From 6691cca055280cae328f8e849ba6fd37740c294e Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 27 May 2023 23:10:44 -0400 Subject: [PATCH 01/16] Minimal shell setup for colo server. --- ansible/environments/colo/host_vars/mrmanager | 4 +++ ansible/environments/colo/hosts | 2 ++ ansible/playbook.yaml | 16 +++++++++- ansible/roles/doas/tasks/common.yaml | 10 ------- ansible/roles/doas/tasks/peruser.yaml | 29 ------------------- ansible/roles/doas/tasks/peruser_freebsd.yaml | 0 ansible/roles/doas/tasks/peruser_linux.yaml | 0 ansible/roles/users/defaults/main.yaml | 1 - ansible/run.bash | 2 ++ 9 files changed, 23 insertions(+), 41 deletions(-) create mode 100644 ansible/environments/colo/host_vars/mrmanager create mode 100644 ansible/environments/colo/hosts delete mode 100644 ansible/roles/doas/tasks/peruser.yaml delete mode 100644 ansible/roles/doas/tasks/peruser_freebsd.yaml delete mode 100644 ansible/roles/doas/tasks/peruser_linux.yaml diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager new file mode 100644 index 0000000..6803a66 --- /dev/null +++ b/ansible/environments/colo/host_vars/mrmanager @@ -0,0 +1,4 @@ +os_flavor: "freebsd" +zfs_snapshot_datasets: + - zroot/freebsd/main/be +sshd_enabled: true diff --git a/ansible/environments/colo/hosts b/ansible/environments/colo/hosts new file mode 100644 index 0000000..b34487c --- /dev/null +++ b/ansible/environments/colo/hosts @@ -0,0 +1,2 @@ +[server] +mrmanager ansible_user=root ansible_host=74.80.180.138 diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 4a1e174..37e1c66 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -1,4 +1,4 @@ -- hosts: all:!jail:!vm +- hosts: all:!jail:!vm:!server vars: ansible_become: True roles: @@ -61,3 +61,17 @@ roles: - portshaker - poudriere + +- hosts: mrmanager + vars: + ansible_become: True + roles: + - sudo + - doas + - users + - package_manager + - zfs + - zrepl + - zsh + - network + - sshd diff --git a/ansible/roles/doas/tasks/common.yaml b/ansible/roles/doas/tasks/common.yaml index 9f00756..265f543 100644 --- a/ansible/roles/doas/tasks/common.yaml +++ b/ansible/roles/doas/tasks/common.yaml @@ -9,13 +9,3 @@ - import_tasks: tasks/linux.yaml when: 'os_flavor == "linux"' - -- include_tasks: - file: tasks/peruser.yaml - apply: - become: yes - become_user: "{{ initialize_user }}" - when: users is defined - loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" - loop_control: - loop_var: initialize_user diff --git a/ansible/roles/doas/tasks/peruser.yaml b/ansible/roles/doas/tasks/peruser.yaml deleted file mode 100644 index 111e886..0000000 --- a/ansible/roles/doas/tasks/peruser.yaml +++ /dev/null @@ -1,29 +0,0 @@ -- include_role: - name: per_user - -# - name: Create directories -# file: -# name: "{{ account_homedir.stdout }}/{{ item }}" -# state: directory -# mode: 0700 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - ".config/foo" - -# - name: Copy files -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" -# mode: 0600 -# owner: "{{ account_name.stdout }}" -# group: "{{ group_name.stdout }}" -# loop: -# - src: foo.conf -# dest: .config/foo/foo.conf - -- import_tasks: tasks/peruser_freebsd.yaml - when: 'os_flavor == "freebsd"' - -- import_tasks: tasks/peruser_linux.yaml - when: 'os_flavor == "linux"' diff --git a/ansible/roles/doas/tasks/peruser_freebsd.yaml b/ansible/roles/doas/tasks/peruser_freebsd.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/doas/tasks/peruser_linux.yaml b/ansible/roles/doas/tasks/peruser_linux.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/ansible/roles/users/defaults/main.yaml b/ansible/roles/users/defaults/main.yaml index a4fa82f..8390d5c 100644 --- a/ansible/roles/users/defaults/main.yaml +++ b/ansible/roles/users/defaults/main.yaml @@ -9,4 +9,3 @@ users: - yubikey - main_fido - backup_fido - - homeassistant diff --git a/ansible/run.bash b/ansible/run.bash index 2d7eba8..060eb64 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -28,6 +28,8 @@ elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}" elif [ "$target" = "vm_poudriereodo" ]; then ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}" +elif [ "$target" = "mrmanager" ]; then + ansible-playbook -v -i environments/colo playbook.yaml --diff --limit mrmanager "${@}" else die 1 "Unrecognized target" fi From f15ebfb0f795d7e35f954b681b8c1f5477fc7536 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sat, 27 May 2023 23:11:20 -0400 Subject: [PATCH 02/16] Switch to using talexander user. --- ansible/environments/colo/hosts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/environments/colo/hosts b/ansible/environments/colo/hosts index b34487c..3715639 100644 --- a/ansible/environments/colo/hosts +++ b/ansible/environments/colo/hosts @@ -1,2 +1,2 @@ [server] -mrmanager ansible_user=root ansible_host=74.80.180.138 +mrmanager ansible_user=talexander ansible_host=74.80.180.138 From 081c6946f3df36b3034ef58413365e132b0b2e75 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 13:18:56 -0400 Subject: [PATCH 03/16] Add the base role to mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 2 ++ ansible/playbook.yaml | 1 + ansible/roles/base/files/mrmanager_loader.conf | 1 + ansible/roles/base/files/mrmanager_rc.conf | 8 ++++++++ 4 files changed, 12 insertions(+) create mode 100644 ansible/roles/base/files/mrmanager_loader.conf create mode 100644 ansible/roles/base/files/mrmanager_rc.conf diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 6803a66..ebd9ae4 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -2,3 +2,5 @@ os_flavor: "freebsd" zfs_snapshot_datasets: - zroot/freebsd/main/be sshd_enabled: true +loader_conf: "mrmanager_loader.conf" +rc_conf: "mrmanager_rc.conf" diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 37e1c66..9c109c3 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -75,3 +75,4 @@ - zsh - network - sshd + - base diff --git a/ansible/roles/base/files/mrmanager_loader.conf b/ansible/roles/base/files/mrmanager_loader.conf new file mode 100644 index 0000000..6129b89 --- /dev/null +++ b/ansible/roles/base/files/mrmanager_loader.conf @@ -0,0 +1 @@ +zfs_load="YES" diff --git a/ansible/roles/base/files/mrmanager_rc.conf b/ansible/roles/base/files/mrmanager_rc.conf new file mode 100644 index 0000000..4b36618 --- /dev/null +++ b/ansible/roles/base/files/mrmanager_rc.conf @@ -0,0 +1,8 @@ +hostname="mrmanager" +ifconfig_igb0="inet 74.80.180.138 netmask 255.255.255.248" +ifconfig_igb1="inet 74.80.180.139 netmask 255.255.255.248" +defaultrouter="74.80.180.137" +sshd_enable="YES" +zfs_enable="YES" +wireguard_enable="YES" +wireguard_interfaces="colo" From 37a14759f75bec6656bbf2354cc9eca76bf563ab Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 14:22:49 -0400 Subject: [PATCH 04/16] Switch to a lagg interface. This is to avoid depending on the ethernet cable being plugged into a specific port. --- ansible/environments/colo/host_vars/mrmanager | 2 ++ ansible/roles/base/files/mrmanager_rc.conf | 4 ---- ansible/roles/network/files/mrmanager_network.conf | 5 +++++ ansible/roles/network/files/mrmanager_routing.conf | 1 + ansible/roles/network/tasks/freebsd.yaml | 12 ++++++++++++ 5 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/network/files/mrmanager_network.conf create mode 100644 ansible/roles/network/files/mrmanager_routing.conf diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index ebd9ae4..583ac2e 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -4,3 +4,5 @@ zfs_snapshot_datasets: sshd_enabled: true loader_conf: "mrmanager_loader.conf" rc_conf: "mrmanager_rc.conf" +network_rc: "mrmanager_network.conf" +routing_rc: "mrmanager_routing.conf" diff --git a/ansible/roles/base/files/mrmanager_rc.conf b/ansible/roles/base/files/mrmanager_rc.conf index 4b36618..4002dd7 100644 --- a/ansible/roles/base/files/mrmanager_rc.conf +++ b/ansible/roles/base/files/mrmanager_rc.conf @@ -1,8 +1,4 @@ hostname="mrmanager" -ifconfig_igb0="inet 74.80.180.138 netmask 255.255.255.248" -ifconfig_igb1="inet 74.80.180.139 netmask 255.255.255.248" -defaultrouter="74.80.180.137" -sshd_enable="YES" zfs_enable="YES" wireguard_enable="YES" wireguard_interfaces="colo" diff --git a/ansible/roles/network/files/mrmanager_network.conf b/ansible/roles/network/files/mrmanager_network.conf new file mode 100644 index 0000000..4d2ae08 --- /dev/null +++ b/ansible/roles/network/files/mrmanager_network.conf @@ -0,0 +1,5 @@ +cloned_interfaces="lagg0" +ifconfig_igb0="up" +ifconfig_igb1="up" +ifconfig_lagg0="up laggproto failover laggport igb0 laggport igb1" +ifconfig_lagg0_alias0="inet 74.80.180.138 netmask 255.255.255.248" diff --git a/ansible/roles/network/files/mrmanager_routing.conf b/ansible/roles/network/files/mrmanager_routing.conf new file mode 100644 index 0000000..2544e1e --- /dev/null +++ b/ansible/roles/network/files/mrmanager_routing.conf @@ -0,0 +1 @@ +defaultrouter="74.80.180.137" diff --git a/ansible/roles/network/tasks/freebsd.yaml b/ansible/roles/network/tasks/freebsd.yaml index 49de8b2..b7c0996 100644 --- a/ansible/roles/network/tasks/freebsd.yaml +++ b/ansible/roles/network/tasks/freebsd.yaml @@ -11,6 +11,18 @@ - src: "{{ network_rc }}" dest: /etc/rc.conf.d/network +- name: Install configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + when: routing_rc is defined + loop: + - src: "{{ routing_rc }}" + dest: /etc/rc.conf.d/routing + - name: Install configuration copy: src: "files/{{ item.src }}" From 271428a6f6b702ea830a5a164937ec35dd576658 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 16:01:02 -0400 Subject: [PATCH 05/16] Add firewall to mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 4 ++ ansible/playbook.yaml | 1 + .../roles/firewall/files/mrmanager_pf.conf | 39 +++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 ansible/roles/firewall/files/mrmanager_pf.conf diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 583ac2e..285145c 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -6,3 +6,7 @@ loader_conf: "mrmanager_loader.conf" rc_conf: "mrmanager_rc.conf" network_rc: "mrmanager_network.conf" routing_rc: "mrmanager_routing.conf" +pf_config: "mrmanager_pf.conf" +pflog_conf: + - name: 0 + dev: pflog0 diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 9c109c3..83c4ecd 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -76,3 +76,4 @@ - network - sshd - base + - firewall diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf new file mode 100644 index 0000000..d2d6ceb --- /dev/null +++ b/ansible/roles/firewall/files/mrmanager_pf.conf @@ -0,0 +1,39 @@ +ext_if = "lagg0" +jail_nat_v4 = "{ 10.215.1.0/24 }" +not_jail_nat_v4 = "{ any, !10.215.1.0/24 }" + +dhcp = "{ bootpc, bootps }" +allow = "{ colo }" + +tcp_pass_in = "{ 22 }" +udp_pass_in = "{ 53 51820 51821 51822 }" + +# Rules must be in order: options, normalization, queueing, translation, filtering + +# options +set skip on lo + +# redirections +nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> ($ext_if) +rdr pass on !$ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53 + +# filtering +block log all +pass out on $ext_if + +pass in on jail_nat +# Allow traffic from my machine to the jails/virtual machines +pass out on jail_nat from $jail_nat_v4 + +# We pass on the interfaces listed in allow rather than skipping on +# them because changes to pass rules will update when running a +# `service pf reload` but interfaces that we `skip` will not update (I +# forget if its from adding, removing, or both. TODO: test to figure +# it out). Also skipped interfaces are not subject to nat/rdr rules. +pass quick on $allow + +pass on $ext_if proto icmp all +pass on $ext_if proto icmp6 all + +pass in on $ext_if proto tcp to any port $tcp_pass_in +pass in on $ext_if proto udp to any port $udp_pass_in From 433739d7686ade3f99e1b81eabf850b75285220f Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 16:51:17 -0400 Subject: [PATCH 06/16] Add AMD cpu role for mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 1 + ansible/playbook.yaml | 1 + ansible/roles/cpu/files/amdtemp_loader.conf | 2 ++ ...wer_profile.conf => power_profile_rc.conf} | 0 ansible/roles/cpu/tasks/freebsd_amd.yaml | 29 +++++++++++++++++++ ansible/roles/cpu/tasks/freebsd_intel.yaml | 9 +++--- 6 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 ansible/roles/cpu/files/amdtemp_loader.conf rename ansible/roles/cpu/files/{power_profile.conf => power_profile_rc.conf} (100%) create mode 100644 ansible/roles/cpu/tasks/freebsd_amd.yaml diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 285145c..166bd58 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -10,3 +10,4 @@ pf_config: "mrmanager_pf.conf" pflog_conf: - name: 0 dev: pflog0 +cputype: "amd" diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 83c4ecd..acba8e9 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -77,3 +77,4 @@ - sshd - base - firewall + - cpu diff --git a/ansible/roles/cpu/files/amdtemp_loader.conf b/ansible/roles/cpu/files/amdtemp_loader.conf new file mode 100644 index 0000000..ccafa06 --- /dev/null +++ b/ansible/roles/cpu/files/amdtemp_loader.conf @@ -0,0 +1,2 @@ +# Read CPU temperature on AMD CPUs. +amdtemp_load="YES" diff --git a/ansible/roles/cpu/files/power_profile.conf b/ansible/roles/cpu/files/power_profile_rc.conf similarity index 100% rename from ansible/roles/cpu/files/power_profile.conf rename to ansible/roles/cpu/files/power_profile_rc.conf diff --git a/ansible/roles/cpu/tasks/freebsd_amd.yaml b/ansible/roles/cpu/tasks/freebsd_amd.yaml new file mode 100644 index 0000000..e48a76e --- /dev/null +++ b/ansible/roles/cpu/tasks/freebsd_amd.yaml @@ -0,0 +1,29 @@ +- name: Install loader.conf + copy: + src: "files/{{ item }}_loader.conf" + dest: "/boot/loader.conf.d/{{ item }}.conf" + mode: 0644 + owner: root + group: wheel + loop: + - amdtemp + +- name: Install service configuration + copy: + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" + mode: 0644 + owner: root + group: wheel + loop: + - power_profile + +- name: Install loader.conf + copy: + src: "files/{{ item }}_loader.conf" + dest: "/boot/loader.conf.d/{{ item }}.conf" + mode: 0644 + owner: root + group: wheel + loop: + - aesni diff --git a/ansible/roles/cpu/tasks/freebsd_intel.yaml b/ansible/roles/cpu/tasks/freebsd_intel.yaml index 6f88399..adadda8 100644 --- a/ansible/roles/cpu/tasks/freebsd_intel.yaml +++ b/ansible/roles/cpu/tasks/freebsd_intel.yaml @@ -17,16 +17,15 @@ - cpuctl - aesni -- name: Install Configuration +- name: Install service configuration copy: - src: "files/{{ item.src }}" - dest: "{{ item.dest }}" + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" mode: 0644 owner: root group: wheel loop: - - src: power_profile.conf - dest: /etc/rc.conf.d/power_profile + - power_profile - name: Install packages when: hwpstate is defined and not hwpstate From e1d56d28a89a9df3c7f55bf02e035a5344b98c39 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 17:30:41 -0400 Subject: [PATCH 07/16] Add the ntp, nvme, hosts, and build roles. --- ansible/environments/colo/host_vars/mrmanager | 1 + ansible/playbook.yaml | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 166bd58..51af022 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -11,3 +11,4 @@ pflog_conf: - name: 0 dev: pflog0 cputype: "amd" +etc_hosts: {} diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index acba8e9..b67b105 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -78,3 +78,7 @@ - base - firewall - cpu + - ntp + - nvme + - hosts + - build From d2e456c59fa9f34fda888b1bd8066c7790a7d429 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 17:44:14 -0400 Subject: [PATCH 08/16] Add devfs, jail, bhyve, and wireguard for mrmanager. --- ansible/playbook.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index b67b105..7bcfd7d 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -82,3 +82,7 @@ - nvme - hosts - build + - devfs + - jail + - bhyve + - wireguard From 37f8749b3cb0881d48d936929303140691423d47 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 17:51:09 -0400 Subject: [PATCH 09/16] Add wireguard configs for mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 3 +++ ansible/roles/base/files/mrmanager_rc.conf | 2 -- .../files/wireguard_configs/mrmanager/colo.conf | Bin 0 -> 330 bytes 3 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ansible/roles/wireguard/files/wireguard_configs/mrmanager/colo.conf diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 51af022..aeef3a6 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -12,3 +12,6 @@ pflog_conf: dev: pflog0 cputype: "amd" etc_hosts: {} +wireguard_directory: mrmanager +enabled_wireguard: + - colo diff --git a/ansible/roles/base/files/mrmanager_rc.conf b/ansible/roles/base/files/mrmanager_rc.conf index 4002dd7..c6216ad 100644 --- a/ansible/roles/base/files/mrmanager_rc.conf +++ b/ansible/roles/base/files/mrmanager_rc.conf @@ -1,4 +1,2 @@ hostname="mrmanager" zfs_enable="YES" -wireguard_enable="YES" -wireguard_interfaces="colo" diff --git a/ansible/roles/wireguard/files/wireguard_configs/mrmanager/colo.conf b/ansible/roles/wireguard/files/wireguard_configs/mrmanager/colo.conf new file mode 100644 index 0000000000000000000000000000000000000000..8ada5a688443a3f6ea788698fb5c44b77fcf0d49 GIT binary patch literal 330 zcmV-Q0k!@BM@dveQdv+`0QsuIY7g96n7{QWt%sa8u8Z}41Ior(Te?j;cOkM={;wr+#X6a4y(tWK<=3IS>qLAGumpPLjo^7)oC;8-^<)^#sU+e#Sm(xiWGR-y;VFl#hz zxWd(*z9GR<>&uq=#;Koy|}AHYkRvpjyggptb4ZgL>5W zq>p&dMt!8Ee0P)L-?gMOVtgK(mE#!uq8n+NwIE_xGM4`&5+0abuNQqEYkR4 czfZ@fsO*%PDwvcv-JgT~3osTB3HFCS=PhxqaR2}S literal 0 HcmV?d00001 From e49d008d57a108f090bc1644899bd61c90df21dd Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 22:36:31 -0400 Subject: [PATCH 10/16] Set up the nat_dhcp jail for mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 13 +++++++++++++ ansible/environments/colo/hosts | 2 +- ansible/environments/jail/hosts | 1 + ansible/playbook.yaml | 2 +- ansible/roles/devfs/files/mrmanager_devfs.rules | 5 +++++ ansible/roles/firewall/files/mrmanager_pf.conf | 6 ++++-- ansible/roles/network/files/mrmanager_routing.conf | 2 ++ ansible/run.bash | 2 ++ 8 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/devfs/files/mrmanager_devfs.rules diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index aeef3a6..80f9617 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -15,3 +15,16 @@ etc_hosts: {} wireguard_directory: mrmanager enabled_wireguard: - colo +jail_zfs_dataset: zdata/jail +jail_zfs_dataset_mountpoint: /jail/main +jail_canmount: "on" +jail_list: + - name: nat_dhcp + enabled: true + conf: + src: nat_dhcp +# bhyve_dataset: zroot/freebsd/release/vm +# bhyve_list: [] +# bhyve_canmount: "on" +# efi_dev: /dev/gpt/EFI +devfs_rules: "mrmanager_devfs.rules" diff --git a/ansible/environments/colo/hosts b/ansible/environments/colo/hosts index 3715639..67310e4 100644 --- a/ansible/environments/colo/hosts +++ b/ansible/environments/colo/hosts @@ -1,2 +1,2 @@ [server] -mrmanager ansible_user=talexander ansible_host=74.80.180.138 +mrmanager ansible_user=talexander ansible_host=10.217.2.1 diff --git a/ansible/environments/jail/hosts b/ansible/environments/jail/hosts index 8e6ff96..065fb4c 100644 --- a/ansible/environments/jail/hosts +++ b/ansible/environments/jail/hosts @@ -1,4 +1,5 @@ [jail] nat_dhcp ansible_connection=jail homeserver_nat_dhcp ansible_ssh_host=nat_dhcp@172.16.16.2 ansible_connection=sshjail +mrmanager_nat_dhcp ansible_ssh_host=nat_dhcp@10.217.2.1 ansible_connection=sshjail nat_dhcp@172.16.16.2 ansible_connection=sshjail diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 7bcfd7d..aadd389 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -49,7 +49,7 @@ - docker - vscode -- hosts: nat_dhcp:homeserver_nat_dhcp +- hosts: nat_dhcp:homeserver_nat_dhcp:mrmanager_nat_dhcp vars: ansible_become: True roles: diff --git a/ansible/roles/devfs/files/mrmanager_devfs.rules b/ansible/roles/devfs/files/mrmanager_devfs.rules new file mode 100644 index 0000000..adeaa53 --- /dev/null +++ b/ansible/roles/devfs/files/mrmanager_devfs.rules @@ -0,0 +1,5 @@ +[tajaildhcp=14] +add include $devfsrules_hide_all +add include $devfsrules_unhide_basic +add include $devfsrules_unhide_login +add path 'bpf*' unhide diff --git a/ansible/roles/firewall/files/mrmanager_pf.conf b/ansible/roles/firewall/files/mrmanager_pf.conf index d2d6ceb..c8a9680 100644 --- a/ansible/roles/firewall/files/mrmanager_pf.conf +++ b/ansible/roles/firewall/files/mrmanager_pf.conf @@ -1,4 +1,5 @@ ext_if = "lagg0" +not_ext_if = "{ !lagg0 }" jail_nat_v4 = "{ 10.215.1.0/24 }" not_jail_nat_v4 = "{ any, !10.215.1.0/24 }" @@ -14,8 +15,9 @@ udp_pass_in = "{ 53 51820 51821 51822 }" set skip on lo # redirections -nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> ($ext_if) -rdr pass on !$ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53 +nat pass on lagg0 inet from $jail_nat_v4 to $not_jail_nat_v4 -> (lagg0) +nat pass on $not_ext_if inet from $jail_nat_v4 to 10.215.1.1 port 53 -> ($ext_if) +rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 1.1.1.1 port 53 # filtering block log all diff --git a/ansible/roles/network/files/mrmanager_routing.conf b/ansible/roles/network/files/mrmanager_routing.conf index 2544e1e..45a1d23 100644 --- a/ansible/roles/network/files/mrmanager_routing.conf +++ b/ansible/roles/network/files/mrmanager_routing.conf @@ -1 +1,3 @@ defaultrouter="74.80.180.137" +gateway_enable="YES" +ipv6_gateway_enable="YES" diff --git a/ansible/run.bash b/ansible/run.bash index 060eb64..e7f43a9 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -30,6 +30,8 @@ elif [ "$target" = "vm_poudriereodo" ]; then ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}" elif [ "$target" = "mrmanager" ]; then ansible-playbook -v -i environments/colo playbook.yaml --diff --limit mrmanager "${@}" +elif [ "$target" = "jail_mrmanager_nat_dhcp" ]; then + ansible-playbook -v -i environments/jail playbook.yaml --diff --limit mrmanager_nat_dhcp "${@}" else die 1 "Unrecognized target" fi From 354c6b84ab20253c530fb2b57cc86e899f46a1c5 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Sun, 28 May 2023 23:09:36 -0400 Subject: [PATCH 11/16] Set up bhyve for mrmanager. --- ansible/environments/colo/host_vars/mrmanager | 5 ++--- .../jail/host_vars/mrmanager_nat_dhcp | 1 + .../roles/bhyve/files/bhyve_netgraph_bridge.bash | 6 ++++++ ansible/roles/bhyve/tasks/freebsd.yaml | 15 --------------- ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf | 5 +++++ 5 files changed, 14 insertions(+), 18 deletions(-) create mode 100644 ansible/environments/jail/host_vars/mrmanager_nat_dhcp diff --git a/ansible/environments/colo/host_vars/mrmanager b/ansible/environments/colo/host_vars/mrmanager index 80f9617..ed468c3 100644 --- a/ansible/environments/colo/host_vars/mrmanager +++ b/ansible/environments/colo/host_vars/mrmanager @@ -23,8 +23,7 @@ jail_list: enabled: true conf: src: nat_dhcp -# bhyve_dataset: zroot/freebsd/release/vm -# bhyve_list: [] -# bhyve_canmount: "on" +bhyve_dataset: zdata/vm +bhyve_canmount: "on" # efi_dev: /dev/gpt/EFI devfs_rules: "mrmanager_devfs.rules" diff --git a/ansible/environments/jail/host_vars/mrmanager_nat_dhcp b/ansible/environments/jail/host_vars/mrmanager_nat_dhcp new file mode 100644 index 0000000..1d0b6d9 --- /dev/null +++ b/ansible/environments/jail/host_vars/mrmanager_nat_dhcp @@ -0,0 +1 @@ +os_flavor: "freebsd" diff --git a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash index e6985cd..fdf8013 100644 --- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash +++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash @@ -15,6 +15,12 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # Enable Sound # bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp" +# Example usage: +# +# doas bhyve_netgraph_bridge create-disk zdata/vm/poudriere /vm/poudriere 10 +# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere jail_nat 10.215.1.1/24 /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso +# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere jail_nat 10.215.1.1/24 + function main { if [ "$1" = "create-disk" ]; then shift 1 diff --git a/ansible/roles/bhyve/tasks/freebsd.yaml b/ansible/roles/bhyve/tasks/freebsd.yaml index 96ba2ba..363475c 100644 --- a/ansible/roles/bhyve/tasks/freebsd.yaml +++ b/ansible/roles/bhyve/tasks/freebsd.yaml @@ -31,18 +31,3 @@ mountpoint: "{{ bhyve_mountpoint }}" canmount: "{{ bhyve_canmount|default('noauto') }}" "ta:bemount": "{{ bhyve_bemount|default('on') }}" - -- name: Enable bhyve - community.general.sysrc: - name: "{{ item.name }}" - value: "{{ item.value }}" - path: /etc/rc.conf.d/vm - loop: - - name: vm_enable - value: "YES" - - name: vm_dir - value: "zfs:{{ bhyve_dataset }}" - - name: vm_list - value: "{{ bhyve_list|community.general.json_query('[?enabled==`true`].name')|join(' ') }}" - - name: vm_delay - value: "5" diff --git a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf index d39ed58..5706e53 100644 --- a/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf +++ b/ansible/roles/jail_nat_dhcp/files/kea-dhcp4.conf @@ -23,6 +23,11 @@ // unifi controller "hw-address": "06:40:9f:d7:be:a6", "ip-address": "10.215.1.202" + }, + { + // poudriere + "hw-address": "06:8f:24:d6:21:24", + "ip-address": "10.215.1.203" } ] } From ab0ab17201653c675f479ad0470e36ffa302b4a2 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 May 2023 00:13:57 -0400 Subject: [PATCH 12/16] Set up poudriere on mrmanager. --- .../vm/host_vars/poudrieremrmanager | 13 ++ ansible/environments/vm/hosts | 7 + ansible/playbook.yaml | 4 +- ansible/roles/base/meta/main.yaml | 2 + ansible/roles/base/tasks/freebsd.yaml | 31 ----- ansible/roles/fstab/tasks/common.yaml | 15 ++ ansible/roles/fstab/tasks/freebsd.yaml | 31 +++++ ansible/roles/fstab/tasks/linux.yaml | 29 ++++ ansible/roles/fstab/tasks/main.yaml | 2 + ansible/roles/fstab/tasks/peruser.yaml | 29 ++++ .../roles/fstab/tasks/peruser_freebsd.yaml | 0 ansible/roles/fstab/tasks/peruser_linux.yaml | 0 .../roles/portshaker/files/portshaker.conf | 3 +- ansible/roles/poudriere/files/poudriere.conf | 7 +- .../13amd64-default-framework-make.conf | 6 +- .../13amd64-default-framework-pkglist | 131 ++++++++++++++++++ ansible/roles/poudriere/tasks/freebsd.yaml | 20 +-- ansible/run.bash | 2 + 18 files changed, 282 insertions(+), 50 deletions(-) create mode 100644 ansible/environments/vm/host_vars/poudrieremrmanager create mode 100644 ansible/roles/base/meta/main.yaml create mode 100644 ansible/roles/fstab/tasks/common.yaml create mode 100644 ansible/roles/fstab/tasks/freebsd.yaml create mode 100644 ansible/roles/fstab/tasks/linux.yaml create mode 100644 ansible/roles/fstab/tasks/main.yaml create mode 100644 ansible/roles/fstab/tasks/peruser.yaml create mode 100644 ansible/roles/fstab/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/fstab/tasks/peruser_linux.yaml create mode 100644 ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist diff --git a/ansible/environments/vm/host_vars/poudrieremrmanager b/ansible/environments/vm/host_vars/poudrieremrmanager new file mode 100644 index 0000000..348014b --- /dev/null +++ b/ansible/environments/vm/host_vars/poudrieremrmanager @@ -0,0 +1,13 @@ +os_flavor: "freebsd" +poudriere_builds: + - jail: 13amd64 + ports: default + set: framework + version: 13.2-RELEASE + # - jail: current + # ports: default + # set: framework + # version: CURRENT + # revision: af01b4722577903f91acc44f01bdcb8cdb2d65ad + # kernel: CUSTOM + # branch: main diff --git a/ansible/environments/vm/hosts b/ansible/environments/vm/hosts index 33382d9..afaa022 100644 --- a/ansible/environments/vm/hosts +++ b/ansible/environments/vm/hosts @@ -1,2 +1,9 @@ [vm] poudriereodo ansible_user=builder ansible_host=10.213.177.12 +poudrieremrmanager ansible_user=root ansible_host=poudriere +# +# Put in ~/.ssh/config +# Host poudriere +# ProxyJump talexander@mrmanager +# HostName 10.215.1.203 +# diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index aadd389..02756c0 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -55,10 +55,12 @@ roles: - jail_nat_dhcp -- hosts: poudriereodo +- hosts: poudriereodo:poudrieremrmanager vars: ansible_become: True roles: + - sudo # for poudboot script + - fstab - portshaker - poudriere diff --git a/ansible/roles/base/meta/main.yaml b/ansible/roles/base/meta/main.yaml new file mode 100644 index 0000000..44e74e2 --- /dev/null +++ b/ansible/roles/base/meta/main.yaml @@ -0,0 +1,2 @@ +dependencies: + - fstab diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index 5edd441..c0a464e 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -84,37 +84,6 @@ state: absent when: rc_conf is not defined -- name: Add fstab entries - mount: - name: "{{ item.dst }}" - src: "{{ item.src }}" - fstype: "{{ item.fstype }}" - opts: "{{ item.opts }}" - state: present - loop: - - dst: /tmp - src: tmpfs - fstype: tmpfs - opts: rw,mode=777 - - dst: /var/run - src: tmpfs - fstype: tmpfs - opts: rw,mode=755 - -- name: Add fstab entries - when: efi_dev is defined - mount: - name: "{{ item.dst }}" - src: "{{ item.src }}" - fstype: "{{ item.fstype }}" - opts: "{{ item.opts }}" - state: present - loop: - - dst: /boot/efi - src: "{{ efi_dev }}" - fstype: msdosfs - opts: rw - - name: Install scripts copy: src: "files/{{ item.src }}" diff --git a/ansible/roles/fstab/tasks/common.yaml b/ansible/roles/fstab/tasks/common.yaml new file mode 100644 index 0000000..fef1101 --- /dev/null +++ b/ansible/roles/fstab/tasks/common.yaml @@ -0,0 +1,15 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/fstab/tasks/freebsd.yaml b/ansible/roles/fstab/tasks/freebsd.yaml new file mode 100644 index 0000000..9b5cc70 --- /dev/null +++ b/ansible/roles/fstab/tasks/freebsd.yaml @@ -0,0 +1,31 @@ +- name: Add fstab entries + mount: + name: "{{ item.dst }}" + src: "{{ item.src }}" + fstype: "{{ item.fstype }}" + opts: "{{ item.opts }}" + state: present + loop: + - dst: /tmp + src: tmpfs + fstype: tmpfs + opts: rw,mode=777 + - dst: /var/run + src: tmpfs + fstype: tmpfs + opts: rw,mode=755 + +- name: Add fstab entries + when: efi_dev is defined + mount: + name: "{{ item.dst }}" + src: "{{ item.src }}" + fstype: "{{ item.fstype }}" + opts: "{{ item.opts }}" + state: present + loop: + - dst: /boot/efi + src: "{{ efi_dev }}" + fstype: msdosfs + opts: rw + diff --git a/ansible/roles/fstab/tasks/linux.yaml b/ansible/roles/fstab/tasks/linux.yaml new file mode 100644 index 0000000..43ba876 --- /dev/null +++ b/ansible/roles/fstab/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/fstab/tasks/main.yaml b/ansible/roles/fstab/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/fstab/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/roles/fstab/tasks/peruser.yaml b/ansible/roles/fstab/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/fstab/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/fstab/tasks/peruser_freebsd.yaml b/ansible/roles/fstab/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/fstab/tasks/peruser_linux.yaml b/ansible/roles/fstab/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/portshaker/files/portshaker.conf b/ansible/roles/portshaker/files/portshaker.conf index 0f92d26..7b7f1b8 100644 --- a/ansible/roles/portshaker/files/portshaker.conf +++ b/ansible/roles/portshaker/files/portshaker.conf @@ -5,4 +5,5 @@ mirror_base_dir="/var/cache/portshaker" ports_trees="main" main_ports_tree="/usr/local/portshaker/trees/main" -main_merge_from="freebsd myrepo" +# main_merge_from="freebsd myrepo" +main_merge_from="freebsd" diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf index 8b0e368..885ac70 100644 --- a/ansible/roles/poudriere/files/poudriere.conf +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -10,15 +10,16 @@ # poudriere. # #ZPOOL=zroot -ZPOOL=zroot +# ZPOOL=zroot ### NO ZFS # To not use ZFS, define NO_ZFS=yes #NO_ZFS=yes +NO_ZFS=yes # root of the poudriere zfs filesystem, by default /poudriere # ZROOTFS=/poudriere -ZROOTFS=/poudriere +# ZROOTFS=/poudriere # the host where to download sets for the jails setup # You can specify here a host or an IP @@ -196,7 +197,7 @@ PARALLEL_JOBS=1 # If set, failed builds will save the WRKDIR to ${POUDRIERE_DATA}/wrkdirs # SAVE_WRKDIR=yes -# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz +# Choose the default format for the workdir packing: could be tar,tgz,tbz,txz,tzst # default is tbz # WRKDIR_ARCHIVE_FORMAT=tbz WRKDIR_ARCHIVE_FORMAT=txz diff --git a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf index 38a4330..770e0ce 100644 --- a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf +++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-make.conf @@ -6,10 +6,8 @@ # # Example from bottom of /usr/share/examples/etc/make.conf .if ${.CURDIR:N*/lang/gcc48*} && ${.CURDIR:N*/lang/gcc10*} && ${.CURDIR:N*/textproc/ripgrep*} && ${.CURDIR:N*/www/firefox*} -# Disabling tigerlake optimizations because qemu's TCG does not support avx512 -# -#CPUTYPE?=tigerlake -CPUTYPE?=x86-64-v3 +CPUTYPE?=tigerlake +#CPUTYPE?=x86-64-v3 .endif OPTIMIZED_CFLAGS=YES BUILD_OPTIMIZED=YES diff --git a/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist new file mode 100644 index 0000000..78ee554 --- /dev/null +++ b/ansible/roles/poudriere/files/poudriere.d/13amd64-default-framework-pkglist @@ -0,0 +1,131 @@ +archivers/unrar +archivers/unzip +archivers/zip +audio/mixertui +databases/sqlite3 +deskutils/xdg-desktop-portal +devel/git +devel/gmake +devel/hs-ShellCheck +devel/libccid +devel/libnotify +devel/py-black +devel/py-isort +devel/py-jmespath +devel/py-ptvsd +devel/py-yamllint +devel/pyenv +dns/coredns +editors/emacs +editors/mg +ftp/wget +graphics/drm-kmod +graphics/evince +graphics/gimp +graphics/graphviz +graphics/igt-gpu-tools +graphics/imv +graphics/inkscape +graphics/qt5-wayland +graphics/vulkan-loader +graphics/vulkan-tools +graphics/vulkan-validation-layers +lang/python +lang/rust-nightly +math/gnuplot +multimedia/libva-intel-driver +multimedia/libva-intel-media-driver +multimedia/libva-utils +multimedia/libvdpau-va-gl +multimedia/mpv +multimedia/pwcview +multimedia/v4l_compat +multimedia/v4l-utils +multimedia/vdpauinfo +multimedia/webcamd +multimedia/wf-recorder +net-mgmt/arpscan +net-mgmt/ipcalc +net/google-cloud-sdk +net/rsync +net/tcpdump +net/wireguard +net/wlvncc +ports-mgmt/pkg +ports-mgmt/pkg-provides +ports-mgmt/portshaker +ports-mgmt/poudriere +print/texlive-full +security/doas +security/git-crypt +security/gnupg +security/libfido2 +security/openvpn +security/pcsc-tools +security/pinentry +security/pinentry-qt5 +security/sops +security/sudo +security/u2f-devd +shells/bash +shells/zsh +sysutils/ansible +sysutils/ansible-sshjail +sysutils/bhyve-firmware +sysutils/btop +sysutils/ddrescue +sysutils/dsbmd +sysutils/exfat-utils +sysutils/flock +sysutils/fusefs-exfat +sysutils/fusefs-simple-mtpfs +sysutils/fusefs-sshfs +sysutils/helm +sysutils/htop +sysutils/kubectl +sysutils/lscpu +sysutils/lsof +sysutils/moreutils +sysutils/ncdu +sysutils/nvme-cli +sysutils/powermon +sysutils/pstree +sysutils/pv +sysutils/rust-coreutils +sysutils/tmux +sysutils/tree +sysutils/zrepl +textproc/aspell +textproc/colordiff +textproc/en-aspell +textproc/gsed +textproc/jq +textproc/kdiff3 +textproc/py-pygments +textproc/ripgrep +www/firefox +x11-fm/pcmanfm +x11-fonts/cascadia-code +x11-fonts/noto +x11-fonts/noto-emoji +x11-fonts/noto-extra +x11-fonts/source-sans-ttf +x11-fonts/sourcecodepro-ttf +x11-wm/sway +x11/alacritty +x11/grim +x11/kanshi +x11/mako +x11/slurp +x11/swaybg +x11/swayidle +x11/swaylock +x11/waybar +x11/wev +x11/wlogout +x11/wofi +x11/wtype +x11/xauth +x11/xdg-desktop-portal-wlr +x11/xeyes +x11/xhost diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml index 5675cc0..2a83c36 100644 --- a/ansible/roles/poudriere/tasks/freebsd.yaml +++ b/ansible/roles/poudriere/tasks/freebsd.yaml @@ -37,7 +37,7 @@ owner: root group: wheel loop: - # - /usr/ports/distfiles + - /usr/ports/distfiles - /opt/poudriere/build_configs - /usr/local/poudriere/data/logs/bulk @@ -56,15 +56,15 @@ # - src: poudriere_deploy_ed25519 # dest: /usr/local/etc/poudriere.d/poudriere_deploy_ed25519 -# - name: Install Configuration directory -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ item.dest }}" -# owner: root -# group: wheel -# loop: -# - src: poudriere.d -# dest: /usr/local/etc/ +- name: Install Configuration directory + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + owner: root + group: wheel + loop: + - src: poudriere.d + dest: /usr/local/etc/ - name: Install scripts copy: diff --git a/ansible/run.bash b/ansible/run.bash index e7f43a9..0a80592 100755 --- a/ansible/run.bash +++ b/ansible/run.bash @@ -28,6 +28,8 @@ elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}" elif [ "$target" = "vm_poudriereodo" ]; then ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}" +elif [ "$target" = "vm_poudrieremrmanager" ]; then + ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudrieremrmanager "${@}" elif [ "$target" = "mrmanager" ]; then ansible-playbook -v -i environments/colo playbook.yaml --diff --limit mrmanager "${@}" elif [ "$target" = "jail_mrmanager_nat_dhcp" ]; then From b30182060f3e4e36cdecfd2ded0626826bba4d8e Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 May 2023 13:14:53 -0400 Subject: [PATCH 13/16] Set up nginx for poudriere. --- ansible/playbook.yaml | 1 + ansible/roles/poudriere/files/poudriere.conf | 2 +- .../poudrierenginx/files/headers.include | 12 +++++ .../roles/poudrierenginx/files/newsyslog.conf | 2 + ansible/roles/poudrierenginx/files/nginx.conf | 34 ++++++++++++ ansible/roles/poudrierenginx/files/rc.conf | 1 + .../roles/poudrierenginx/tasks/common.yaml | 15 ++++++ .../roles/poudrierenginx/tasks/freebsd.yaml | 53 +++++++++++++++++++ ansible/roles/poudrierenginx/tasks/linux.yaml | 29 ++++++++++ ansible/roles/poudrierenginx/tasks/main.yaml | 2 + .../roles/poudrierenginx/tasks/peruser.yaml | 29 ++++++++++ .../poudrierenginx/tasks/peruser_freebsd.yaml | 0 .../poudrierenginx/tasks/peruser_linux.yaml | 0 13 files changed, 179 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/poudrierenginx/files/headers.include create mode 100644 ansible/roles/poudrierenginx/files/newsyslog.conf create mode 100644 ansible/roles/poudrierenginx/files/nginx.conf create mode 100644 ansible/roles/poudrierenginx/files/rc.conf create mode 100644 ansible/roles/poudrierenginx/tasks/common.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/freebsd.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/linux.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/main.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/peruser.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/poudrierenginx/tasks/peruser_linux.yaml diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 02756c0..74c3694 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -63,6 +63,7 @@ - fstab - portshaker - poudriere + - poudrierenginx - hosts: mrmanager vars: diff --git a/ansible/roles/poudriere/files/poudriere.conf b/ansible/roles/poudriere/files/poudriere.conf index 885ac70..9d3f4bb 100644 --- a/ansible/roles/poudriere/files/poudriere.conf +++ b/ansible/roles/poudriere/files/poudriere.conf @@ -74,7 +74,7 @@ USE_TMPFS=all # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) #TMPFS_LIMIT=8 -TMPFS_LIMIT=16 +TMPFS_LIMIT=32 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) diff --git a/ansible/roles/poudrierenginx/files/headers.include b/ansible/roles/poudrierenginx/files/headers.include new file mode 100644 index 0000000..ffb49b9 --- /dev/null +++ b/ansible/roles/poudrierenginx/files/headers.include @@ -0,0 +1,12 @@ +# Enable HTTP Strict Transport Security (HSTS) to force clients to +# always connect via HTTPS (do not use if only testing) +add_header Strict-Transport-Security "max-age=31536000;" always; +# Enable cross-site filter (XSS) and tell browser to block detected +# attacks +add_header X-XSS-Protection "1; mode=block" always; +# Prevent some browsers from MIME-sniffing a response away from the +# declared Content-Type +add_header X-Content-Type-Options "nosniff" always; +# Disallow the site to be rendered within a frame (clickjacking +# protection) +add_header X-Frame-Options "DENY" always; diff --git a/ansible/roles/poudrierenginx/files/newsyslog.conf b/ansible/roles/poudrierenginx/files/newsyslog.conf new file mode 100644 index 0000000..78a612b --- /dev/null +++ b/ansible/roles/poudrierenginx/files/newsyslog.conf @@ -0,0 +1,2 @@ +# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num] +/var/log/nginx/*.log 640 5 1000 @T00 GYC /var/run/nginx.pid SIGUSR1 diff --git a/ansible/roles/poudrierenginx/files/nginx.conf b/ansible/roles/poudrierenginx/files/nginx.conf new file mode 100644 index 0000000..68d7568 --- /dev/null +++ b/ansible/roles/poudrierenginx/files/nginx.conf @@ -0,0 +1,34 @@ +worker_processes auto; +user www www; + +events { + worker_connections 1024; +} + +http { + include mime.types; + default_type application/octet-stream; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + gzip on; + + include conf.d/headers.include; + + server { + listen 8080 default; + listen [::]:8080; + server_name freebsdpkg.fizz.buzz; + + location / { + root /usr/local/share/poudriere/html; + index index.html index.htm; + } + + location /data { + alias /usr/local/poudriere/data/logs/bulk; + autoindex on; + } + } +} diff --git a/ansible/roles/poudrierenginx/files/rc.conf b/ansible/roles/poudrierenginx/files/rc.conf new file mode 100644 index 0000000..c104d8b --- /dev/null +++ b/ansible/roles/poudrierenginx/files/rc.conf @@ -0,0 +1 @@ +nginx_enable="YES" diff --git a/ansible/roles/poudrierenginx/tasks/common.yaml b/ansible/roles/poudrierenginx/tasks/common.yaml new file mode 100644 index 0000000..fef1101 --- /dev/null +++ b/ansible/roles/poudrierenginx/tasks/common.yaml @@ -0,0 +1,15 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/poudrierenginx/tasks/freebsd.yaml b/ansible/roles/poudrierenginx/tasks/freebsd.yaml new file mode 100644 index 0000000..3be9ee3 --- /dev/null +++ b/ansible/roles/poudrierenginx/tasks/freebsd.yaml @@ -0,0 +1,53 @@ +- name: Create www group + group: + name: www + +- name: Create www user + user: + name: www + home: /srv/http + createhome: false + group: www + +- name: Install packages + package: + name: + - nginx + state: present + +- name: Create root directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /srv + - /usr/local/etc/nginx/conf.d + +# validate fails because nginx config relies on a local mime.types +- name: Install Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + loop: + - src: rc.conf + dest: /etc/rc.conf.d/nginx + - src: nginx.conf + dest: /usr/local/etc/nginx/nginx.conf + - src: headers.include + dest: /usr/local/etc/nginx/conf.d/headers.include +# - name: Install newsyslog configuration +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ item.dest }}" +# mode: 0600 +# owner: root +# group: wheel +# loop: +# - src: newsyslog.conf +# dest: /usr/local/etc/newsyslog.conf.d/nginx.conf diff --git a/ansible/roles/poudrierenginx/tasks/linux.yaml b/ansible/roles/poudrierenginx/tasks/linux.yaml new file mode 100644 index 0000000..43ba876 --- /dev/null +++ b/ansible/roles/poudrierenginx/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/poudrierenginx/tasks/main.yaml b/ansible/roles/poudrierenginx/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/poudrierenginx/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/roles/poudrierenginx/tasks/peruser.yaml b/ansible/roles/poudrierenginx/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/poudrierenginx/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/poudrierenginx/tasks/peruser_freebsd.yaml b/ansible/roles/poudrierenginx/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/poudrierenginx/tasks/peruser_linux.yaml b/ansible/roles/poudrierenginx/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 From 11079ff52477f39dd37eedacf97618a0bd1821e0 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 May 2023 15:37:51 -0400 Subject: [PATCH 14/16] Set up log rotation for nginx in the poudriere vm. --- ansible/roles/poudrierenginx/meta/main.yaml | 2 ++ .../roles/poudrierenginx/tasks/freebsd.yaml | 21 +++++++------- ansible/roles/syslog/files/syslogd_rc.conf | 5 ++++ ansible/roles/syslog/tasks/common.yaml | 15 ++++++++++ ansible/roles/syslog/tasks/freebsd.yaml | 19 ++++++++++++ ansible/roles/syslog/tasks/linux.yaml | 29 +++++++++++++++++++ ansible/roles/syslog/tasks/main.yaml | 2 ++ ansible/roles/syslog/tasks/peruser.yaml | 29 +++++++++++++++++++ .../roles/syslog/tasks/peruser_freebsd.yaml | 0 ansible/roles/syslog/tasks/peruser_linux.yaml | 0 10 files changed, 112 insertions(+), 10 deletions(-) create mode 100644 ansible/roles/poudrierenginx/meta/main.yaml create mode 100644 ansible/roles/syslog/files/syslogd_rc.conf create mode 100644 ansible/roles/syslog/tasks/common.yaml create mode 100644 ansible/roles/syslog/tasks/freebsd.yaml create mode 100644 ansible/roles/syslog/tasks/linux.yaml create mode 100644 ansible/roles/syslog/tasks/main.yaml create mode 100644 ansible/roles/syslog/tasks/peruser.yaml create mode 100644 ansible/roles/syslog/tasks/peruser_freebsd.yaml create mode 100644 ansible/roles/syslog/tasks/peruser_linux.yaml diff --git a/ansible/roles/poudrierenginx/meta/main.yaml b/ansible/roles/poudrierenginx/meta/main.yaml new file mode 100644 index 0000000..ecea872 --- /dev/null +++ b/ansible/roles/poudrierenginx/meta/main.yaml @@ -0,0 +1,2 @@ +dependencies: + - syslog diff --git a/ansible/roles/poudrierenginx/tasks/freebsd.yaml b/ansible/roles/poudrierenginx/tasks/freebsd.yaml index 3be9ee3..4777d27 100644 --- a/ansible/roles/poudrierenginx/tasks/freebsd.yaml +++ b/ansible/roles/poudrierenginx/tasks/freebsd.yaml @@ -41,13 +41,14 @@ dest: /usr/local/etc/nginx/nginx.conf - src: headers.include dest: /usr/local/etc/nginx/conf.d/headers.include -# - name: Install newsyslog configuration -# copy: -# src: "files/{{ item.src }}" -# dest: "{{ item.dest }}" -# mode: 0600 -# owner: root -# group: wheel -# loop: -# - src: newsyslog.conf -# dest: /usr/local/etc/newsyslog.conf.d/nginx.conf + +- name: Install newsyslog configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0600 + owner: root + group: wheel + loop: + - src: newsyslog.conf + dest: /usr/local/etc/newsyslog.conf.d/nginx.conf diff --git a/ansible/roles/syslog/files/syslogd_rc.conf b/ansible/roles/syslog/files/syslogd_rc.conf new file mode 100644 index 0000000..7376416 --- /dev/null +++ b/ansible/roles/syslog/files/syslogd_rc.conf @@ -0,0 +1,5 @@ +# One -s disables connections from remote machines, two disables +# network entirely which blocks logging to remote machines + +syslogd_enable="YES" +syslogd_flags="-ss -v -v" diff --git a/ansible/roles/syslog/tasks/common.yaml b/ansible/roles/syslog/tasks/common.yaml new file mode 100644 index 0000000..fef1101 --- /dev/null +++ b/ansible/roles/syslog/tasks/common.yaml @@ -0,0 +1,15 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + when: users is defined + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/syslog/tasks/freebsd.yaml b/ansible/roles/syslog/tasks/freebsd.yaml new file mode 100644 index 0000000..4c83ffc --- /dev/null +++ b/ansible/roles/syslog/tasks/freebsd.yaml @@ -0,0 +1,19 @@ +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /usr/local/etc/newsyslog.conf.d + +- name: Install service configuration + copy: + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" + mode: 0644 + owner: root + group: wheel + loop: + - syslogd diff --git a/ansible/roles/syslog/tasks/linux.yaml b/ansible/roles/syslog/tasks/linux.yaml new file mode 100644 index 0000000..43ba876 --- /dev/null +++ b/ansible/roles/syslog/tasks/linux.yaml @@ -0,0 +1,29 @@ +# - name: Build aur packages +# register: buildaur +# become_user: "{{ build_user.name }}" +# command: "aurutils-sync --no-view {{ item }}" +# args: +# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" +# loop: +# - foo + +# - name: Update cache +# when: buildaur.changed +# pacman: +# name: [] +# state: present +# update_cache: true + +# - name: Install packages +# package: +# name: +# - foo +# state: present + +# - name: Enable services +# systemd: +# enabled: yes +# name: "{{ item }}" +# daemon_reload: yes +# loop: +# - foo.service diff --git a/ansible/roles/syslog/tasks/main.yaml b/ansible/roles/syslog/tasks/main.yaml new file mode 100644 index 0000000..6805b9d --- /dev/null +++ b/ansible/roles/syslog/tasks/main.yaml @@ -0,0 +1,2 @@ +- import_tasks: tasks/common.yaml + # when: foo is defined diff --git a/ansible/roles/syslog/tasks/peruser.yaml b/ansible/roles/syslog/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/syslog/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/syslog/tasks/peruser_freebsd.yaml b/ansible/roles/syslog/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/syslog/tasks/peruser_linux.yaml b/ansible/roles/syslog/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29 From 5f4939c9e6df3cff66f76e149c94f5f18b6517c6 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 May 2023 17:41:02 -0400 Subject: [PATCH 15/16] Add support for raw bridging to an external interface for bhyve. --- .../bhyve/files/bhyve_netgraph_bridge.bash | 52 ++++++++++++++++--- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash index fdf8013..8760c30 100644 --- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash +++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash @@ -34,6 +34,13 @@ function main { fi } +function die { + local status_code="$1" + shift + (>&2 echo "${@}") + exit "$status_code" +} + function create_disk { zfs_path="$1" mount_path="$2" @@ -43,6 +50,7 @@ function create_disk { tee "${mount_path}/settings" </dev/null 2>&1 } From 26d3f7e7368f00519d82de126de4d6365f480a9b Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Mon, 29 May 2023 18:35:30 -0400 Subject: [PATCH 16/16] Switch to using config files for most settings. This is to make it easier to juggle all the settings. --- .../bhyve/files/bhyve_netgraph_bridge.bash | 44 +++++++++++-------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash index 8760c30..c009737 100644 --- a/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash +++ b/ansible/roles/bhyve/files/bhyve_netgraph_bridge.bash @@ -21,16 +21,22 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" # doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere jail_nat 10.215.1.1/24 /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso # doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere jail_nat 10.215.1.1/24 +: ${CPU_CORES:="1"} +: ${MEMORY:="1G"} +: ${NETWORK:="NAT"} # or RAW +: ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks +: ${INTERFACE_NAME:="jail_nat"} # or the external interface like lagg0 for RAW networks +: ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks + function main { - if [ "$1" = "create-disk" ]; then - shift 1 + cmd="$1" + shift 1 + if [ "$cmd" = "create-disk" ]; then create_disk "${@}" - elif [ "$1" = "start" ]; then - shift 1 + elif [ "$cmd" = "start" ]; then start_vm "${@}" else - >&2 echo "Unrecognized command" - exit 1 + die 1 "Unrecognized command $cmd" fi } @@ -48,9 +54,12 @@ function create_disk { zfs create -o "mountpoint=$mount_path" "$zfs_path" cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/" tee "${mount_path}/settings" <