From e38bee4c0ffbe13ab18dc73f421f82f405509712 Mon Sep 17 00:00:00 2001 From: Tom Alexander Date: Wed, 9 Oct 2024 19:44:09 -0400 Subject: [PATCH] Use bbr for tcp congestion on FreeBSD, install ectool on framework laptop linux, and assign an ipv6 address in mrmanager. --- ansible/roles/base/files/bbr_loader.conf | 1 + ansible/roles/base/tasks/freebsd.yaml | 22 +++++++++++++++++++ ansible/roles/firefox/defaults/main.yaml | 2 ++ .../roles/framework_laptop/tasks/linux.yaml | 22 +++++++++++++++++++ .../network/files/mrmanager_network.conf | 3 ++- 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/base/files/bbr_loader.conf diff --git a/ansible/roles/base/files/bbr_loader.conf b/ansible/roles/base/files/bbr_loader.conf new file mode 100644 index 0000000..a996631 --- /dev/null +++ b/ansible/roles/base/files/bbr_loader.conf @@ -0,0 +1 @@ +tcp_bbr_load="YES" diff --git a/ansible/roles/base/tasks/freebsd.yaml b/ansible/roles/base/tasks/freebsd.yaml index 71383e0..64466f2 100644 --- a/ansible/roles/base/tasks/freebsd.yaml +++ b/ansible/roles/base/tasks/freebsd.yaml @@ -148,3 +148,25 @@ block: | daily_scrub_zfs_enable="YES" daily_scrub_zfs_default_threshold="7" + +# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi. +- name: Install loader.conf + copy: + src: "files/{{ item }}_loader.conf" + dest: "/boot/loader.conf.d/{{ item }}.conf" + mode: 0644 + owner: root + group: wheel + loop: + - bbr + +- name: Configure sysctls + sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + state: present + reload: false + sysctl_file: "/etc/sysctl.conf.local" + loop: + - name: net.inet.tcp.functions_default + value: "bbr" diff --git a/ansible/roles/firefox/defaults/main.yaml b/ansible/roles/firefox/defaults/main.yaml index 9dd9150..8d2125a 100644 --- a/ansible/roles/firefox/defaults/main.yaml +++ b/ansible/roles/firefox/defaults/main.yaml @@ -26,6 +26,8 @@ firefox_config: # Disable battery status, used to track users. dom.battery.enabled: false # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected. + # + # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540 dom.event.clipboardevents.enabled: false # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. privacy.firstparty.isolate: true diff --git a/ansible/roles/framework_laptop/tasks/linux.yaml b/ansible/roles/framework_laptop/tasks/linux.yaml index 9ba59bf..10a7233 100644 --- a/ansible/roles/framework_laptop/tasks/linux.yaml +++ b/ansible/roles/framework_laptop/tasks/linux.yaml @@ -74,3 +74,25 @@ # doas mkdir /tmp/emulated_tpm # doas swtpm socket --tpmstate dir=/tmp/emulated_tpm --ctrl type=unixio,path=/tmp/emulated_tpm/swtpm-sock --log level=20 --tpm2 + +- name: Build aur packages + register: buildaur + become_user: "{{ build_user.name }}" + command: "aurutils-sync --no-view {{ item }}" + args: + creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*" + loop: + - fw-ectool-git + +- name: Update cache + when: buildaur.changed + pacman: + name: [] + state: present + update_cache: true + +- name: Install packages + package: + name: + - fw-ectool-git + state: present diff --git a/ansible/roles/network/files/mrmanager_network.conf b/ansible/roles/network/files/mrmanager_network.conf index aaa64e5..a21202a 100644 --- a/ansible/roles/network/files/mrmanager_network.conf +++ b/ansible/roles/network/files/mrmanager_network.conf @@ -3,4 +3,5 @@ ifconfig_igb0="up" ifconfig_igb1="up" ifconfig_lagg0="up laggproto failover laggport igb0 laggport igb1" ifconfig_lagg0_alias0="inet 74.80.180.138 netmask 255.255.255.248" -ifconfig_lagg0_alias1="inet6 2620:11f:7001:7::2/64" +ifconfig_lagg0_ipv6="inet6 2620:11f:7001:7::2/64" +ifconfig_lagg0_alias1="inet6 2620:11f:7001:7::3 prefixlen 64"