.yaml
@ -0,0 +1,15 @@
 - import_tasks: tasks/freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
 - include_tasks:
    file: tasks/peruser.yaml
    apply:
      become: yes
      become_user: "{{ initialize_user }}"
  when: users is defined
  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
  loop_control:
    loop_var: initialize_user
--- a/ansible/roles/poudriere/tasks/freebsd.yaml
+++ b/ansible/roles/poudriere/tasks/freebsd.yaml
@ -0,0 +1,140 @@
 #
 # Get CPU type:
 # sh -c "clang -v -fsyntax-only -march=native -x c /dev/null 2>&1 | grep -e '-target-cpu' | sed -e 's|.*-target-cpu \([[:alnum:]]*\) .*|\1|'"
 #
 # Check the CPU type:
 # make -C /usr/src CPUTYPE=broadwell -V MACHINE_CPU
 #
 # Generate options file for ports
 # poudriere options -j 12amd64 -p default -z stream -f /usr/local/etc/poudriere.d/12amd64-default-stream-pkglist
 #
 # Generate options file for specific ports
 # poudriere options -j 12amd64 -p default -z stream -c lang/gcc48
 #
 # Build the packages
 # poudriere bulk -j 12amd64 -p default -z stream -f /usr/local/etc/poudriere.d/12amd64-default-stream-pkglist
 #
 # List installed packages
 # pkg query -e '%a = 0' '%o' | sort
 #
 # Consider setting the following in the poudriere vm-bhyve config:
 # priority="20"
 - name: Install packages
  package:
    name:
      - poudriere
      - bash
      - rsync
      - flock
    state: present
 - name: Create directories
  file:
    name: "{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: wheel
  loop:
    # - /usr/ports/distfiles
    - /opt/poudriere/build_configs
    - /usr/local/poudriere/data/logs/bulk
 - name: Install Configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0600
    owner: root
    group: wheel
  loop:
    - src: poudriere.conf
      dest: /usr/local/etc/poudriere.conf
    - src: poudriere.key
      dest: /usr/local/etc/poudriere.d/poudriere.key
 #     - src: poudriere_deploy_ed25519
 #       dest: /usr/local/etc/poudriere.d/poudriere_deploy_ed25519
 # - name: Install Configuration directory
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ item.dest }}"
 #     owner: root
 #     group: wheel
 #   loop:
 #     - src: poudriere.d
 #       dest: /usr/local/etc/
 - name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: poudboot.bash
      dest: /usr/local/bin/poudboot
 - name: Install Configuration
  template:
    src: "build_config.j2"
    dest: "/opt/poudriere/build_configs/{{ item.jail }}-{{ item.ports }}-{{ item.set }}"
    owner: root
    group: wheel
    mode: 0600
  loop: "{{ poudriere_builds }}"
 - name: Install rc script
  copy:
    src: "files/{{ item.src }}"
    dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
    owner: root
    group: wheel
    mode: 0755
  loop:
    - src: poudboot
 - name: Get ports tree list
  command: poudriere ports -ln
  register: poudriere_ports_tree_list
  changed_when: false
  check_mode: no
 - name: Configure the ports tree
  command: poudriere ports -c -m null -M /usr/local/portshaker/trees/main -p default
  when: '"default" not in poudriere_ports_tree_list.stdout_lines'
 - name: Get jail list
  command: poudriere jail -l -n -q
  register: poudriere_jail_list
  changed_when: false
  check_mode: no
 - name: Create the jails
  when: item.version != "CURRENT"
  command: |-
    poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.version }}
  args:
    creates: "/usr/local/poudriere/jails/{{ item.jail }}"
  loop: "{{ poudriere_builds }}"
 - name: Create the jails
  when: item.version == "CURRENT"
  # -D clones the entire history instead of just the most recent commit
  command: |-
    poudriere jail {{poudriere_perf_flags}} -c -j {{ item.jail }} -v {{ item.branch|default("main") }} -a amd64 -m git -D -U https://git.FreeBSD.org/src.git -K {{ item.kernel|default("GENERIC") }}
  args:
    creates: "/usr/local/poudriere/jails/{{ item.jail }}"
  loop: "{{ poudriere_builds }}"
 # - name: Get current jail version
 #   command: poudriere jail -i -j current
 #   register: current_jail_version
 #   changed_when: false
 #   check_mode: no
 # - name: Set current jail version
 #   command: "poudriere jail -u {{poudriere_perf_flags}} -j current -t {{ freebsd_version }}"
 #   when: freebsd_version[:9] not in current_jail_version.stdout
--- a/ansible/roles/poudriere/tasks/linux.yaml
+++ b/ansible/roles/poudriere/tasks/linux.yaml
@ -0,0 +1,21 @@
 # - name: Build aur packages
 #   register: buildaur
 #   become_user: "{{ build_user.name }}"
 #   command: "aurutils-sync --no-view {{ item }}"
 #   args:
 #     creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
 #   loop:
 #     - foo
 # - name: Update cache
 #   when: buildaur.changed
 #   pacman:
 #     name: []
 #     state: present
 #     update_cache: true
 # - name: Install packages
 #   package:
 #     name:
 #       - foo
 #     state: present
--- a/ansible/roles/poudriere/tasks/main.yaml
+++ b/ansible/roles/poudriere/tasks/main.yaml
@ -0,0 +1,2 @@
 - import_tasks: tasks/common.yaml
  when: poudriere_builds is defined and poudriere_builds
--- a/ansible/roles/poudriere/tasks/peruser.yaml
+++ b/ansible/roles/poudriere/tasks/peruser.yaml
@ -0,0 +1,29 @@
 - include_role:
    name: per_user
 # - name: Create directories
 #   file:
 #     name: "{{ account_homedir.stdout }}/{{ item }}"
 #     state: directory
 #     mode: 0700
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - ".config/foo"
 # - name: Copy files
 #   copy:
 #     src: "files/{{ item.src }}"
 #     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
 #     mode: 0600
 #     owner: "{{ account_name.stdout }}"
 #     group: "{{ group_name.stdout }}"
 #   loop:
 #     - src: foo.conf
 #       dest: .config/foo/foo.conf
 - import_tasks: tasks/peruser_freebsd.yaml
  when: 'os_flavor == "freebsd"'
 - import_tasks: tasks/peruser_linux.yaml
  when: 'os_flavor == "linux"'
--- a/ansible/roles/poudriere/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/poudriere/tasks/peruser_freebsd.yaml
--- a/ansible/roles/poudriere/tasks/peruser_linux.yaml
+++ b/ansible/roles/poudriere/tasks/peruser_linux.yaml
--- a/ansible/roles/poudriere/templates/build_config.j2
+++ b/ansible/roles/poudriere/templates/build_config.j2
@ -0,0 +1,3 @@
 JAIL={{ item.jail }}
 PORTS={{ item.ports }}
 SET={{ item.set }}
--- a/ansible/roles/sway/files/launch_sway_freebsd.bash
+++ b/ansible/roles/sway/files/launch_sway_freebsd.bash
@ -11,6 +11,8 @@ if [[ ! -v XDG_RUNTIME_DIR ]]; then
 fi
 export XDG_CURRENT_DESKTOP=sway
 # Enable wayland support for firefox
 export MOZ_ENABLE_WAYLAND=1
--- a/ansible/roles/sway/files/launch_sway_linux.bash
+++ b/ansible/roles/sway/files/launch_sway_linux.bash
@ -5,4 +5,6 @@ set -euo pipefail
 IFS=$'\n\t'
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 export XDG_CURRENT_DESKTOP=sway
 exec sway -d &> $HOME/.config/swaylog
--- a/ansible/run.bash
+++ b/ansible/run.bash
@ -26,7 +26,8 @@ elif [ "$target" = "jail_nat_dhcp" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit nat_dhcp "${@}"
 elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}"
-    #
+elif [ "$target" = "vm_poudriereodo" ]; then
    ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}"
 else
    die 1 "Unrecognized target"
 fi
		`@ -0,0 +1,2 @@`
							`[vm]`
							`poudriereodo ansible_user=builder ansible_host=10.213.177.12`
		`@ -0,0 +1,2 @@`
							`- import_tasks: tasks/common.yaml`
							`when: poudriere_builds is defined and poudriere_builds`